2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

17-01-2025 20:14

250117-yz7h3s1qfw 10

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

16-01-2025 12:50

Analysis

max time kernel
867s
max time network
903s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-01-2025 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Destructive.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

7^/10

bootkit discovery execution persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
1360	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
4224	MEMZ.exe
956	MEMZ.exe
3040	MEMZ.exe
1540	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_primitive.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_nvmedisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	MEMZ.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe

Runs regedit.exe 2 IoCs

pid	Process
7792	regedit.exe
10920	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
7472	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4636	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
4636	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
3040	MEMZ.exe
3040	MEMZ.exe
956	MEMZ.exe
956	MEMZ.exe
4224	MEMZ.exe
4224	MEMZ.exe
956	MEMZ.exe
956	MEMZ.exe
4224	MEMZ.exe
4224	MEMZ.exe
3040	MEMZ.exe
3040	MEMZ.exe
4636	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
4636	MEMZ.exe
3040	MEMZ.exe
3040	MEMZ.exe
4224	MEMZ.exe
4224	MEMZ.exe
956	MEMZ.exe
956	MEMZ.exe
4224	MEMZ.exe
4224	MEMZ.exe
3040	MEMZ.exe
3040	MEMZ.exe
4636	MEMZ.exe
4636	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4224	MEMZ.exe
4224	MEMZ.exe
956	MEMZ.exe
956	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4636	MEMZ.exe
4636	MEMZ.exe
3040	MEMZ.exe
3040	MEMZ.exe
956	MEMZ.exe
956	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4224	MEMZ.exe
4224	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
2548	mmc.exe
5884	mmc.exe
5480	Taskmgr.exe
6120	Taskmgr.exe
1540	MEMZ.exe
9180	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious behavior: SetClipboardViewer 2 IoCs

pid	Process
5884	mmc.exe
9180	mmc.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: 33	1704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1704	AUDIODG.EXE
Token: 33	2548	mmc.exe
Token: SeIncBasePriorityPrivilege	2548	mmc.exe
Token: 33	2548	mmc.exe
Token: SeIncBasePriorityPrivilege	2548	mmc.exe
Token: 33	5884	mmc.exe
Token: SeIncBasePriorityPrivilege	5884	mmc.exe
Token: 33	5884	mmc.exe
Token: SeIncBasePriorityPrivilege	5884	mmc.exe
Token: 33	5884	mmc.exe
Token: SeIncBasePriorityPrivilege	5884	mmc.exe
Token: SeDebugPrivilege	5480	Taskmgr.exe
Token: SeSystemProfilePrivilege	5480	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5480	Taskmgr.exe
Token: SeDebugPrivilege	6120	Taskmgr.exe
Token: SeSystemProfilePrivilege	6120	Taskmgr.exe
Token: SeCreateGlobalPrivilege	6120	Taskmgr.exe
Token: SeShutdownPrivilege	7472	explorer.exe
Token: SeCreatePagefilePrivilege	7472	explorer.exe
Token: 33	9180	mmc.exe
Token: SeIncBasePriorityPrivilege	9180	mmc.exe
Token: 33	9180	mmc.exe
Token: SeIncBasePriorityPrivilege	9180	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
5480	Taskmgr.exe
6120	Taskmgr.exe
6120	Taskmgr.exe
6120	Taskmgr.exe
6120	Taskmgr.exe
6120	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1540	MEMZ.exe
4892	identity_helper.exe
4392	mmc.exe
2548	mmc.exe
2548	mmc.exe
1540	MEMZ.exe
1540	MEMZ.exe
5860	mmc.exe
5884	mmc.exe
5884	mmc.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
7468	wordpad.exe
7468	wordpad.exe
7468	wordpad.exe
7468	wordpad.exe
7468	wordpad.exe
7468	wordpad.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
9152	mmc.exe
9180	mmc.exe
9180	mmc.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe
1540	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 420 wrote to memory of 2532	420	cmd.exe	78
PID 420 wrote to memory of 2532	420	cmd.exe	78
PID 420 wrote to memory of 1360	420	cmd.exe	79
PID 420 wrote to memory of 1360	420	cmd.exe	79
PID 420 wrote to memory of 1360	420	cmd.exe	79
PID 1360 wrote to memory of 4636	1360	MEMZ.exe	80
PID 1360 wrote to memory of 4636	1360	MEMZ.exe	80
PID 1360 wrote to memory of 4636	1360	MEMZ.exe	80
PID 1360 wrote to memory of 3720	1360	MEMZ.exe	81
PID 1360 wrote to memory of 3720	1360	MEMZ.exe	81
PID 1360 wrote to memory of 3720	1360	MEMZ.exe	81
PID 1360 wrote to memory of 4224	1360	MEMZ.exe	82
PID 1360 wrote to memory of 4224	1360	MEMZ.exe	82
PID 1360 wrote to memory of 4224	1360	MEMZ.exe	82
PID 1360 wrote to memory of 956	1360	MEMZ.exe	83
PID 1360 wrote to memory of 956	1360	MEMZ.exe	83
PID 1360 wrote to memory of 956	1360	MEMZ.exe	83
PID 1360 wrote to memory of 3040	1360	MEMZ.exe	84
PID 1360 wrote to memory of 3040	1360	MEMZ.exe	84
PID 1360 wrote to memory of 3040	1360	MEMZ.exe	84
PID 1360 wrote to memory of 1540	1360	MEMZ.exe	85
PID 1360 wrote to memory of 1540	1360	MEMZ.exe	85
PID 1360 wrote to memory of 1540	1360	MEMZ.exe	85
PID 1540 wrote to memory of 5116	1540	MEMZ.exe	88
PID 1540 wrote to memory of 5116	1540	MEMZ.exe	88
PID 1540 wrote to memory of 5116	1540	MEMZ.exe	88
PID 1540 wrote to memory of 4132	1540	MEMZ.exe	89
PID 1540 wrote to memory of 4132	1540	MEMZ.exe	89
PID 4132 wrote to memory of 1576	4132	msedge.exe	90
PID 4132 wrote to memory of 1576	4132	msedge.exe	90
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91
PID 4132 wrote to memory of 4608	4132	msedge.exe	91

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:420
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:2532
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4636
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3720
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4224
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:956
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3040
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:1576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        5⤵
        
        PID:4608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
        5⤵
        
        PID:1112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
        5⤵
        
        PID:4256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
        5⤵
        
        PID:2428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:3412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
        5⤵
        
        PID:1184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
        5⤵
        
        PID:3464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
        5⤵
        
        PID:4792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
        5⤵
        
        PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
        5⤵
        
        PID:2588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
        5⤵
        
        PID:2844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
        5⤵
        
        PID:4680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
        5⤵
        
        PID:3212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
        5⤵
        
        PID:3948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
        5⤵
        
        PID:1728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
        5⤵
        
        PID:4700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
        5⤵
        
        PID:1324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
        5⤵
        
        PID:124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
        5⤵
        
        PID:2176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
        5⤵
        
        PID:2224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
        5⤵
        
        PID:2044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
        5⤵
        
        PID:1228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
        5⤵
        
        PID:2544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
        5⤵
        
        PID:1116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
        5⤵
        
        PID:1052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
        5⤵
        
        PID:876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6616 /prefetch:2
        5⤵
        
        PID:4184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
        5⤵
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
        5⤵
        
        PID:3244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
        5⤵
        
        PID:3168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
        5⤵
        
        PID:788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
        5⤵
        
        PID:5400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
        5⤵
        
        PID:1516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
        5⤵
        
        PID:3060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
        5⤵
        
        PID:124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
        5⤵
        
        PID:2480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
        5⤵
        
        PID:6196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
        5⤵
        
        PID:7160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
        5⤵
        
        PID:6236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
        5⤵
        
        PID:6308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
        5⤵
        
        PID:6512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
        5⤵
        
        PID:6660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
        5⤵
        
        PID:6752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
        5⤵
        
        PID:6956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
        5⤵
        
        PID:7060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
        5⤵
        
        PID:6732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
        5⤵
        
        PID:2836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
        5⤵
        
        PID:2948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
        5⤵
        
        PID:6280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
        5⤵
        
        PID:6628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
        5⤵
        
        PID:1032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
        5⤵
        
        PID:2836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
        5⤵
        
        PID:1244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
        5⤵
        
        PID:6216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
        5⤵
        
        PID:2212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1
        5⤵
        
        PID:6492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
        5⤵
        
        PID:6440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
        5⤵
        
        PID:2844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
        5⤵
        
        PID:6816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
        5⤵
        
        PID:6952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1
        5⤵
        
        PID:6560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:1
        5⤵
        
        PID:7200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
        5⤵
        
        PID:7344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:1
        5⤵
        
        PID:6648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
        5⤵
        
        PID:7436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
        5⤵
        
        PID:8184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
        5⤵
        
        PID:7564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1
        5⤵
        
        PID:7544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1
        5⤵
        
        PID:7736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
        5⤵
        
        PID:7956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
        5⤵
        
        PID:8012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
        5⤵
        
        PID:6504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10272 /prefetch:1
        5⤵
        
        PID:7652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
        5⤵
        
        PID:8068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
        5⤵
        
        PID:7600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10996 /prefetch:1
        5⤵
        
        PID:2092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1
        5⤵
        
        PID:6484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:1
        5⤵
        
        PID:8848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10724 /prefetch:1
        5⤵
        
        PID:8936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
        5⤵
        
        PID:7348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11124 /prefetch:1
        5⤵
        
        PID:8688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1
        5⤵
        
        PID:8208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1
        5⤵
        
        PID:7848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:1
        5⤵
        
        PID:8232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
        5⤵
        
        PID:8296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10832 /prefetch:1
        5⤵
        
