Overview
overview
10Static
static
10Malware-1-...30.exe
windows7-x64
10Malware-1-...30.exe
windows10-2004-x64
10Malware-1-...40.exe
windows7-x64
10Malware-1-...40.exe
windows10-2004-x64
10Malware-1-...32.exe
windows7-x64
10Malware-1-...32.exe
windows10-2004-x64
10Malware-1-.../5.exe
windows7-x64
10Malware-1-.../5.exe
windows10-2004-x64
10Malware-1-...91.exe
windows7-x64
10Malware-1-...91.exe
windows10-2004-x64
10Malware-1-...ey.exe
windows7-x64
7Malware-1-...ey.exe
windows10-2004-x64
7Malware-1-...ad.exe
windows7-x64
3Malware-1-...ad.exe
windows10-2004-x64
3Malware-1-...ti.exe
windows7-x64
5Malware-1-...ti.exe
windows10-2004-x64
5Malware-1-...an.bat
windows7-x64
7Malware-1-...an.bat
windows10-2004-x64
7Malware-1-...an.exe
windows7-x64
3Malware-1-...an.exe
windows10-2004-x64
7Malware-1-...ve.bat
windows7-x64
7Malware-1-...ve.bat
windows10-2004-x64
7Malware-1-...ve.exe
windows7-x64
6Malware-1-...ve.exe
windows10-2004-x64
7Malware-1-...ya.exe
windows7-x64
6Malware-1-...ya.exe
windows10-2004-x64
Malware-1-...re.exe
windows7-x64
10Malware-1-...re.exe
windows10-2004-x64
10Malware-1-...ry.exe
windows7-x64
10Malware-1-...ry.exe
windows10-2004-x64
10Malware-1-...ck.exe
windows7-x64
3Malware-1-...ck.exe
windows10-2004-x64
3Resubmissions
13/02/2025, 01:26
250213-btppra1pcz 1017/01/2025, 20:14
250117-yz7h3s1qfw 1017/01/2025, 20:12
250117-yy9l2sslcr 1017/01/2025, 17:25
250117-vy9p9sxpez 1017/01/2025, 17:21
250117-vw8eesyjfp 1017/01/2025, 14:16
250117-rk9ass1rhk 1017/01/2025, 14:12
250117-rhv1ds1lds 1016/01/2025, 12:52
250116-p4et7a1mez 10Analysis
-
max time kernel
899s -
max time network
892s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16/01/2025, 12:49
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Malware-1-master/2530.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Malware-1-master/2887140.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Malware-1-master/2887140.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Malware-1-master/32.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Malware-1-master/32.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Malware-1-master/5.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Malware-1-master/5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Malware-1-master/96591.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Malware-1-master/96591.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Malware-1-master/Amadey.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Malware-1-master/Amadey.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Malware-1-master/Download.exe
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Malware-1-master/Download.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Malware-1-master/Illuminati.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Malware-1-master/Illuminati.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Malware-1-master/Petya.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Malware-1-master/Petya.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Malware-1-master/Software.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
Malware-1-master/Software.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Malware-1-master/WannaCry.exe
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
Malware-1-master/WannaCry.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win10v2004-20241007-en
General
-
Target
Malware-1-master/MEMZ-Clean.bat
-
Size
9KB
-
MD5
bbae81b88416d8fba76dd3145a831d19
-
SHA1
42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
-
SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
-
SHA512
f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
-
SSDEEP
192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Executes dropped EXE 1 IoCs
pid Process 3608 MEMZ.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Windows directory 59 IoCs
description ioc Process File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 20 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language calc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe -
Checks SCSI registry key(s) 3 TTPs 43 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings control.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings MEMZ.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" explorer.exe -
Runs regedit.exe 3 IoCs
pid Process 4972 regedit.exe 7624 regedit.exe 8484 regedit.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5916 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4376 msedge.exe 4376 msedge.exe 4408 msedge.exe 4408 msedge.exe 2412 identity_helper.exe 2412 identity_helper.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
pid Process 5588 Taskmgr.exe 3608 MEMZ.exe 3144 mmc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe -
Suspicious behavior: SetClipboardViewer 2 IoCs
pid Process 3144 mmc.exe 2888 mmc.exe -
Suspicious use of AdjustPrivilegeToken 19 IoCs
description pid Process Token: SeDebugPrivilege 5588 Taskmgr.exe Token: SeSystemProfilePrivilege 5588 Taskmgr.exe Token: SeCreateGlobalPrivilege 5588 Taskmgr.exe Token: SeShutdownPrivilege 5916 explorer.exe Token: SeCreatePagefilePrivilege 5916 explorer.exe Token: 33 8952 mmc.exe Token: SeIncBasePriorityPrivilege 8952 mmc.exe Token: 33 8952 mmc.exe Token: SeIncBasePriorityPrivilege 8952 mmc.exe Token: 33 3144 mmc.exe Token: SeIncBasePriorityPrivilege 3144 mmc.exe Token: 33 3144 mmc.exe Token: SeIncBasePriorityPrivilege 3144 mmc.exe Token: 33 2888 mmc.exe Token: SeIncBasePriorityPrivilege 2888 mmc.exe Token: 33 2888 mmc.exe Token: SeIncBasePriorityPrivilege 2888 mmc.exe Token: 33 2888 mmc.exe Token: SeIncBasePriorityPrivilege 2888 mmc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5916 explorer.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe 5588 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 23 IoCs
