2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13/02/2025, 01:26

250213-btppra1pcz 10

17/01/2025, 20:14

17/01/2025, 20:12

17/01/2025, 17:25

17/01/2025, 17:21

17/01/2025, 14:16

17/01/2025, 14:12

16/01/2025, 12:52

Analysis

max time kernel
837s
max time network
900s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/01/2025, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Destructive.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe

Runs regedit.exe 1 IoCs

pid	Process
7404	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
7852	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
468	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
1836	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
468	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
2996	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1520	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe
1932	MEMZ-Destructive.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5088	Taskmgr.exe
4084	MEMZ-Destructive.exe
6928	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	5088	Taskmgr.exe
Token: SeSystemProfilePrivilege	5088	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5088	Taskmgr.exe
Token: 33	4452	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4452	AUDIODG.EXE
Token: 33	6928	mmc.exe
Token: SeIncBasePriorityPrivilege	6928	mmc.exe
Token: 33	6928	mmc.exe
Token: SeIncBasePriorityPrivilege	6928	mmc.exe
Token: 33	6928	mmc.exe
Token: SeIncBasePriorityPrivilege	6928	mmc.exe
Token: SeShutdownPrivilege	7852	explorer.exe
Token: SeCreatePagefilePrivilege	7852	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe
5088	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4084	MEMZ-Destructive.exe
1052	OpenWith.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
6412	OpenWith.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
6464	mmc.exe
6928	mmc.exe
6928	mmc.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe
4084	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 468	4400	MEMZ-Destructive.exe	94
PID 4400 wrote to memory of 468	4400	MEMZ-Destructive.exe	94
PID 4400 wrote to memory of 468	4400	MEMZ-Destructive.exe	94
PID 4400 wrote to memory of 1932	4400	MEMZ-Destructive.exe	95
PID 4400 wrote to memory of 1932	4400	MEMZ-Destructive.exe	95
PID 4400 wrote to memory of 1932	4400	MEMZ-Destructive.exe	95
PID 4400 wrote to memory of 1836	4400	MEMZ-Destructive.exe	96
PID 4400 wrote to memory of 1836	4400	MEMZ-Destructive.exe	96
PID 4400 wrote to memory of 1836	4400	MEMZ-Destructive.exe	96
PID 4400 wrote to memory of 2996	4400	MEMZ-Destructive.exe	97
PID 4400 wrote to memory of 2996	4400	MEMZ-Destructive.exe	97
PID 4400 wrote to memory of 2996	4400	MEMZ-Destructive.exe	97
PID 4400 wrote to memory of 1520	4400	MEMZ-Destructive.exe	98
PID 4400 wrote to memory of 1520	4400	MEMZ-Destructive.exe	98
PID 4400 wrote to memory of 1520	4400	MEMZ-Destructive.exe	98
PID 4400 wrote to memory of 4084	4400	MEMZ-Destructive.exe	99
PID 4400 wrote to memory of 4084	4400	MEMZ-Destructive.exe	99
PID 4400 wrote to memory of 4084	4400	MEMZ-Destructive.exe	99
PID 4084 wrote to memory of 4080	4084	MEMZ-Destructive.exe	101
PID 4084 wrote to memory of 4080	4084	MEMZ-Destructive.exe	101
PID 4084 wrote to memory of 4080	4084	MEMZ-Destructive.exe	101
PID 4084 wrote to memory of 512	4084	MEMZ-Destructive.exe	105
PID 4084 wrote to memory of 512	4084	MEMZ-Destructive.exe	105
PID 4084 wrote to memory of 512	4084	MEMZ-Destructive.exe	105
PID 4084 wrote to memory of 3580	4084	MEMZ-Destructive.exe	107
PID 4084 wrote to memory of 3580	4084	MEMZ-Destructive.exe	107
PID 3580 wrote to memory of 3532	3580	msedge.exe	108
PID 3580 wrote to memory of 3532	3580	msedge.exe	108
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109
PID 3580 wrote to memory of 4472	3580	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4080
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:3532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      PID:4472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
      4⤵
      PID:2904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:4460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
      4⤵
      PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
      4⤵
      PID:3356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
      4⤵
      PID:4512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
      4⤵
      PID:1528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
      4⤵
      PID:864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
      4⤵
      PID:3180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
      4⤵
      PID:3636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
      4⤵
      PID:2712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
      4⤵
      PID:736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
      4⤵
      PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
      4⤵
      PID:2936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
      4⤵
      PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
      4⤵
      PID:4072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:3304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
      4⤵
      PID:2732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3608 /prefetch:2
      4⤵
      PID:3068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
      4⤵
      PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
      4⤵
      PID:1340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
      4⤵
      PID:3560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
      4⤵
      PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
      4⤵
      PID:4636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
      4⤵
      PID:732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
      4⤵
      PID:380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:1560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
      4⤵
      PID:4812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
      4⤵
      PID:2376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
      4⤵
      PID:1096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
      4⤵
      PID:4912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
      4⤵
      PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
      4⤵
      PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
      4⤵
      PID:740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
      4⤵
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
      4⤵
      PID:6036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
      4⤵
      PID:6124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
      4⤵
      PID:5752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
      4⤵
      PID:5820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
      4⤵
      PID:5288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
      4⤵
      PID:5536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
      4⤵
      PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
      4⤵
      PID:64
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
      4⤵
      PID:112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
      4⤵
      PID:1872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
      4⤵
      PID:2752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
      4⤵
      PID:6748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
      4⤵
      PID:6784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
      4⤵
      PID:6588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
      4⤵
      PID:4268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:1
      4⤵
      PID:5128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:1
      4⤵
      PID:6972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
      4⤵
      PID:3352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1
      4⤵
      PID:7024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9876 /prefetch:1
      4⤵
      PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10028 /prefetch:1
      4⤵
      PID:5692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9584 /prefetch:1
      4⤵
      PID:7036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
      4⤵
      PID:6156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10516 /prefetch:1
      4⤵
      PID:6908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1
      4⤵
      PID:1716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:1
      4⤵
      PID:6396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:1
      4⤵
      PID:220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10712 /prefetch:1
      4⤵
      PID:3456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1
      4⤵
      PID:5156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1
      4⤵
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10808 /prefetch:1
      4⤵
      PID:6032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1
      4⤵
      PID:6204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1
      4⤵
      PID:7232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
      4⤵
      PID:7352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10368 /prefetch:1
      4⤵
      PID:7552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:1
      4⤵
      PID:6564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11116 /prefetch:1
      4⤵
      PID:8064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:1
      4⤵
      PID:7464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:1
      4⤵
      PID:8116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
      4⤵
      PID:8168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1
      4⤵
      PID:7352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10564 /prefetch:1
      4⤵
      PID:7900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11628 /prefetch:1
      4⤵
      PID:8140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11964 /prefetch:1
      4⤵
      PID:7976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
      4⤵
      PID:7724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:1
      4⤵
      PID:8160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12072 /prefetch:1
      4⤵
      PID:5704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12320 /prefetch:1
      4⤵
      PID:8236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
      4⤵
      PID:8328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12544 /prefetch:1
      4⤵
      PID:8944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1
      4⤵
      PID:7824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11992 /prefetch:1
      4⤵
      PID:9132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12632 /prefetch:1
      4⤵
      PID:7828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12916 /prefetch:1
      4⤵
      PID:8612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12736 /prefetch:1
      4⤵
      PID:8956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13136 /prefetch:1
      4⤵
      PID:8516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11800 /prefetch:1
      4⤵
      PID:7688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12496 /prefetch:1
      4⤵
      PID:8636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13216 /prefetch:1
      4⤵
      PID:8888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13252 /prefetch:1
      4⤵
      PID:4528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13192 /prefetch:1
      4⤵
      PID:8572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13268 /prefetch:1
      4⤵
      PID:8188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
      4⤵
      PID:9776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13292 /prefetch:1
      4⤵
      PID:9804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13372 /prefetch:1
      4⤵
      PID:8868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14036 /prefetch:1
      4⤵
      PID:7336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12624 /prefetch:1
      4⤵
      PID:7988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14068 /prefetch:1
      4⤵
      PID:10168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13900 /prefetch:1
      4⤵
      PID:10156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13500 /prefetch:1
      4⤵
      PID:440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13772 /prefetch:1
      4⤵
      PID:10104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14416 /prefetch:1
      4⤵
      PID:9012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14220 /prefetch:1
      4⤵
      PID:10408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17315186094446056299,11504849242332197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14644 /prefetch:1
      4⤵
      PID:11220
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    PID:3412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:2456
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    PID:3044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:2028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:2976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:4412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:2728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:5352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:5412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:6128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:5144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:5824
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:5596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    PID:5384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:4136
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:6684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:6472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6428
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:6416
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:7088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:1316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:4008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
    3⤵
    PID:7092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:5336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:5408
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:6556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:6688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0xfc,0xe0,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:3592
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6464
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:6928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:5184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:2784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:7172
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:7804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:4152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:8004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:7112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:7504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8088
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Runs regedit.exe
    PID:7404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6464
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:7792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:1304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:7928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:2000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:3608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:9168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:9180
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:8248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:7896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:8800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:7576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:8076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:7368
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:8408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:8564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:8504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:9712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:9728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:8852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:6256
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10200
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:9292
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:9944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:10076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:9936
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    PID:9940
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      PID:6376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
    3⤵
    PID:10100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:9940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:8656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:7652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:10176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:10040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:9680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:8160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:7344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:10088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:10668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:10684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:11144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff81d8546f8,0x7ff81d854708,0x7ff81d854718
      4⤵
      PID:11160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6412