        PID:9160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1
        5⤵
        
        PID:8220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11480 /prefetch:1
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11452 /prefetch:1
        5⤵
        
        PID:7208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11424 /prefetch:1
        5⤵
        
        PID:6876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11232 /prefetch:1
        5⤵
        
        PID:9084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11648 /prefetch:1
        5⤵
        
        PID:8024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11112 /prefetch:1
        5⤵
        
        PID:5816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
        5⤵
        
        PID:8720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11816 /prefetch:1
        5⤵
        
        PID:6820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11996 /prefetch:1
        5⤵
        
        PID:1244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1
        5⤵
        
        PID:7412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11840 /prefetch:1
        5⤵
        
        PID:8244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12032 /prefetch:1
        5⤵
        
        PID:6760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12172 /prefetch:1
        5⤵
        
        PID:7696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1
        5⤵
        
        PID:8244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12496 /prefetch:1
        5⤵
        
        PID:9264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12628 /prefetch:1
        5⤵
        
        PID:9792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11868 /prefetch:1
        5⤵
        
        PID:9884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11960 /prefetch:1
        5⤵
        
        PID:10152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13116 /prefetch:1
        5⤵
        
        PID:9384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11852 /prefetch:1
        5⤵
        
        PID:4024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13220 /prefetch:1
        5⤵
        
        PID:10160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14092 /prefetch:1
        5⤵
        
        PID:9292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14048 /prefetch:1
        5⤵
        
        PID:8392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12796 /prefetch:1
        5⤵
        
        PID:9696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13788 /prefetch:1
        5⤵
        
        PID:9008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
        5⤵
        
        PID:9096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13352 /prefetch:1
        5⤵
        
        PID:8844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13344 /prefetch:1
        5⤵
        
        PID:10080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13496 /prefetch:1
        5⤵
        
        PID:9416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13324 /prefetch:1
        5⤵
        
        PID:7500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13156 /prefetch:1
        5⤵
        
        PID:10384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14328 /prefetch:1
        5⤵
        
        PID:10332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14508 /prefetch:1
        5⤵
        
        PID:10924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14528 /prefetch:1
        5⤵
        
        PID:9860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15128 /prefetch:1
        5⤵
        
        PID:10984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15124 /prefetch:1
        5⤵
        
        PID:10564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15032 /prefetch:1
        5⤵
        
        PID:11216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12648 /prefetch:1
        5⤵
        
        PID:9884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,673751880951203285,6646937206800616061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13216 /prefetch:1
        5⤵
        
        PID:10392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:4280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:2756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:1964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:1720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:2144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:1616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:3696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:4488
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4392
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:3004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:4120
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5860
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5884
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:5348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:5424
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SendNotifyMessage
      PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:4516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:5580
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:3552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xc8,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:7092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:7108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:6296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:6200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:6608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:2196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:6928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:5332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:6376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:6288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:6796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:6808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:6140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:6804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:6780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:5336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:6728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:1888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:7236
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:7524
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:8112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:7052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8144
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:7792
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:7388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:7712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:7680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:7636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:7900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:5604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:8768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:8512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:9100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:9112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:8444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:8204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8956
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:7468
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:9004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:8980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:9204
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:9152
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:9180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:7496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:6388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:7728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:8920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:9656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:9616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:10048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:10088
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:9652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:9692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0xe8,0x108,0xe4,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:9384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:9268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:9744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:9188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8392
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:10120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:10012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8276
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:10740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:11232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:11244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:9916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:8748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:11204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:10244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:10740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x108,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:10844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:10364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:10412
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:10920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:11000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:11004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:11064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:11152
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:8816
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:10716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:10920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:6280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:9504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa3c63cb8,0x7fffa3c63cc8,0x7fffa3c63cd8
        5⤵
        
        PID:10780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1704

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:7472

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:8736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:11012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5dea42eb39f285d05eaa5af3fc857a9

SHA1
e7f5f2b96872cd37c114c4e54e20e8ef84b14d16

SHA256
d1624d80c8ede529d6d023824fca872ab3522bb7a11150ff4060791bf439d0da

SHA512
1a27fcc725d084860341b7c11b3dc0b627abc1a41c37908beca63d64f4aaca92c4abac6a323beb9551a7286c8e7cc1caf51e79154a880025bdad64edff4d718e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
22d47fde80501801656894bc91506aa6

SHA1
c5550f5450eca9b24416c56d722b7a6d7d63bfb4

SHA256
326410334921c9a003ca819820b2f26e6a31201d54a4b7dec0cf621756e46a94

SHA512
8abc97b035bc4a660184b1fd51ef190fc620d4017821d5e9ced6aee82fdc720be05eb412b606c4dcf2edbe354c370609bfc6ea8b5e14b6a26122f37ea5ffc6d2

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
960B

MD5
109e3458b6b6aae96a78dbc0156ce144

SHA1
28dab2e90ae78a2a73f882527881b998937cd792

SHA256
6566fd0839f0c96bd85653aece1b1111418c337cfa91768434121d565f458a75

SHA512
4c01cd9cae55d2f18d2ca9d7f0b69631137865fab1c18735ee6cff154a522215f00f9b75172c8f9e317cc583500cbb5b24856aa0b0b0c54911a7acd21a032645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\33deb112-f298-4d52-89fe-686555ec0fc4.tmp

Filesize
11KB

MD5
41b26a5df029d64dbc4463843f0805dd

SHA1
48da73c6eba98f3d9e87e68daa6823e336563c07

SHA256
84f6b17619e504a987f9cddc06657632aad167e36f29567914f32f9399caa216

SHA512
54adeb701fe2abd178d4b313c97234e8558bfedf4e7b4a202f460d0728a26b1e20d38ef6f4d8c9723c012051df85d3cc9ddd3ea2de28b0ff6c358a82dccf684c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
2b41d3512250b9521aba871a5707cf23

SHA1
2bf8a039e31b6a549d10482f58d9ae7823ee012d

SHA256
a450a6398f0a16e5ad065b2f3e4dee62db08ec1105cf8cd025561e78db2d3692

SHA512
9c20fde1f3e0637a9ca38c72dd73f83fcb90ba54a8a4212e5654b3ccb85a2d23d0d2fafebaac871a3eb7c054ec186eaf7d46cd366fac192092276b901116704b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
57KB

MD5
fca52241a7735ea5486b3db1b9a00387

SHA1
82fa35d863d484c0ffad0fb4754e10ec13d549bf

SHA256
ad0cb23e74fb15a7cde53a10efbe4eff76284fbf7d3dd43428a783d158418921

SHA512
7b012f74289b4b4ca03e324807ae1d7062c835476438b875f2db61b4f41e0f083b6140057f2d750458123ff791457cc8dfb02b877e2d075c54235398c9b51a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
9d775bc13f54b749123a35261274964e

SHA1
e07d2a8269cb847c9cb17fcd571d6e12bf51a0e6

SHA256
5eaecdee0aee948d2b6bbccf828861a4e78daea5572202196e762562782f700c

SHA512
3e5ad4bafbd8211c772df809f2260477eaf206eee9dc5cbc979414152d89535a0e24386d4ef9c8d0c073ff379d44c41750313a734bd40d7ca5214fa1c28aad6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
50KB

MD5
fab687474443899500bc75c99c78aaa2

SHA1
fa2202676674d89aa6647c16ea05a0487195c49f

SHA256
a2f1932b36637de18f01fd7514f486b5a6e35c4b30eca0ddadf0946722a9b77b

SHA512
3378a548343e1dc7add26ec0ec44465c7dc7bf450f12c9688fbe0a61b54940ef8e12ed72816b91bbdee0d3561ed1772d6927d813844d6511374ccce101132203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
35KB

MD5
bcddce72e89d14010a2246ef1771fbaa

SHA1
7da33bcff5a929ed54a98c82a13aa6137e11124f

SHA256
1dfe5319b74457c58fc84904e2b6b7feeb4cdac5c301218b78db6bd45f83581b

SHA512
3c8b5d663c44ee042a21437714e12d352b827f2de319884aaf7156a68aa4378cca8d780214c28a76f0ce966d79a2b8ff03f37e0b0b9ebefb8d57bc9fe93e1fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
102KB

MD5
5fb52a07b6a497a7cddd9aea15f3d4cd

SHA1
dc43ea60d33694d89855c3f7b76845f0313c3267

SHA256
33a64eeeb223ba0cd16bdebd9188d6a4a62a17a3cd40f54fa85d5f7c15c58fc7

SHA512
51d283162b82f7186048b151c29233c9f8bafb2285234e462d5efc12b9d187c99c8b4cf956f042396bf736a1809bd1acd7e8baeee1e7bd5c1baaecc05d273ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
205KB

MD5
ce4275c95ffa87a2d61c2a656f4082a3

SHA1
d4d79637327a25bd0c157ecfec9b43471fefb20f

SHA256
b934361c62ec5c6f8f55f5663ff644080c513a4f390d435e6783e8828ab0fc10

SHA512
2e77eb324910dc1cd0acab116f13dd388184642761fe289860633309a70388bfcebaaaccb89663615cbed4853af1a414e9928ec68c7aac8b06ba1375e7ad255e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
223KB

MD5
b0aaf57c2b8d877b21c43b8ed9d1a3d7

SHA1
c289167054dc6e4590ef919671664ba9b9812a12

SHA256
b1a51a10c96a25c26b6ca1a5871bc30094879015fe75f5842bfdb6bc322febbc

SHA512
88aff7e775caeb9ad2ef0d9f98d78839f24bf43678b904f530a2b5bd9a1c2f5f56fbd16a42949e7758fbd8a21f9fbf16bc1876f7188a8156acfe0590818e12d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
70KB