pid Process 640 mspaint.exe 640 mspaint.exe 640 mspaint.exe 640 mspaint.exe 7868 wordpad.exe 7868 wordpad.exe 7868 wordpad.exe 7868 wordpad.exe 7868 wordpad.exe 9072 OpenWith.exe 8928 mmc.exe 8952 mmc.exe 8952 mmc.exe 8720 mmc.exe 3144 mmc.exe 3144 mmc.exe 9180 mspaint.exe 9180 mspaint.exe 9180 mspaint.exe 9180 mspaint.exe 3272 mmc.exe 2888 mmc.exe 2888 mmc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4752 wrote to memory of 796 4752 cmd.exe 83 PID 4752 wrote to memory of 796 4752 cmd.exe 83 PID 4752 wrote to memory of 3608 4752 cmd.exe 84 PID 4752 wrote to memory of 3608 4752 cmd.exe 84 PID 4752 wrote to memory of 3608 4752 cmd.exe 84 PID 3608 wrote to memory of 4408 3608 MEMZ.exe 97 PID 3608 wrote to memory of 4408 3608 MEMZ.exe 97 PID 4408 wrote to memory of 3860 4408 msedge.exe 98 PID 4408 wrote to memory of 3860 4408 msedge.exe 98 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4344 4408 msedge.exe 99 PID 4408 wrote to memory of 4376 4408 msedge.exe 100 PID 4408 wrote to memory of 4376 4408 msedge.exe 100 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101 PID 4408 wrote to memory of 3852 4408 msedge.exe 101
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4752 -
C:\Windows\system32\cscript.execscript x.js2⤵PID:796
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:3608 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:24⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3128 /prefetch:84⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:14⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:14⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:14⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:14⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:14⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:14⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:14⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:14⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:84⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:14⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:14⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:14⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:14⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:14⤵PID:5196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:14⤵PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:14⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:14⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:14⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:14⤵PID:5460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:14⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:14⤵PID:584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:14⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:14⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:14⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:14⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:14⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:14⤵PID:5832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:14⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7724 /prefetch:24⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:14⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:14⤵PID:5128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:14⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:14⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:14⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:14⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:14⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:14⤵PID:6160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:14⤵PID:6580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:14⤵PID:6672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:14⤵PID:6188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:14⤵PID:5740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:14⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:14⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:14⤵PID:7076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:14⤵PID:7116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:14⤵PID:6276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:14⤵PID:6804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:14⤵PID:7072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:14⤵PID:6928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:14⤵PID:6316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:14⤵PID:6204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:14⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:14⤵PID:6980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9620 /prefetch:14⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:14⤵PID:6448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10264 /prefetch:14⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:14⤵PID:6296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:14⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10632 /prefetch:14⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:14⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:14⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:14⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10472 /prefetch:14⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:14⤵PID:7400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:14⤵PID:7580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11152 /prefetch:14⤵PID:7688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:14⤵PID:7784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:14⤵PID:8180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:14⤵PID:5768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:14⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11284 /prefetch:14⤵PID:7348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:14⤵PID:7988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11020 /prefetch:14⤵PID:8080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10712 /prefetch:14⤵PID:7204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11556 /prefetch:14⤵PID:6804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11428 /prefetch:14⤵PID:7476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11708 /prefetch:14⤵PID:7396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:14⤵PID:7684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11960 /prefetch:14⤵PID:7412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11784 /prefetch:14⤵PID:7816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12124 /prefetch:14⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:14⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11424 /prefetch:14⤵PID:7560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10248 /prefetch:14⤵PID:8080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12424 /prefetch:14⤵PID:8264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12212 /prefetch:14⤵PID:8620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12628 /prefetch:14⤵PID:8704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:14⤵PID:8344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11996 /prefetch:14⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12484 /prefetch:14⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13136 /prefetch:14⤵PID:7528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:14⤵PID:5816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12936 /prefetch:14⤵PID:7664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13412 /prefetch:14⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13360 /prefetch:14⤵PID:8400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13956 /prefetch:14⤵PID:9108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12936 /prefetch:14⤵PID:7500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13780 /prefetch:14⤵PID:6488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:14⤵PID:8280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14204 /prefetch:14⤵PID:7540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13364 /prefetch:14⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13104 /prefetch:14⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12688 /prefetch:14⤵PID:6908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14156 /prefetch:14⤵PID:5260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14136 /prefetch:14⤵PID:6628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4977280764986079876,14398452942269333388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14136 /prefetch:14⤵PID:9196
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵PID:4304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:1968
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5588
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real3⤵PID:5156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5176
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵PID:2468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5848
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:2792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5288
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:5572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5576
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:6024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5552
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:2636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:508
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵PID:4500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:3820
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0x9c,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:4000
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5520
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:4972
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:2804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:4900
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:2008
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xdc,0xe0,0x108,0xe4,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:692
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware3⤵PID:2168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:1032
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money3⤵PID:6512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:6528
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:6952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵PID:7112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:7124
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:6272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5004
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:2712
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download3⤵PID:6428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:2376
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:7048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:1924
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:5184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5460
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:3080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:6948
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:6728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:7016
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:6920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:4448
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:6864
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵PID:180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0x80,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:6708
