Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Malware-1-...30.exe
windows7-x64
10Malware-1-...30.exe
windows10-2004-x64
10Malware-1-...40.exe
windows7-x64
10Malware-1-...40.exe
windows10-2004-x64
10Malware-1-...32.exe
windows7-x64
10Malware-1-...32.exe
windows10-2004-x64
10Malware-1-.../5.exe
windows7-x64
10Malware-1-.../5.exe
windows10-2004-x64
10Malware-1-...91.exe
windows7-x64
10Malware-1-...91.exe
windows10-2004-x64
10Malware-1-...ey.exe
windows7-x64
7Malware-1-...ey.exe
windows10-2004-x64
7Malware-1-...ad.exe
windows7-x64
3Malware-1-...ad.exe
windows10-2004-x64
3Malware-1-...ti.exe
windows7-x64
5Malware-1-...ti.exe
windows10-2004-x64
5Malware-1-...an.bat
windows7-x64
7Malware-1-...an.bat
windows10-2004-x64
7Malware-1-...an.exe
windows7-x64
3Malware-1-...an.exe
windows10-2004-x64
7Malware-1-...ve.bat
windows7-x64
7Malware-1-...ve.bat
windows10-2004-x64
7Malware-1-...ve.exe
windows7-x64
6Malware-1-...ve.exe
windows10-2004-x64
7Malware-1-...ya.exe
windows7-x64
6Malware-1-...ya.exe
windows10-2004-x64
Malware-1-...re.exe
windows7-x64
10Malware-1-...re.exe
windows10-2004-x64
10Malware-1-...ry.exe
windows7-x64
10Malware-1-...ry.exe
windows10-2004-x64
10Malware-1-...ck.exe
windows7-x64
3Malware-1-...ck.exe
windows10-2004-x64
3Resubmissions
13/02/2025, 01:26
250213-btppra1pcz 1017/01/2025, 20:14
250117-yz7h3s1qfw 1017/01/2025, 20:12
250117-yy9l2sslcr 1017/01/2025, 17:25
250117-vy9p9sxpez 1017/01/2025, 17:21
250117-vw8eesyjfp 1017/01/2025, 14:16
250117-rk9ass1rhk 1017/01/2025, 14:12
250117-rhv1ds1lds 1016/01/2025, 12:52
250116-p4et7a1mez 10Analysis
-
max time kernel
880s -
max time network
902s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16/01/2025, 12:49
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Malware-1-master/2530.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Malware-1-master/2887140.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Malware-1-master/2887140.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Malware-1-master/32.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Malware-1-master/32.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Malware-1-master/5.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Malware-1-master/5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Malware-1-master/96591.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Malware-1-master/96591.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Malware-1-master/Amadey.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Malware-1-master/Amadey.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Malware-1-master/Download.exe
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Malware-1-master/Download.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Malware-1-master/Illuminati.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Malware-1-master/Illuminati.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Malware-1-master/Petya.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Malware-1-master/Petya.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Malware-1-master/Software.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
Malware-1-master/Software.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Malware-1-master/WannaCry.exe
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
Malware-1-master/WannaCry.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win10v2004-20241007-en
General
-
Target
Malware-1-master/MEMZ-Destructive.bat
-
Size
13KB
-
MD5
4e2a7f369378a76d1df4d8c448f712af
-
SHA1
1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
-
SHA256
5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
-
SHA512
90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
-
SSDEEP
192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Executes dropped EXE 7 IoCs
pid Process 2876 MEMZ.exe 2072 MEMZ.exe 4496 MEMZ.exe 748 MEMZ.exe 4200 MEMZ.exe 1020 MEMZ.exe 3488 MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Windows directory 58 IoCs
description ioc Process File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 19 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language calc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe -
Checks SCSI registry key(s) 3 TTPs 43 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings calc.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings MEMZ.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." explorer.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 6764 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2072 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 4496 MEMZ.exe 4496 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 1020 MEMZ.exe 1020 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 1020 MEMZ.exe 1020 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 4496 MEMZ.exe 4496 MEMZ.exe 4496 MEMZ.exe 4496 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 1020 MEMZ.exe 1020 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 748 MEMZ.exe 4496 MEMZ.exe 748 MEMZ.exe 4496 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 1020 MEMZ.exe 1020 MEMZ.exe 1020 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 1020 MEMZ.exe 4496 MEMZ.exe 4496 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 2072 MEMZ.exe 748 MEMZ.exe 2072 MEMZ.exe 748 MEMZ.exe 4496 MEMZ.exe 1020 MEMZ.exe 4496 MEMZ.exe 1020 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe 4200 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 6 IoCs
pid Process 3924 mmc.exe 3576 mmc.exe 6104 mmc.exe 6032 Taskmgr.exe 3488 MEMZ.exe 436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe -
Suspicious behavior: SetClipboardViewer 3 IoCs
pid Process 3576 mmc.exe 6104 mmc.exe 9140 mmc.exe -
Suspicious use of AdjustPrivilegeToken 27 IoCs
description pid Process Token: 33 3924 mmc.exe Token: SeIncBasePriorityPrivilege 3924 mmc.exe Token: 33 3924 mmc.exe Token: SeIncBasePriorityPrivilege 3924 mmc.exe Token: 33 3924 mmc.exe Token: SeIncBasePriorityPrivilege 3924 mmc.exe Token: 33 4352 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4352 AUDIODG.EXE Token: 33 3576 mmc.exe Token: SeIncBasePriorityPrivilege 3576 mmc.exe Token: 33 3576 mmc.exe Token: SeIncBasePriorityPrivilege 3576 mmc.exe Token: 33 3576 mmc.exe Token: SeIncBasePriorityPrivilege 3576 mmc.exe Token: SeDebugPrivilege 6032 Taskmgr.exe Token: SeSystemProfilePrivilege 6032 Taskmgr.exe Token: SeCreateGlobalPrivilege 6032 Taskmgr.exe Token: 33 6104 mmc.exe Token: SeIncBasePriorityPrivilege 6104 mmc.exe Token: 33 6104 mmc.exe Token: SeIncBasePriorityPrivilege 6104 mmc.exe Token: SeShutdownPrivilege 6764 explorer.exe Token: SeCreatePagefilePrivilege 6764 explorer.exe Token: 33 9140 mmc.exe Token: SeIncBasePriorityPrivilege 9140 mmc.exe Token: 33 9140 mmc.exe Token: SeIncBasePriorityPrivilege 9140 mmc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe 6032 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 3488 MEMZ.exe 3116 mmc.exe 3924 mmc.exe 3924 mmc.exe 3488 MEMZ.exe 3424 mmc.exe 3576 mmc.exe 3576 mmc.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 5864 mspaint.exe 5864 mspaint.exe 5864 mspaint.exe 5864 mspaint.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 724 mmc.exe 6104 mmc.exe 6104 mmc.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 6388 wordpad.exe 6388 wordpad.exe 6388 wordpad.exe 6388 wordpad.exe 6388 wordpad.exe 6388 wordpad.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 7696 OpenWith.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 1076 wordpad.exe 1076 wordpad.exe 1076 wordpad.exe 1076 wordpad.exe 1076 wordpad.exe 1076 wordpad.