MD5
25a5734df44285db3e981fd80b537c27

SHA1
20ffcfcac9a520a132eb339fe6ee98361704cc4d

SHA256
37d0ac4a35ec149fe053fa505313fc69cecc3677aca15c6ad0f3ea878439f163

SHA512
65237286316b798aead40f325e69dca47cbfde7989b5d1bcd7a0c8fef44f36c539a440a8de4f39d46677d96920cca84f13f05cd6a9834ca285d53c1ddf7cf77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
98KB

MD5
c0fc67fbc5c5eceb437b516b4365aa86

SHA1
6b5a02dc604f8b87eb9d456969b12b45dda79baa

SHA256
0b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea

SHA512
e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
181KB

MD5
0adce040eb5b9be16fc3508ddcbf507a

SHA1
494110484c697b31ed856bc6f45b73fa8618bba7

SHA256
18b963b6dcaf3c7b5e9e911bad0f4853f9dbd87d98ccdb01f70e6aec5e4ce004

SHA512
09821bd1237a5da2c0f5b3c11dcb18c9754ad69ddeaa83a216a1c3f5b9b6e5be2c1aadefa1dcadb19038b144dc6e344214e4e5e2dde1eabf4feca91aa0b93afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
40KB

MD5
b786554392ab690a37b2fc6c5af02b05

SHA1
e7347fa27240868174f080d1c5ab177feca6bd84

SHA256
ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

SHA512
b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
410KB

MD5
d50a990b2d071d694f2410f38e0617fe

SHA1
15d7ae91ad288a9bb902a078c754c59ccb672d7a

SHA256
fee916d1271c44796d833de60d6e2f279d92cc4858f22a370074f8378ea186f3

SHA512
0fd76ab2be091668fbd816038dd23ad58a8e4b38623e8fcb2c921bb1bf7cda958d519e69aa7629cf21b676cde329d21483c3812e4014fca2499555ed2695fd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
31KB

MD5
0c7dd36ad55fe6d0ef1971dec6a3fc93

SHA1
76a7e768908dc16009c58100150bdaa4c3c38f3c

SHA256
528961b18c15d0350ad5635713e448c83f2faf991176211e5546d35d62cf5faf

SHA512
dc267f7f3c389ac56229303847899606bab0e579f261522008f7ed7fdfc7c333241718a213fdab1ed00dde21a98ad2cc6f358518353bef8252f8429a672ff6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
52KB

MD5
bda2a0473abd410d22ab7b41a8612201

SHA1
b1bacd1d3a42d5007db5aae1b9e2461b4b8c9aa2

SHA256
ea655b522e0136e3abba4295bb06ff03233dce6fbe9dc2081eabd73c31cbd1cb

SHA512
c209cc890c824a8403dd279ff0564cf4741d1fb42e2a7bd5edfe9014f1586baedf5ec69e2bd7c3163edb785bbef5c6a42b179e665e91d9fbe44e4946e30e167b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
21KB

MD5
942e2ba31d132bbe2486ff1e36883a86

SHA1
bcf42c590a69f66c3a2dfad64842e44913b69778

SHA256
c592232c7a1dc346f52af20881107d4f337fc6ebb50cf671c03a3fd01f64da83

SHA512
5f52f31e1882e074500897243b4ba1413758fdcf535f47fe9ecafa15436c68195477f51cd3469dad4d8ffc391c30e6e966280c088d4b7a5c50736ce85b157caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
69KB

MD5
0846a53a5468cac6cf131736c28bc229

SHA1
ad76b0b49b020dd1c6e24f93b65c4636bdcecaa7

SHA256
e863daf4a08e7f5c8d229f9b9c9976523c41b447e73d3925541f1601691caa7a

SHA512
f45151821e2265bb006425e8add1d24273e3746750b3301ac6bbeef04b72a9daee9c2ed5df43f4088d1c62b419cca989cded94cf40c9e64bb364b8ee58a62919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\270ef58c2403735a_0

Filesize
16KB

MD5
012529bc9bd097a46d2217479fd7b88e

SHA1
e0d96554d36ca8f6ab321222619394e3e9048348

SHA256
00912dd41609024c83c3f05160e5fa8ff12ba7bdbedea491ef31a1b3f720dd06

SHA512
637a1e0cf921a7fcc531fbf5aa9d3319ce4ce3bd32a95c0f36374062718896c46ec48eb537eaff1fd5d6e504900d405a7137fc337d0a0904908e05c1941a47fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
19KB

MD5
d056a4d5b1935930b5600bdd07aeffc7

SHA1
c823da43c9b1f493f05b9bfa1a4591568472f704

SHA256
59be4870ed81b5622deeacfb039d58457cecec79967b09b0f903e134fabfa284

SHA512
de56a81d20bc3f8be1f1b291b5bbcbb6b3ccd5b52ff5a998baa684c6a49f7a94c087dcaacd7704811d378475175b719bfb785aacdaf17adf384fc9b266534b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3013e65909b0a77_0

Filesize
417KB

MD5
7c0f8240045f85e4fa3bd138fda452a2

SHA1
830a44feda7291a0ea93799e2e4f9d381acc46aa

SHA256
631c82bf6271d91fd8f751eec9f24641562f5fec80cf5cfda5126617d66312f4

SHA512
3410857571fc79a8b7243631d8716660707e0a43e4f16d6f8fc503fbbc73b57b13b2c8526791bacbcae391bd8c41d6778270d3dc56e924f65c1d990289dd376d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
3248b1c25d197a98478f48dda0c7f187

SHA1
bbae918c4fe44b347d4ee9a608b8d30fbcd8a068

SHA256
e8c3e218094bc906da3805f6857c11becaa33aa5895329c4568b0a6974803578

SHA512
10f3d264a7931e431731c63416682743506f873359f6703fa2a49703cf7a6d270c3b454ac3785a6fdb12932f378867c820e7fd2e1cdeab1c93f2e299e354dd42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
55974d9e91c01c49be5ef6469ecf9ff0

SHA1
3cb35af27fdbf5a521cd133542b5d4d8a556191b

SHA256
9264fd36dfa5662f37e40afa56a1c7e461d7ac0a96c6e315eb0832ab4406a6aa

SHA512
1d1044a782dfc60070c4b236ef49ba708ecf0ed4637e34972d0d4d6ddbe2d00706fe06dffad17e73285e86f170f65ac94742b17e7e229d2cec45cfcdad9b1eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5e5cbf5622e7566ad292e267c5b38055

SHA1
56ecdbd0de47ca0f062f6be81b407f902dee07c1

SHA256
debcffd5dcf6f2fba7709903d5cae8726e5f5f8ab02eef933c8111259c62a957

SHA512
89895b6b4c9e872d2afb15840a3af3bbcef46673c42628b2917b95503983b127154d9ec1cb6523636ad94f005526ff08506f918922e4a4e1e857caa310aafdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
6ff282a8551b702c780046791f3e605b

SHA1
a1e71097635270bed1da3eafbbfa48d92bbe2c0d

SHA256
43a99bfcf0e5b000f5d9cd75b7b339be847a01a714c648ab2c50b30498abdf0d

SHA512
83f55e6f3aa5f67ff31dbc78e8c12b59403a74c4eee49a3e870f4eeaee4e0ed4d7bb0f86e9a083db007cb23e4497927ae1e2a56fe07f7b9327157ed4055847d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
2d82ffbcb5fd28f5c4ac7bfbdb339f01

SHA1
b7ea62227a2b08779cc6ce65b7e9b190e3571ee2

SHA256
7830aaa46d183d7d2decffd5b68bb641fa65cc1c41531211a151099d354c0c81

SHA512
b366f4910036fa65b324b3fc08b8370fab700c1bca030e3fc936e98877961bb08aa4076884cc0294469b0b108392ed57d687656e5f3ee21af77374a723cf42a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4aa7230e93c40de29f9ec9b890fc7714

SHA1
7570b547a4b9be36a1309981123f0dd89aa0dbc0

SHA256
7317058ed9540f5cf52456569303a0f72347ffa03b951215d980b61fe2b7b54f

SHA512
87a390b2079035b610ed108a34c9440593e91a1fdf0b612a4ba0f1b3b7b2e158afe697e0e6c324db04b1b4be43dfe0e496bfb7672013b75198f870c63abf1dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
a932cfd95eca9752d94124d00614725d

SHA1
1e09ef68e5d10bac4e1264d51e15f9463117164f

SHA256
c37f560716d0038378b5db596b466aa51e7f49a97a636409b6a7a7c5da326b20

SHA512
be6e38fa26a9cc47241d4c412f817eee586ee85f580719b29d7c7b4ac11164e0d93853f766efd3c47106d34a16a460ebdad1ef5614887c4e1060651158912936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
781eee1c587ffe496c8f94e86af64eb8

SHA1
fa40260fc133a14a0342b97f90b7014534b30a9f

SHA256
5e49a55c6ce9e40b2d90538e723e1aa37cba82b7f6fbd847aee471bd3e265709

SHA512
943762628a35344e2a75a2168ebbf702607fd72d6ae07f65f09899865551b9d3b83d58b2de34fa84d513d215ec0fc217926b572fb9488f0211de60f3b4b60efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
3b975e6d7888c21439463f265b4b8a96

SHA1
510b7a30ea37c948845c3b2ef9372ca36f295393

SHA256
9ed3302f7c7b4204f859c2bd7620b131ed0ef54375643aa7c60de723d551ddde

SHA512
22f66a426b39f54ccfb948726c08540dacc2d6a73ce2ef53330f74c3a0c6093a2aa04979ce3ad0d1077630e6bd974b9988be778b9771ea973cf40652d81b405e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
0d1105804eb9859fb64a6a2058cf573b