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:7852

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:7940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:9564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
98KB

MD5
c0fc67fbc5c5eceb437b516b4365aa86

SHA1
6b5a02dc604f8b87eb9d456969b12b45dda79baa

SHA256
0b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea

SHA512
e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
181KB

MD5
5600049b0f0909a371eda70bcc2923d3

SHA1
937588d6f2ad99e66b27d2fc2467b9197f260c99

SHA256
581c531851d69d7fc6643e8adf32d2b92a6cd1ec3125c227d3d7bac955c6a0ed

SHA512
05e019a2055693029c8b07e9eee89cec67aa729857da8d55ffc139b51d119fea99fafe15ff8bcde57d916a9471dd9fd838f6148c52b1c9d120c4976d97de5df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
58KB

MD5
8db2a8da0880056c05f80e53cd85011a

SHA1
075849b2c39bfa5e0ea79e7ae1e87670c580128a

SHA256
85729105825029137681dc4af7cd610c90db77dea54d648204ac1d79a33be076

SHA512
d5a1a79704aaee7d817f3207668522d4ee0be41c78330b9682a01c14854268fd083d16b5114bfa144323b802ec4699df54e92dd36cc27bc6db6eec8816bf4201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
198KB

MD5
4f803e21d5b57210478a4efc65a53a30

SHA1
14445866d727af30f7c5c0505c9f2038e61fbdfe

SHA256
f5e722e9ca55a876cb51f6c740fccd77b132903b95ce470d2f9f77dae3013a7f

SHA512
80963fb1e50b123bdc34a7c57cdee2c941a045e1578890348df4329e4f7a20c5a8f29ccaf4d906bef8c5908e52ef1a6ca1b832bc18b2e3dbd621f6f507c83ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
4c61b65d01183d6f60bf80f29bd6f330

SHA1
6f94b52518582e8f519bce8c3f739d38cfb2436e

SHA256
fc70e55ad50ce4e6fd5897d6f4903df528cbc881b31afec77b42bb06f799e150

SHA512
24deea2490bd4ef1192a73c0c32fdc39713e3cc818b568e23e461f0baf7b40c9fa6d9a87437c25fdcc69cef8463deee40298437e4bb94cabd5b5f2bfeaaf7be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
30KB

MD5
8f275f3c748cfe377684dd90ed2fd2d5

SHA1
65fa8030eff79a8e49ad47905b26629426c15032

SHA256
2de7e29e82bd06fdc071f3a6f9af9d2d5b3b051dfeeb335be3b3677e24e66f94

SHA512
1426d5ebf91a51a4e827c682f2349bf196a94edd510af6dfb1733eca19e4045ac37e8bf8197bbdd5852a9c5ce921c8ce4190a2cf7cb4feae21d55e072e018965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
45KB

MD5
84faa419d86403180ea636a6fbd34a29

SHA1
1e8455f4310f3b0a653cc0eb472fc7003c90ee0d

SHA256
726f4e79e52a765cb444b96e1e41e31053a17daf41db81aa545b87fd73152bf5

SHA512
2eed684235c73c296252b8a2fa06a428c4dcf1abf169b8e8aa51b5f0c621454c6a9b97e83e03e2f67e24c4a075f7c7bb29f9d5fff352ad30e5f94bbd3693ee70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
31KB

MD5
49e4787d628bda07a6824bb05cc0d0bd

SHA1
4f27eccc6ced1c3a535ee1533876efc46d31aae1

SHA256
191f4b66ee855c72250fe7f4f7c92ad3a184e0c5f3b4df45f91a7796c5e38fff

SHA512
ab43ffd39189d0110644cb34196df0a336479f1e7081edcb9bd514fd82b67a0ef32a898ce2dd69cefc234522abd12e8cac905c87375a1c0406eac25c6e732bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
31KB

MD5
6ce4e6a94723410cea915401fb2405b9

SHA1
62b18c253f9a8bdb5107fdbc05e60e9ecae1662e

SHA256
bf62913a7548899c0920a258904e5bfc50e0abb96af46f2be50e8a0e42cd9ca1

SHA512
2fcade70ae872bab3b9be201e68eed917844052aee6d27899cffd435fcedb6750295c91cb53a8995c241eefa2d8b46649b260d47e14c5ee404f7bbd15b328b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
21KB

MD5
344c09d87755a0715e3be7a6869e0ed7

SHA1
254ae4accb099eec2e67b13017d9b3de6b6cf8ab

SHA256
9df11d479cd044bb9f64134b7325946185e79ffe54b45024c5ea5c0a5d56f298

SHA512
9ea2b692b550973c1057eedea6d649a4db3b934049714b2378eb385dfe021051c596a49272c6a29da5c93fcb7e30decb02dfc3a2bdf6116670a81bf5521ac0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
4fd9e1a4cc8135664d1df164277e29c0

SHA1
8c3637673fbad779dd9315b81ebdea58d28e9db8

SHA256
e8ba6fd025b9e152b1d105db5c76df775ae9b657b227576f9a66229a95e0c4ab

SHA512
ee5df56010dec023472b2b0fd53a17ae7cb26d4c7b0ea9a910500fac5553749624574f3a9ac77c3aa8e1b6baabeb1e3fbc5a4e5c4d95c020c9db1af88a5282c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
136KB

MD5
11662e81a190a00e09cb8b6bd17eb3c3

SHA1
e5a0996f7f9ea2f34a27385905ef600ea8e49a84

SHA256
7826a7b1f3bb39e6c3fedee8b71b4db781a3eda0a66493bb777c7fb7141a7b84

SHA512
e7dae9d5e569f6317b6ccb5b0f6b909a2ccf5f121cc76880aaf2561ad76a2e40659b5ec9813dc6d72b772f2db96f987d6e64e5a995d75f1d75e383297cacb69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
33KB

MD5
3e2dd2cc910d38a52114e884f5993fd4

SHA1
ac790a4a1a52ac58a766b7cbcdf3a3460b267ea1

SHA256
196869dcedafec5f7a3e8fa7e04b221b838b193b56a0aa6f64c534a2a5d84956

SHA512
b311e4e649b5da0f97b834ae22e1c1404e6a66ec808c7c1650ba7edad8a1fa20ce398803a9c9cf32dee95e74abcae2f72fc3db19fc5a5eee5775adbe8fd8dde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
36KB

MD5
6b053697757e2dc55d94eae6f7393242

SHA1
fbc3bc31767c83b3cd7574bafe6151d1a8f5823a

SHA256
011e8afc0f9675127cd62f43b2319871d87fb504a26dade51df45ffc075d8437

SHA512
5ddd53055a94bdf0af2c61d53fbbf3027e91b6503e31b28e8550257087798dfa4f0e0c4ea9d22ef83eccb7402c96365d326e3bc32a510458385efefb6eeb0d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
29KB

MD5
071d0628cae2c51109a5b5f5aa5ef53a

SHA1
8a2223731b9befe68861f0ffbc383cee8c17cd0d

SHA256
bb1d14cb6dbf3d24b28df7823ff19bce6c0e2e8c2d35fe4101e16876399bfec3

SHA512
b31e83eca2e14e4ff600e3e852c9a34e7d218e723451a6a1ef6bf4a15996d502c602871cb92e4dc463572e9b7c1232f9cc70c07663f4a767cfc57168fdb4e88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
43KB

MD5
e9e2d197594b7331d92c27c33e16a38a

SHA1
4e534bf3ad1ae51e1ebca0a41d6666331da5047e

SHA256
7f2f944c4a9fa58b14766623074bc10e82e843eed8a4bd334f0edebb79c482f0

SHA512
ab994433b856247d3665dd5cee5bd6feba8ede2123aab69def2a7301676de4cd99fdd166812eebd4cc177a4ef2c2ce7bdb10f6eeea28a55d45b450a3a146806a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
31KB

MD5
5f6fd03348fc1a22948ec13be81c8e17

SHA1
5af9ae409ffb1a567a177ebd469f6f5274e1b247

SHA256
667ed19993b71a9f30de3e96602c64d00d9985c8f7d7fb8406b8e5b9df2c93e9

SHA512
46afd1a1cae9f261c09b21f01643bb1eba87f42f1db1260329d2cf8c803f8eea71004d850acc5416334e30e9327089e7b7665542f35300ab260fd955a53e9160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
28KB

MD5
1cb56eef859422178e829561a4474fa4

SHA1
d5d79d13d52f84081c958d458c5003bb5f51887f

SHA256
f26587750306a3b683873b469c9471d40a9942831d12fd694f8babc485246637

SHA512
f2b67a40d1fd43e6d0caf6e66568eb6907d0ee83e2a9e939fb8ae2a3df26b0c455ee865df3a724f6aae9a02506b5b9ce5b7107fb60c09b83b05b1fb432e012c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
60KB

MD5
b145c1357eb028397bff7a38098b910a

SHA1
ff905aa566aa5054c622d31c1beaf5234e7c2d62

SHA256
682b3f37e4ca680de6afb7647c27793b4c5f16c4d73a816c1265518ead6525d1

SHA512
d799b3be705984f4e725a364b47f1f133eceb0bf02dc1cc94d6652d409c6d11e94a4ecd6e0669c731bafd51e160ff922dab59e7ea408873b4108e0e8524070f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
45KB