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b453⤵PID:7336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:7352
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:7624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:7912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:7936
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:6348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5784
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:5036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:5272
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:7620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:3052
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7868 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵PID:8156
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:8124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8112
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵PID:7580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8120
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵PID:3960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:2808
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:8476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8532
-
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:9008
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2016
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:8484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵PID:8524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8712
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:8928 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:8952
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
PID:7772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real3⤵PID:8220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:4872
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:6820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:7984
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:1744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8020
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
- System Location Discovery: System Language Discovery
PID:8920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵PID:2776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:4516
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:8528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8140
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:3292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8408
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:8720 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3144
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:5516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:1524
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
PID:8328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:6600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8036
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:7464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8404
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:9180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵PID:8568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995b546f8,0x7ff995b54708,0x7ff995b547184⤵PID:8856
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3272 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2888
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1572
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2808
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5916
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:5968
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:5772
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:3068
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:9072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
123KB
MD5353410bc0beabbf01adc7b7ccfcc7855
SHA112c15804c06ef9751e9e41a550ec5a52cf30534c
SHA256692450c0e0f3f0f076fba096e54e98650cfaf784a79eab5cfe596ec986f19456
SHA512475e1ceefc584bfdc20f3b9251d106d61ba65dbe8eec1047eb355be49008ded5ea11d8358ce63a72933ade0e553132e55cacfbff94483633deb3997906cd5a0e
-
Filesize
215KB
MD5d474ec7f8d58a66420b6daa0893a4874
SHA14314642571493ba983748556d0e76ec6704da211
SHA256553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348
-
Filesize
415KB
MD51e1330efac3ebf14e51ea002b7113021
SHA1e3966df298a04b595858bce1488ec9f67c9eddc9
SHA2564ab9d3d2e8ac1770c88eb4612581f4a5a4b10929ca8f13413aef8414b66120e0
SHA512c45c20ad22e63718cb891f8bc0e135553fb69ac5bc3b39967fd758808e828e0a78de340a0817a1c96d4d11e4370058d3fcf0dfda855e25fcb3473887c200b2cd
-
Filesize
19KB
MD599873c46e4ae23ca181a73991d89f65f
SHA1f5e126cf5b9f1a7dbb709efc5416d982f234414a
SHA2562ec10f8d02ff5500437668b6ed0b015595608d7dd492d41437502c212808af88
SHA5123909643edb6c3db8d435b3c442bdf4cfe42a2599605f0af50120e9444a967b8f85b2e7f110b9cbd910e25e0d288a3ab28353daf0b2d58b5914e67f92e2c6a350
-
Filesize
288B
MD5a8100abdd2efdf07cb0c8d7919ae0a5e
SHA145009eaab759949959aad84767208fc01bb1f74f
SHA2563483d5956ab5cc13ca0d353f3fe5c37f380024be7296d0546c4b311f7dcd2106
SHA512c501231246a6ea72e433c0a2304bf0c91c99feef9dedb86b2f8c4341b4d05526d583a9227f561175104b25c00c91d778284f66c77a2857bbc1e63d7d9d6e382e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5357ee18961a52a3040c1cffe54b6269c
SHA16e04d3cde12f29bc04f455a5d7fcf4ce97bf186e
SHA2566fee1039ffeb49184726a0b5947a753e1d751bcdac2ddcbace2b2a65f4caec48
SHA512ed757e6e1630505c815d514edeb02bd2ffac8b91c2ebd45aecae6909202a491fa96430fb7a20a0c65e66e4b3dbdf4606f2b0c807df8a12d1513d0ea394160118
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD58a8315c5048e4e22c92b69f43850e59b
SHA1b38b4184ae1a21c6617b18d5ec3ebfb805f64b92
SHA256194cec40f1a41364c870414d092372fb94a8ac41637b02535d01a27c2c209f95
SHA5129d0ff1fc504a3780675304c70f94393d7e4a82ab7a4b6115bdb7c22b4d8e9568319c30d0a47b6f50efb0ac7f67458165a41a61477eccec4b7ac420e80e364705