SHA1
2ac525248b20ee8f3bb7a3443f81bd15d1b36705

SHA256
12295cbc2f12fcc130fcbcde3a3a0fa7462e63915f5be2c8609824be0c62172c

SHA512
710c2da8a617559be3a21dbcae2bef6dd243667d63a91195e94c959d3df4c06504a986ae825bd067f4f6526e3070ec6a44817c6d6d23f7df3f2839282d6b9b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
ef93a73770cd3e21864ec0253424ec40

SHA1
fdc2345024e02268800cc07a33cc120dde77a30f

SHA256
b1eb389c6db89e111e3e969f0fcb344457db29f30a7834743f8129e6951000a9

SHA512
95b878969204e667a51e0d435f0dd9b63e4cb56eb67b48ac07e85007572c48b956a229e643027a858b48e5abc8414acc43422a3b96a611a777a6253e07bffc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
8f1481f2e7665a42ce38ff7dc16e3b0a

SHA1
170bb4c9f337249ba814864f70250ad7285f007b

SHA256
20e2c4ccd287149f8c30b0898983704942ad52caf0b95dc5d91f457ee4802b86

SHA512
cfb00867d89ff42e8b87320ab9d14ef9516be744edf2cd83ba739f28b1de13fa2b65814493985d378b2cf95af75b665675538dfc39d48c2d1a75b76e1e1a0293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
aa972ff420a4aa86c1a25da0143417c1

SHA1
621f3e1c4ddd1d35eb3cb58507919f9c281749b1

SHA256
2ee708fd511d586cfceab452466db123e59f42797962f96234622d8bd9f5fcfd

SHA512
d0ae3e893aad11bafedc3787113fc87044254ebf7e9ff8a57c046f36780433fdffe33855ea245f99519afaa1d1c99ed13cee0d98d687a9a96eb0d42fe12d854d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
5b039af2675d603cd875a57fab4473f3

SHA1
08d3c19004b59a8b6a192fe6b83b85e3f2520c7e

SHA256
7f0cd78bc00efe50a38177e2b68dec6de4f241052763fbfb5b91c40f23da0360

SHA512
a665376bb7fd6f9436bb485a39c6cd539c1137d637c34887f88e70be11118787d747a5aff15c3d577f6a77ecfdf2211eb458c5cab91002c7c956584c4e6a7234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
783B

MD5
6f279d73186dc89635d17cc46eca4f03

SHA1
463b04a31c20c05d98f90c41787bf9076084cacf

SHA256
024ccd764273095f301d2f78b033fe71b469bc50f696d82ee24c44a47d2a30ba

SHA512
7466680d83632ea6f76a0b551f522328b63e6a00d0b8e63bb44cbf362dba892db29c213a5916e214b6b6a57cc48e6c408e49e913da4c79980bf100b0b63909d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
912ab8391f74823425e922a68e9b4f4e

SHA1
c215ce4c500c49852e3ab33ecd5225a997806c87

SHA256
9e5e9b28416efdeb0bfd35769843e97f30b9e99a0e907675d94b6574a8deff86

SHA512
cb9e5bf198de6b79cfb6705e8c6348b825db81d3a23d11c08e17c10bf98166308bf80cb082e86f00f1662f52ef765efe36da685d1db69c0c7f7f06e9156ccef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c3d2abb64b54291c23181bf24b2cd6af

SHA1
e31dc909d5e736df32d86824799e96854ed02aab

SHA256
112cbe2a0e38c8bb406159c34d9cf21513aaf669cb31ef5cf205006eaf2ef197

SHA512
8ff027cc9733cbd2dc18881055dd8981a78f3379c0959c91702310068879e75fd9e89270355517c932d183882c91e1a6de31e7d777485e3f13398f7d1b1590af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
293d2f86c17d4d684a851dc96990517b

SHA1
350e81734c4245a371087ce3ec15288971d88fb6

SHA256
d691e5398a3ec9096516f49f4f471e8bb63e661708fa58d04a55cbe1b0c27257

SHA512
732d0e4dffeaac609f7492a5cc6612d72fe059ed782085126047909754345c585d004959422a552c2b4c55bffeb08e14cd5640cc636059db99d48101d01a540d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
7f031b9e389be467a45098843634ff6a

SHA1
efe294bfd9edcc6e1ad42251c8f01e0487d23308

SHA256
971bf91f8c74bece142bf38b8821fc15cdd6f4aa24070421e525d23043cf9b9b

SHA512
03883737b4cf7b0237cc3b66ef0c50c1aca1bf6646d3f908532fb2babdc3fbcf020793256bdf20e928964b761b2b83674083b0840bff0fd139fd2b3c71d814f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d38c843938986b6a0369749cc1457040

SHA1
c5bf13853714c64a7c55ac9bdfb7a771e4b00604

SHA256
b1829a4d3134734eca70cd7a444a50ef8da307054bb723ba00943bfc3ad24728

SHA512
b9d07c6a0cf8f27f0c0b6d672307a2682e1064b3e45abcf675e109a2b814ad3f46962598d5ec4ab707c75806916b8f2250f59b7a5e8253829d0e40c9b94fcc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
32f03203a2376ca2910cd9d89101cd87

SHA1
4de29fa9a9694a567d16280cc8bb03bc201bcd3c

SHA256
d05455fdb19023a565b912277237fb72c9b2b05afa34e603dd79236a60ae3f49

SHA512
73546e2a90f0bf881d49b2e1830a5d60221e3870250630c69a8fc62c0888e10dcdcbe36e8eb06a1408cadb98329b115368fffcab17fee80f5a7a084a9bf68d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
f98ddabc95613f0f6ddc46f5ac253412

SHA1
7c31826546392f08edcef5d729f8c702c0091506

SHA256
2149e88a0d5644e1b226ec8de47f2512c1fac0147162b18d8a8428b1d276068d

SHA512
7eeef0391e9c0447062025b3fec1217e182fadf08374be7fceee00822720e60b4016b9dfa99e609be683cb010631f0e887728025e28ece61a95d3eccea60c903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0d455b209ab0a779e95962e8be0226b5

SHA1
e8dd51983a0a15a623d2820b391c265547fdb6ed

SHA256
3d39c8adca74005861633baac97f9e4859d0c3b17c002c0e4433e3f5aaca0012

SHA512
672cdb5e4c9e30f5a65ca07bef9c34823c2e032e1ee9a064e2e6faa2880b4ca66766c928e248deb7acc26e9a48c34795de824edf632bcd3696bdb216333d3c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
26c84e16c3f76ff266c2883baba8ff76

SHA1
f93d29a8c181f5403f408ef6b24c257336aec72f

SHA256
21210aa8a24431ad81d413a7585011b7dc101b80a3582ae485f5ef86b8d85523

SHA512
15e3cc3ef78fb760f2de736eb07e7e46d520a86038b89f6d4e4cf67c28aa3939fb7508b93bf08d20b8d474e2752243494803271637940fcadcfe977439521dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ab24b00332faeb94e2d4150cb9a35e09

SHA1
e7ed8d2ed48e30ddc8c276e05d6762565fd8994b

SHA256
8f76c3d924c46f7982c0cf886ac55b820362a5915a942a4b2d8d7bad32dfe2ee

SHA512
bae06b9b4eaa3bdf5aa8b31622ac32563d53f1de0494bd226effb45989c9e55f967310fada6570fdfc721c46e195e0d29818963d9f7e1a44354f75ce03954976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
287b833fc62647669423033a89867e52

SHA1
7395fc1a2de9ff09c99393b968366a13b35cb5e4

SHA256
417e0a3ba854b8287d6680407bce4067a953974651231f091dcbcab5f2cc7884

SHA512
f227075b5bc8e32f87b844a646450aabd7243f36fe297f836da29ea698d8f7f44f96623f884ed219075fd92e5ca4ea9d9c736cb5f4122e900d0fcdae56f82d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4207409a38dbe7f263e3dd66768bf6b3

SHA1
4bfcd55df679f0c88faf7f75e2b430b324555792

SHA256
3000ee1e61ddf4ffd4d5bc88f3355746be5f18e6175a70fd13f121768b8fd0a3

SHA512
71420f1969e4fc6cd654ddbd43e1ae67750b41d47c2b43a385cbcbcb36231776db8fbcb1c3df6cea80786084dcfc27e1327b23dac91a06629e7e34505b27408b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8291e1dcb880e089148b07f670a57bb

SHA1
3214c6a8d2df53491caf83bb283bc220d46f3947

SHA256
09867fc8972daa32dafd59970809b796a72791e8adac393daf218067d49181bb

SHA512
60f3a65eb53b4a0216331741f37e1eb4bb7ae723b51ee5c97c1f377231b164406f52c3f336d7cb25eae8dfe9aef2743142df963a625252a510a7c897f81c8edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
937defbc1988e4f7872f8ace610764ec

SHA1
689d3ff89c9c814c9d34ecf5c1e718f5aead737e

SHA256
71ab6373c2c3cc1402ad673589d1337c1edd8c8f0bd35fb425a5ac7d3c732dd5

SHA512
e1aa2c9165aa6e33dedc0e1880dff516ca9f9c2d36abc19252ece1943d87b6f28f6fa4654438cc4bcce758416261065d103383ab39880344348a0453c4587723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a224281c1eda2ed2a347bea1e3f7839

SHA1
aeb1acc3da617a61dcda582803af8440c9827814

SHA256
00ebb842981fe1b8e18d69f3a04e3d94899c5a64aa7bf8a7bc46eb507dc847c7

SHA512
c43ce94a0bda156506ac4a2226bb745d1b59d09aa8e4f21b6d052177de421552da011fdd34d76f21c16a0fc050bd6cde7202996bd176e41b23fa4cf45b8c078d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d3b4e1a65beda7f7502bada68e2097ff