MD5
2fb4d0c41c094ec09125dd9d0df01ca0

SHA1
25d35a25a816f9e29372ab9bd0df84bd5481fcaf

SHA256
3072b2d08bf1ad8854fe66877f605ce9a8f62b9a5d5ded682fab5e41522b9b37

SHA512
7bf32d8d1e1c8c05cd91406f66d71f13d791dd41aeb1e5defe7438021f9f2fae9b304079f326495dcf46b7b950e195a18ec08ad86e058255d70e0324f6b0debc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
49KB

MD5
65da8d6932ad74d3b51694b5a28dd0bb

SHA1
aa6e37cdacda153f499c299299a4dacf50c93765

SHA256
309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482

SHA512
bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
84KB

MD5
ea0e2b34b1f5f415d6f70566566c7c4e

SHA1
7727fd2a0f05d0bc861628bd2f3fdbfc790e7586

SHA256
58c997c649d99e6bb4d4fa16a347e4ccd263e861f42a31fd678264cd44d121b3

SHA512
048dadca6521ea55d54e4dc2e27df09325841e74475ad7597cff0cd5cd1db0bf3c54fefc9de91a8062c1534d70e179f9b2869f63e985df0d0e4990de4b767f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
37KB

MD5
6ad721b415f4635a9b54a14b00e9bcb8

SHA1
da13b8b3efa9fa51545f85ca9d0c9ef6406b81b9

SHA256
857736720a419ba49f0c0b8f633448edf1ba55715e546b121351bd5a59911fb3

SHA512
c0d30edb522a189517c79f74046e713b37bdfc714a43ddf83249d3b0930e3a4a268f2f07bfd3a455b1b6375505a48386d68c3e7ce215d4ce19aac79fad0ab401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
108KB

MD5
c2fd32708cdd9400691914a23610eb04

SHA1
c16609615f8a352cbdb032fd9889b825b5a04f4a

SHA256
7fdd933de190897886c271c2db8ebe729cd8bdc63b1712cc254cc5d889f0d579

SHA512
4e39baa6b133de5c0fd763c6b91e3d2e29426022dc4a650b291d3749ee7e9b948f0f4a6a3c3736204b8636c91032a2d702dc3ef490c42122ae19d62dd6a6cddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
155KB

MD5
b74f4cb813f220bd09b6b5135c6f0c51

SHA1
efa7a95f97b0c38f400d429ad0316592af9ec964

SHA256
c43ead694533f49b58beca878f3f63a66218d73d20e438b00181d777f8718824

SHA512
02ab093546c152085788f5e4e9424224d78e249dbe65f2161c91652bd6a97f355a4e7813528cd9b03ef129b12ccb37312504fbfe7c19d378d689c74f58719b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
43KB

MD5
3e62e7ce82d1727d41a251d07c15b92d

SHA1
bdf11e48353017d902ecd5e5b8a3b8e652c91440

SHA256
5110817fb07ac516e0582e4003a7096dda70d98d9eac60eac35d7b31e27c0f25

SHA512
8a2a5aaa3fe39a4fc47ed338ab278d685e78dcb0605b47a3a719e77df072f91a2807ff162c9d6fa9fd019fabcb8f83e3fe287f29925b309742fc0d3b476f7eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
34KB

MD5
d74b9d94121977b55b511eb72f20b014

SHA1
764c6faec43aa5abd0da58468bf14a22d44dba63

SHA256
aa3247aed53ac3005eb62ea8e51ab5d0e4bba6fb14f0eaade2be834b46bc2677

SHA512
1faf9e03370e7fa9787364f3fdef36a96222217a969ed815c9e37ac8d3f1d6cf7cd6816177ae3d8c9e380f99ff2b4256f43d5482860ae06bee17f21b8245d492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
34KB

MD5
56e81eee1a148d70c32df1fc2b59690c

SHA1
2142385c31ce3b5c98e63b241729106c237305e7

SHA256
b9c677ba0351ac1a6d6412d0f0fb6fb577cd5607a4b34cdae458b713875918d6

SHA512
ec3d1ae136de8ec93958ebb7e939fb16887f75cca31cad135cf87dc887ebe28ccd4c27a78bf3da7720ae0488d19d2f9f283b0d2158f2deccca7289e0ea64bfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
75KB

MD5
1b7a1be1b0fc0d745ea12e48b35c1935

SHA1
55f9ab98bd5aa965ab56a7b92457f57be3a3012a

SHA256
7f4971fd97d1c28c995e07088c7eb7e42dd31f3de3eefabea31517d99f7c0ebc

SHA512
bfa024ce96eb4f3e6ee6626887e7f2d760ae7507662fbe7cdfa50357239073e65c7fd23d4830bc5cacda6167355218259e728e3c5ad6caa76175206c5ad2699c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
20KB

MD5
e16d19bb6aeb47e8ef03488ce4b276a5

SHA1
b493dfa53209a0279b53b6186fd1932593c35ac9

SHA256
39d576fa539cda5bb8a5df714c5e061600f3248d5e61635431d434e85d96db5f

SHA512
1f9f7958863791a968aabe185c7483d5f2db4b318c84f8038fcf547c0158b7d784f5562b223349222a9ebcb63d5807544d0edf3b346224a70abc3de8eefed4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
69KB

MD5
0846a53a5468cac6cf131736c28bc229

SHA1
ad76b0b49b020dd1c6e24f93b65c4636bdcecaa7

SHA256
e863daf4a08e7f5c8d229f9b9c9976523c41b447e73d3925541f1601691caa7a

SHA512
f45151821e2265bb006425e8add1d24273e3746750b3301ac6bbeef04b72a9daee9c2ed5df43f4088d1c62b419cca989cded94cf40c9e64bb364b8ee58a62919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
76KB

MD5
3c335f599093a507a69275a381830f95

SHA1
1cc8ba9cedb4c21bb4df6c3409fe4fd3d960a57a

SHA256
ae7079947cc70e9851e79a5c0755da41116541a4043ca2cadcd2d84d692cedc1

SHA512
76e8fad2acfaeff70dd22960ed6a2d1440997240b7b975d3da04a2ba7f1185e092c969e397b81dba0e82fcb88df8f5f6edbb745a25ba436294d7bde62faeecaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
75KB

MD5
4d43c9b20efe068b206e43c0b2fddb4c

SHA1
0a2c68c8047824cb245c8865d0129826b70c3f2a

SHA256
c8b7a813478dae7d4de425d173937f6f970dafbe6ebd7ca8965d661fdee282c3

SHA512
5b8db23d87bb38e9b951dd4b2847f93eab1005a07e48a99d436f8192c166cd74b791a64adda3d35c38a2ff38b5e71fc8600127afd02bda0a02ca9d6de9cdc21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
32KB

MD5
8c69f015f639016998b6b6724e66636f

SHA1
2cb9c7e4d4516387e298a2144ac664ae529a48f1

SHA256
bba1d1c914eeead5dd7f5c35825c4823135bfec8046b83b07c504b20aeee30ce

SHA512
dd37a9c9dc759ab2b6dcde1670101b0e2286b60cad22f9aecd1fad4bcf7d83e892c1449868588e052e6e427e561c4295f005d831297032176053214089bf896d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69f7b6946b5bc274_0

Filesize
415KB

MD5
c438376c8d12b255973fbe3cd5b40dd7

SHA1
b7e0b5c15b942552c4328b8499563a84cda08a90

SHA256
2f8dd05050f84869ea72d489c94fcba9241f13d4d832e6929581e4e7a9668823

SHA512
4fc94408c315c74f5fd3da0aa53884b36d50800b14624db0302671df5bc3636a8a3c7e77740502241b9435fdfc6099f55827bf87bd35df347154dc3d9181a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
19KB

MD5
00f914b899d83346ee38288102f835b4

SHA1
8e5109825ef342b0f6765a0b380c0da6f5395569

SHA256
dff8e8aa56da36db745be8e316f1dddce9d52ea1d16a1fe35739a7f30669ec6b

SHA512
86888bba27bdb2a79107f4e541740b1b9540fabb62da3ff2078ddc836db4e7667444ebe44c77524e7c883c432c625160d555680e9bfbb0924c45729ca360d3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
7f07473636ab49bd5e431928156ea1a3

SHA1
8bcc5723153a7cf47f7e2a94d5587ca7a1c063f0

SHA256
5c3fd7a073fe4ddcbbaa8f195c1f1809d96de1d1e4b6c6dfaa6564c020d3de08

SHA512
cad007257691ec2187505291dca096703a3ee87b33ab37b90b7a4862d04930967cd30936e03f4ba9fb93006d2fb7b60b34e6a32634fc223a9dee578a5856ec32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
294fc1c6a3abd7fe1b6d645d1a81da85

SHA1
1f483287b6e7da506d15525f2c714c983bf3fa53

SHA256
2e860beac66d40b329f2ac0d00c80520108d41f85f15d92f3a6e49fba18a56c4

SHA512
fe52357f767e7d310d2032f5f94c9233e1b8a2fc08702ab35610404eddf7119c9645218c8557230c30f1891798ded67408d538c5aab58795e5444dc98244f1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
10a0d0efdf188149edbb0da61b924ab0

SHA1
121cb68a39cd6cafd44b09b6ef5315e761a4aa3d

SHA256
c86fb83bdbd647a880b3a968a18249818d9032feefcb9d0a9010669128eb967d

SHA512
723b46767395f345482012906987b0a8ecfbea4a8774d13d33c01b3c7c1a5318513b76f1464ee335da12ef4d97a20c5bfaaff8ebd4032aa06a33526592fcc4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
40db82b6371f1e46aca3902f344d8bf0