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f651e6162e01947e0857f7aef74007c2
SHA1a8440cc64b3172c8ab015a0adef1ea0b370a2579
SHA256c4f8d6e1c9f4f5f1533b98e47b3c52957fb9b5163a36c1d05b781019f0d1820d
SHA5128c41e8e4e73b66596ece2a192dbb84a63336ec3a50a6a20ec25aec9377cb360061460dc53f544112a3fb077932d6c010c5efd6c8ef12861a8671bca88d56fe59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD557cbc9ad7d95723d8cbc7f68324fab8f
SHA1c01354504ac9a64a6307ad1484b8cd6020549a77
SHA256b30c473d67c191efed317eac2f2f87efb273c9fd63e1187903474f5f4e1c22ac
SHA5126bac43e2abf67a6279820288f80b80a39d1f7e7d54ae33488e4d09ffe633beeee04af390e1077470e779540aa935cde391f80a3fd193c3a1943d6f61c2c6262a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD54e73c9634f567760b42119a16cb830af
SHA1ecdf32a12ce8242fb7a57ce3fc4688dafb1f46a5
SHA256bc61c94980945db57df73edcbef1b2b2bedc6fc32c5f5d73b37eb057527aefe8
SHA512722dfb4018cca09b3c624900d281469d2a97f927a939bb4074a30b02a4e0d3889bf34fc6af349e05aa17e47e60e3df3d031d05c5a91b618232c885355e99199b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD54498dfb53b93c89f6100a0576f9f08ee
SHA150202b309e46870f4ed4c87738ed5776490b1ec1
SHA256f3c362889287cef55889b3fe8c8eac5703309c49dfa36ca4aaa7494d4519bb4e
SHA51293134d6b2303f6ff8e6e9ad132c5239b0358f8c48d520f8b1e88cd2cfdac2240ac090cfd142ffef9c2d5ece57d1e141882c64cc6cead857b66042a5f05658c2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD57e72becfc233e46bfdef56ff077afdc7
SHA1a4adca2fc77ddb199ec0c2177f47c72c7526c0c5
SHA2563a280f65fb05b908c3c91efee118946d804d9344ddd90d38f75d0245a1f7fa2e
SHA5129785804ffaf38e6847efc93ed91cb39ea11cab8232fe78b61db3f52875b1db0273e259ef919eefa1208905a5fbfcfc359457b29fe6c9a201107c31018869e6a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5b885500b345600c704b6388dd59ceccc
SHA1c75b5c86c67d56c5b6061a99e8b4dfd0db379597
SHA256c193b210aeb4cb59f418ee56782b29cdb7c73111482dc8fe4f7b06011ef51a45
SHA512e7d30976f50020125d873cfac2f5d7b11a223508ff49f20649c59d8d223f11e9b63d796481e9fbe962fb184f650d02c921d6ad03034a3e1790c3f84670d58c21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5d2d4169375ae5ce3dca65838041000e6
SHA14b4b7f959d2e4c48cbf3a920ed30dae7914d6925
SHA25611323e43debe2440e3edf7b63cf409f58474d1d725e446e9e4fddf4abcf7a587
SHA512ac6a3ed3180a971d58a450b1f137060e8d6842aec0bcad59797dcee28d074b651d591273ff2bfb727502d54f8d2e9759a34e6683e08bfe0291390e202f69af00
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD56c27dc709a947df78f52852f2e65567e
SHA18f904559a1600ec3cbd6f27c0555b107d0923896
SHA256daa97eee5a13dc538fe48d3959327d70e7c5cc71128b1d502d71fcd8a8c37472
SHA512d8dc2bcc5c1526365f965e59c95a2179c82796dc95dd83d3b2366608f3291192eaf6c5f7c2e0149b7a2ad4029aedf2f00a796ce3f6b0d063a8351c0ff6c1b83c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD583a240e3916bd88bd84854cd67fd22a2
SHA130ddcf629b7c115c337dd05917db1cb2051ac070
SHA2564c1ae303ed37c3f6e1a788196df0625fd53541f2a3f6a96a0aba2563f71ab638
SHA512053f9de12ae3c11254d2008de7c4383ce4cfd41c893bc59c0cc8c46aab702f8e51f3e3db4bcc1f44cf430a91d05fb23660af862a8820bd3709982467bc397d0f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5513d58a3518ae99a8da9618021eed84b
SHA1f9cc34b9ad1df0f27b697de1d940053aea87e081
SHA256e4182e5c5e41b9bb1c7e3c9231e5a77a0fc0a2645b5164fad14895c8f7aa6c75
SHA51247abef879a1715be07801ecc0a372c3e3fbbff7f14e7460c0d673a05803ace736fead7308dccff773d9b8a5fd5648a2bf24287869f8252355ac0d11c9ba343e5
-
Filesize
6KB
MD5c3a4e6c34f489e94a4b2ed5b7f89609f
SHA195ea73d47ccd38d56b6049dd7b9197994349ded2
SHA256ebcc1c494ec6730c7b673eb7592d0b8b0935375ad9e7fc78fe2f36e62f490e35
SHA5127fb36f72d6cbe4d1c82eb4c2f408c4b919b6310f7b5dad62dfd7d94a2f0299401bcbd1d26ad73613e684482cba16ddae81f5c21551e593f4773a124747fc0492
-
Filesize
9KB
MD51288035ad3d751b9131884c1cff01a68
SHA1d183745da6c6e267de330efe566de314a6ed096f
SHA256f83b1da499aa029ff7cfd1cffc6ba79700a2e530b908d4759c49fc73e0c69440
SHA51242a7e2a8edb9b8ee55993aa096da2971851f159c99f25572534fb6fc48256dd1f1b3e706c89e4408d8dca6e43c31d5c255bb5782037eba9900ca73d3766798d7
-
Filesize
11KB
MD510e77d0b081c4bd71f0aaaa9a7a2f6fa
SHA160aaba7c8680cf0a5264f5a62d64363ac8145a17
SHA2569d0e0cae2c9a2265ede13a0244749920628ac9c630049fd3c3001ae2ca06ed12
SHA512698198580856e119484576b1f01c5d61af90e334eef9cf17d2281359f23fcf51261529cec82c97a1e648212b8711d497596d348f3ac09f33a9d697709ce317c3
-
Filesize
12KB
MD5d75862f41b28eda190054c08e5bf60dd
SHA10146b21fbfc93a8332838617e304e690143afaf6
SHA25665647869512bf5fdb53a33ece4a6977cf218c7bcffbb62aa5ffc74164c19a2f7
SHA51247a23653237064eda11ddb0eb83029bbc3e42d516af3e323692ea7c4a1768f3e45bf636b52f6450cef3819792c3b3b9ce9583b9a89343e011ec0e92736127b56
-
Filesize
12KB
MD564edab3f8e767aa98be19cefa23f636e
SHA15109d703842823ee13b96893e527c551db7d536c
SHA25638ebbcc4b5f9cd44909f548b3c1a3fb7c7d0860c9188fef0a4f1c983b67f8dce
SHA512455f9e88b089d68d5d70574d8d27753a8f227cddf24747f4de921ad7c75f64ef4f581a1684919d7adb7d7aeafa9c47b746d5a710bf5ddc22dcbc82765b869a6d
-
Filesize
10KB
MD565c4a9edaa872b2274b3fc377e6aed01
SHA133f93849fb32dfbfe294541028d4181d6dd1f049
SHA2567072e12fe05346697b18bc4a496f0d214b40a2e36bd2eb370d4b3f74d4d4a6e6
SHA512d2b4621fd64bdb225f2d9d4ce841df63c16af9fdf4134ffd35fe951a7a6fb1f8d2dc82f6dac2f4ffd1140f6a26da71c1f8c2706432265076fe14704e1bffb0c1
-
Filesize
12KB
MD5f69f236fdd08a469dc081de134db3fb0
SHA13a16505aa5e212a70101ba41ff76a38d77669a9b
SHA2569c7e50a64e2af78b4bfa7523267c013897581983d231d5b1a891a70a96b26614
SHA51257fea3f65a34d114f16f128c869df5f0a523809b3e0c17fd44266e1f819399f4208e09bd0bbe14751adbec88142f2622069b817380aca4b486f97ac218d3bfe0
-
Filesize
12KB
MD59eab11049c17a622d154e48c10f53a4f
SHA1aa23e7011cb7121ed66bfe8d67b75bc22ebfea68
SHA256996b2ca11825ed4a04ac3435e0cf822e750f8544f7f5f0f3e2d8f22ce6796599
SHA51241b1e7c53f6d6dab95cab3d2f17d6b70550035b426bdb60a540e077517d910bcbc82716b943beda67baa573872570140442a6d980a2d21ed664c890ee4c76a0a
-
Filesize
12KB