SHA1
2a9d4317f4754e199ffbf5e379a6c83717bd4764

SHA256
4f3beaf2d7f6c729bdffb28ae1bc551dd07f1219c82d9b6f0f91e19d36c21a36

SHA512
062037430dfbbc9cf5d64fc828fb274428997dba9609ceff2323d12b74f649b9c9a57c665c687bd65f676601ca1df38f73dda0797ef4f6a8afd8cbb6367da410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c08fe90d7e0da11ce7a74df15075d397

SHA1
70e359f2096b3da4d9ed8242753558b10fb8f5b6

SHA256
3e99faee921d2a688304c581302b54ca7de80c3cc69af7c4e4a7b21bf8997f4a

SHA512
1cf5370c1167be36d06e448688ad64180f15ece79dca67f1e7244fb4629194daa50fb58f68f53c83f05df793033be349ad6ef3854bb498e9ea07ddb962bd64be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7391b3122a42ae00ac9f3aa7f1e5f764

SHA1
9c8b17cfcd07f0902da76a7134bd938cb74ad2fc

SHA256
17072ba451e3c5816b5624edf371ef330500d66ed538c6ce35e2dc228fba6138

SHA512
aac1a3d1e7537e5e2c8c2bdfa6654ad1118b9d41e81fccc6d9a0216e13d5c4ea25f00f24fc52910ba29d77fc401299c2dad2c6b2d6509e27de4d1f51a5bb9c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
956f9322168281b1dca539c03526aef9

SHA1
6d8d74c42178561601f4544af073942b65baf717

SHA256
3259c6d17093caf2bae6ec40d6124afb5697613a84e11bcf1fe34cfecf56dba8

SHA512
8d22630e04e4cc73a7e2e959ab809dc0af0c9691253a2865f2920e2de99fe73348c1b651284833ef5578aab6c90580e500e276f826531e4ead25a1c5e046203a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ccfb758957304fffc6d31c1209e7f522

SHA1
e43b9bda59da834c2678dd67d4aa9e75be397542

SHA256
4c8ee9934e4d86f85f1cf7b56c153b4c2070774bca668c61b48dd254fafab361

SHA512
009f4d1f59ee4f9439511a2cbb4aa5fdf3fc9be886252cffa6bcb8260aea1b206633514f15ea0be1683829be380cf750a087eebf053d733a227ddbbeefe2ea13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7da7c8c6cdfb172c2fd32a9e25d26b38

SHA1
39b388ead3290606b7aa8ad2f998d0900f3e837c

SHA256
64c02ba11174b88efdf86a57ef90870d4ed1b5b6c81206325b980de4ba095b78

SHA512
f05ed42c990ab0054e7ef2ec2e2a138f3c5f66bd6c87af78ad8b13d48ef4f49b6489eac34e88b834f76baebe10f15d41cf19e839640610560f2bc15dc53c471a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0442bbcca77794aeb960d7732d8f9647

SHA1
f4dc3b5a98eea82977895b97b85b76686a927206

SHA256
9dfe4a1a642304c4c1974d49b09aa1a8096602e56c404bb3ef4d913c85bf3561

SHA512
bd4d525c4f99ff6e7c2097e588cc8630397346f7675e62edcd346960dec2c0ba7bea8b85af88d2408ea2d27f7fc63b92fa8fff96416cbf2c44163fce2f5a246f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e47bf5c86145019a349acff143c2848c

SHA1
d195f03bc215cefaac212970b2effe7501a3954e

SHA256
9f0b9b29cf9c13528164eae378619562a0a5ccb0d5b439090b4409b514320a9b

SHA512
35c1085ed1de96301cab293fe936baaf2169be557b192427c26d1d9d6371bfa5cb03a969c0651e2c7850586f6bbe591304559a4e2d68d6a128886aca72bbd6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b48b1bebe00e420f16e731b0f46cbf80

SHA1
b671d49e610e9727cc92fcb27af8bd268b17238e

SHA256
3c56ed52f59ae33464aaeebd1ed9c73b5376e4e731b0f8ad40ddd1ab350ed33a

SHA512
968617e65a1dc74eccd85210a6c9252ea23ce84714483b0a6eca54761731d93b770365a3cec95498a43d736c0f0083cf4aa6837bcfae76acc8ec0ea0bd8e9b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3699095f25b72d6f0f2acadc4933e4b

SHA1
57bad4ddfbd6518b8cf089d119af1ce960239a80

SHA256
3ac1a66c08d0ed4b0361b6b9b0329efcb4dd995ffc59831032d860367e815200

SHA512
b423312e0c6c0f72d67b7e7b68be71a1ee45863e03eda274343ab726fc336eaab0c57cba9fb03e1477667e7c99d354ec354eeb27ebf62272408b1c054728d93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
914b2de0b5c8b3013f33a44a41d72c4b

SHA1
b4890e122da6024c5bcebfffcb4ecaee574f0518

SHA256
7893f4764f66307465fd8cb563499df5121c06c54bef8d6c927dd8fef93cfce4

SHA512
0a06768fa1ea79eef37e2e1a30d61cc33e81c1352bc4e0d43c2bb902942a9b8e4d13b3b421d7f470fc718f93dcd8fd011506ab8a6a55ffe793cb06e31b74370f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0fa91111629dabfe74a2c2db65abc73

SHA1
225d21d6477b9b86501588f12be31b6ce6724bbc

SHA256
b598d9504b886952f6174cd4e8173fae39904ef9a8305a8a200f5e99297c10d2

SHA512
8a3fb2fad0ae3333113b9a633ee079f4ba898dd8998bedfb5cb16fca37c7632806ca6bbdd11ac3d1fcbc647ac40a6225563fb5452b3ed5b02cad1b4b2d2bd6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c8c84eb207de2964a69f607b64c6737

SHA1
840103bbac82ae17e320e42152112dc502f9b2c6

SHA256
227fa20147d5c317cd2a924c64fa761c16f0f5463cbdbc4caa95d1d2f3ab6011

SHA512
8489529e79a170f77457b594f0f83db41c9a60a9cbb09bf27ca53fc15e9abdeb6828511c9ffc465d4322bb2c6832b89314dc745e9ede4d330d5fea7da3aca4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
23fa233f4744a6ae7f729a82b0750bd0

SHA1
8c006bd79db636dc6ca45e111b8ddef0910050cd

SHA256
04a28805b5d68fd00c9621397d0bc55ea85f8952b18e069e6a4fecbbcf25a7cb

SHA512
b6265de76557b26980c8fb53a7ce981af0e7fc0a134ba1aae6784885d0b9482b38de73d078e78993a4bad6038f7259ad084450a483168debfdd85cbe51f054e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ac18aaf5606ee44fa5783e01d5fcb74

SHA1
353ccdef8cd2e22cefa739f192de7ef6c3319bd9

SHA256
0ebf99b9b058330436216400fcb4df6a47b5d31f164665758aa18e206afb93ee

SHA512
58637340fd2dce6bbb4fd1eccef926acc2ce679bf4993df40e753b7d61dad33782db8c7cd25f351fe5eb6c5ea1f390db99b8964476ae57a534b5a38e86cdbe98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94e7768c9b58f5ae2fc19988d47a0517

SHA1
0347673b94da0014c76bad90e4573bef5f538ce0

SHA256
16702d29404eb3fd3bba6e6f3f4a66a0743d48ef412b2073b2620f829d972afc

SHA512
05abe08177be0f067f86aeef9858346f8fa48f8329a017562c134274795a86f699486c5ec541cfb47d189b35b1d65b315ee21c3ea674be570413954d1a48cd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f33e662352d2a2eafacfbcc66473b85f

SHA1
4c2526060dbbc8887b8f5f503cbd9ac2aa2c1509

SHA256
525fe26792ddb3ac4c777d538793b0a404490adc9428dc7abd9ec5fcdeb183d4

SHA512
b94a262949e8e3c885381aaf662aeb9d256b834e734daa5451d73c1882dcef5de185b8f36ddabbd4d9b9a9082fc2aac11941352528fb24e1b85dca8cf2822ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cff1f54a9e082efb7e0990526fe3e128

SHA1
074b09e607ad75e512b084900c250e2d124ce4b8

SHA256
747cb43c7eac7c414569800b83c166ee830c14f6e1ef40669f7c64bf2e65d8eb

SHA512
d86779f7a97af21d667b27202b56d01d417f66806bcab5b98dc1d10f24c16f0613a3f7f75664f5fdbd4aa63521cbd993180f00001a9b420535aff623883a4f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fe11b32bd6b82fb6a050b6f2df5cbba7

SHA1
e0f8212b812a9cc7ec8e8dd44b3941de53128cfa

SHA256
9125e1e64ddc081877ff71a93f4ff93d31dddfd3f21382bad766d9064e161c98

SHA512
2c7b5e3b84c809e7b17dc914530e8ed9110a741baa9d33297c86420cbc805ea021cbe81b3e42db522c29f1af42d7fa0a471603ace6ca92729bbe39c1b934e0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2dbdbc11a43a577ae4541ea89e99df07

SHA1
e73d16e5101c3099257cf3eac3f8ea39c069ce77

SHA256
6384d1f04192284bca765cf0442c126ee0659f4cf4cc5f3fe0d87e268d07460f

SHA512
38b4288eb3cff34e06ebcce4f703842951c4a26a30f1421f9570e7029e63f8b36d2457b84edaed8048b89325696a2731c4f181d40bc06a28c10ff8bc24604c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0be8f3a507f8dc5fc7b7f62ac583e3c