SHA1
a1e685c59fb0407a85e7bc4bf4d6aa0aad7d1355

SHA256
a5760ac965ec4de6ea4af255fff4a7f47355298f144b8c8a77e670b0602d1a45

SHA512
701cb55894b57d97067e005290aa3dde06507fbbab76e7a9a0671eba963191940cb23ecec643180ff88353b6bab8c2cf71fd2ad9c2f18438a45b23b3c8eee70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
cf1187a8a6470d691e296edf046939b5

SHA1
b59842c5cdbb96cb23392440f5650715f7437864

SHA256
30635e4a81409c322b4639b70a4947c22369ed4092cac18315f210550c8bc0b6

SHA512
30eeeb00b91f41b4b1890b604347678839643bd5b0fc6d8c0c82220bdfca2249298c8d2062402b4ca52063f030348151b3e6103e7b98810e4eea5d098c080c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
db309936d433de21c40c454266a275cc

SHA1
4d9d94dc1f5f386a6755e3bfe7bc92669e1736a6

SHA256
1100690cb84a21b1cc32833d34506b2991298aaece37c8b767206a4d22509eb5

SHA512
60e27e4561efbaf68c7b09f0f18686b66861037e8c5fc81fd6b829f6cc0dc6efdeee97bf66dea22d8a5495618b0a91c5b4288ce0be7c78df2726421ec003a482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
ae9397526a5aef1501e437864941b423

SHA1
6860b51241b88abb098d4dcd3243bc6400f9dba2

SHA256
0ea420d0cd7bce965715faa9446e80fbe1208c2e7b58780b48f802c9b8c62551

SHA512
9ea51fa9398a0bf95317f0b7696e3b8ce9c46f35abfcd6ac05ba1692f5e4472df20d99bfe582eca9d84897597c8c88f3d763dbc533084ac2b418814e92ad74f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fa31494f741b2c025b7cefa558fffe94

SHA1
ff46eabdbd5c30bd2e47fd65a2b26fecc06505c3

SHA256
3ea36153753862df8dc37f36185901d8b75013712783d9888ff3fb311f6ae6d0

SHA512
ac416b79aaacfa05c0d2f15a5ddfd5fa845c03c9edbdd3d8be5bb165361e8456fdd029260f6bfb42bbb00fcfc6ce494a31e82d9149c6a1bfd1499dcb222b345c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f696f45a9ef7d0a844a5bbfbb159dc9f

SHA1
5e97398c77991f1b6814e63850d4bbf2a9a118d6

SHA256
3b789c30deab845da51668b4856ba740ac98f0c8e9a17a8e3b6c8071b42ae920

SHA512
4204cd81b926047477e61d4724ae03e867cdedc4c9cd7942f72017170cfa9daa2d932d3445a2e8c1b552e1c5bbdd0aa207b1513aac760e849472161112cede79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5e2a3abfe33d5bf88c2912a652cf879f

SHA1
09e48fd6d9a7e6e6018f6ec100cb5e96a0db396c

SHA256
ecd54f499ce3aa651279b76401aa5e425cf61011c3e1818e2df9495f04971ca1

SHA512
a68c08df967d2db0cfc8b7b3ee7d27d901e37df29b1ef22cc916258881ea48b023d8a6a0f89008dabdca1438a4df99071508afb0e91231ad2acd698b6bc65095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d65d6a05c20ac747d7c34fcf4ec0488b

SHA1
9744f3f0e56daf79f28c270e4a0619b39fc8c15d

SHA256
79176a2d1b11cc1cd82456a5a257423754fbafc3a51a9cc218d8bf04c91b01fe

SHA512
99cb2449103c3383c12ec4360e7db16d0c5cf297f0cd729a3d046873d6e51eee9162969d8caef9981d6dd8fd59ffa4db5fa8176b71ed08c788f559b3a7e572ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
227a704fc11450ec73033a67768c1c43

SHA1
9d75a8f1d45e17259d12a299b180743fc6774bde

SHA256
e3f18513cc2b01d0c1609a61078b1b20501a917fd8fa37f6af192b7b8a9df124

SHA512
43957a7cd0ceaac6bf8374595608f0d0c3d97b54267f8a4883b0a1dc6d5649d2706ba3745901dda13e5816769920e834fbea766ac63f4e0640bf93f5fb726cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
def4e76b22ad1b2c61a515d886c2035d

SHA1
1a5bdd762a738931e2c26538fbfc172a4c4cface

SHA256
362f856e021095b15fae175c635bf1f3c83ff8ca2c817f3fb567bee8f08a429c

SHA512
e9058bc14733b6238b6cd5ec6f8ac52772cb6c3860fd99cce5b05ce5d0591db53caac443fd1503ec02db77e7e467f099545e94978780aa860bf98189de486c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9f788a082da16f6d1902be0ab368d432

SHA1
a46f95ea5b0e8c4250e8a4c8a4eed22232257088

SHA256
25f7628f372a105400f331795f710af2dff6dec6ba7e7a6ba74f54540bd0d8c6

SHA512
6b06d623d1d94f755412388b94bc0e8024d8f028c50946b1dee78e37603073f24bd3c2b0af27eb08d6fdf383e97d39dd520467b09d6f7eafa54c6df59e83caad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eac8ec1118ef5a6f2531149b4dfe9f08

SHA1
9880171978a97737d2fb4d02f565e1a6bdb8c5c6

SHA256
f6aace90f1637fbb817d74af1e9d4d2aef812b45ff8abc5c7402cc2949c44548

SHA512
e4331f1cc96980086b52705156469b2f65f9c319c58eeec927f9d35adcaa0824b6bb1734ef9dc787250be5a9cd07625daeef5372cc5babc0970602aaf441e313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
b2a242fb3dbe8881226b5017abe3cbc7

SHA1
b1789efcb40adefbcbf3f2995aeb3013cca7b11f

SHA256
7b4e8e99742ee9dc81ad614ebbe2bdbdf7b6c7eb25be55a39f2378449ad000d1

SHA512
78a27dbdcd2ff8d02c9aab7c8455ec2c76db2c7d767a9b1f0f38f2ec2cdcc0ebf3cbca2d1f43a7c8144e0cb1eb96f54da4c0a6e719694be320efdbd3918cb0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
67ccec2302119996367620b824c29df9

SHA1
32e93269f675a5453946642715c79d0122dbdd80

SHA256
71590e45256d687acd46d22853573c91c00633431fb4cbba3263a670c7c84ddd

SHA512
a1e871612f909f35689aa401346deb69edd4e6629cd6fdc001595b2b8c30d5e30032cff60d5342684f31d808db1b64e9d450d99c24d288da229426d148d4f1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
aeb5dd82e30898b2b017a35b9ed7e920

SHA1
7b88e60eb4c6f081671edf7e8c417dc5be932a52

SHA256
185fd84c21a83c65b0c049a4bd14b13afcccad4ec433b6e3152510087932e271

SHA512
f5d5d5f129874ef82d296c5d558f365970878a18cf62d3a2403c337241e4369de4f8c7d0190ba1d78767d382f009940c052eb2cae5e97359b2d18bb8ae5f9b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
94f8a86988d72312d8df211696b3f6ec

SHA1
41d856cc08c7241cbd0fd1146cd7f94544adc060

SHA256
ee69915d0268f839f1a8f430ebdb501d230be6d5dd90883bf71dd5d6b3ca7d96

SHA512
692c08b50f3d067bb39f98bd5cc181a6ae507f423e973bf7b51224508187fa13813c5b2402805e60935227f355e7c283d885fec5f7b948e55fbc78a90b595d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
8ed7a98ce03baff77342477a7fe339f3

SHA1
93bfe32a6c2f4450cbe4374261f88c076a79d638

SHA256
aa6efedda2bb7fcaf1e778dcdcb74969e8fda6415e88519c9f091660c1913cb5

SHA512
0bb3bba66182be3588e151a7083788fe1933f1d60c7f938c06a3208531906ab90c844b344500c6f7e592151a0ffa09f6a382984c693e4daaacf370a2fa457431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
efd56f2fdb2b63874d0c8912eca1c916

SHA1
fe02487d5f1d178c5057806064d5da4763ee6c05

SHA256
7aef54600d6cda492fb82c2204bd2fd94fd5e18fa37c2f97abb963294537eaec

SHA512
df012b0e87331159ed434f2f28995764399f5d0c7d0fc264c42a3a7e69f2075919eb6663c04a06d58039bc0499ca70432ce7b8589f10b236d130979753322ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
ba994930c33d6f7318937a751bef475c

SHA1
889fd108832aaeae98cef46807606ac98edde874

SHA256
ba1fa05563458973bade153d499508928adbd9c5163016a0e9bb556bf676300a

SHA512
edfceb8c94abd12049332c02358a8ae259e31913721b71595ff5b97958564d44016ff96b60a8365aeff1a94f7892ea089c2ff13efbe15fdf9fef46008e95af02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8fe5ac5b00239b1464cb3c18d83c9174

SHA1
2925dd352e3f084cad2af31576ffc7ea6b6e1c1f

SHA256
4793f014766933fa78f25ec8323450be19ae46c9a3b2cd43fd5549465a97694a

SHA512
5ac7b4f80207863735f1b78b0dbea9da82b7607d1ce469a4205415e58912abdef79ac9e83952f5ec9a6961eac00817189d96b9ff347b03340dcaab353e406879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71228eaf26f1e5b66736646ceba48292