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe 3488 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 520 wrote to memory of 3368 520 cmd.exe 82 PID 520 wrote to memory of 3368 520 cmd.exe 82 PID 520 wrote to memory of 2876 520 cmd.exe 83 PID 520 wrote to memory of 2876 520 cmd.exe 83 PID 520 wrote to memory of 2876 520 cmd.exe 83 PID 2876 wrote to memory of 2072 2876 MEMZ.exe 89 PID 2876 wrote to memory of 2072 2876 MEMZ.exe 89 PID 2876 wrote to memory of 2072 2876 MEMZ.exe 89 PID 2876 wrote to memory of 4496 2876 MEMZ.exe 90 PID 2876 wrote to memory of 4496 2876 MEMZ.exe 90 PID 2876 wrote to memory of 4496 2876 MEMZ.exe 90 PID 2876 wrote to memory of 748 2876 MEMZ.exe 91 PID 2876 wrote to memory of 748 2876 MEMZ.exe 91 PID 2876 wrote to memory of 748 2876 MEMZ.exe 91 PID 2876 wrote to memory of 4200 2876 MEMZ.exe 92 PID 2876 wrote to memory of 4200 2876 MEMZ.exe 92 PID 2876 wrote to memory of 4200 2876 MEMZ.exe 92 PID 2876 wrote to memory of 1020 2876 MEMZ.exe 93 PID 2876 wrote to memory of 1020 2876 MEMZ.exe 93 PID 2876 wrote to memory of 1020 2876 MEMZ.exe 93 PID 2876 wrote to memory of 3488 2876 MEMZ.exe 94 PID 2876 wrote to memory of 3488 2876 MEMZ.exe 94 PID 2876 wrote to memory of 3488 2876 MEMZ.exe 94 PID 3488 wrote to memory of 2452 3488 MEMZ.exe 96 PID 3488 wrote to memory of 2452 3488 MEMZ.exe 96 PID 3488 wrote to memory of 2452 3488 MEMZ.exe 96 PID 3488 wrote to memory of 436 3488 MEMZ.exe 101 PID 3488 wrote to memory of 436 3488 MEMZ.exe 101 PID 436 wrote to memory of 4984 436 msedge.exe 102 PID 436 wrote to memory of 4984 436 msedge.exe 102 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103 PID 436 wrote to memory of 4688 436 msedge.exe 103
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:520 -
C:\Windows\system32\cscript.execscript x.js2⤵PID:3368
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2072
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4496
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4200
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1020
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3488 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
- System Location Discovery: System Language Discovery
PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20164⤵
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:25⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:35⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:85⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:15⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:15⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:15⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:15⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:85⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:85⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:15⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:15⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:15⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:15⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:15⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:15⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:15⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:15⤵PID:644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:15⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:15⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3396 /prefetch:25⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:15⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:15⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:15⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:15⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:15⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:15⤵PID:576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:15⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:15⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:15⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:15⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:15⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:15⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:15⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:15⤵PID:5504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:15⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:15⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:15⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:15⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:15⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:15⤵PID:5836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:15⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:15⤵PID:5764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:15⤵PID:5916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:15⤵PID:5188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:15⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:15⤵PID:6232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:15⤵PID:6828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:15⤵PID:6924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:15⤵PID:6656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:15⤵PID:6764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:15⤵PID:6484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:15⤵PID:6580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:15⤵PID:6836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9492 /prefetch:15⤵PID:6592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:15⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:15⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:15⤵PID:5688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:15⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:15⤵PID:6116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:15⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:15⤵PID:5924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:15⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:15⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:15⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10324 /prefetch:15⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:15⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:15⤵PID:8104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:15⤵PID:7220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10616 /prefetch:15⤵PID:7428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:15⤵PID:7440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:15⤵PID:7232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:15⤵PID:7360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10356 /prefetch:15⤵PID:7708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11476 /prefetch:15⤵PID:7604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11232 /prefetch:15⤵PID:7940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:15⤵PID:6720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11920 /prefetch:15⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11308 /prefetch:15⤵PID:604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11536 /prefetch:15⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12244 /prefetch:15⤵PID:8136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:15⤵PID:8668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12196 /prefetch:15⤵PID:8768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10812 /prefetch:15⤵PID:6504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10760 /prefetch:15⤵PID:8384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11604 /prefetch:15⤵PID:9032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11516 /prefetch:15⤵PID:9096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12680 /prefetch:15⤵PID:8264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11656 /prefetch:15⤵PID:9024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12976 /prefetch:15⤵PID:8504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12556 /prefetch:15⤵PID:8824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12544 /prefetch:15⤵PID:9184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12764 /prefetch:15⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:15⤵PID:8472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13160 /prefetch:15⤵PID:7172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10248 /prefetch:15⤵PID:6216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13276 /prefetch:15⤵PID:8444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12772 /prefetch:15⤵PID:6964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13512 /prefetch:15⤵PID:7316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13452 /prefetch:15⤵PID:9248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12884 /prefetch:15⤵PID:9288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12724 /prefetch:15⤵PID:10196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13580 /prefetch:15⤵PID:7948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11772 /prefetch:15⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13852 /prefetch:15⤵PID:9856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13624 /prefetch:15⤵PID:9136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13712 /prefetch:15⤵PID:9468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14008 /prefetch:15⤵PID:7884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13776 /prefetch:15⤵PID:10188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14188 /prefetch:15⤵PID:9376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13728 /prefetch:15⤵PID:9552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14064 /prefetch:15⤵PID:9528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13712 /prefetch:15⤵PID:9284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14344 /prefetch:15⤵PID:9328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14496 /prefetch:15⤵PID:9888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13876 /prefetch:15⤵PID:9540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13620 /prefetch:15⤵PID:9660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13736 /prefetch:15⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14456 /prefetch:15⤵PID:11172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12684055008259435359,5054711494366153208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13876 /prefetch:15⤵PID:10692
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus4⤵PID:4704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:3448
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3116 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3924
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus4⤵PID:1912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:324
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself4⤵PID:4360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:228
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend4⤵PID:2924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:2960
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe4⤵PID:3664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:1836
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3424 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3576
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi4⤵PID:1644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:3060
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself4⤵PID:3212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:2760
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi4⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5048
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt4⤵PID:4440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:4152
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"4⤵
- System Location Discovery: System Language Discovery
PID:5696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp4⤵PID:5348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5368
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz4⤵PID:5280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5268
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus4⤵PID:5164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5232
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20164⤵PID:5256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5648
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5864
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"4⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays4⤵PID:4032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:4576
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus4⤵PID:5608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:4036
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:724 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"5⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6104
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself4⤵PID:6036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:3700
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware4⤵PID:6760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:6776
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus4⤵PID:6568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:6644
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe4⤵PID:6448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5676
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download4⤵PID:4964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5900
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6388 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122885⤵PID:4312
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself4⤵PID:1472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:6908
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b454⤵PID:6564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x98,0x9c,0x104,0x94,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:6148
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi4⤵PID:5404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:7140
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:6072
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:7632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape4⤵PID:8040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8056
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton4⤵PID:8028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8100
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system324⤵PID:8024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8116
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape4⤵PID:7980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:7976
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus4⤵PID:7944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:4988
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed4⤵PID:4884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:3968
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton4⤵PID:8600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8616
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend4⤵PID:8228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8240
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself4⤵PID:8972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x94,0x98,0x104,0x9c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:7084
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection4⤵PID:1128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:3884