SHA1
e16cafb8c1a07c743713ce45c789bec61711eaa0

SHA256
756dbb2bfe22b72538345fd93a9592b39f28c2df48bd2ac177ad1c709c3c7e5f

SHA512
5a7ccdbbccbb1b3964770e0dcd4b6f9714ac464304a213b91ae555a14194f44db4a0a123d225741bee506106ad415a4b8e7f642a684308040923bf54c1536056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4cfbd11cecc5a1937503291cc3157c17

SHA1
fef0554000ee6c8399ca59c3478cf67fc66c107a

SHA256
72924bcccb9fe653adc840b163ff0b9e28e7d342eaf19d8d680f7a996aa83d54

SHA512
2ed62da73d2d98eb4d5aab3be11af541e9b5b712960b06efef48e778a48eebc71109adfcf9359eb3b6d08e3ee7af1762bbaf9ba4e6826b998e9db195d1135875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc41fa0d988e289264ab57d99bdfbda7

SHA1
f5d2494894670a9d7c29809d659f208aeda806df

SHA256
a72808eb74663166a8676d7a31a00a1242d411d87d544e12dd24b7df60ff73e0

SHA512
d42e935fe18b64e0db9abb4447955bea208587de228ee4d98455113b351667137a1aff159a97e1e070cbb1e6869025c2b0cadb2ad5995ad7dd62a8b8f965660e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5743598903d13db47bf058b585409be4

SHA1
178a32c8e710d06ac0c9748b9f0a79c8f4fda279

SHA256
82b72e6888842f11dcf1a4747342b7cf3267de25dbb5559f1338530419993e51

SHA512
f669dc67a386cf06bf1e3ed5cc5e3819c738a79303eaa5869c2a1e9dfc968f8dc9fadd3bc3d0ce581effe468c6bfb5b39f1c407aeab347acef1bab7e2a30d39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6204d31cfec3aded491dc6db9d117df5

SHA1
b9296228448a88521cf88fc0bb1c3d13fce5fbac

SHA256
9817af5bb4f803cdbeb8600e6e4159431392f2aa252d413d052891b1ee34e25c

SHA512
542fb6c71fe98c71a725ffc03677bb08aae27f19855df6f94cb01cddcbd9ab69e9e6bbb6e2f3844b31ce7b8da2642762dc52dfda9b4b43c6501e339e98ebde87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a21e7854e2b9795bff508651634c0f1

SHA1
88c95b09b01236d0de066b4bf6b13e7bcfa2c6f6

SHA256
e8157e5bafcedf0efb97151d36c4dce3fd8c1ec87ca23bbdf12ed31779ff68e5

SHA512
5f573176585703316f87172caaef49e78c44d1f2c808747b72886e765bcbe6cad6f1e7cefcc0890bd5342dae16dbc2f04ec5dc0ddb6ea08df166651483a2170d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f7c2ce7cc817932fdf879c41f750afd9

SHA1
096cd227efbd18feba046be50808e17cf54535de

SHA256
2c8e3cd6ab23e5ed1f6ced87d120b039f2a442f45b0312461f892222401f354b

SHA512
b441aa894e7478aeb4ea0ee51af842ba860ad075a1e730a078e2e90ea17afb536cdcc03e5e322a58dae7179be595a5a2127c226b212f1c060288a196ee44d924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afb64f33cf229b96267544fb9c43b078

SHA1
5ea1457a4517254aadc43ab8068f98de60c17547

SHA256
82cc7feb20a79ed4c870b30f2075c9c78946030c105e4f455f66df7d31f4ae61

SHA512
9f32d4692b09b752468108e76ad0c6005c23acb66e274adb0f98f4ce842adcfb94b1b76c41894afc1b07a411971ee25a82dcc9d78b816e788147db3ca709a738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b5a296b832793b7dafff02df7db591da

SHA1
3acb3e226312090d4c95325ddc8763552f051909

SHA256
9ce1efbf21aca3ace3fde7a8a5f549a755e296304b5f504b5058956705316ccc

SHA512
cbe23592a9f9ca44b5d1428efa5e96b499ba669b7e0e3a1921b73719373dcc0a53392eb9351d0602b440a78345db9c582bddf7cbe19416e808a273f482e45fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
731e8cf0b738de9a6a848e2170bc1a70

SHA1
3afc24c299f2074bee9b20cf49e2815022c1047d

SHA256
956634cc072c6f6c1247dd2979d6ec5e0bc89d43579aed892059885237937ebf

SHA512
4d779c8e00bd7842f5859fae5de19034e9f8315425f3ab87770be13ef119dc43fa4ab9143f49ead62f8611ba35fa808425dba61219db18c7c1179534678797ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
342d20287ca5c44ab731eec9c1d5ed07

SHA1
7d1b648df57359e0e26efee9b837fe964479b7bc

SHA256
2abc427374e257c378aacd59ad554a5497f6c3a3bf5b7cd37b9c70d419da68ac

SHA512
49a494bcf01d3e6b5d9db83444505f7f9ab3a0a697209ea01a8b7d357850e747539700d27a4969afb92825f1f784c5c5c6bf886ea3549e323861f6c5d4a393c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de85d6577ff5ac2306390d6569a1cb91

SHA1
b5ec0c25a28390ea867148635e0fdd322af5a369

SHA256
eab5c9e70bb0da9fb1c76e2cdef967f13a0f29b2626ca0398f5ec2920388bb97

SHA512
2e544f9abb036eeb6e5ab4895182257dcef24ca35181c6743074494620b57be0318b0e6812c9d542830876cc0e02883df78216de22faeec581394d1ae6c119b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c8d4ea5c6b6f93946992a3b4c61df3f

SHA1
5196002c6bde211fc30994004244d674918f22e7

SHA256
ead0d26f2a61d6020455662aba01f2b814e71ca7a06d9bc43d06d258ff9d9f9a

SHA512
fb828bbdc9596e299bccb7e63ef3384cb19beada8940e880da06a2f04d3a4e6fd3d94097e254e29f6e9e7112c9e237f7be2d6239be40141d837473c783677d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f02c48f0552a69adf77d95a91691550f

SHA1
de0ac644e6efa8649720873c464647ce0439a7e9

SHA256
581345f6670210ecb49c11d4ec748f51186cd3b765c4ed2bd01ce248af1fe80a

SHA512
4a472d95e3941d7203999112a21cbd400c379e0e9ebc081f90cec36c9556650829a0a496282eb778ebf767d618ab617afbfa33c51be5deb6b2d3a39f5b14d86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3890316c7dd5d0259a620b618c722542

SHA1
bf033ea45fc336a0b90141feb88ef300ecd9d7e3

SHA256
04af72ba78d452415aaa35ef105b7ac385a287d862c4b1255b6136a673f53006

SHA512
bd32a04bc0a6a1867be15a0d3413276bc965d0053dbde63a7bd6aa79720797336576c64ecbe8268ca709a7527027a8f037a11381d128684d38e5c2f5b8018e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
17815b32969c6a09acb280db7bf5cfbf

SHA1
a6a525ab57c558070af346e2e6fcc5da6b2aed65

SHA256
c1be67ba165eeb3d14cd93131213a202047c7c31d5918f3a4a9d2377174fa0a7

SHA512
ffcedeb54f682497091d597ec0b3257bf677434f715b3df5ac4b094b1e2687b7fcf84e1e433105bc8a3d9c3883d670214872d68f0fe7bc4acca01f9466f92ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7dfd914772cb060f98301c174738e27a

SHA1
389cba96efef7a921e1814d58017f032f55cefa1

SHA256
944fbeefd158a409b5f9cf932a3b014bb8d06a47d47ea1610abf17e2e5e28150

SHA512
fd07e9973cfee67b1ed4022b17e1f859c9db8c6b40aae3d3593b2c98320eb908b2f41c2c748c50e1597695a7352208c2bb4139319b722628033ab69b67d4db25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e677df1098274e537c8993af01822af0

SHA1
3a96d1c8cef314db30feee7048f3fd3caaa92086

SHA256
7c580d3810dcb9420e77d8b5ef3c2e6374ffab2f3f86f395ba683dc4b08cef7d

SHA512
202ca1eddfd429d1b5006d869b9aee5f71315b43a1526b6851dbf2f68e9753ab84592cc5aae488a9e45492180e8585c734fed14a45aa82978b5798ac7ac2ea93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ffe308990ea9d130eaaf89f2b83b4ec8

SHA1
4d2584f31e6f615515b5482cc5f208256b855cdb

SHA256
546f7745731e2416f2a8521eec3837f58a40fb96bf351667f72e41cab50183d4

SHA512
cf4df8c3771ee8c6f7ea45b86dee121c90cf17d400c702246e9d56f690d136d1f88e98c1b1b6c45bc6992620756c925e166f2d4ec0f4d5cece1fbda0a497516a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77e3c3eb55cd44ac18d55c1be019823e

SHA1
de8494989ecb740927968cfd5c3d1a0cb846401a

SHA256
8dc41a9f7963eb70eb6176e3ed6495b93685231652d6da78ba59fa7aaf153a1d

SHA512
96bba5271a0f31f69efcbe71f107d88c961e646a9ef7359e3e2018af5d002172a9bcded8d096bb08347fc45abce75001bf24553bc979ef0bf77ceac80a6d89c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
ce4f97a2a4df68748f0788d4fd2cc480

SHA1
a95b6a746899ddff22c7b1b6f87d1c2e404784c1

SHA256
37fc79cea7ca1c08a973ebfc85a8e4886f6afb0de2be45727089351d603a233d

SHA512
0d252d86308066213694597bf31c7cf9635987e299b032b3beecd9b765a73f9d851f2c1b77bd99719ef7c03f99294aa9c57f5f1c1bd9e09f4bc10b750696e858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
81798c60dc278d8ec8bfea8bf81735d4