SHA1
1135dae57020e4c877e938e0a731214c7db82461

SHA256
a087fd6125589a4f587ba504dc43946ad0bbb5a26015de8aa33a42eeb4179b19

SHA512
4323681d9acef94703264740546762bf61c303f2ad12ff5563e42873981c0c1bc7c2dc52bc016d0de57bdf86ba5324a20dd84086ee8995a6dc8012d2e2571cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd0db100e5f392ad22aa4e44dbf62faf

SHA1
25ae697adc1cb5e8e2df85fdde520448f1c0bb55

SHA256
85ffadd8f794edb819769f4cb431942bdb50161fc0c0e2379af85e6069f05c9d

SHA512
ad8d34f8f4734784e0e1801c98841372b3b40993af1371d1db11713ea9f3f0db412d8a7d4b0e9e5c742d15618dda76490f8fd2066cf61d480e3c6af24090f458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
698528fd6226bd9f95b6b8994435b640

SHA1
7166c888c662363fb063bbfdba2247137e581526

SHA256
e59f08daccb7e2dc4401dbeeec368f72a50358cf603c004ea3436021d5d657a4

SHA512
d4ba4d1cfdcf5a816e836b23291d92e208c13a6c4c6eb70277adbddcc08bd4f7ecd4fc1bd3d310576e7a27a05d5188dadb0b5f8de783bb7fece63d77c822bc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f284bbd92ce816cedb0bb713dc486088

SHA1
c193102f126a4782db83707d2e638333617aed86

SHA256
e08d5a7226832423a6262a1607b6ef274e51a6b4cebfcd2f67bfc972233a2dc7

SHA512
4985f69618b271e57f2a87e75173fae3dd930e896e459891a889a3394ba2b083dc102fcf960d1cf01b5913385c3e9d547f8781579e4718aeac7ad216fc5f7fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8b1c84688bf26d5bb39c9d747e3a575

SHA1
14d122d9849792a956c0a865f3b86ee2806adf86

SHA256
8eed80afbbcc41ff94db79faa83af16dd136b2a57eb4f01e5d3c835e699552e1

SHA512
5e368c78d697c4d87ebe3f094a689cb7492685f9773ee171df952f408975cd36fba2de445a2cb52f7520314c878072945a23ca14579667ce429f9f8685fcfc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b387c6832940d4aa490fb801af9c1689

SHA1
0e5fc5cd020d2160eaedb4aa8637b6a4d30ef72c

SHA256
1d23930a3c03313b68b41c22e029e761ed594d91f1ff11ac458b2e3b608581fe

SHA512
6ddb3a5873713081a3e902f71f6a20f02e65ace948ef430e115e5b83202daa7804eff2c0afa3704d54d11208f2a4f0e30a51133559354943aff60ba85225324c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45fc8592faa0238735b6786670d060e1

SHA1
0c8c185693b385f1c0bd356cb7f3bacbada568f0

SHA256
5ff927bde2977c789529496933f7ed19b262f0328836d6ff9087d9c9bf9cb065

SHA512
87e3f78233dc54afa2770dd75249f604dfcf1334092e3fdca78437a45723bda2c162ed89bdc50215bfb43aee2bc0bae58e611ce9881e2e01e060007ca9d1af9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
64599342b499a46b5dd1b4727f1ae413

SHA1
f4201e907602a4588860204ed370c98133f340bc

SHA256
f8e356be1bd9677ca89d8cb63183a4a427dee473e4a59515e000f7bd225f6ec9

SHA512
439705e3aeceb5f931ef23ff0ec1fa286ff24b67f8ba1f25f6de47047e5f193358ff059df844829ae8b451e579c09de48b9d8b6df23a577ced86c3709d23ebac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a9c8ed66cec6be67d78f14171725826c

SHA1
874fd2d910ad43d956d1aaf28060737cafc1a5e6

SHA256
ec757181486bd0c43172f19ea83de719390565fe1520624ddeee82bb267073dc

SHA512
8e822b80a9e0deb69a177fd1e6313e45a365607b112944df3045ee7d7cbc6140d328a9873b1dc6d4f26d46c34ee0e1276ce71c453322b2b09dabf0ae5435b346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19fd533ce30fd3af2704c1aa8e0ce8b8

SHA1
3561ff0e925e1eb1c6d0d3a13e905d66dbc6f6eb

SHA256
971f8497be7a8a4b0a0d7a6930b1b69f01ae04395cb06ed140a79a9c12b3fcec

SHA512
01a915ea562306a3a12c9e32cf1bda7e5127416042664b5e3b15550224762abf58fd09b9accdc285f0ea11507615d6c7df827ebfce7dc67270c43b56007eddfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66cfc416cc704bf74e51cdb27e3cee77

SHA1
ca834c85b47bea2047e7f04d6f28026b648fd000

SHA256
ac53960731c1e0d68b6bdcde59056aac2a22aefdc1d1c251aa0e67ac56c1cbb4

SHA512
790daf4fa9ed94db5ea601219d5a1614349fd27c1333b2a9fa0a5ed1a1d7159d28299d08ddddac8da36228e40615c2130602e38b118c323063a21898e2e8a79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a657af69fa5eb9a77b663f0b25604769

SHA1
76d804fecc1769995d60cb5c185e9b2da3ac9052

SHA256
a4f4d560cc4d2ea5bcbda0aeeca72fe0d5b83ea68bf581be245003a145611840

SHA512
6bbd5e33fa4e7a045b7876b4cabde3de2ef1eb40352b681c22e8afa199cb3bf4f2eafd8c1b8beb6c64a6044211c4ffceb3d0c3361f65183c1a147c63b9637b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a7bf56e9918a005bb7f433b10e66d5e8

SHA1
ee7bfe05eff8734a5ed90f5beaf1f5e9035eef29

SHA256
d748b2fff6023c485fc7029ac1c64a534878b206c9588aed677f2216e03df95f

SHA512
314982d9a6da098162e8274abea1aa5d946f993eba86dcd89f31b203a1426d6f66a7bee16b0cbc78a138c209bbce0f7748531fc8cde80da155c8cfb4146af1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7250588e5f799ed7de8169e6216f11ab

SHA1
7be4a985f2a4909109743c10d1835055f9482b98

SHA256
0e0ea92b6ff544a33dd7026280f763b0fda0aece0b41dd4cf307e0d7bc65e602

SHA512
4258a31bf224f0a658a57a995ed377878c137f6aadf29a0aaed292ee339c6032b2ee5b7c731232a923b0b66203b5185d4a3ec2f51b8efb6c0e18fb482205d2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
57e8a8426ab36ba3aa67ae27e39da849

SHA1
86fe2389b8ba9d2ec913bcb7244295a0104625b1

SHA256
0125e091a09aae328462b1702cdf36acf9c5e534e943e588f4a71f4ed87c65e1

SHA512
db61763ae517ebaca5a22981837a624800b2a20d129dff293a20379d5ea3f191f6b776974956080504131aaaff8ec449b39ed175d9b6b7f0b56308f0d8fc882a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
44044d7925c2b94dc71e5e1b7c1bc937

SHA1
b6cf532e96e3f649ba421adef74ae5554f06d1d6

SHA256
997f3df178557212f7f4b5e94126aa74901e83ed4ed2163621e2753e4fdc43e2

SHA512
2a8d27b17cd62b63f467f779c47a1c59719d5510d0581ab17144a9660908d3f20581780ff0bbb9e6421263e4ffe6d5e580e52c9b080bcc8fb54a6e33d04edb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb8e8130e10574c1df81e8fce458c414

SHA1
3e38012d4cea17e3194d1a397abd24e0743ad6d2

SHA256
5de6b92e8494ecb0893ed53b96b08b78c69053e9207f0dd24dd490f85bee05b7

SHA512
c79f599925f71633977ac8a026f84a5d631186a3d929d813b44ef423b9ffcf758fed01f1889f9bdea2833945868ae80efbd1a456a788bbaa6a79a79990cae8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
352fd33dc87e754cd8b915883e294f68

SHA1
d73e8086b341d473ca949f4067dd819f9be2e19d

SHA256
cf3f337f7dcd68513b9a6245915312331c54358807c0060b94627178ba6ec3bd

SHA512
2533fabd76a2432e0785e81f89f8e0f008bf35fda10046354806eae7d007a7f923f17cf3d3542c83012e2a3d5dfe4ec60ebc4d85ee183e8b7e02b8ab9684cdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fb675a85a68033576fd87d73b17b575b

SHA1
1a874258a4a686a27f2d08c64baf1fdce0948208

SHA256
3fe5979e6078c0171dc5824c57c99c8af9424fd54962b273e0c78ae3f2a1d84b

SHA512
56582ce75e0942a71ddfaed05966a84288781efcafcb234c06905c5e52438ea65238d29267bf7210ddd28c3b623419be58bf744e9e748d382668861c949df62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
db4474865b7522246213b43207253ccc

SHA1
dc06a5488c4a5289ee80b144a160d3485ab154de

SHA256
95677dfa342b2bcff8f836ad112f71328b2b0d9c205d12ca5fda694d3940df10

SHA512
eec5b8ef85d41caf75e14c6f2fa6445a0942d92c94d6ce0834aa1ce6592323461a65015025a64f4abde33d11df8c60c395f43a617254e1aff3257ffdccd9dc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7eef18f1467a8e32470da8a58a302ad0

SHA1
2dff77915b111cb0a19738e35ac9322488d231d4

SHA256
5c5fd3e43e056cc60d1ec342f19a30aaaf4cf222a9453ed9c7133c0acee0f333

SHA512
4bb1757b50910cfc8e70eea6848d2dfd3ab43176ee80c7d75bcf3450a9c5cc8e78905d505f35c2881aaa3e1a7fc67bbc02651413ddc11a58627670ae1520ee32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
31cbc4c6ca9810cde18f20efcca5f6bc