MD54f2bcf073810163ed800cf9048389dc8
SHA166a9c4dbfc7202c58dc4c362a2fc1aac8793275f
SHA2560256e6e78944ea6319748f4bfc5558e1a5c16a748b32fe301adc376d5c1ccd33
SHA5123caf1d0db0bcb7276cc14c4209ef045df21c1f80e4a64dc308698438caf834dd314830d025ba05ba68a9949bced5b235a0fea394a693c408df9114cbda337236
-
Filesize
12KB
MD5c491573adf975af77c95d41230e066e2
SHA1b2658f236af78af05dee058ded9dfb82f7ea26c8
SHA25671681f15e94e894bb9491fa92bc4ae2d374332526a3330bde968fd4198336721
SHA512a1acc01f0153ea44bc5059a07030dd7a40d06791373ee1bd85669c0ebe7567d053fe189a8d8defe063050be246341f481a6c9f240a1454bdba20c0df4e60a6e4
-
Filesize
12KB
MD53673bd41453d923c83e532e91dde8177
SHA1986f10a31a4920d06503ae25947b8005adf6797f
SHA256a4cb178f4248d7dfd2a60ef1dc723eb7da62bd07309f95b4da3f99a35df20886
SHA51221a0c0813874630c6e525c8d96d269af3833e5c939aad1d989cc2bdb3764dc57c8e2f63ab135fe2c012660bc0d937b99d4db85203d9a5dc130506481bf5e0d5b
-
Filesize
12KB
MD5030d083274198962812bcef0320fef9e
SHA1faf1c9de4a265ecf13b0dd6a35cb84a9c31a9658
SHA256d8f43f0ce65c5b05ad4a76511c7918349fed8d73854fe95bcb24b9e09c82e0a4
SHA5122adea8fd42597b6e4086b15676bc872958551c933a1d7afbb35164c623c7eb91ac9cb9cad37a47ba7a80ace2e3c4ad431d594c5381d850ca91bc31211c1b9f0e
-
Filesize
12KB
MD5d14133f8aba70aab1241ca325244530d
SHA1316ba3f6cf69b3510b6dde4d2a234550128d551d
SHA25641fb5a5f12de0af243cb3aded00430a2778136da040945763de9aa829091b242
SHA51207d28ddf6d44d596c7f83f004f088ccef7d37f45cbcc15b07e649acace8681fae30a96bcbc60fb2ab5201c57b49e03f7fac568d2ba12c771c2d706d439130a54
-
Filesize
12KB
MD5d10c1c81456034c21745be9585cb36e9
SHA15df123170f7d61725d1a412a558b369c346d9f79
SHA25640a4f7efe55af132ddaaa90d9165949338d12b79914e74711b01ce2145fa314f
SHA512d147879a2fca28c6538dd827697b8adadaa4c426b3c96651778374821dd93e0e4543d69cad02d5bf4cd31ce9b989a2e370c5ceedabc52142d2c41112c93a0b68
-
Filesize
9KB
MD5f2a0715e2cbf4ab0722f4abdd79d5f4d
SHA110c66537903b39231d9ef6165af63a16b70c1022
SHA256544b2a6efa5446b8c0317b2d571c0b1bc2602b5eb4f7a179fd4a23d374a8c8ae
SHA512a0cf53b27ed6ab2d4f43b44890d029d63ea2a23f9fe6b1eca3fe46c83844ceef39333754fa384676d632e489fae36ace89b906e8d71ba7f91dca6f1b456add06
-
Filesize
12KB
MD5a8898347c345a15c55d4ef7dfb47fd97
SHA1105f858405cfb1c955bb97519b96bbc82cead9fe
SHA25672c296b66124d87318b94401ff8276cecd73f7b9dcd8fd04357f8772fb1591a6
SHA512b33bf967b103f4ced8361baeffc88af42046725b71237bd3892e1be37cd9fddb8bbb731e902463fbac832c5a42c8a81fb31ea2138db1cd68a75d8683875b09ca
-
Filesize
12KB
MD5f446a9cca2ff780c0ede59ac552f2a08
SHA120bc1164474756216b623aca5ff4496e5ed20ee5
SHA256068f93341e66f874f81df53e604e8cc071f46bcc8ef845f0bff3f60f3ef6cf34
SHA512c6795393382b93618fb4e472aad22ab08c555cd9570ae4f7c5e999ed9fb797b9e194188984d9ec340639e7cab4b917a66974fb8dafa7dbc20a567b30b8b9e903
-
Filesize
5KB
MD55fc6dcc149a2a9c7ee4de411e7e0862c
SHA1036551e12275d412d14ff404330d1f3d5c90b107
SHA256df8d840bbc9da113ca4ae8ad8c90409991d4db93a23531520b979fd8c75fef8f
SHA5125f4d0ad813877a46cb71224b17754f76df8270851a947635c9b4bb5092533935b53cdd0e71d5549c645a31187e577d71b19c5bd824d96b18dc5de38f723c038f
-
Filesize
12KB
MD52ede06f54b54b832d69705de5920025e
SHA17c0369a362241e0dc038ed89085eabe1c32bb7e5
SHA25618cd508fe89280dc374386f634be946bedfc81d53850b0fc187d26cdde6500c8
SHA5123d295d1a8eddf4c64442a334b4f775476c1574fe6d34ef0a5a1eac1a68d3498185040ce7b15052aa38c74ddf5435dbdcbd1897439f46766fd61b75671170fbaa
-
Filesize
9KB
MD5bec75b163d1634e6d8d4aab1e3ae3f92
SHA1a1e6bff3764e5d9e78e39541c1efa49908651276
SHA2568d591aa7607774c36049eaeec871aceb722942a95423795bd85b7b52290b3b39
SHA5129438acd265240ecf2297e8d9997f1e63a9d5baae2bbe0e26b3c726b47a3f5b12e5fb7d06fa985517e20041dc417ea34c3a797a5e9b57728c43751a98788f40c9
-
Filesize
12KB
MD5c41ca7edc649bfb3ceaada1763b79509
SHA1aff7bcc571b3e3d274732880b678200c369f055f
SHA2564fbd50ea34a0547a3e19030bcf4be4d415e2be6c4e5eea364ad5e01e4e9c898b
SHA5125b260d0ad18ac5f8c42e0c58c6b71a4f6b15c8e376d1e87a5a1069ffebdd4e9e577554d08814a841938c863500d64e19d0755861ad32074fc5aad15759fa24d6
-
Filesize
12KB
MD541cb39ed0f98002e96cf3de21473b2a9
SHA117b9ae08f9787497adee1072c3e3412bc1483b2f
SHA2567eb3ea4674ccda81acb269541986e1db52c5945166eb925d2b8c42b0fc8d5c16
SHA5125f644c673b067c295c6d60f2551bf0b2bc3b8adc9e717c5c7eea0f9f1da324c9c1ec0db71023ac400db8a7e1ca6000ef167f472f8874e246b5c36508fba2ac3b
-
Filesize
12KB
MD55bd9d2d08645a1c3b151f699a0b7a653
SHA116af24607f4b4dfad56a777f1429b3e761a12bd2
SHA2565a25350e78484f101bfe742e306f3c827c3bd14b6f62657aead3e527f43bfd23
SHA51291c49216bc200dacca1082bf1e46f91e240b60755565e0edfbe422fd2ec7961ee2439efbdff1a6e00f105de70a8ff64b680efff0dc1fba57595481d11758f54b
-
Filesize
12KB
MD57f6db31e03a2dd17d0dc0485465bc342
SHA17ce000e2ff6fda0d7bda177634f22477e818bf2a
SHA256e8ddc1cd487a39bd0e24960b034321c6f59f5a8a41ce5440e75bf33bc633728f
SHA512b8223b2846b09d201fc60c4db4a9e07e0abe620cb5e115bac0c22e01ccbde6c313f511e3af9d4f27421705732cbae93bd5cd5f7417dfe6d906da2d1fcac07167
-
Filesize
12KB
MD5af10e153e69dd11063244dfabcd96663
SHA14ad937c0f5be43256c2782e79c15b48de6fbd214
SHA2564ed2c66a568fff1e3c1c47c8edbdc7459ccd8e39d12c147461107158318a2c72
SHA512c0ad908885e36c7c8443ada3f9625293a0cdb6b351109c11df003197fcf592cd3e4491c1fc9af92bb1563ef3a4155b5058cca5cb681b3f0c8da021f9bca8e6d8
-
Filesize
10KB
MD535168c6c4814d35da5afbbf57d5c3573
SHA10ddc498e9e00aea59916b3106a2eddd4a7b9fe2b
SHA2564d96c23c3ae28be04236ead7074e04d511f18adaf9808fb14c005e18ee7182df
SHA51290301dbca2cc73ac14fe4c2e876b5d3c06ff58214fc50d75efc1258c9f922e0d1b2384080561759eaf635fca2d903cf53461efc056a3aa5ab7f8194084e912d9
-
Filesize
12KB
MD58c8f52b4c3fff9f60b90392a6f9c546d
SHA1cdb90dba55d4fce66d126e609553752985eda98e
SHA2565d4ffd59c800b25afc686a35d7fe55a4a462e77efd7009d81a4f7cc670c9a088
SHA5121e566e1cea7e4c44222ed82d4b9d5291eadb06fae8ba09380951823e2f430e8be8941eb79a91fa134af053ba9636fa43fd2f3a42e785461c850fb21c8ea57359
-
Filesize
12KB
MD5e664c47d6698371a506925733d74fbfd
SHA111b11f68be85a5cc25d6543867096c97d9c973a7