SHA1
ec4a8b1ffd01849b4e7c2f32a1557ebd6121feac

SHA256
937137a50d4eeee2c761f1806745a71282d3c7d5f3723c9e1d1c8c1df9e6fd88

SHA512
01c0ee20a13ae28de3d8bbafffeeff3e5565502e593e723c1b726edc3d262783952ee0ad4e4c3829f5493408047f04c520b6c0f8805e2f79bb38aabfa6a99e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35e52ce1f64df15d97c994f09c652688

SHA1
3323e1e43508029bcf9bc0f98979962539fe971c

SHA256
04daf85cc1f337a12fcc5db19efa85c64962481fa495eb1e34654302accee935

SHA512
57fcbb0e6c7d3bbf325b36a6fdeea5045c6c8b03b3f48583a90ece8c277f38d19af999cdea1d976005669ec256d330b99e8a80f0afdfb59430504136323a6955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d38879481aae0fd0349811b60b2fdf4

SHA1
55e80c703daac6f9d26a8e088c01fb03ac5cdefd

SHA256
23a26e2b3fa5adb1f907d8d061adbf5e98713f19f10cc51a85d4e1f91c5c5df8

SHA512
a5482d67ac846dbfd02d8baf974722b51a4a5524df093bb5a2d6ef31429575b156f7788cd1df40bfe64a5c9db7ec497e8df29ecb9e7954d38a7cb7ce9ac4322f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7eff9beed812e236cda1875a10f0d66a

SHA1
eea8974a264a5313a31ca9b56efcaf0cd44a729e

SHA256
a8d558abd1ea4f595fa55be871365464930127c8fc38246b88ebe1779d6ce670

SHA512
0fef42f63104f388ad0efda7c9aa585e77f613ec816d5748d2ac807cdc42836da9c5257a07e33405a19202a94c4ec32e519121d73f5fbcc9117e9a213f28831e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67e95b70e26e324fbb233a987258604e

SHA1
049c778688b2d7d6ceda75ecc428baa3fbc7fd6f

SHA256
2dfdba4727dcec662dc16de7a5b5e120e682789e1fb06929c58e8cd0523f2653

SHA512
893773307fd70f3bbea73dd3008e0394f2253d2a0b8f4fbf3f12c65852b271e1d5e47225bbaeceae83718bdceeca156a9b014f613d52cd03b3a9e3df639a53ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e17ab26cb40cd17f9e544cddd0949562

SHA1
5f1e26f1b2c6b4efb5fa31f0f6d54184f81c8711

SHA256
62edefded80b3289ab35b7aeb91ffe79c35283478a7bdd350f4460ab6cdebd65

SHA512
683b2375e522940122be276de07f6c93db62940a153794ba50dcac28d6a020f379b4576f94f60fa9944bb533ae4287a5d22dcdf36d36b5d4c4c59573946b9035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e2786ada4a8e21ba3f12cfe7f466f78

SHA1
c54f234a21d64ff928fc9612b8fbb1b718a54593

SHA256
78f52afe1e9a8b23ddf5f2f42c5952156a90eaa1410b285c1a2f5a18772b1d9b

SHA512
7b247f7f127e3deb306292a3090deaa40178dae2beca0b03e5d759c42bbf0e91dcacf51dd6063aefe788e31fd0e72ab5a53fa798d58669dff1ca8c086c65410c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ce918edc6b73093cf731f8106d721d99

SHA1
eb28d71ae375457545966198118a19efd6d11255

SHA256
1b8cb4c023c79098a463869deac2bf3ebaa8eac6efb0c0f794efdbb0588b6b06

SHA512
217344a3053c7248445461a3bb35e5d94db5b9a2371cbe33a3e7a92e0f134be2cd63161e6bfa1e10ef6402b0e2d2024610d9e48ea44cec4f73118ce5723fe207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22c74ad3d88aa1530f920615bce66a91

SHA1
a030d6e9ad4c8f7602ef0ea372b9c9ed73ea910d

SHA256
7728bee6b1dd16ad2eaf86302f9b04fdb530155ff51560dee4b7eb68aa332d06

SHA512
280525ee68b5dc0203d0fc1927a795034b5dcd8abfe667ef178e739f581108e8fcfab468c2ab9ea727ec0415296b3edff1bcdf3a1df3b8fc157b5c06a7c60147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8750457a4a2ec3af1dcad9a8933c32fe

SHA1
d3b9bab1b9a6b140e6710ac4cdc5863de61a775d

SHA256
06375fa3d2f724910258ed664b4ca372deda38a43142b9be145b94df9957c252

SHA512
736a255e85640a96bafbc2faff91f98b81a364ba68fbd054aeb08d1768e888aef1da6c63985b4dad6e14f684ed982d85bf619866cbbe47121638b4d40ada2711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f34292d48325f8de0234dc0a981b9024

SHA1
b6f03da2d22eeec08de9881acb3ad05ff4fc94de

SHA256
f55c48b8a4cbfb09ce04b8ceaabed78fb28d34bd10ef066acee02980a1c040e2

SHA512
ca24041d4c7db1ae146f0feea53e13dc35c106eb377a2c181f10df8a0f4da57a510b7f6787b56bb8818170880c13436fcdd512067157ba7d715a0224e7ef1ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5e632825669a4961a46040c56ef73f5

SHA1
7a68a8ab4f34a649d1c18dc3dc60f75b82922f7f

SHA256
2fa2109c505a30c9d39f4ef479f2401264553570d0a70eb5f26d08a96af2e5b5

SHA512
a689107b5d07b574011ae569b86f0e10fe5b90d3026fa6d4163f0ee260d220e355121244c929d304a964eb86fd9540d3551e289c7d2cc50e8f13b76132d55dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a5e9c.TMP

Filesize
1KB

MD5
c1ee7c9d09cda7bcd2efbedb2a8ff0ae

SHA1
cf9a8f0af06f8b3b3e9118d24d6f277fb2d656c3

SHA256
802c54b00d4d15108ae11f8246e10e44bd23ecd0ad87d43b7cbe3b21b1520f53

SHA512
c5bb8bc139c4941d2e32985dc85442ef61e1760a519cd944008b3972b7ca6f9acc2ce23b1e8ccb06469cdcf3d91c1bdb2a9a84c4dd89b6379792f142451b06de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
51caab98bce8e04b3deb513b5e18d923

SHA1
6dcf20b05db7cc0d3b8961dee3061f5d7338d0d9

SHA256
03bca48fa785f14a624ca0124ac597f48a4a5b3a2e4a51ce8c330a936d9203da

SHA512
3edabf7df5d5cb981dd38e3e7864233d263775be67d48613bc8036acd17ca7e2e8bf5c5b72088c62e1fc9a247762573faf53fb1a8d8a90822c583204baeb9242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c00813877390c89264744f31edd917fb

SHA1
0d4e23d0ccdcc8e7b4482d1739e2af38a32031d1

SHA256
f039877fa1f5a11362beed1c09cc9d7f2e77be6f36439b1f46a8f44820460ca9

SHA512
48e3b2151f7dccb8d75eab5c9cf2be9deefedf2ce0c883495c34c2d9dfea1d562b41117e17a1ea50b2ba2e4f8dd01dad5cc90080ff2bcf527e5f00b43a19cc72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d16e53858e5ad8a4202d15a8fed36502

SHA1
8069be4e602874b96681fa3fd9206f5e635e0c57

SHA256
3718516528690c8cddadfc0cc4ef837fd2005552b9d4c0aa59136a776403e31f

SHA512
12043b40aa073e190b5ab32cb2e70e1d17c7392aaf404cf10d2309c306314c20f34576955555e6a6ee560a4963e3cdad784af132f13a0d021732ba0a9ce63a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3229ec0b5f01af6b51cb959ad299873b

SHA1
18b175fa9e7e7d105ed8b956f794b7ef02c586cb

SHA256
c8a6449647ae3126ba02bab16818d99428a275013852bb68c69f4339df712e94

SHA512
005628f80853c095da26046458866af070032e01983443da0ec4850c49ecff8934a71988ae7b390a8dad1ff0435e6ed2156fb381a100ec6dd20475e9ee02647e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d865a5635166faa6abf20aed3031745a

SHA1
aa5fe6688f69538c4da720d14c478f4b7844eab4

SHA256
f398aea4f260a4516fd5075ee870d65bdec6a4718c60b19a34e0afc16b225211

SHA512
15f6b4e3258f6570e44b806971efb9545ffe92342b920af17b200397871858fc6ea0e3f2d9bc2a436274fa993b0dbcfd3160062efc07dcefbd3fca38134df540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4de790ad95784f6344e1b008695e0748

SHA1
bc4ca54f8cdf8680f76bb1dec37bac94482e11d1

SHA256
fe487249da27180a1f789397240fcad5710c020c1064857ce583ef29f6f015e3

SHA512
4c3fefa4423f0e641f45f672317f9e273b4878272b150259121ca8671f3e8c83b4668afd49d7a130f86311c659fcc68952713073b7ee39f09686044601c4a90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0fac29ade07f39e68837be332ca00a55

SHA1
82114982577fb5c11d3dcb4ba42e651d3c95e446

SHA256
a2347fe855866344de0c38ce40ae5a83fa234cba350753c38c68c7eca0154271

SHA512
3d7e727399df4f096c315d94dd3562a44a0560fb436ec82912a998917d44e9b673e40fb6fd456ab4bd82c18bae7c27df388d482efb69f34889d153f2d129f313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1454549f33df636a1f21e0fe8a8042d