SHA1
7e9f6298678e10deb67c86c37bbef7e0f3b825eb

SHA256
4b245efa1d9857f5deb17974e8793c901a476aba0cbb686a5fca5bcceaad58ba

SHA512
9fb060bfb30a9c1232131ef1ac01f2b0fbaff4b5ce03a2cae5518e029f3551487d8d955f1537d3aac20f9d659b189b63a54f314c850d594cce2601003d2c7193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
068f4cbcf8ae6c05edce73ad641bb03c

SHA1
ea38f82d90be9f159677e2590b11f4236616362b

SHA256
87df4c28ac5431a64d786a7133bb01299a0a13d8ed1ce58e7940e68064766de4

SHA512
125c7da11f905e392148105b98185bf1cbf71fa1e6dd4eac78f8bcd7462b4858f2bd49b45142ca413578e433fe9499de4f5427d7c1a3be821fb89a5758ebb465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
71145cd98a228971b95748a426453cf5

SHA1
b8e47d0c1e06685d471da608c86302ccd63fd353

SHA256
bfabe5b219021770ae56e10d8ec8a1dff2b5f31a414d2c894cd62a94e8bae375

SHA512
44381b3f9ad95dc93d013b51c5596d6095f303d01a5c572a7efce121ba8c92254a84a07506531bd669e5b90a77ed03754ec72da2c104d11683a8017c138b3abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
75571b28473fb72d6e229ad2bc7adc28

SHA1
ec7c1d4be928ada4f6bc4ba89ddde1c192163894

SHA256
bf376e0b3ad821acf874dcf6b661de876adcd6acad0196d0880d314e38f7a4fa

SHA512
34c1385275deef5167248e433ddaa0d7938bc44dbd3ec45b89c3b6df6ea8810c3a5cce74345b64355f70a85faf716464a6c07e23ecb88b7f715c731b894978f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2fd8158eee3a6041d8a7d67f7155b909

SHA1
16e75d87691428c7b650e9372a774cc393e263f8

SHA256
1bb70a1830e9c22171f324ee65732deb43d89217975be383a3808f2787178b4c

SHA512
f2340f633dd75bad0cc1390ab1e63b920e650d94dacf80f52afb89711549d1689ec0dec4b45f5b98bcdf240e069563b5e86fd564479bc50b2679d4dbfac9ea61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3fc93c2aaf66e8f07dfed2d4ddfb7f5c

SHA1
b2184528fbabddfe6ee8cd19789accbe46139ee1

SHA256
72d625742e9d7bdb26e28dfe11f46ccddc027dc7545ea8b98c462b4086f082dd

SHA512
730a636ae290890071a6a3c75b8a4c9b8eba73e3e7cadaf3bd87bb0ab7b6edfbe99ed113bc80c4077836becb084652fb6df9244dbe716dce57557ae20abf0ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
caafedce09cc311c429180c5393ce114

SHA1
1e26858a232c104748d162eca488e08fa0aa2620

SHA256
663619335b6a40e834f9e0524800d1d4d4034ea9d8d0246d447487dbebd740ae

SHA512
d0dfd2b7f00f3c27a715ff497478f27f205c5aef7f986a40eded8d6b159385dfbb7ba3d17430f85f9ef27c2e05c4508a9598fa9a8e2c30f1a7203924be16b133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6d3ac82d3c453e5f3f4d349ab58da7c3

SHA1
a101a87fd5d89d0aae6c7649de5e615c61656172

SHA256
dde9b7ad05aa2dc5525b401e4e14e2f77fc37155e7d719fe598f629825d4f4e2

SHA512
0452e91460ed26c05c6c6a08e7f52cd4be49e79da934b03cf3e09a4f12eb616c4f8672b174c290e49a918c36b96270e8a2fed050448304e76ed47b027174acad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b3049e1c6c6ced2b141ef3fc6307c465

SHA1
abd62ae860590765c42cffe093faec7281121384

SHA256
18f355e7227082b190ad1c4153f9fc46708f5354299e877b773c9c7fd3b2ce40

SHA512
f015e222c9bbfa058b0fdf79991745ece2355d1317ca34784bd01f85fa489a674e8f0dc15e03a8b3d68befdd45e0f69f4d4c4c75f5fc5d857f0900f9f950f8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
cd2793abe0ee13cdaaff87ab2725a115

SHA1
b16d691498fb066589824a045cd223b0dc4247da

SHA256
298b718972f97df27cf51537e74f6b530f2a1a56a07c38a8a296daa0a5613c0c

SHA512
3db139673af44c5ff8036b79e48a390b2368aee3ea5e1578c428dfeab96aa21dbc8eea0c1d285c164e7b89c800bd7dc8f4521940db5f65757dceed972a6eb232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2bb216a83d8376f18f195e68af5e049d

SHA1
6676413a1c36dc3c13f1a2e7ce91e009b6e8da1e

SHA256
6991d41d9ff4d77e6d71698e051bea39d71be27483d42c91d8d70d8483f1b2c1

SHA512
1064a868d4b3f302249f001f2334fc42cab4c871c7f8b53be5f988f34bdf0203cf19be9dcc628ec139a8f42a148fc27acf872e3b0780c6024d7243ab36450e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
dd5591142813e587c1170986fb7dda69

SHA1
a17a001581df1f73fd681cdf85fc5ba474b0c173

SHA256
cf76e0cd71852a7e53ec58e69b79cb7022ab825e1d6dcdac40a350e554ba56bb

SHA512
0823e37094943af04e495f792c23c5c8581fb81961e6713207fd5bc333f4c70f7f660110959a36f4a976dfc9746f46b62a3ed04608a95dc1018a42693ff0a5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a8e4ed1969029e85b621c094d9f4fa2a

SHA1
ac6a4e97579be19979513916c66d50a0591df602

SHA256
3cfc40be028fec850ded7662ad765561100109c213168d4043a2bf02e8b7e6fd

SHA512
160aeb59cb65cb8c193f187bda4edd65d8b39ceb32fefa1428d40efe6fde6c57153d36d1a2cca9173c672848941752d03ece0f0accef18ca59525a1510f67cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c9d1303d8b556b2e96128cd37d40d956

SHA1
2aa9c021d1a736e539895271d941a0967d84e34f

SHA256
eb458ed794cd953a34586fa670c27b918f224571992811f15a1a4c78ffc0f766

SHA512
ef8b51f976465fdbb00f0630c80a942c7c72e32c1497bdaa4c1acffa5bd3750ed70038f202bb01d18c826836fb52afc828276c29f308826f98722d7ac765d20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
94f6b18aa3a95d1e8cd9f338e45e02c7

SHA1
5c59cadb8fcf6a392fc102783eb81bebf92b0050

SHA256
af973f60cf228cdbc4d9d325ca6cf6d1e214f05e05993334bb1b01353be85b11

SHA512
3179adcc3f094d7b1bc8376fe1c0b7bed1dad80ddf43626080636cd75058ba2336c1d3c11c8355f81910f092d138aa8563c7272f14111a61136c39f75c0cc814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9afc0472e4ecfc4dc509d62934911ba5

SHA1
47a1110326a5659ce1690d4cfd438e6f39b23684

SHA256
35e56ac889a054535c6eab16bcba55ff5f39228f6805afb10463b5e7e3c8c156

SHA512
f4f2a1a7494942ed489cc1b91aaca8cfd325b7b4eb310f1efc4cd7a63ff8ab399ffad1637711ec264fcafb985a4a32a6f6c44957f338c43e5e31af1cb3d98383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9895efc7e9b917a2d02ab0850c45fdaf

SHA1
baa211ffb4b7a7631a422b983aaab401fbf26a7a

SHA256
80f3a0efa42e0aebcec465d159ed5404161305e39da4ebe460c412861beac827

SHA512
08b83ffbde5c43bc22e45253979db9aa229ece862a327073bba35040989cd3a665bdd321db39101ef816d97f844608d7ac4db39a4503cc69c04358e4122d037c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c5f30b63722b9b5e29f858fea880d610

SHA1
8f3ed8fea45a23884752b28109ac0436e06eb3f3

SHA256
0b0cee1dd96aa57bda784f60a26684c5caabade09db63687e8689193c07410d0

SHA512
6ec1151c4a717065bcd1799217b15deda5235d2bda13e2f6b7bc37617d762efcac20daa81f79ab832f1e064b886beceb6e2d34c6c9cc062f6fc8b45cec5a5692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
836f462067490813040da55767361e14

SHA1
9ec792e8de00fc77ad9b38599ea47a2ea64c464c

SHA256
66e2b8f3b08213d20ffef296319cd72ecbfb2274be185d079c73d77ec606f2a5

SHA512
6413a2be6c2ff42a561c3bac123f705c48e962cf7452b7a94f6cf985b33c4fa4d4d1c1da6463d611e1140bffe299a41ceabdf10d280da521341a443c10ddbb7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a694e99d4b0effe8fa725c534911e401

SHA1
9c05deac4297dd9fe993b50f3fe94e24156238d5

SHA256
be3976a0794a16195bea9a580f1350af5bdeead5b3c7ddfddc08e5866e4d9981

SHA512
4fd80f2f0aea652d11b4cad87e6b19d07efd612e2da8b733190223be6b7804044d194d8c950e24f629576049a55086fda457a974bd144592f08ff32287603373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1b63a6aa7012ece5447f0c431ca8e215