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays4⤵PID:1556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x104,0xc8,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:7484
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date4⤵PID:8948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:5504
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays4⤵PID:7876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:9172
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free4⤵PID:4792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8960
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20164⤵PID:7256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:6132
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/4⤵PID:7960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:1784
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- System Location Discovery: System Language Discovery
PID:10040
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:9596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b454⤵PID:7280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:10076
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe4⤵PID:6496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:6276
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic4⤵PID:9792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:7936
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"4⤵
- System Location Discovery: System Language Discovery
PID:9384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays4⤵PID:9852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:9616
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:8388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed4⤵PID:8576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8888
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download4⤵PID:8384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8428
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware4⤵PID:9148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:10000
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money4⤵PID:9584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:9716
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton4⤵PID:9208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:9768
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money4⤵PID:3740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:8924
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"4⤵
- System Location Discovery: System Language Discovery
PID:9512 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"5⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:9140
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20164⤵PID:10724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:10740
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money4⤵PID:11100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:11112
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real4⤵PID:10608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cebc46f8,0x7ff8cebc4708,0x7ff8cebc47185⤵PID:10536
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2096
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x90 0x4b41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4352
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:6024
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:7124
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:6764
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:3012
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:7696
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
215KB
MD5d474ec7f8d58a66420b6daa0893a4874
SHA14314642571493ba983748556d0e76ec6704da211
SHA256553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348
-
Filesize
98KB
MD5c0fc67fbc5c5eceb437b516b4365aa86
SHA16b5a02dc604f8b87eb9d456969b12b45dda79baa
SHA2560b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea
SHA512e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5
-
Filesize
181KB
MD55600049b0f0909a371eda70bcc2923d3
SHA1937588d6f2ad99e66b27d2fc2467b9197f260c99
SHA256581c531851d69d7fc6643e8adf32d2b92a6cd1ec3125c227d3d7bac955c6a0ed
SHA51205e019a2055693029c8b07e9eee89cec67aa729857da8d55ffc139b51d119fea99fafe15ff8bcde57d916a9471dd9fd838f6148c52b1c9d120c4976d97de5df6
-
Filesize
75KB
MD5bbcf82e11fcad7def4f6bfaf7f08a77e
SHA1883551b16c15bbe6a9d505cbfdc9cf06929e54be
SHA2560647c1d9b00a0fc5928ea5f61bcb6c44b4e15c9a335d0c98cc4fcbaf734250f8
SHA512df4f66a6c77da5d2e909432e66690b0ba62d6b87be781ee6aae0e8a00fa8bcd8658f5ad07a1534b2c1c8585ffd290b57447adcae4b1f902da5e4fadab6253586
-
Filesize
69KB
MD50846a53a5468cac6cf131736c28bc229
SHA1ad76b0b49b020dd1c6e24f93b65c4636bdcecaa7
SHA256e863daf4a08e7f5c8d229f9b9c9976523c41b447e73d3925541f1601691caa7a
SHA512f45151821e2265bb006425e8add1d24273e3746750b3301ac6bbeef04b72a9daee9c2ed5df43f4088d1c62b419cca989cded94cf40c9e64bb364b8ee58a62919
-
Filesize
19KB
MD5a3df99c9eb10c80a8fb9bad74427c01c
SHA17cc982ee4e21da9a0e04f91b692e177aefaffcab
SHA2561fdfd6941d87917a2d525d75d58a0d62aefbc3ed0d5115b65392806e27c8c99f
SHA51280224e6577c2196a5ae0236f79895f2a6c763157dff802829e331e3d96579aa8021cfa22f01d3df4dd6ee8006cbccd4d755cbf572b2e046ab79685f84c08f308
-
Filesize
415KB
MD574645a0baa33913af5bd7cf023dfde0d
SHA1ceb9689f830f06e4a500a737900931f6554f7062
SHA256ad0673a3e3e5e89aad2805638e40039b742e4c99b7bb229bfa8112e875840a5b
SHA5129ad0a28165b33ccc8d376653a5656ce6cf4a7d2a34c2d96b488146f3309c9cfb8e8550fb749717c0d21418b23b362e1d70b9eabf8f2298b614a1258deeb73908
-
Filesize
288B
MD501c62937dd171315680aee176c960b61
SHA1f1d23e367e3da09eb2b3958ce8b5b97c0ac1c61e
SHA256d3bbf1e2d99e8278a0fac0c0341c0bc5a76d34b4d2b0cf049d44a2b3fd18c9a4
SHA5128cf81d1c972d58699033311a8eb96a6cc89ab8c44038b0b962176cdd14f138f988220fbf2c4e9158363714ba6fcf0146924d5c7192d40b80ad3bb97edabda803
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5da8f257e54efd4c1cf1ac2f91fab6baf
SHA1f905009cc345e901578f3d140f8eeaad9fe7c98f
SHA256bcc5148cf185a59fcae01448920a91e11747a520036245605b0b54a434f63300
SHA512c9c9a026b3f567ef2bdab347c17b4e91ebce9581cccfe969b29e3a52fc6ebdfed7932b20ed0bf7c3953eefdd5fa82abb7ba299347075b9cc73740f9202cfdadc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5bc7eb29b78c4223655b3ab30707b3e81
SHA1b05f7c0a615e0da1a4f1508f9d34b94ae057beaa
SHA256b27f9b7834132e45b5bb3a7cbd49c6c62e18e5a519001415b64c295164ef2d15
SHA5126858ec5f089e3520c72bf70afef9b49805eb25e0294c6f52571e9546c128f25f3cc0d208d711b48b2332bd7119674dd24532868deed169188a427ccc0f963c5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD586091575379bba5976e08025e8100962
SHA1d76821ceb6362709a0afa0601ed40154a38a225c
SHA256cc5a608ebe696b196c2917c75558e02a4817e6b066dfee6fdbaff928a8d30fc6
SHA512d467ebe5b6d2901f5a34964933f86d8377d3b634134529684fad99b94506bff31030ea19fa62010e4ab42040afbd1de6b204d112c9273e8aa2a2f51b211c91d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5ae71a6f66718e87f6b218bbf7b6d3de2
SHA1fdf335437833370b465106a14b778565a31622b0
SHA256cb72912445f7d0552db8117094c9ddcf2bc3e1a399c72e1b70a93dc3e3b17e57
SHA512449240464b635a815a4515a163ec96edecb3206650433b120e980fc21e27e988a29d870be1d8812b322fec7b2fb697ea12583f258bfcdc28cebce0e21bf7a294
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5210b43e9e9c5e34bf8980205b5495eaa
SHA1b8ab9e6e50469650cf42dd4c80a8a85e5a323cb5
SHA2568c83bb0a5f23cb624a636a40c1ce3f9a2367a26285d81ca02612a800b4194090
SHA512de3dc757ad8cf066560b0120d93209c2bd51aed1c1643a16ddb8811c39aa3a804ef4c0ea7d5df12d1587a38ea9ba76940f1c0355bc4964db7b4e3718264fd005
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5e66e6c6bdd97e7cd31d6d41c2b3056ae
SHA1694e07b4b605aa37437bf9cf455199f1647fbaf5
SHA2562cc5777cfa76f69835bc843376d6088fcbc14c1bd3749f60f4eedc4c98b780d5