SHA1
6396123599486bd343e49081e16d3e1af78f17e9

SHA256
f5c6d625a8a263b7f7ccabcb3618809fddf38e54fac27a51acbede6e7f93d7f6

SHA512
8f256644fff9d35f9c0515bc5bd43642eafc1ea622464cfce2e09307d403eb199983841155ed5dc8977536c3b5ad1d3b2b752287ff729fbca38a68a038c69b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33ba31ff53c13ce4fd448f6048fab965

SHA1
3712157e2e8dab0f57e4db77cc8b7e4cc694a325

SHA256
b8ac055344c2ef4f6757a98258a1992549bc6175d5b38f89c446941ef8177cd6

SHA512
29621fd509ff1fc40d8f0c9e5cadd6fb734413c967a8b45e7b6fb0e2621821c36ff928313f480be5663b978c15453ac491ed044dfe6dc4fbb281687bad4f3510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b03240d9b9230ba992eabb1e35607d7

SHA1
41f0e5a18fd901188722fd743be1f4a006065344

SHA256
9071a5124e9ec102a70b387288d8b0665357b5ed823d2384c219e3697e1ffcfe

SHA512
16a8466a75afeb73be1c9590331069fb7ef1549644b5642d3b6ffbf3339b35a3e2fcbdbc4845cd40cb1f45a4ba6d5b43b4f4a19e6600e307d1a1eaaafa32851c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9d3d15df131ab9d42d05b27dff0f0a3

SHA1
04194a53236a4f6f93cf0f62643dec317e7375cd

SHA256
2ef491700abb2ca078d070e509ac62f546788b8d4ddc7849350652da61002653

SHA512
018dcf0c804e1de52e6efc8964df330ca742c2eb9cea3cc0b35689e804f7e8933334cbedecc6bc539e3b68a1b1aa9a2206cd89754890de8ed48a950bfc822906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b36bf157058ac6f35bad27f1087ac1d

SHA1
090591286522bbcbafb5dc0be45c519d50470b33

SHA256
2203cbd2507e1b812de777f9bc3278da46f6b07d1bcb240f33a4992bc4696904

SHA512
3718961022bc924145892ce1e10d90546d906b4aa449e2172848d70b8c7de177a7cfa082545de984f7b6dae5deb6365800ccf8754b2b89fcd3a10889165358b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e83a2672e7f96042f9d17a8d56d7e75

SHA1
38123ebec7a135fb61ec0a6add8a492e6534371e

SHA256
552089e52cb6e4dcb5a7540885ada3b1dc27a84743f3d7346dd8b455a9030bec

SHA512
dbb6c8a729bd5ee6597e0167f5e6273fcd005343e5dc0544c52ff0c49b8c932403e0cb3bd1cdfdef6b0cde8ec58d9f35a6657507a2cab950db09cc3532419a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13ee0c1a0ec4420b9f1417680d49c21f

SHA1
f2aa08735777e734b3391ecc9adbf9b19045a0d2

SHA256
d8e33123bbcdc3ceef7089025a9677946e5be9d2739f5572c09fa6b0d8bd3c01

SHA512
3cbe41059d683a05ad2e534d656bc3ceaf1db90f47a42b40253df881b1be3c6aa6c92067e72520b2ca4ad84dabe96467b6c50c3a0531c2f66efc401f2953c631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
80db8da5738899a9c556c567bdc3870d

SHA1
4dba28faf90abe0f13982a18d3348a464836a738

SHA256
976816f194182552a97b0983dda7a86eda5fb01e8bda579faf5051ac977bfa54

SHA512
a3960affb50abd2d3d643e3f35dccb7f0e5cb089ab2ff6c7cc0e76e6ec9543099a948e91d9b66b3e8d144be65fab0a232f94e0ec4821f04e60bdc72d15f82373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
588876e0ab1f863da57ad8eeb6644b5f

SHA1
3ff99c1faaf1a5bb3ba716605b88d01e1f587f96

SHA256
362afef798f28b1d3522fda00f5b677cd94b3c46b024d14474d509ee7d99dc72

SHA512
385beac659c2aee8e1fe495e15b90943ae8e775c3bc813e10609a2cceb370631d899aee0610a74bbe86e8fe91fd9b557ba38a0a60553902e3ca114e4e79b2b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a6b6c3ebee228e6c2b309c7c307225a8

SHA1
38ed68c8c2cce7a3a1058aa3e63c3f3ae34b7905

SHA256
6877f4c443cdc6e105c75f5190893dadeb71c0a7e452be25cfdf5cb31ff7006a

SHA512
e74987ca5137e8786cc2917bca4786fda58b321a749cdad1037e798ba5b805e576a648641a978fa3e8e58d3d4938b7c0669ec3ca942b5a0eb52b125f0ea8ea69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b23a5a9671e8a261c50a5a6f1c6caddf

SHA1
56f45bcb9d1bdf8306e8c143066d8f692d785baf

SHA256
ee609a44dfa4b1064704c743f71c579d704e0b95fc7607fd42f64ee24a055ac9

SHA512
a8eea11e3b6165c9cb1e8d7f27f303ec140b37ea627b1c20cd12863237b0c4dc0dc48b5438496bcc1697a22e71a8636611cb6b3d8e72bd4727a788b43ef6666a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de67ffb345cfcc1b84553350ed2ca64f

SHA1
3e07bb4627d682b396dc5680cba269fc00542b42

SHA256
9da6d11f92b4e647b8d3bf2e606ddf0e3b0cd94c9aea7043f1e86986e47284e3

SHA512
4c1153a48b335a25319be6bf513a489bcbf0ebc9feb28cabcaf1d61f9b2cc35d37d451a3fadd8207dbf1993b10318b4cfae1bbf380c5d883c0fcf5e5b3b3080e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d38919762a3ba24851ca2fd8e4d7873

SHA1
cf27e1318374f7339b4170e602e952ac264484b6

SHA256
0448c16addabb5a2f3b5789e69d6ede30e9d5c26791a35756cfb094c8a94ae3e

SHA512
03979caddf8fc53345b5a41e463ebd5b75196c1d411ff641ce06724cdf042cb92eb783807654bdfcf01d642827d2177fcd9ccc48779f8a10185e95f754193b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72b770686227e54de3d51a4cb0e15cdc

SHA1
87ac1d11203e9be985a16c3838a485b0a1dacef8

SHA256
860e8bd23edcf0bf264e9f971a7df27b32ee2c4871c97a2e13766cc10e826e7e

SHA512
45e8c0047575e9772d15121dca2c696597b08ef982d939e576505c5d5cf0e00f880826785f98947308a812d4425507c8997ed26480519119ef4973c9e065ddd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0915a8b592e7a245374227e57013cd15

SHA1
967dea03455731fedf4d9051f938376ddacabff6

SHA256
95dff5be7495f619bdb18ad48e8f2553f776117123f0107b92665bfa10fdb922

SHA512
06da802c12565da56e6e3b7715c87ab151bf0150c1b12b9104fe9b24e3c46aec00a21e9fd17a75072024edb8a400809bdf062c15d3368b89074e33ac9aefb255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b74e57638224ca190707930ac59230f

SHA1
a5441fd5443d502de188c180f48e0d1eb79ad2e9

SHA256
1bbae7db8992d684d49f4505d2db15ff0c9f6babca974a9427af6c21dd40edac

SHA512
96356a17298d7b087e448396a496fd7c34ef75542016c6dd8054295804725c7d798c9707da546f55ca3fb973c52a52548e189848c6cca339a0f423625d63f138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d324d2176cf98ad9419accfab41892dc

SHA1
cd2150635ec1e551a2189193e96df4f52f97d86a

SHA256
b561c05b9b64f27db65db6926e9f2833d36259b82f4763c5b2ec097f0e358cc2

SHA512
8074e6f3a047b0608a7789c16169a5d11d12145d26ec960af9c5bf543f2f7171eaba33562602ac99126644315d6c2986dcaf080cfb1882434443fe29dfe891e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f528e845eb67baff4269b5e9e2782e5c

SHA1
42abddaccbea12559e1ad121aa761f2fd7f04eaa

SHA256
4fc63e55ff30426c3b554a1f7d10e8970cd4945f1a4610fe417b0e66e2bab496

SHA512
fd0bc7d5abab63b6df1ef27053f7e9288a92eeeb8a9837fbfdb7a398fa435d4962673bfef3070eec195b54cd138bad1e6a1ecd853555a6d5204ed886091895a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5bc9d99d72ba8548f18b797e44382b77

SHA1
f528247447d6cf06fc1088d398d22ce062745d02

SHA256
f8053b69141998b1fa1a5cfa2a3d23227c9cdfc0b13a33b12d21c822e29687a4

SHA512
870abc2d85521a4e81ae4a64d7d0a493f118b42b2b13d2a799aab227b3c7a0b19afddc82e6ed0346d91c8cab8c7747f21cd4433d214ddbe325f781f6346e5829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0433954f50be336d6f27516604625d7b

SHA1
7d525ebcc2dd38d32c32863bba7c6e3bd0b9c306

SHA256
0914ce216d6a3fdf1c6b5be8380f594879bd52d904e24b35e0764a60d202e4af

SHA512
0d8e7f3f16edf23b8e6a2279136ea041baac6cc8cb86b68fbcbdd8db60ec3f2daa46054c0438579bcb4b36c0e589675905b0a28cd3ba407bbe2a8ac88024c564

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5480-745-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-749-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-750-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-740-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-741-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-739-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-748-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-747-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-746-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/5480-751-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/6120-785-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-794-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-793-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-783-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-792-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-791-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-790-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/6120-784-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download