SHA1
302fcdef344db747e2efab86334d22f7954ff17b

SHA256
fe7be2a14dfde101566c488f74dafe0339fe2ef3940b58ada36c5425f731739a

SHA512
7ec675cb2c746837494b3e6c0ddf7d8ae77fd03acee7d5a9ac217fa61f2d6d8a8ee286ce35b93ba6752b48eadc49fb78f0cb86e0d6e7edbea1a18d4269bfa146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
6b9c4c50b04d898cf365500065aac00f

SHA1
ef8f19688caad9d7c956e86ba2fcd170bc3e4d24

SHA256
2d1c023887da957f7eaec231c298d8b86db6abdf1c62b824864768c84f5227fa

SHA512
91d4d4e397fb2f054b85c31bceefb67d70dab7589a8775523e88834d29ecf1c17ff44eb1d0d7570bd845b3fe4c65516188c419c156e46e76afb2d1a09ac25eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
4413c61dfdfc964362f5cacd7e661552

SHA1
388af34883a217a5f12f08bd3b49463842bf7031

SHA256
30a35fdc821fe6e840b65a2690756e2403323957fc5b2899cfd06c6cccbfebfc

SHA512
f84708d2ca134c9c6f165372b5a7626f98070e18b3e4216ce74369d74d1d91de6ed7f2543ea7a93bac1516d1e8c5f8fb1a8a3f248033293145d07c5b7821ba88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
3ee22163fa68b918da862250d873500b

SHA1
4ea6a2845e9391bfc7222cd8a334ac6fc703224f

SHA256
a5afdbcd3abbd904e779fe7ed715a27e7f0884a780e2e26551616abefe431853

SHA512
b71f260be7c50b2769801621ff0cca496dda6948a218fd482a031ff707a13fb847fad4e0c7ae3a379ce9d7694272f68dac80e824945ae5a88008c9ff2d10313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
ecb84eb8493cfa8cb75c6ec1dd2461a7

SHA1
a49f4d705c24c8c32b05b6645c7c73b17bd6a601

SHA256
9e9305dd22725491c91bca68e886992a639c85a8effb8a536c5a1d126d80de4a

SHA512
aa1faad28ee49728b0b1cc11b43a3537e0c9647a711aeb373ad212a712c52c99c654f1b686358d4d28dc1d75118cc18ec3dca2dadb09102cc05a5aca57e1098a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c007c7baee8457438fea1c8521206b35

SHA1
a557e89b800505319fc7280de0ea6b0c230c0989

SHA256
db6de5c9b04279c22f516b4959e015c4da7a9af32aea401454209950e3be42d8

SHA512
994a20a49081b12afa64d58767816fcbd268426c57461bda4391e1bf5a2396e8aeaa99c0c72ced808020c37642892a768be350dd8ce9949a3bebc96fba798c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
757ca5788d97128ee10814baff611c66

SHA1
1bdadaff978d3d53aa268f8cf843fa06ae404869

SHA256
c05510de69e2aec4241c0f42ab7f84bebc55c08b9eacc5ba1de3a544e9424c6d

SHA512
46960cdb597367d33006a712d79ffba34af0355747f8be19c5cbc0f4106058a4dd94164b611c0d24d2027aab351ab0e41c35b2fc346b8145be16b7cff7990edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b7612e2b59b7a47f1943e9fd3bc40fd

SHA1
6e8ef9863a1693d2cae373861d5c134026668169

SHA256
fd0f7cd9caf9555ce0a27d900ca470109bc8c3b943e076058732a423b263e966

SHA512
e41e554e7377af398970cd9f20a630ff6f8258080e142fb2fbebdb18857eb05ccdc424514573138d3912806ff63ae05900541693a9852d9060835040a0908a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84af35e260b22448b70bc1dc7f38be10

SHA1
5672dde008a1d5cd0a6eb2c15f8484dd7002200f

SHA256
69f01306f5cee1ca92e681e46bee22b14713785d398fdcb03eb7d92370e8a94a

SHA512
30c3d37c6d7ebc9543edb51505e4a5b1075464e6f363594abce1d0ff60ef4828f0990c6d4c4baa2a90b38c38d9c7ef073e58894258da6175bcf755cae8c65ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9460da6e2707f577348f84548a479ee

SHA1
530530a2dfd6ccf47816f3b7014e3fcf049cc6bb

SHA256
4caf25a0947abc2f91782d95f42354ae1a07c3a608f69c119c00cbb4de27cc53

SHA512
69cac7a2beaaa374126ed444cc55772f15d2e363c8a83172505f25f6f7a64942ad42a455daf206db4cd8fee3f3b7ef8f776c802a57248f282e5a1d55e98e5aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1c96b068689658f5c1a696e1033c7ada

SHA1
2d90e5eebffae13f2dac8c96bb4be8ace3c1bed2

SHA256
615bba389267e37aece9fc4c4296bf6d9f7033282a98c3108f0707a7363c9d95

SHA512
e28abacdfe9eed3e86d84b8c795040e98b88f40f7c10c8868acbc7c0904667acc3808136249b9624c9323da31fefe2397c3426f9efa7f9bb0c836eed37fca5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d35be4394b341bdf0f0045b22f97ff73

SHA1
593349ab72cea208027f47bbcbfd21b37725b8f7

SHA256
4436bc8665de7ae5c84bb448bc1c140ca45a2be61919e3724475f638195eac79

SHA512
6e27226aefb7095567a9344b0b50f35ef27a4189aaf37aa18bcda83d3b5ec09682a6a04f42e56ad66f2291f351e2800a828e0fc1cbbc0c8912fe9286689a91a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
94a41a1ce9dbe218886fb0963dcfa051

SHA1
35fc2654053fcdaeae137a9557e0dc9a591e8e15

SHA256
b503e9ca72c6ac6bba4bb7a61d937264aba8c1c45023d8bbd1ea57c76f5d3862

SHA512
eb56acd0a6b6d44b45020d9ec06ef010e07e5985784163a0896fda358724391d226481ba162baa90add6fc50e1f17e2e932e89ec0988f33fc4883284a7304cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
71b9377e992260df0db6e2fdcdbf827c

SHA1
d274bc6201ff5090522b2aa672dd234825ba3c5c

SHA256
34d6313b7988a69040146da2359586d87bc78b609fbb12460772be369405c19b

SHA512
b5b7a1ad45f5714235ae651f128668c9fa08322f745ee191e4ae5bcc6fc16c172abd50b6b80d385c17040420ba91e9381471a54160aa2d15a107eb3c6e8c14fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
02c4b9077ee94099f53bc612e5b7a98e

SHA1
c6fa6df96b749cf5bcc41068617d7ab04ff0d4cc

SHA256
164f67ad6d2e73fd563b407108eb555d3e59b69fc6f766903e61b86805828380

SHA512
a5681a69a599ecafb5b9e49b3ec80908c56043c3a53be07b967e1fce91efd2e1fd7cded535927fe867e918b4ec89e0381bc7d6d601926da11c26c25fb955178d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e3ee.TMP

Filesize
1KB

MD5
b4a5ab62f20b2f92af55e02bfd93a2d0

SHA1
df692965e850359325f6bcaef4cc8cbf4c42c6d4

SHA256
d28cbb5bc277bfb1429c0305a437207cc9a7ba37e485c08adbc7d8e15693adb9

SHA512
0f6a988177df947b1d628e163069a7ec525621fabf1e4e13e948ab37d6dc79c11cf0c0a794d0b8ae4a203d24bfbc1851d28a00bc057bbdaba6b4c754ec800864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a69a2346d96b4e5dfef77111ac7c558

SHA1
3bbd119ef703371496aef77362d9f9f5ffedff7b

SHA256
eb2bbfffbd828572565f105646774232ee565736319ed4bafc06aee3a882eaff

SHA512
48aa2fdf81b9a772e828c0f97ef0cca678d7231be4968dad855f8e1aad1dad6f8cdbf07d564b43139e8056811d728aea0f14517e7a38e9068cd2024abf4f06ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a6132275f0d1644183cedc20b542e59

SHA1
5f27290c19978f623b2427f263d86ab49eb0ec15

SHA256
b6cec96dd30cc4df037106a69f84b6b504e0dd9ee31314949991a8538235f298

SHA512
e8e9cc174a85c5c4929e6e7f615248841a793cdde20984df14446b06e5b0300bdcd5128278f5a67e0cf81d5292af4f0576fd25879d3c9164a323e7efcb99d594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
deb4449468737c46f6fe4340b32402a9

SHA1
3073d4bb770b674078555c56462466048a5babc9

SHA256
efbc967a5a6d12e512be72f64cc0646eead6dd205c1d52766cfc99aeb5b6cc87

SHA512
590b3934098dd47182bb3b60b52350baf05b24fc04d20b21a418b66077bd9889c0c0da1b356a06c6f51104b7bcc956a28247a4e082ed6c5104b92fd99b26a825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
559ad293778e14456c33576b8496482e

SHA1
c237ba702fe897e568396c45aa85004f2a17a5f0

SHA256
a50b26b289552c8c711973cc180f2f1eec284c8f6174b83b839b301252edecf8

SHA512
74ff7ad782e731103cfad48b1430e6e33f3f59222d185d33e6d9874c355e5ca637fe126fe5d8bed02f30db0693d058b4bfa07a85630c0ff02958db07c42a83f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08e980116fe0c4a96897be7b542c03a3