SHA512d14b2f6720c65196e234e58776a91b9f9585306002a26caac1cc219e848cf899a2f56d85e46bd0283d37a6617bf075a8a30cc84293a939be3c559999e95e2e58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD516de3bb3cae3643e06e3dba575501338
SHA10377b716b86332294b6d7667bc040e90a10950b3
SHA256715dd8ff045c07bd2e77f7b23c1df1c77df60f8774c907610c582fd13343886b
SHA51270087bc6eda1a61cd58956edecb5a8a84dab3d55a984390271727002ff22f26269cac6781c9bbbc0c431d3858205b39bfada83aeabb81d44d67ed906f08af2f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5a8225351f3ca59c7bb469d88f01befd8
SHA1d6a0c598930e8682f1c932ed42be3e74cc8bc23a
SHA2568454d207d9ce650713130349f60772a59cc545c37330eefb21fd5c31e7aa5332
SHA512a6a7f8380e1860a6057ec78214a55b3466dcfd9f6ffd82f8fe45a766b2bd609ce2946efebccc0990aedfb6abb4dc162c0793ca8e59a67b91b6c503698ab9744d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD52aa3c7606883f45708208a81fda7b24b
SHA1ac094038dd28ef6f517addff2d1f2d2938f43cbc
SHA256bb2a8d578f474ae169315881568c7b176cab6e332364ffd0583b4b67d1103c8c
SHA51270cc289bf2eda5b2f3f46a14b10aa58ec7b131daf74992a8f5de60f48877c2840b5c388185ecc960103fcd40b71334ab4021f23b57daf521b25e6ff11ec52ea1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5b202d78c447ff87cf15b1390101a2f55
SHA1f8e77f68cd4cbe743d71b74ba3b0b443eca3e895
SHA256677d937968c55c528563f130027ed2a0d64b5ee2492a8c2c933f83edeb893460
SHA512507f818c0fac657a20b03dacac12409906abfe7a0b4415f6fbf6621028e6a16e1a16248a063fb98415134e8f8442723eabb6fb73babc3d1c59f10c83499ba327
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize624B
MD5105d307d52d969fecc79387451954d3d
SHA1ce9fb0db393386f7dbe3cd0e5ea4f08d6af0f901
SHA256188cdce9a8e64a5a9aa1d599996b16997b1fa2d1202ff97885182fc4bdcb8567
SHA5126fcdb896ddfd6c08fc661edd038d5d16f4b40c7a18a5006e2ce20896e8d75ceaec51ff67d17e82deed32e661bac954226b015125218f88fb1c317a255c4b2f97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5ad4ea68ddccdccfcd6b139fad754c31d
SHA16e8fd253b64dd651b9225297065bd11622fd710c
SHA2565d114f7ce2ac1ba1593eb72d80df368bb51d648da1349b17d1fb51dbdce015a6
SHA5127814ad4a763eacbe94a61a57ccf742b5d840fdd1a2c2360f6bae3684f4a329ac988f1ef66b04adb797ff32f2f087d0cebd830bbb8f04231a08549cb985091ed5
-
Filesize
814B
MD50584b77f9c5a5bbe3ccb75959fb75bbe
SHA1b622c3e7c2e0701f9b73b6c642f4ad0b3df9d7ca
SHA256d44100cda94f9a75c79970015dede0aaf82c99794ed517c904781161517b9d9e
SHA512661e304f511f39d3ea385f9cf39ddbc46ef3619f24a231ab15f129cbc33dfafb6cf224cc8e43d2015ca49d03e51c45c9dc4735dfab5a24b30f1f4fcd0a7b2d1e
-
Filesize
1011B
MD542a3c878e8a09b6c0ea21c6bcc04203c
SHA16bdc6b7e45f4f77681352cb5fd905b63a584dfd5
SHA256e29d2d3f7c6663c4ae4fc359e7f19d833b9415805ce058c179c58b4b67559647
SHA51204db82962b9fdb9a9d970954dee013ffd60ccfbb5d22ca97fe75b0c92151b88f6afb898f30e4d82d0b94c8ef77747ea73c3c7d27c27cd18968c242a4c83991a5
-
Filesize
7KB
MD5c125f244ceb6de093261d5b8b1aa98a9
SHA1f65fda7ad7046fbb4cfb32ca583e6b3e12a63c7c
SHA2566c0846d5616ec5b95056bdca38affde3fece5569610a8708cae4404d5d7ac13c
SHA5123f7df133e6c2cf65edcee095a5fdf3ecaa090509a2e20a2f8969fa6741f175a3cad15566c3f557792e33179a79ad1e7d4b74f3324213e6d4620c0f25bc749521
-
Filesize
1011B
MD548ed8e361edf75486fe6ae03ffb640f0
SHA11710d2b1bf2f08c523245ecad8072b777eb17fc1
SHA256b26fbbf3aabd94e0d0caf8e0aafae113e7d2d9a0e4eae08d62d4dc5e537267f6
SHA5123845d03375b07f5539dd4122c8ab078816223aee26c020b7a584ccbbeb8d29cb4379f522ab6af359b5668ee11c1521f6b6cff25c866bbb5f12909985f2076989
-
Filesize
1011B
MD580f1026e8ef6613ec236a4f6fecfd13d
SHA19149dffe2b94e7d926cbbc5d2d8f46a842cc2da1
SHA2562bbcda3d1a345266e6de24370102315f12da7c734ba1636221311d0e891aff0d
SHA5122477a15eaa41e40d882107842dcf5223588c7080cf48405a56802c6e137320257ea2c0617435e3a8cdfd0f6a95b11dc00ac3482dd45483052fd881d70ec5bf0d
-
Filesize
1011B
MD5349d8fa0febbf32a92cb572bb30c81a0
SHA122aa2455dc66950b9896c7679fe526b940d85469
SHA2562b95d7929893739428eaff854c1f05417b70fabfd13c66955544abba262f2b77
SHA51293d6c325284e988e270d90dc44872b9afad286d13be801b2bf60cfbbf1082e9a9e3b22a2dd6997aa847cd13eec6a396c5f4172a4f1f50228eb6be78adbc6e053
-
Filesize
7KB
MD5f92761de177e7453a7a6d146095da578
SHA1e1602f2f9db3b7c78c7c62692a90c0ca27d2a505
SHA256ac4180ef84339b82162ee8b146af5758fd56598c3b5f6cf16db71b08e7c2014e
SHA512d0689a61e7891acaa6c522c8895365864e5f6b6b4f0d4dca77ab6c9aa39d2af23133c32b66b43620ff2764602b97e51697e403e22a3bac4f7acdeb2dc29b175a
-
Filesize
7KB
MD53d927616731aae71a867913190a84b65
SHA16a3c2705ecb82da51cf7bea7989202891860bdb0
SHA25675341cbd5dc86eebfd7436af674e18955f840435efb2fb256d5ff3ee0e92fcd4
SHA512c80c0b41db2c111ed41ae9c3aec4ac8b9345880318e7ab9940f9bac50310c26769b467f3c2129aaeba257cee2596b1f15bf6017d29068193df4a3ad18f1dd6d2
-
Filesize
9KB
MD569e3344d4c92c0c12fcca60a91a81238
SHA142a79d141e7eaef87b59bb15f73bda85d1d7ab8e
SHA25636e5a01e5fbad2afab486e5b14d7c35624c87b01f341b812173ca530e8b307f1
SHA512b94ad55a75fc4fb4b5ea2afc539f941f7844400a66183b45189a885932233c5e7e780d380e54267bb5ff3b8d46fa32733055c8165a986f9c9cb0ab751def0d3d
-
Filesize
6KB
MD519364a7018bc77259d78b159ef4d82f9
SHA107f9cdbaa57be37c7f8a154d26906d369907ebda
SHA25692312735f84165f13dc2d882e5607bee80208679a670d32bcabd4af44f89a7c6
SHA5129692038329d46638deaf00a0e6a927385e094226d624a4983e85eb200b6fa4a0f2c8d74c2613e69b78c5d4623fb6dac950676b26bc82cd49338719e264192902
-
Filesize
7KB
MD561d7d8641472d8b6d4e5411bacccb607
SHA1437d2cb53d022f95659828685bcfec787d3037ee
SHA2561b71246d1fb574cce6e89822be34087af1c998b011cc7b62ab47a461c54eb48f
SHA5122e3f408d4f7042409356e6ad502f529e810ce3bad8c29c8204cae96bceadd7b99ab826c58c1ceb7548376f2725b317468ce3145767aa3b84c3c747c8dd2282bb
-
Filesize
7KB
MD5c41f96451b974885bd643e9b0f7935e8
SHA1949823a8cdf0790559616058f8381bfa17e248b2
SHA256365d8d4c759b44593af3c90e96a31b04f150a32acbc245e0995db9f159d71cbe
SHA512972bb88c731c4e83c089445b2622de93e761ceb9b406582cf05c36621aa6adec19f82580a3297853a38de1ec504037e44108efefed88372d8a5811c1448dc6d8
-
Filesize
6KB
MD59937618157f125291e8364874a6a5c45
SHA19b196f4d37637c85ac65759b63df07a3e273eb1f
SHA2566495bfbf938a853caa025390eaaa6da6959e5fbf3151dda460cf5a14912f5e33
SHA51259d9aa52ac76e65af714ca44dbe892769af318748cc62d050395f42472bc25dee4006edf8dd31ab0e9bfff35dcbd2043c53795f00979b4b51ff30972a16cc445
-
Filesize
7KB
MD56e46e454d79b7ac2b1752466c9b5bb19
SHA1008edef059c7c1e369bfa13e43acbbcc3dee6afc
SHA256c9661ede6d5dffb8c784630b73a7e55bf5e7f7fd56d4bf7cc08e7657582afff2
SHA51266992327f8e54e0b39dd4e63c5a94fe49338efd1377545343cda5c5ae73dc7b373caf55d700dccad665c8dfc879475429ec06e85b5cc04f2c299553712317356
-
Filesize
7KB
MD59c1a28b18614987247cb3cafed3fbaad
SHA111661b9f162d52d11dc12e064d87ebe2a0ac8467
SHA2567e064c1a1a58e971e86c0c778bc85102e6ccc0bfce8f79c0a8476d8313e047db
SHA5124e599a2654a78eb0bed4afbf0cb671ecfd2114e4bab4f81f9ec1959a94687329abfb93dd6beb9e847c420bd9a10a97d516832fd20ad1cf93061b96add2f1403d
-
Filesize
6KB
MD55a694aa1072f7dcee580215e80106888
SHA1558d93c9a4ddced0534c70a0db681a456d558b9e
SHA2568457eac50bb82415febd6e8567367754dd1534a55ba07c4ed2acf6a9080dc30a
SHA5129e9c2cf04621828bebaf4ce223cc632c0d4f22ee089752ffc747b548b77fefad3975a6417cefb4fac773bc35e04659dc71c0fbda1bd847cf71bb59c62fbc1b75
-
Filesize
6KB
MD52d4a0e4d79ceda95f8762e8936e663db
SHA1f46f4acd15c7d21cd3af854a1c70ea91baf503f1
SHA2565fe0f9fdd9180778aad191fbec84436ab9b9bf994261e316d7de51690a672944
SHA51286d9cf366a1e71f859fe63e06e9b029109cba3b78901ffa6a6aaf3f3659432d3a3458d70d7f83565b927a8b034230a79d3cb8efcf04921378b6e0b893644b769
-
Filesize
7KB
MD56d037ce21da62805e9844f51b1a81be7
SHA1711a9595456e489ac819a11fb1e057412ddc966e
SHA256375d92d50cac7cae602884b1f40cc6668126f2106d80484b3e147b057f7cdeff
SHA51233afc0c79e4b899c6ea77d81fc0167bd81bdbdf554e81afe51359fc1a358e95744396025e4c9e149de672564c1509291cc44ac317dad9eb68d367256c57ca363
-
Filesize
5KB
MD554f792d341af75f7d9983696293231b6
SHA1d9941f8cd1252455efe251b6cb8ce47e6270ccd1
SHA25607f461b3dd6ee2d292129d6ab1744f84e692d29187a1dec745fe7884254cbbea