SHA25632cc74a9e1e9d7bfa86179aec9d55d9e67f2eac98c2ee534d6438e8bfaa72afa
SHA5126a4906faeb21b2e5ee47530bc09eb7891c328348812b72471f4f3a6b65ea93b66b0a3fea6587e5f7a7dd259e9eda0f957b40beaa5a5743effa527fbd85ae4f1b
-
Filesize
12KB
MD530eaacaa56b89d3596daa75d39e9acd6
SHA1f88ca8dcd0ee06fcef8143a1b246e73b118ec915
SHA25627d7f08f6041cc63fd9e8a78604ea5a8cd3e9e8869349e9550ba12dc650a714b
SHA512b815742869eaf6ff7360a2e15bf710defd5ca0bdecc6c52322c376868f31bea7059a6d6270da07a521ba2c3db6f7aef87c2a7a23cdea6687da070d08a8f0de82
-
Filesize
12KB
MD5ed509011df6ef75c12fe74a1cae2cc58
SHA16b63c339c91b2f13f431e9af7c819b447880ac40
SHA2569523618d0643e027a76a4eae36c1ed692250c8b7d17b8ac38efacaf5ece44b9f
SHA512936deb2848399a7ead9546a95e615796b34e6dc762db90d76fa2435aa26ca3fe0bd5ff6d8d12811f89cc5892369e72bcaca80ca9f0437a0b71edb3a20701abd5
-
Filesize
12KB
MD5c4a648c71d3994b03c543f731e395e34
SHA10f70d672390990e5589394b53b46016021d6dfc0
SHA256108ec54cbb318d3bcc68235b44dce5ae6eca17004830e12719694486cc3af2e5
SHA51259f932393cd264b5ec6c0d4c3f24123e5569f64c6835df995c4fcaf8a5aa57d2a70e53cb9dc2465011a1b37ba98e37306cdf788efe1668ca72b51394335622fb
-
Filesize
12KB
MD5cd3f4a1ddab45362b2564ebf3bc1afa8
SHA1eca5096a3632e533927c334712e3caf7f7c540df
SHA256ab075b48c7b8fdc33b5312804e921fca482597b7150b7e4d8ded46396d95b7ab
SHA51201531e8df7a56a9998f56b8e74af74d7e7f3d59f54b38727139c4232c6acc11377072fc431c60e30d7a156d6203d374e886f18025505701c15b7b7d229969d85
-
Filesize
12KB
MD5d9ece186cb37a9df3a0e36524067c251
SHA1c45521e6bb073b7f75059e347d2a58a6944a2df9
SHA2569851dddb8dc9a57485c4909148c5c6f59436eddf8f9d9d535e7c9b8bbc8d5107
SHA5123f2caf767f272d969209738f2b0834b14b36cdadaf85cd5a1813cc0045d567057f4fefd0003457d4af3091921dd613d8eb03ed4f7dcfb1e0030b7b0c6916338e
-
Filesize
12KB
MD579ad034c90bd9c2addbb6993c7f1bba6
SHA17cfbc41758798ba31d193039797b2fa5c972e1fa
SHA256df4bd33e75346b590ba848b016b43859adc4f923e9f6be7cccfd70b8bbfe1f02
SHA512d5f88fd403eb39b78eb2aa557025aa10d733697643a922caf415ee2bd0f40c57c5727216638ac3c81480f58c75414a883e06913c28379b29b311c49782be615d
-
Filesize
12KB
MD5ec53eb095752c3d427d26b5de7bc1590
SHA1d511175541224b3c56b91844659491740865ecfa
SHA2562d10b6b4e12f0aab936bd964dbcdb60c7984513fa37e4cdf8ebf1873252e41b6
SHA512bd50a918a67fdb0aab2977489d41346d44c04eb6eb3939955e8a1ddcde3f1ab8bafa8f66432793ce7a94ff2e29b69451f8d3ef4bb221d4f959d8950cc60f4677
-
Filesize
12KB
MD5b4bc5196db940cc195e0559a02f56932
SHA107395663de98ddd194f20059990eadf25c458e60
SHA25617301129f77e9a0c34ba1d9e2eb498f7c5337219fa7a1900a5263ce75e463ad6
SHA512faebfee4f402a2ae216cccdc6cd29c0b0527243d40eb3b70977dcfce449a76221c45e086074b9c979e057408806702b747ca18871f84f030fe3ac9b603e48c1f
-
Filesize
12KB
MD54e61056f170457b1bf54420168e5586d
SHA10fbccb2ee943d216b4537280df84b961e9dd4b18
SHA2566d387e42ca3f6bee49dc28d4d215fb8c965fe4fb91221bf85942b55225c0760e
SHA512f5442ecac54a7d7e0074e029382e19d80e9d19b469dada103eae5e987cb04b5bacac7a8fb3e25fbcb61af8339d78215eb835834f21f7818457761ff6e27606a4
-
Filesize
12KB
MD5340bc4385f74c929cdecdeef9da3019c
SHA16831993f645789ef8ef0a219b19d4cba5438ba1d
SHA256ddc2c8284dd091e866f09e713e172fc69898f1d6bbda9c325bb5685ac81aa877
SHA512e86f80671b9daacde0972b0a5d859b73e75d5481b5ca047ec69d006b419494ca8848296d4778583a7512583ed2d04b2a6c599009ed072068e04fe6bc9e6cdb39
-
Filesize
12KB
MD5135ca0c19bbd5edde3f480c70e6235ba
SHA1bad33644ed1153626a86dab596998708c02071d6
SHA2564c6afa5f9962f6126494e79f48353f5398d7b1913af895a6e8df408c059078ef
SHA512f2f9c95a4598b4c206ad8ba9e0298c39a255cffa4df19b2543f20fbd62d1753da9b084f10ad6b59b4c649cffe5546bf0f9031d745d4d44818c734d11f1976465
-
Filesize
12KB
MD5157779b69dba01883f5c2c94d3f320c5
SHA194774de8f772ef71dbce93877b5d4095d1e939f4
SHA256b7e70b946791e082d6fca2c66b3e7ee2959e1b209eaf29de22a6ff5559e0ebb6
SHA512fa6ce07ad6185af0a565566f6fa3e5d276aa1a7f730fefb59a9fe6f12b152971d6cacae16734d43055642ca3c59c1a9a8e343f05704b233481651e029c104a81
-
Filesize
12KB
MD573538186e62ab1116f8df632832c8bdf
SHA139ab9be51a7cc2320ef3ba03bcf820d36c4227e6
SHA2561765160eb98c86995decdbf60108a0759c55e8cc56ca472ae96a9a48f05f0e49
SHA5123adb91183a4bbf263b233cafe7c4bc6551331a4a1c32ec9562e4c545b4707e98794e3910ce3e6975bd0eb0dff260a25956df98d3b28b0d7157224351cd001c47
-
Filesize
12KB
MD5682ea391d7706321524adda0d3418cd4
SHA1eb8c94d287ef606671062be83b21d932b52b6aab
SHA256979149df940a18f0f566875b14fb051ae606ecf89f14be0729f9ab0e854e8626
SHA5124ed5796212b941fc6c33016a001ed7e3b1d94db42d7c2c57fdd2b9deecfd6f98810e2757107595df1b5c18fdbcce2f9c102f1ee214ea2c98b0f352bbdea5f325
-
Filesize
12KB
MD5a65a9061f86e9e8adffe78ca994eef11
SHA141e364b758ae2906bd283de855927866db1ce433
SHA2562c7ff691db5ebc745f5fc5310aca5323faf997c705519fa4708b9231f70a2ece
SHA51285127bc80fde1720fd430f950823d9f9bd8938230875c0ac0ed444919540c8e0a0f45eb89f543c5a2fa5a505a32e2cb294d91c982deb1240c399450beb942313
-
Filesize
12KB
MD521f15f646d895f945bfe4c6b587167b4
SHA1c5d3daa317869b26d4166c052de1ab96ce17e38a
SHA25689d8fb91dfd7acdaa890adffc818d29f14d39cd12273d777411b7e41d8449312
SHA512d15627c4bf632e50849f725be82a58acaef2a07ee98c7f7824c54d963dacf7421ff88b47d912be66f74a6001adc6d425d0255e4b671c5c70f87380d79064bee8
-
Filesize
12KB
MD5c323ac58b556dff58503f5cad37521d7
SHA1c9a26af59cb03247c28ed21b4b78244a82fcb247
SHA256a49fa4c1e795f5d67a6b57b74e111b7e0ab4c58a1d437cb73033e546e63a4ec3
SHA5127ccf1e8c34283ec405a8c47eb94bc681c05a4aa4ea9f4d9b2c3049e78aec82176b16ace2dd19bd210140a73d500f6539f6fbbc8948daa9428881614d88cac2e2
-
Filesize
12KB
MD5e66541a0c77d457a7231fe21553e987e
SHA1597fdc712f51f9ca0bc4039283c0b8cf019cd1f6
SHA25674a357781196eb926f0141306bd9bc521fd8948405130f84f16d53ae951d5a3b
SHA512049bf6878fb31825956c93e28f129b4c5cd801c1f7cef64242e28f5539f63455d387f65cda9b524fe2f25a5e62f4f479e071ea1286f31c345987d56619c58156
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD53aa72077b2a68201a8da57fadb4637ad
SHA1ce939868c15ab24061ad25170dd4138150eb9785
SHA256f146319f3f458f775e849f310a8b2ac25b0f4e8b91e66d9dc52b975741f4579f