SHA1
e587ce9ef4015dce33295f4e078ac84020c810d6

SHA256
28d5b015b32f126be5cda8b37d22754dbcaace0c8c27e087ae5d0a629b2e216a

SHA512
87dc740ac3db3b79cf1eeb233c308b064d83b00fb17ac729be3635a4f9980a10f793faecf077a6b9ba638b5e58c072c463be74805e3351d9e9c2e12bab069513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e51bc07f4fc0957ab62c7374321a767

SHA1
a6e2854bb12bc7a53e52342149843ea90dede6ab

SHA256
e532c5321719f6b7e1987d461dd56ae3b352abcf7106d947cedd2c38f83252d9

SHA512
bd4afc34a46a03ed6f8dcd05316e4c2008b19c7cfa849b2c99dba43781bb566fa7171477553ba6e6c638b78d240d068c4d075ff88fbc6669a5f3acaecf73744e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94dfda42d93679a8266d47587f6e81d3

SHA1
cba5febcc2b5b2f3281c152f1f4957b2118d4742

SHA256
b53205daefae9fb784ae5aaad18a99ea072f1f86dfa775567a6584d9dc0a2b48

SHA512
6271808bc4f012dced4865cde45da2ac809a9c31d424cd5ad243c1a905e298447edcc95ca2eb244f4df356a1cb888dbf6be80c63a9d077155a4e815547075397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0dd87427bfa70a3e7d5b078f6f73db3

SHA1
dcf99801fa7e4a8df05f778ecaa4d2f2255afbe5

SHA256
0c8e0393fae0747926151b2d195b35737ffa239258e718abf138131668f0b1ec

SHA512
f48a235eab4747ab4a4408b01c433de6c4ae68ee870be8f3d44e9af399fe66c61b1247f19feba1c2cafe99afcddb96ee5410df218dbade6d29c5875976113abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5290effa8882f508bc928b03d538d7d4

SHA1
b11b9b92b12787bf37ad7624130b3ae8bb28782b

SHA256
17467afea801cf4e29ac261452f9911132a6cf88dc33cdfa8c9cbcf1cca33cef

SHA512
39afcfa20983ba4f268741f0cf71a597c5cf2caeb118dc85abfa691753dd17f8c86de0e2710140f3df8e70f38c137044fecb6c924a194f48d46d77fc901b1c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61b5b99324608b1ddd7b78f7e30e9725

SHA1
0e09dd65798920fa0ca4e280c601597a5dcfd091

SHA256
916e39ff365f1ba6eed645372a0e32d8ffbafb37f04c7fae129125a6d15917dd

SHA512
aa8970bdac274b96612b336586d50d4a2838f8fb7770d6462323343d52f6b79bc3adb62e03faf5b40abcd070e1315a857a8dc547f8b7bf9525fdd1539fcb1f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f741ed34b3ad5683184c668ab8189f6c

SHA1
641bd74b5e951fc7933741f6f653c3c069154332

SHA256
bfbe75fd0859068d65c502ec9fe7047b48332e797bc7e3d8a0615d96580438d9

SHA512
54cbec249a6cafd986f1918fa72c66e23530955c4d73ace3c27e05139ebd7f9c26d447b8c1fa824410ce630de51ff095016d6e3461bc930877c487d153a98c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd40ab5330ee4db18e13dd742eaec0c7

SHA1
0cd371e47aa6c038539f6938a71287023f833fca

SHA256
0b1d4cf7aad2ee45f1ba0e3f8e4a33e83a15cb12fb2d9e25efd352d7e3b2795b

SHA512
7a0698275cd83c8fa767173656525608a60bb59522733070fde23524783058b282ab87f25906d8cd3e01f519a6605b171bfce4d69c20aa0b54c3404df1648805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0aae6f04024ed07039cb9d088046bfc7

SHA1
c325099b8875fcf3a316ac2e9878305ae2480014

SHA256
a2080fc043eca849d7d4040b02500f5eefddfc2fd83d0aef6dfdf02b1eb55eac

SHA512
16eb4ff7625e03438e185f9cdec6d8b5989f1456a5ef45cd1f3fc7be9890e335bf9aa8ac65850a31a610e15fe6899569f5f564799166fd656e579498a4d0de3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4aa178827f349f80c4cd41230418af0d

SHA1
110349c5cc915d1a697b9550f54483e3cac10013

SHA256
88aef2ac357b450060044b8476f0cd5846903591174743c577f0752a4f79ef10

SHA512
0fc7616d4999464e4acb784ee844185c8ed9415c0720d8d47885591c4cbf11539bfe4435666e7e204790b04fc79158f95dbbe1c58687edfcd33ea581efd9b31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb9e5347595a30bfbb4b8a9fc8e20db1

SHA1
25d36bd1494a57e5da16be8d66ac924c4cc75b12

SHA256
33d432179cb1f46dd9d1e6f140093099a70249e9d768fc58671993b7abca62ff

SHA512
158cce2f074e0853d2d7e9ef659b609a45af0a3190a0e083b66479738b8d49b1f1aad0151e9bcf747213b5c727a8d86cf7c37bdf09081c4e8f42d522ac276875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
581eee58e023edb7c172d443ad315039

SHA1
59504101aa211f6f5cbe8e0d3587d65670ba983b

SHA256
64dccf1345fd43b194683937cb27bcceda348a4d9033e5f36e22692e5c33bb5e

SHA512
f6c32b77294793213f9ad2b17714bbcfc16ef671537868890337f256f25a8d7dbe6a5f683603f6826a5cea4c44c86564383f4c29adac8da8b93f1f73d138e3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3ffe3da79bdd5a18f10ea95321c292d

SHA1
1c4eb53f98fcb0dee9392b6fa2d727cb4843bdf2

SHA256
ba14db42a784538090a3451eae7ea25ec965e0743b6745619d335bc834c190df

SHA512
2d0df1a6cc371d920bb9c03763fadc6f4aebb1db0bf191e8d900b1a68da9f488b26c9bf18c5c4ad3f65d7711439131d2edc04dd2aee5892d830b8d1980172da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
535db43c965a895651c094c3c794e7c8

SHA1
3303f5014273144b360b6345c70ff2b5a4ae255b

SHA256
e3d69ea21a6a503ebcda7986bf036068ae14695626d7e13097335b03c0d1c760

SHA512
8d7410af7137d28de5f6cefacb0e7e82e31d14a0c0f95dc67d59a425c791cf337a13ee0e2062bc8d0b633143aa2734d13f5cfadb50e81fc846e41f2d5060e294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc19b557271e05fd9df39c5175b98af4

SHA1
eb0e2730fc931060edb00a4b4f7a132240a79fd8

SHA256
70648487ec76302d0e56799f53dd1428bddf082baf2e1ed1bcb806e5e165cdf3

SHA512
f7e719ca57328bc203bf86d128149e5a8b0d45f8595206d4ba69c1cb5bb79afab264f9f7f85fe173110e91b20e537ae17fc056c6afb6b1bd3bd50c77dc62321b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d226ec4fcc57e0e826377df443455b03

SHA1
2ced02939db0a30c74f4057703458b0d3ec6d87a

SHA256
1798b5a582547e7f6608a5d3a10059bc7f208e7ba5df6442957789d22612e9cf

SHA512
b662c8c4f49448d49bd7e2fb0652f9eee9f48da30c8a296bec7ce17a0748253414d181d93736d71bed71cbcc6e87ff922c4f39d347e014db6709f123da8f0f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b35df1bb68297eb1d837663aa23be64e

SHA1
0b09f4af471f21ab9a34bd233d8eba5a121570e0

SHA256
a94b5e356940ab32d6ec34c6c64eb71ce5a95e4bb98ad4b7bda738bc25cd5388

SHA512
3359e5b8e5142d42e56162de38382d67cb6c50cfa439a84bad080aa15a5c13721f85e431e9fa23c27959983c21c57d1dd9b71d4efb4196f203e2cbdc5abc7aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cff60f34a80abcee2d097db4e5f7f150

SHA1
c94d8b444c99bddbf2d8d53e73ce0d0ac1e0261b

SHA256
b236b4aa7df7237b832a5d4efba3aab233b11746b6bbe276b119dd572479acc1

SHA512
4fa94fe7b7f763ca08bb3e185c8fa299f850c9da27cb313db382c0f7284d21200e1cc44ea63d9b6d6573782ff9687b0f91f8f734ef7f328fb2183dc3386567c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f61a214f6d939b9fb2aaa86e669f2b17

SHA1
7caa71ebadb0758264806a66e582cc0e52f0a0b1

SHA256
87c0e9a3b7015ed02a2d34ad07dfc5b51e51c3500e606043639f0b58631eec39

SHA512
434ce08387ceb53d99de9b739211f49ca8c612a50b4ef60fe8af812ad329452cf48003913d93adb338d4dd1408ec185e75aae30bc734d3fc64ed2840ad4aa1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5af918ffeb1d728e838104c6aff58e15

SHA1
020b5d5bd69f0d488d79e268d24919a6c4681a96

SHA256
0fd440c753bcc0ea06c364ed33f202310e6bf783d4aef9c905c7642dc06f2593

SHA512
9b206a7cda8a044d83e61b2fea40d9b4e3045d21470e4c561cc8b3c4180f936cad276094876b59f08d1a2086e38b5cbdc2db6fe2a8dc420b037ca76a97c6a770

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5088-83-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-84-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-85-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-89-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-95-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-94-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-93-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-92-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-91-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download
memory/5088-90-0x0000000006440000-0x0000000006441000-memory.dmp

Filesize
4KB

Download