SHA512e1c6ad1cd91b149056dd528f179778ef7d8b768adffdaf8df92a68d2ab6007fb773a8fbaaaf68bf09d091f3ceb53762465bfc38c8cdd4a6b58471053730c0687
-
Filesize
11KB
MD5893aac0ea3e65c294d12c7835ff64197
SHA10a40171a5da2510cef52404e20056dc4ea85be21
SHA2562be0e02496fdd59351c85a3a9ad5868e4ffb982ef9030b9a2600ae3989fd399a
SHA5129b2dd2d1c1aae5788550f8640a989678ded688b9d6b7efa8e0a0d653cc4e20559889856d9d7fd005c7a764c300c1cef813c24464e1e12809b80b03056cab3ff0
-
Filesize
11KB
MD58fb06e24911c64f6574131b235c1cb9f
SHA14773b9072b75693787bdc040817be20f55f1bba8
SHA256403a54ac6bd4aefc67fb51a5d41bfc7e71396e16c9c2d65e2f75368b558239bf
SHA512e62432813a045c8f3bef6e586b67ee1e9cef79ad96880a089e6c3a95a1c2dbcd853d2625449233666758a000476c724d1576f518274214191a32c7490b1de107
-
Filesize
7KB
MD5aa565e3a2cfbb77c04fd57b9a0235e80
SHA1f22d75b42e1f756bff54793c1be41ffc6c86f5ac
SHA256ab41393f500edf50427c32c5617456aecc9cb2238e011d16e9e2282a2f4e2f9c
SHA51201c0c293590e16627e63a7f3d4d7c0360ff333c5b902e44e4dd716e4499360d29856802e86d73cd12c561d40da5c3dd92290e786d582aee55d4d5250b65184e1
-
Filesize
7KB
MD5a9c4ee6a3887ee73c79c7cf1384bee2f
SHA183b39d533a58c74183bf29cc07a6194fd2467e8b
SHA25660a451b8a4778841c7d8c2eef125b3c050ce54d8584b86678e1ed0674cdf61a0
SHA5129b1b0ff384325d8af272cdc0548f5ea21290d7d1a41fe60b195dfda37c292de72e8920097fdf653a26efc308596590d2524eec92abb3669db7df064294130a40
-
Filesize
11KB
MD55ded0ca07cbb1f783822b34be5f9b319
SHA1d730f1ad62f0b80e28552e0caab17ac2126cf0c6
SHA256cd9717da63b0c61da7f870f444bb1a9275e3f7e4ce62088f6973e81af10e3ef3
SHA5124117a2cafa70e299d919aa8ae5ee101fa5d3a7d411b3e0f8af5226ede7ebcd17f6d532ccfdab48cbb9fccc9bd1d8698616b1faf698645c9aa82ee69b56e728a7
-
Filesize
11KB
MD5b3939d7c95c4725bd64a4a2983eb7920
SHA12ecfacd31242d825d822273190d30e86a2beb94c
SHA256a9267d02975fd25add54d262220f0dba9333aed325f565df73cd73eb5d3c7ef8
SHA512b47394aeac2000b05397671e4410d10d542e574960f031291b4c6940e1884df88f0d77f2b9b3f924aefa76cc1bf419d68951ef2db72e0c4f97420453e4b24ace
-
Filesize
11KB
MD5acfe010053f7712d03915cc158b9c61d
SHA1298ee61a7c8c610151dc6841e9fd02be9d0b6fb1
SHA256b99232a8c544a6ed37e4f61a22fc3c69b7a30a7da8af6b0d543622eb801533dd
SHA512d7803d2f40b0738a67fc9a30774bfcea6f5860252687b943f5b60f8cc97f2f702fddd98b5e7f253ecfce679b759d8f16e9f960f3afd26243ad274cf1af1d7c75
-
Filesize
7KB
MD526ea724c882347ad9838f83ecf3b81c2
SHA1c75b14962ed4f57031c484e3a721816bba58bd78
SHA256d5b0ab6ab95c511c60e371b93cc07c30dca37e69f26d8d5867c2a30f47634b87
SHA51214e7c1c33ba06ddbcce6a6934113d7c70b904f557878881f30cd6e04576fb6f9e30ae8837a12d2855759f3bbafdd6dc451f44ec0afe9f18ecd38331b547f6612
-
Filesize
7KB
MD5bb2f48ecd9d421d89d62f8e4dce2b21d
SHA134d7c8aa003925ca011a99e07079ecffabaedc38
SHA2562d7ca191eb36fdb6e09936b618246808952335e0a901a05771d83cc82dee88c0
SHA5124d5cdf1618045b9a6c6a5dc0fa662abd6be1be794950d21a679a163928e54e7602351184fae5874eb03cf9f37bc068db17fa6925b720eb3c55802d68913a4ed4
-
Filesize
7KB
MD51cf5af6219461f21ae0a864904d3692a
SHA15b2f033df2dbce047ac18fb7c14da142937d9099
SHA25683a79b7e423bdb0ad593bebad7f2f2c437d11f3a5d35671aef2dc52114266ed3
SHA5124fd53143da4ee1441028ebe006504a3435e726f7425446dc5c24ee0f464f88577f6db09dea05f3d4aa1a2dc248ca2a118009d75e854e4ea11691b638386c30fd
-
Filesize
7KB
MD58b9c8566cb5c0321565df7b1c2015609
SHA18aee8839cc55a744144e98d057f269552c56b774
SHA256d75b81c0fec573f6bb13fd2708d1b5d0a31d2c3dfd94bc2225ae6e7847972ac5
SHA512bf071dd822385fbd2f81db9582b3c68c8222d72d2030a34b0852ba3705cc8f66173cd3590b181be0068761ecfa7c6952d05b04557bb4b42ecfc533bd1500651b
-
Filesize
7KB
MD5241ca8096d14b85736267c4dd85312b5
SHA1982a95f1715f4ed419889d7bcabb6df855149746
SHA256029e80ba1552803addabed122007a015bcb4d4119c2708ec42a471aa7485f747
SHA51284f91b98f8c90b1044e760c834903ef331c9831195fcc10cc820345321ece53cf8bc28155c822ebd0f6c5423b779dc272aa05432c854e7ecf3a6d43bd0094510
-
Filesize
7KB
MD58009e75e6046dde6e91ba8bd477367fe
SHA11234c29f4879d58922873b3edd67517068931f01
SHA256e59cbe8ab91e4ee5a4711c8c8bf793837a6991e1be7320e9b8cca94713e990a0
SHA5129835bd387e731c025e0cc07e1f0e5646d4f47d3b508ed827863c252a1a8eac01528688dbce6c05f4a9babdea08908e5017e74a67d24f90716fb0db1ce655728b
-
Filesize
7KB
MD517c6fc5a08ae6540d28094a6b61f8802
SHA1ee8575fc73db005f633d0abf4f3e6dd721971be1
SHA25644d2063006a97bb4c74918b19db798b19b271cbd157521475f5fae46fc8d0ef3
SHA5129ff6aa3b71164531507d1c27a67deda1ece43e887d37fd6e08704b960c8308b1e6ba54bb757426c55d95a6c14bd7ec5be150903706f94198fb1791e15c7ea14f
-
Filesize
7KB
MD5219a8427f45a44ccb45a83da0a32f500
SHA192313a25a157a4a29dbabcc174966faf83257d71
SHA25610383c5260ea872d6aa90b6922f74076a4093a44c0193ad3858824db5bdbc15b
SHA512d0e89bb5223b919f6c9fcf724d129f390278e266cc98b2ec9527cb203f21e4feab1dc9bf0a3ed1c75a9dc9722387c65beebadc8229544d8268d18520ba12aaf7
-
Filesize
11KB
MD538014e18930269c3ce52e66cd5274c9d
SHA17b117005850a5728d3a1bbfe5e92c5a55455699b
SHA256b60c97c12a19888d8039a95d6e5844ebaefca6496900378fdb4839bd257e66fe
SHA512f10f2eb862056e5a7a0c6d3947277edc70bf2bf6fd4bdc8ea45b6e919553c475b1511b950a3a4095b90ff57393ed390f746f4b1ed49d24fd5a65c04acdb67bb3
-
Filesize
11KB
MD51948c2b94487a94dc5fbdb60c0a9f968
SHA1575e4b6e2f7c8dcd9232974cc41b59fb28388d58
SHA25621cec1534fa97d263c2404dfd28a6e3f584657d42a80597fca29810598a2e9e6
SHA5123bf917aecd9d3cc483c53f97ae0718c3de0e9067c4e4970611dacaeffc984f1d1115f4f1d4bcddf871c4b55960cabf5570f61adfb25227170683825c522e8c10
-
Filesize
11KB
MD59122371ad7fd3ad63e3934eceee699b4
SHA16f5d327a31f0fb43d59f2e1f1e7fb8a94e5fb6d4
SHA2561e0bca6c581b506ac179baad51309bd0149647bfe8a8c427bd51f418bc17951e
SHA512adf9afad90fbe95e79d40826af16362f1e79a4bff498db05f885b8c8320a092e4742e0c00ca5c6439fd094561ae0da49bbac5e61d70ec79bba5387d80444330c
-
Filesize
11KB
MD5ccf2ac727e878dd6b7f01b8fcabbbaf4
SHA198371501a15d127d95d0eb9d2c5dbeb640042218
SHA256c4c7f8b602477a3b110b9372acf536f4eb302cd8b9ebdfec023ddef3180723be
SHA5127c1a417d2123cc0074457c80ff19acd3cf9d30b500ffac4394bf21a3c0051114bd505ffcfc1d52c4194311ae9a9b2f3da1c3fa5c0cdbf16db820453958a4d1c0
-
Filesize
6KB
MD5bc3442b66122aab3d1d5b65518e0b57a
SHA18514dfa9c6c5c27ba5a76e8bf48b3dfddd451e12
SHA256fdd408d027a9d0458db4a5ea6eb37ea6cbb9c0d4ba8b5514c01b87d4b4ee5f5c
SHA51205865bac00ee95f643eb5a5ef8b41ac7ca9bd01e5874e0093b171b969dff20513bec51edf27cfec53036cf105f3206bd6f2236460c2395393abc7dc7031fd478
-
Filesize
11KB
MD5d032c3e0e7c996be0a4e96541a2102d2
SHA1f6d4bbe2f38facbbf5f91dd7ef972aa57f188864
SHA256ccb56ecaf68781ba73ef56ffa374bc0061b70ce47c3b651a923a40bc6bc00ddd
SHA5127c8c914e144649474df7dbf3c60579e5de847fe1e7777e061a51518e0de57797a86510806d0d3a05af4f810153df47c7aa03708bc6aabfce8e25db675e5c0e23
-
Filesize
11KB
MD5304ddcdd3b4be2cbcb9a539d0a55192c
SHA176ce879b543523a2cc868c65197ceba72b58ac1d
SHA2561123b6c3c3d63955ce4278d124b196bb410870ca9db75b1bc735588109694a7b
SHA512cf29f20f9c182d6e27b18f512bd61d83fa778dd3e8a606d3aac6bbd88cebbcb64364aa0a24e126320f5aa1589e9c50f05884c0394e1bcbee7a1f88ea15cd9d6e
-
Filesize
11KB
MD51663e7796ed9b66074c24936603c4c6c
SHA17ea13a6d188dc7347a22062108ba929a682e7f84
SHA256441f7e8c92cc9cbbd7347822ad007740bac6f7658ec4db77db57e706ca9b4732
SHA512c86881ecdd7853add4495e23af184bfcebe6d23889fe596ed7b68c4aa70b2c1d22a0eddba6d5064598812a37b805ccab0cb490858173889071d746904b1b73b2
-
Filesize
11KB
MD59ff91b9c33ade6f6f6f3fbd4b1f44b7d
SHA16a1f55a5c17783b2edf88e36e35f10ee21f58251
SHA256096c34e2e25ba5e07424dd650b2082350df338ab92a4c4ded7e98f8c379f1a61
SHA5121bc585c8488ed8bc2c7e4676e45f06e790d30c087608723b2e89b5c5a4737140953eca2a0ad08be70f19e728a19c646d005f54263b40f2d5255cecd034bc4fa3
-
Filesize
11KB
MD5bb6088ff54e58bb7d9f4ff2c7debc440
SHA13026bcf0ca48d77a6d0204a06a1205a775a7247c
SHA25635113972fbda6746c0367b853f38e51fa39b269569b48d94d80f3f1784f92c08
SHA51286513884b80f5c10f5bb6385b39e2ad535643014d77989dd7d6f61521d8190a8797bd34556c14bdd9727bb846101679d99cd49a598fc51b195e6af9fd76193b8
-
Filesize
7KB
MD5e1ede55baa278f7bb97a8ed1dc31e20e