SHA512e0b5e77601e1bdd8092826b63e9b4c9fdef1ad356e0730e15e4d53e6347e62fe09a01ecf4875bdc9be1e50cc60fb154169a375d8a4ffbf23444e3e902e7b2d57
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59c74e.TMP
Filesize48B
MD55b128b3fee2a837a8df142928579e1c0
SHA1a4a9c505c743cd69ccbb889026987a7564efb3d4
SHA256e9fa477a04dfa2dcd1596de730469a2912b51a4a38fb4b49fd472e6cf588d32e
SHA512a728bc6867caf6eded8a9a62d3cb7b519c6f2ff0165ebdf5a59f3bb5f6aac9cc40f08e7811defa610a7c14675dab6ceb10841af927b63281114edce5ae3d1403
-
Filesize
4KB
MD583cbac3dbe78aece45effc1a71c6b0ca
SHA16b14ad1931009d04fcf6d6e6caf8a46189059903
SHA25679e952d5fdad55cdd9dc806934a7e22f979a7b25c17eda3be553a349c3801d2b
SHA512caba66d44cff8347c3a1784d4ed4b7be5b973e522b5be7fe70c3a94cd1d80e70d506c0985c15305edb6181b000a8a172f1b521715eb32c42022c421c5078c2d2
-
Filesize
3KB
MD51cf839aba3dfb7e22d9eb49391dce918
SHA1041de68fe0d2e7041a3cb54d1fd21b2676df28b8
SHA256624046a1d5363fae57a2b22a6eabcef0c989123f85eb75ff131d151b6b1030fa
SHA512ee3283e3514c054414c05b740e3e500eed52c3101af218ebc896ce4394ab8e7fa1d2f6a8250028a0a575676c7c87937e51a98aaf650a30b96a3ce2d605e4f43f
-
Filesize
3KB
MD54c47fe649baf10c26d789e23040016cd
SHA1fe27f347ea69dd742a34d4141cf2efd50a7bb1bd
SHA256007b1214c62e7dafab7900952da328e3400e60de04d8fa7af4ba9660c2ea5348
SHA512675ba58afb4f1177112de17164634b036ec3eac70a9b3aa4c214d7efb02f3668f414527c609ea0d185c82ffb7953f77f199304bc3d202e31b969c24ca681846e
-
Filesize
2KB
MD5359f644b8919ab947afae19fb6827992
SHA1909d05bf127719b9b1d850abab9c5b0549d39f04
SHA25669878a2a2aa38ee3f4d0f5e04085c2014159e553fb02f719b45843f2de87fddc
SHA5122b33235c6ba34ce61411f59120be49632a6aa08c669aafb651b780d67d0dde8cc63c91d1afa38dc264872490cba4c48ec9da60ef6f88c4c7774b794064bd9f1b
-
Filesize
3KB
MD5bc1a6133348f25b37d1d6514a04a3b34
SHA1f35fe20043e24430537a915ee058ac2331cda951
SHA2563b2b1c30c737d7a14f246873c8a9011017ed0ba34b160105fe2072842d165ebe
SHA5126d6e142ec2c814cdbb516ae63c53f73709a78541428b3e1d7681871bbe4fbcba4f9591ecc22e41769dd768ab6bfee1bdb77262428534304cf161a29905af17f0
-
Filesize
4KB
MD54a6162827bc2fc77a16cf2ec3d53016b
SHA16694c50bbd89682fa08e7e865d0d43484ba584c0
SHA25688ee6e4b1a89fb576483d7ce63f6e155f6b3fa969618b655292fbeb21320e0fd
SHA5128b903b074fd8db2bf1136785041fa5665ea916119c8cf9de63d84b0040753f466e62c09abbc71f52a117531c459b74c5d1efb947743805eba6fac65aae14bbfd
-
Filesize
4KB
MD540f44f39bdcf944f2b5cbe80c2753c06
SHA1e808df6e8ef6e9ed052a198824cdf5737c926450
SHA256ccf2e849b31e89f742b61b297db204fdacccfbb40f9aec7111bf0bf942282dc1
SHA512c61549f28203bee764d30d62a798a15bd4d98027bbfc5bb790944aed53508061e88e56ccbae6ac17264d886cc7c45e2d42373eb63b506e223e434bd582dfbd19
-
Filesize
1KB
MD5b72aac6f80fa682e03c646b223b3b940
SHA1f69d0a9b9a9775f8f5c822ab549c3f5a8266cc72
SHA256478fca436f1cbadbafbe669f04770b3cc80c0d26a6379ccaae02b4b22064deb1
SHA51215b99f988e3a86a88581b60a006c9aa16d7bf00bb9bd22bf0e53f80b2c75f431b31d87dbe37821f31a0bf89ce03b534d494b42e5b8f7e60982c7f5a13d8b00ab
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD58cf4049b962c91ecffd89ca363b41af2
SHA17ef3448df23c39d759a74a7f83f9765f7bfbf1db
SHA256cbdd497ee2eee616db22faddd840b46e4aa257bdca714bc4011c4bfcb5d0e98c
SHA512c4f3f9473f1480e5226a9e2a80fd78f7e1e30bc57d836cd1ef4390e197579b911e79bc8ea6a8ac057b6860c01f1f31bc9a4098e00c84abd6b10efdeae96d0a91
-
Filesize
11KB
MD5139354d6654f1dcaf171e8d4a2d0b5da
SHA1e43d70f667ea84d20b90ad37109cabb3eda8bafb
SHA2562aeadf2641c670bdecd5e6bcdb650321bfb86b2009b644b24bf70d76503bc330
SHA5128e9649bed5051f00692e8de2bda99da2e04d382914128137fe7ac010e015cc79ffc63161aff1acd4e738a38340358cda2be3999a0a9d5e7798c906afb369c440
-
Filesize
10KB
MD565fe46c78ae8b72b22dfaf93dd828b8c
SHA16eb2abdc5f89922eee8cc8f9d3263d4084865274
SHA256002c680682cfdc1a9324cafe263dacf84efec62206a31e7f441dbec8184898f1
SHA51246b79172442316b7a0665447cab90f31c49cd05478258dd802eae3d75ac96d5fcf23a94bc74ba393324288f1edd5951db60c89d4d07bf1e2cc28661b88cf6c59
-
Filesize
11KB
MD58d112a231e8632630f0b4d41bef004c4
SHA18a9dd7e88d93eb35bd5f871f124f9df3188ead40
SHA2567a53248dd2e84336f0631dd20384cadb6ba30aa63dab62379adc237a8273901e
SHA512c805aa8a65921bf8d2a8cdb6fca763cee4f6e6981266319246de69d46187e2dc9aa3eeaf771490bba50bb9fb8724a0434e6ef47012e826016fe0557be1c037c8
-
Filesize
11KB
MD5bc2e0d821dd36703bf932835e816fbc8
SHA1a1459709f462b0cad781f2670e0d13b6610b5af1
SHA25648e1ad0354f7f42b315ddb493e0610d433f685253c81890e3b8395cce49a58ff
SHA512bf431de40f19b9151a1ed69c758f86402d285328a23cf1b7d103e2d6f23edcbe90af6e7078064776090b124cd87875bed43ef302d98ff3ea14465c9bc23e4373
-
Filesize
11KB
MD55883509fba0ce5033fbdd1545b75daad
SHA15d628c0b522d9680fefee779bbd3584236d2deda
SHA256145944d720f64b8cfe7fd9628f38336479cb7b0f3fb2a1c26669231e069e643b
SHA512e5c6712c0e6d1b894282f4526ae121b580a030b73aa365025567ecd0bcd097066b5fd9cbe2b5942f082160f9db28388abf93bf7d0413b26671d95a69014afd3c
-
Filesize
8KB
MD55ce1a2162bf5e16485f5e263b3cc5cf5
SHA1e9ec3e06bef08fcf29be35c6a4b2217a8328133c
SHA2560557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43
SHA512ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1
-
Filesize
4KB
MD547025922e91d4acf4a171f01a35215aa
SHA1729054a8014d3ede226817e258b61a1c8f69db57
SHA256b9375e245e62d5ec657c2e62853833eef48a245482e3dc4461a2fb9c4f210e9f
SHA5121982b90933aa5dcd7f7b5d79e520247f54cdd48e5b517d60f819e30a8813d992f654708d51cd5c53289f10015798baa7fd1a902c5ec3fa8c203259c54dd923be
-
Filesize
448B
MD58eec8704d2a7bc80b95b7460c06f4854
SHA11b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210
-
Filesize
5KB
MD5d2ea024b943caa1361833885b832d20b
SHA11e17c27a3260862645bdaff5cf82c44172d4df9a
SHA25639df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76
SHA5127b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb
-
Filesize
12KB
MD59c642c5b111ee85a6bccffc7af896a51
SHA1eca8571b994fd40e2018f48c214fab6472a98bab
SHA2564bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA51223cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c