SHA110d72faa4bf6d6cb27a7ec3b96940a20a899e09e
SHA25623446d04c6f411ef37369216cce88f53133117a7fbd069d1b10751fb8abf503a
SHA512425a505aa26510b41c1815c2615c3dcb41d07c41bfd231f540deb5ce1f16a3835363e913ef48c7fee26bc9cb2f2013bde10e77d9135990d703de20f1a5ea3594
-
Filesize
11KB
MD5e1a8607612b395e1ed73cc87eac49e2d
SHA1d6b181908e9b78d40829dfca6542104da35d3d41
SHA256d145c97884cc39161d48c059e897cc84e0d3331f31747c929ed294dc491fcfc0
SHA5121bec92c4e66433ccc2d43f352bd836d0aa7da7f8ec698953b6a0df5e2e4744273907157acc65efa6f0c75b03400af5de7d1be0827ddf85515e140f23a5573cf5
-
Filesize
11KB
MD54d148fa7932cc6c77fc9153114c71c5e
SHA152f7d710de3bc12c614d279c52585c9312a5be60
SHA2561aaa30ea6dac8be07222750899c0ad55e8d54a7cc372fc1adb1f00347d0f1adc
SHA5120b4bf06f7481d2bf50564dbf90a64620828c6522e82bd307c5d9784923d0ea5125be720a7a58b5cc243e3584baa66b3f12a0b247f3df9e24ef6188dc89a6c13f
-
Filesize
11KB
MD580f5035cbbd1fd05ca66891e8fab46ac
SHA113ec5875d3e0174c5578c5e052f5db08bfb3b048
SHA25652dd4e42179a1e8f98e54de2e2bc23177611df85884fcf6cf2b14f67c885ca3b
SHA512ebc0a3a1f1ad759de00889d2acb17f5a57e6244d5582f5d40a07d3f6c33a8d740740fd6157149429e96000171bf80fe436d675e1be74d82fe68493326c8f036b
-
Filesize
7KB
MD5218593cd902da506f59e71bbc4318628
SHA16eb0eda5a00101616e424d6131c6ced9f6c968c1
SHA2560bbc344b27d72fd7474820c62f849836a932de507c6d80c7a9a14c30abb7283d
SHA51295db66fb656883086ddd1c259af55276917940c423afec5d6a79ec3ee7df86258b3fcbfe8c586734ebde0bf2125c1ffefdc5c0827020fdbb734288d0f9f67479
-
Filesize
11KB
MD50aa688a6b29e963dfb7677d32a5845ec
SHA1d82862f8749e83b30ebc4b92cfbeae470144e2f3
SHA2563533235147b1259045670b843bf43ac8602595a32b0bef483703cd1d8d6cff06
SHA5125babf074ffdca3ea0eae40a58c04860c04d4d092f02c7874ad2830b977c6a0aa76715b02a3718527741c32f9ae66b9fe67ccafd696fe19d96da8f57e03380150
-
Filesize
11KB
MD5ce6281ef44560d3be9d9ca7a2b40674a
SHA1461904e2b88d5cbe5c67cd7c990307f929a58b41
SHA25621651c9050d58d87ea275a2bf5f4041a18852e05f7003707a70b39dc436d6607
SHA5123e2797fe2f14d1e4b5c613942a647fc556ad89f3c4e9557c994e5010a743b5eb0d8ec6a1c60a652e578c7ce92963d142513522140c56f15ca7685e1bbc3ed74a
-
Filesize
7KB
MD5ac95d659be637855d9612f9aa56c5776
SHA1bf17ebab753db276d2a29ff42c2dbffacf858597
SHA256dbbdc3c0dfe796d07e3152d2135392c70e8ed9970da4aeeee04ce0c3bdee1877
SHA512e7cf484962017fdc209ad9405ceaf3b188a0db8518c312fee612bfa39557b47d7d376e5e2b7b9cf506a71d111f29a13e9767fd4e46b1193c530bc2794647c4b3
-
Filesize
11KB
MD5d9ee1cc8bf8216159e08cc4b9b359356
SHA1ede2cb5dcb459d208ccd56e0354aa95685b6fd05
SHA25685c47938c0ab999651370659996950c98bba452e9b0fdaa9c973b79f326dbba4
SHA512accb09bbdb85084c84b607f068858d9a02ec9a6a525f35ddd89a103dbaa621301e85bf1591307de61e7a293f994d0189f0ee876446d746a53b66323b080929ae
-
Filesize
7KB
MD510631b628fb730d57bc8daf345982605
SHA11b1ce948ecb1e9f85014ebcb53d5c8913776cf13
SHA2569c9d5074d2e7b7211d58180ef0cb5445edf67af429cad699f1889f2139bccc15
SHA512bcf38730abfd9c7ad44f7cd8279c14861e701346e7eab5fb5b32bd7231e7a2de3f8f6b5aea4f8475860626d5edc2cbdd9981a765b97236c12aee55ba6ca1033a
-
Filesize
11KB
MD5eaa85d87a9c57c2740698ea5de985f44
SHA1607d2b6220546ae0c3f9a573e29b7ab2de1bb027
SHA25625966b579825750c6f42fbf90bb20ae5aee0d026bf73077ebcffd9703fdf2794
SHA5128c6dc97feee581584239c29af6131c173f784fb4471d50c9d91b0556fa17e2603bcc5ba09e09e61ac3b5156e1a048a1e06224c787c9a5ba722a99e51502a18a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5f945130119765537ca5bc0225311f021
SHA16afab59972514a3dd7d618db200b776094ed40b9
SHA2562c24f870d68869f7b45cc1fc97bed5fbf4c91d798cdd21a5fdc258fd2414462a
SHA5125d941e5e36b68dc917d5f48a84e317a5296257fb441e9cea04a0b2b8d606a4e356f1190919f52792fbfe52f6bd580b52a09fdb42253ad7184b99affdf53c7837
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5b8fa6bca140393006d49d518a110bf68
SHA1fc6fa44df9fc467105e2edd6e5a0ea96752e79b5
SHA25627f4c2a5ac1c089c09d3c3fa209d2c09f50f1bccccac7d976d475885f202fe76
SHA512d10f82c03e003ea4c94115003116a7d2daa436f3ef503490203a0322fe04960eb7b376a2bf5607797aad534f3e44a83b6eaf01b60978be5eb212e954f975fbf8
-
Filesize
1KB
MD55361a01d2fe2a07975e8333cbf0b2246
SHA15411133f2d6b26051d2107c65684f7d653e24e3b
SHA256373da17988bbb93e8d8cf50a479ef29a50f8bda54c343441ff6247064a8a80da
SHA512a0dc807317af8abbb04586b94cf20bb41803b92a4bf75bfd1b88ff0a6562e44dfc21007f69cba15dbb37e7d9cbf44a2756d812d0480350c7908af5dc3613a307
-
Filesize
2KB
MD511733eaf17c48f43d6dede0d2cf452fd
SHA14d1c251b6d6bdd7ac8a165639a33cfd456beb479
SHA2569c9a167c4a96f52ab201cbb04a4f7e9de230c0364fced68f6dfa3f79533ee89d
SHA51259fc71067bfe10ee0a43659e758ae79d99d2eba5ac38fc2fd6e8697f548a4338b0c4788ef2c39050cd419be60d190ff387fd41626afd2356ee3483b69b414002
-
Filesize
3KB
MD59724384b9bd1d56db03e05a938017ddb
SHA19c2051ca2834dd3dc15eef3811bad4ef35311fa2
SHA2562f352d8a4debe43ce8479f942b7c8a862f75f70efff4c899b9cbb99b7ddb3af5
SHA512703e32ed5dc19cfa25e418bc9e45d741a37f7de98f7b8da7e329b1316a81903af0cbebfa0d59f4d4b384a733b2b7be8ee85733d3c131f437a7479176ca86c90f
-
Filesize
1KB
MD5127b678e1357f54338f6345a461b8f27
SHA1c98132d6d298a8e5648da6f856c917aa16f1f01b
SHA256d05ed9759653839abb36f4ea35cb410698f71f03913381e4b626fb2929761a12
SHA512fd474f9d614d70a11694d2f1bac6fa32f631d7e1032ec261711230d083be82e2cddeed3857b48ceba64a22bc54552b1140ad27e8545557f51a42e226aa8d5b00
-
Filesize
3KB
MD5098e5a1d8cb7ad3cbf661c3946d34daa
SHA1c579effafdc014e1d1e641b8a08cbc8ce6358cca
SHA25603574b7a0cb8c9c9fd5a2f6c603ca033fde214046b03b37fa8e96684a11415a4
SHA512f91c13494a0f1b1b1c38b27a4864fefe64d950a3098b5131cf46a0df477512cc3160f95940c0e019994014029662fdacb217085244f60b6c9523b099a9083c73
-
Filesize
3KB
MD56d49bcde6f38da33f29ac523802f50d9
SHA1a21b251ee1159b018a3e230965ccdafe14740691
SHA256a1d2b7df04fbeec28eba65218c739cb407133c9068cb066dca9e318e172d23a1
SHA512fc60ade9679fe9ae50a002b3cd6c3d21d30f4f56e31735a2d90a24e2e746b490b0cba8273f0da06178d6459d23df305bd16b00329c93017154ee83bd01727701
-
Filesize
3KB
MD599b59a9e1b53a36e47199c417b678ad2
SHA16929632a432ea7709fa83c26924774118ade13a0
SHA256dd957d6592aef2e64f5fdfc28efcd7b6c539e38a64844227b89af34efbae2f19
SHA512049921293e1cfffd02cef4f441de571d1adf6a20844ac6891d79928f05c953db32d14ae8713528163ea1117dfa26aeee86df69c246d8161bde74f1e4012f4a6b
-
Filesize
2KB
MD53f2a3ecce2c524733e6af8016f89e088
SHA1a72a5cfb23f02ba0a6c12ff7243da17e14f90c4e
SHA2569f52e554cf4e2cf4f5cff1e11988ceedac3915f57b2b37c73258879d8553e190
SHA5124db0665199732941629820fe49da1b668c2b6cf4641eb3e6d324fa93de39f01ae878e90d94d2b7cb76444e6afbb8901ce36802244847a45b1166778700ae086a
-
Filesize
1KB
MD5cb6eb833be438a8a1d04d6b8985918c2
SHA11e059a28f018178ecb4cd92fc4b3a23fbc93935f
SHA256c984ec74d8252560d08cdf90e9bdba33eddea906120bddcbb17041aea02000b4
SHA5124e21916857509ce052c7a78cf52c5828a9384f0fadae40238fe06844d963fe8c300ea28db05cab1732218d263b188346a59cd0559a047831390c6192f11cda0a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD528055b1f92a6f1271ad86faaa877ea00
SHA1e6000157b28e4b2c45bb74cc91f60f6380c98c99
SHA25657666f55e21a2960616fa06f54063cee85f8259b548922627bff4151f664abb0
SHA512954e79c25d1d91cce99fe1d2526fd0276d1d59f7a60a70bd23ad74bb4e8be02489fc03f5f295abde9b022f7daadde4e19baad9399194a8b5400fd9ca860c3922
-
Filesize
11KB
MD55701a02177aa369d0b62439390b9bd12
SHA11c8f75684b2cd6e31bcb950e6ec4b88fb7fd2f97
SHA256f81e6143125fb183b564db5f3dfb3297abc0b399e444f6df102f04efb93b4380
SHA51285911eb5ebf111514293b5ccf03a7ae1a60676634f14fddede9515cf96b303cfff9df64e27ab1528d1c2aca475a091e2cf0ef21d444b18b8b88ca791e258195e
-
Filesize
11KB
MD55a23c6e087a0cea95f43040763d4f906
SHA1938c0c3d8a5aa835f933e72c0ce475a4def37bac
SHA2568301e9a8a034f6b6df2e017aed5aeaa411695918956f360178393846450d1255
SHA512752951ca848701179257b9d8f40a96fac2ee2dade3a271e1bf6cb96189b22c62d25df319e0b9108b8c48b345b0b630c954486507291accbd5b6732c52fc3466e
-
Filesize
11KB
MD544969e04cd7447f217fda3decc1f4311
SHA1f6f498bfd4843910df842aca1301edcecb1e0eb0
SHA256b48961a958faface99c1157fd01278773795ace21e423fb6f4e371f0d8e82080
SHA512a78824b72a98ddc0ecdde95172f16715e6b0640143f0275586d14fd53a0dfb9855353c29716605eec21cb7a3d320a5256c08aab9f29aa31cc8af57de2d54d798
-
Filesize
11KB
MD5c57b0236035156bec3540468a0bb6e54
SHA1838a1ad396154c36c26aa68084c182fb4b60684b
SHA2562089f3bc4712817345bf9c3d675fa5ff694f89b5633f91941ab224f9c4a30c74
SHA512eaa795857cc76a20973266e3a5426e430ec85bf555b13eec3b0da56043264e9496019e91b3cec8312de8fc0a99e6c68d1707bcc69f786738029ccfd342e0e176
-
Filesize
11KB
MD5fa5e64a58840bb99c453fe772f492e36
SHA1862842137fe24b6e42ebcd0261ebbd08e628c674
SHA256884a39026037560afa39b312d08e17247bceead5ed8b3798774d15815fb62d7f
SHA512ea3850eaa47f508e2c52d67a956a240bb22b9ca9262aa58530ef6b366628bbd002cbb50702f09bad455cbeeed41a8cbe0444ae25fa444d42f4f05434b85a8219
-
Filesize
11KB
MD53badd04fc53df918f9a967a6e19dd2f8
SHA15d68a71aa817a80a4dcce0aa9c383678a9d9ae5f
SHA2561f38a61495176166cbc5cda9e65fcae0f3a456a62444ca7132d3c74e2fa61e65
SHA5129c8813315b6fae473da387c595ca97f6a10db1382518a0952ad78bef86c5844b507ae440885105fd63e244b82506e95434f4d9c69fd213ae0f49bd9961417fdb
-
Filesize
11KB
MD56f429c1fec26731a0ff5d6b9dfd162a4
SHA128e2fdf3008c7dec4f642b4dc4c025a83f6e0b1a
SHA2560047e565245b713f541f663ab71caa69d488fe6c2def7ac28ef86d1227d849dd
SHA512f114a787ead42702234dbe7c45052bc78a88188f297772845f48623057da36bac910ec4d637a4608b9f4ae2d23b1e60da3ff290aed6294b137fc852c6d942c0f
-
Filesize
10KB
MD583c522bca51df76595dd852d2f5bf993
SHA1b70b2570bd83038ac170f8316510286db950abf1
SHA2568941e6cbda9433fc6d163c23f480c918ca295dd971028bbe174ad09e52612f71
SHA512b47575768f946586315817a64188733a6aae0a7c192a0814003e31c8660acd9312494ec8687e03ff519dd050e68deb553d9c08a9f34f54868479e33643663197
-
Filesize
11KB
MD5c1a3a79944f7b46679c280a3426748c3
SHA1dcd4ef3d6587a66efa15ae22464c5ac9f0b60d08
SHA25639ffa05062da208d8782f3891a192c3148d1997459bfb59c2de1f9f2c29e7ed0
SHA51209f5ae3cc0b9cad304bf9394e171536c5a61beb77a7b36005130a4575aa2950f56e8e4690341fc83970088c36c6aa3ec7ced9bc17a2db504deb5fe0046312a19
-
Filesize
11KB
MD55537e054fab4c946ce1c45927c62c088
SHA118950fed389051cafb2ea9128b41da6da8c21b9d
SHA25667711fff59daa2a3c26b45b4d6195fe17d93f05465cfc977d78414f3c7c82fcf
SHA512904f50251d3b9597e5ddbbf6314b1636d7188b544a91353e7a87db7df26dcdc7980481f0bd6eb295a32f2cd5617522017f5ce992a2d32ef0f4b0ab0dad989651
-
Filesize
11KB
MD5a82c602f7b891a947dfc2537a6c9dba0
SHA119f344b6f34ccb62ca3d937623e5a10e97012790
SHA256ad1f9ec677b8dc06576d9d572d98d7f475c1ebb26393534fe11748df71c7cd1b
SHA51210c57b6d1613485e8d281b3e1acc752038b45b12e52567ee0a9a1353013a9ded7ffe885c6735f75ef944a461d9b6a91846929f4c0e791c4086344a899a7b5952
-
Filesize
11KB
MD53432b15583994b2e615f61a73978697a
SHA1d08a9350b23c92a69202199c4b6d0b5c423cdb0f
SHA2564e93b00e4e9e3b7fbc4c5fe63c8e8644b325d342b56d6c85d71b033049d93b48
SHA512d9e0bf4c6c8feed61f8938598edfd48cbc0af8ce8f104fe2249ed7eb662e9a138bc4fe0f9f5fcc7c8a3d328d70babccea7f6159d8e3c7c74746b89f498184fa0
-
Filesize
11KB
MD5fb7d91a0bb992e879e8a2b4a9eeaee30
SHA12ef3177a1c74a60d45aac4393fc2c1572eec96f5
SHA2568ccd0bf37f7175fed90243437386865756244c852543faa063d27e9043b01459
SHA512ce881486bbd5a09b116f772950b40a30132312624db1e464fa425376f8d486519d400a954cde2951eb7e702e13511e6aa488574be14c31004d76d5dd072b983c
-
Filesize
11KB
MD5beb6fd518d02f6e2a11718db40d50c7f
SHA1709812f9c3c7863faf79acb952294cef6d7d7ac2
SHA2567ee51252b0e1c14615dffbb4ffe8ec3c3a7e1e31b888d0a3c1c7c81462bcbe36
SHA512bff25321bd0006c7d1d93e921195ee6db536e2b16e73e44ace0df75dce1ea6179c7643bf5e1342a83d61331b558a9de499a716af0cf22f453a57677b03bff794
-
Filesize
11KB
MD547e32bb2c50048c3b63708a2158facc8
SHA1ba158b225d1692e538a57f2d32782c4c79950f46
SHA256767a6775074ec573f7d3da243c8fc3706e376960ba4a999128af5f6e5cc8e77f
SHA512641356ef813819c2212238db2d5863f2145705afc1e1934bf7844f7e8677b0cc45f929145d6edd2f8ad257c83e1184084f68a4d8e807bf504686a0a647d18703
-
Filesize
11KB
MD54827fce6aa1b754a713eec6a189ab31b
SHA14630009bc0665383360c5fdf462cd45863feb945
SHA25604b325eb25d6900a5664ecd12fb519135473912bcacc11d4c35b9cde26f80d5f
SHA512e8c78c8efef94754e143c9f0ded5887fb0bb49b0f69ef880c3f961b20d8423db3ee767fc03bfadba1ad06b8290359a91867ce14c97f4510d5f38233f182e0e0d
-
Filesize
11KB
MD5d7a6414d3e2718e748a91e98c8168e42
SHA16485b93d50e9b3be305f54397afa88f4de13e55b
SHA256861ec7f1601868861d092aebd54f7222aca3eac74e665fb5e93ec25b92fa5996
SHA512b9ec1c03507f142b1123b12f811558eb843be526cf3205e574e6b772bd37c67ce6eb7ec73d30908b9027a37257c2dd080c70345c894c68a3690a55fd7901cffc
-
Filesize
11KB
MD5e90307d15c745a087d31b7a61657a9dd
SHA131883f336d25345318bd73500f95e325c7104023
SHA256b4edbb1499d84f4c043738eb327c6b8e3ce59c95f75930609722af45030c20b5
SHA5129e0e433e7665e6724cee30d3fc44a403959b865afab43185ce19999fa786086a17bdc840f97e7e350f881e1979ae6a1030c20d5c660e0d9239807383d2c92faa
-
Filesize
11KB
MD578ab3601717b0803f70a870179a44fc2
SHA19d517ad87b6470dac8abef94795faf71b6444cd0
SHA256f97dd36d2e8aec0e4092f1c40465e29306e393de653bd910d4ea70099b317e30
SHA512e3d61b9244446e5e709c9c98a7a75de6d9fc5f65063afa0d3f57379c9090679b6f8a2a2dd692617437a0fe987cefe5b1594d76a5f03a7ed10b775b921e64a4a6
-
Filesize
11KB
MD5689fae9136208beb1d246d07a065ab22
SHA1060e95de4820fbcb3541e08bc1c10ff6ca3a6ff1
SHA256f96b4e13619edfb901cd3637950b031db0417d70d86acccf9ba8d479fefbd77b
SHA51271ca9dba19cdd2f15a11cffc7e32cb04ab89c32f903464fc378a8707e99d467eb3e515d22f3653b7691ede61b74ae4f1d83dd8cd277212c21657cb23c5b09eb5
-
Filesize
11KB
MD5dd5211319dae2bf37b1a5776b9ac46d2
SHA1bbf1566ab2e167253edd7c47953fb5ae93bed04e
SHA25676cb28602d034346ebec96cafa5cf290d3ee90b5f96939a7595f1fffb1f233d4
SHA512ff852fda7bf01e3383a1b8beaaa5323a01bf4872139ca9d697dcf5dcb7db7fbfe780d9a4c172d69eae066eb5b6f43124665606131038492ffa5733e8da02b05a
-
Filesize
11KB
MD53e43206a48ed8397fda5492345958bde
SHA1b388dc1e51eaddf7ba272cfc02e1f715bcf4f9d3
SHA25617343bdabf5f3ce1b353afd26b974586029b03b4f36f2814463336dbcb29fa82
SHA5125d3448d0995870711345457f18167c9623183138b535aec2fb21f0eeaba716152437e30ed1e06f835e230b728d198e6e1f6b707e1b2c58c6d02ac3fea700dc06
-
Filesize
11KB
MD593f8aeba483716723f35a79eee592a1a
SHA1791342776bc602acdca5df0b4ae82b4b469298ea
SHA25639ad2c65a252b2deb70bdd202e4e3ec5bea654263d1fe4d7652cfdde37ec97a6
SHA5120b575cb44fac616c122d5ec28cfdf9d3599d19442d96a5de36098c2ca9baa5e0e8ed7354a28bc0bd054d58d2c0e291d587c7de6f831e6be246bb5693d9a27d55
-
Filesize
11KB
MD5d3840074d554caed8d50cf6cb815ba58
SHA177b43cd30203314185494d75bd96c9251badffee
SHA256567cf7a374ed65b2390e6bda19c3944966904889651a3861d280769fb8595a29
SHA5120124d81a9f0985557aefa78ce64c9769642a48108a8978d3d7526e8968e10b16920639935caf65ec5366eedcd22cc1c535ef3391fa167f87399ca6c1bbe657fb
-
Filesize
11KB
MD559c6d1fee2c60327019f1433f1027d62
SHA14c43b06a35200c0275c07263a1662fdd20ae09c8
SHA2569a853fc4ff3771c325958a0d59aa6cee29d46fecd182df6bfca50134803e52fa
SHA5122c44c264fe9b99a5ea132c9f17fc86d8c751f0e906ac5a610eb660cbddfde276959fc8e35f829ce5d3fe363ad1ae43df3a7bac53807cc006be5109add2360748
-
Filesize
11KB
MD51882f3dd051e401349f1af58d55b0a37
SHA16b0875f9e3164f3a9f21c1ec36748a7243515b47
SHA2563c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0
SHA512fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf
-
Filesize
4KB
MD5214f98cb6a54654a4ca5c456f16aed0a
SHA12229090d2f6a1814ba648e5b5a5ae26389cba5a0
SHA25645f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037
SHA5125f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873
-
Filesize
448B
MD58eec8704d2a7bc80b95b7460c06f4854
SHA11b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210
-
Filesize
8KB
MD563ee4412b95d7ad64c54b4ba673470a7
SHA11cf423c6c2c6299e68e1927305a3057af9b3ce06
SHA25644c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268
SHA5127ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7
-
Filesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf