2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13/02/2025, 01:26

250213-btppra1pcz 10

17/01/2025, 20:14

17/01/2025, 20:12

17/01/2025, 17:25

17/01/2025, 17:21

17/01/2025, 14:16

17/01/2025, 14:12

16/01/2025, 12:52

Analysis

max time kernel
890s
max time network
908s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16/01/2025, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Destructive.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

7^/10

bootkit discovery execution persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
5112	MEMZ.exe
4380	MEMZ.exe
2600	MEMZ.exe
1016	MEMZ.exe
348	MEMZ.exe
2008	MEMZ.exe
5012	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\467f8e41-5a83-41e2-bc37-d02bcbfdbb34.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250116125437.pma	setup.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 26 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	win32calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe

Runs regedit.exe 4 IoCs

pid	Process
6016	regedit.exe
3860	regedit.exe
2524	regedit.exe
2172	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
400	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4380	MEMZ.exe
4380	MEMZ.exe
4380	MEMZ.exe
4380	MEMZ.exe
4380	MEMZ.exe
2600	MEMZ.exe
4380	MEMZ.exe
2600	MEMZ.exe
4380	MEMZ.exe
4380	MEMZ.exe
348	MEMZ.exe
348	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
1016	MEMZ.exe
1016	MEMZ.exe
4380	MEMZ.exe
1016	MEMZ.exe
1016	MEMZ.exe
4380	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
348	MEMZ.exe
348	MEMZ.exe
4380	MEMZ.exe
4380	MEMZ.exe
348	MEMZ.exe
348	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
1016	MEMZ.exe
1016	MEMZ.exe
2008	MEMZ.exe
2008	MEMZ.exe
1016	MEMZ.exe
4380	MEMZ.exe
1016	MEMZ.exe
4380	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
348	MEMZ.exe
348	MEMZ.exe
4380	MEMZ.exe
348	MEMZ.exe
4380	MEMZ.exe
348	MEMZ.exe
2600	MEMZ.exe
1016	MEMZ.exe
2600	MEMZ.exe
1016	MEMZ.exe
2008	MEMZ.exe
2008	MEMZ.exe
4380	MEMZ.exe
4380	MEMZ.exe
1016	MEMZ.exe
1016	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
348	MEMZ.exe
348	MEMZ.exe
4380	MEMZ.exe
348	MEMZ.exe
4380	MEMZ.exe
348	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 8 IoCs

pid	Process
3984	mmc.exe
3796	mmc.exe
2524	regedit.exe
4248	mmc.exe
5312	mmc.exe
5012	MEMZ.exe
5768	mmc.exe
9100	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious behavior: SetClipboardViewer 4 IoCs

pid	Process
3796	mmc.exe
4248	mmc.exe
5312	mmc.exe
5768	mmc.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: 33	3984	mmc.exe
Token: SeIncBasePriorityPrivilege	3984	mmc.exe
Token: 33	3984	mmc.exe
Token: SeIncBasePriorityPrivilege	3984	mmc.exe
Token: 33	3984	mmc.exe
Token: SeIncBasePriorityPrivilege	3984	mmc.exe
Token: 33	2832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2832	AUDIODG.EXE
Token: 33	3796	mmc.exe
Token: SeIncBasePriorityPrivilege	3796	mmc.exe
Token: 33	3796	mmc.exe
Token: SeIncBasePriorityPrivilege	3796	mmc.exe
Token: 33	3796	mmc.exe
Token: SeIncBasePriorityPrivilege	3796	mmc.exe
Token: 33	4248	mmc.exe
Token: SeIncBasePriorityPrivilege	4248	mmc.exe
Token: 33	4248	mmc.exe
Token: SeIncBasePriorityPrivilege	4248	mmc.exe
Token: 33	4248	mmc.exe
Token: SeIncBasePriorityPrivilege	4248	mmc.exe
Token: 33	5312	mmc.exe
Token: SeIncBasePriorityPrivilege	5312	mmc.exe
Token: 33	5312	mmc.exe
Token: SeIncBasePriorityPrivilege	5312	mmc.exe
Token: 33	5312	mmc.exe
Token: SeIncBasePriorityPrivilege	5312	mmc.exe
Token: SeShutdownPrivilege	400	explorer.exe
Token: SeCreatePagefilePrivilege	400	explorer.exe
Token: 33	5768	mmc.exe
Token: SeIncBasePriorityPrivilege	5768	mmc.exe
Token: 33	5768	mmc.exe
Token: SeIncBasePriorityPrivilege	5768	mmc.exe
Token: 33	5768	mmc.exe
Token: SeIncBasePriorityPrivilege	5768	mmc.exe
Token: SeDebugPrivilege	9100	Taskmgr.exe
Token: SeSystemProfilePrivilege	9100	Taskmgr.exe
Token: SeCreateGlobalPrivilege	9100	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4788	cscript.exe
1560	msedge.exe
400	explorer.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe
9100	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5012	MEMZ.exe
1076	mmc.exe
3984	mmc.exe
3984	mmc.exe
3304	mmc.exe
3796	mmc.exe
3796	mmc.exe
5012	MEMZ.exe
1848	mmc.exe
4248	mmc.exe
4248	mmc.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
4684	wordpad.exe
4684	wordpad.exe
4684	wordpad.exe
4684	wordpad.exe
4684	wordpad.exe
4684	wordpad.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5300	mmc.exe
5312	mmc.exe
5312	mmc.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
6240	wordpad.exe
6240	wordpad.exe
6240	wordpad.exe
6240	wordpad.exe
6240	wordpad.exe
6240	wordpad.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
6296	mspaint.exe
6296	mspaint.exe
6296	mspaint.exe
6296	mspaint.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe
5012	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 4788	3300	cmd.exe	81
PID 3300 wrote to memory of 4788	3300	cmd.exe	81
PID 3300 wrote to memory of 5112	3300	cmd.exe	82
PID 3300 wrote to memory of 5112	3300	cmd.exe	82
PID 3300 wrote to memory of 5112	3300	cmd.exe	82
PID 5112 wrote to memory of 4380	5112	MEMZ.exe	83
PID 5112 wrote to memory of 4380	5112	MEMZ.exe	83
PID 5112 wrote to memory of 4380	5112	MEMZ.exe	83
PID 5112 wrote to memory of 2600	5112	MEMZ.exe	84
PID 5112 wrote to memory of 2600	5112	MEMZ.exe	84
PID 5112 wrote to memory of 2600	5112	MEMZ.exe	84
PID 5112 wrote to memory of 1016	5112	MEMZ.exe	85
PID 5112 wrote to memory of 1016	5112	MEMZ.exe	85
PID 5112 wrote to memory of 1016	5112	MEMZ.exe	85
PID 5112 wrote to memory of 348	5112	MEMZ.exe	86
PID 5112 wrote to memory of 348	5112	MEMZ.exe	86
PID 5112 wrote to memory of 348	5112	MEMZ.exe	86
PID 5112 wrote to memory of 2008	5112	MEMZ.exe	87
PID 5112 wrote to memory of 2008	5112	MEMZ.exe	87
PID 5112 wrote to memory of 2008	5112	MEMZ.exe	87
PID 5112 wrote to memory of 5012	5112	MEMZ.exe	88
PID 5112 wrote to memory of 5012	5112	MEMZ.exe	88
PID 5112 wrote to memory of 5012	5112	MEMZ.exe	88
PID 5012 wrote to memory of 2596	5012	MEMZ.exe	90
PID 5012 wrote to memory of 2596	5012	MEMZ.exe	90
PID 5012 wrote to memory of 2596	5012	MEMZ.exe	90
PID 5012 wrote to memory of 1560	5012	MEMZ.exe	93
PID 5012 wrote to memory of 1560	5012	MEMZ.exe	93
PID 1560 wrote to memory of 1064	1560	msedge.exe	94
PID 1560 wrote to memory of 1064	1560	msedge.exe	94
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95
PID 1560 wrote to memory of 784	1560	msedge.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4788
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4380
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2600
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1016
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:348
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5012
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:2596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:1064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
        5⤵
        
        PID:4560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
        5⤵
        
        PID:3032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
        5⤵
        
        PID:4984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
        5⤵
        
        PID:3832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
        5⤵
        
        PID:1868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
        5⤵
        
        PID:2280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        5⤵
        Drops file in Program Files directory
        
        PID:4924
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff7a0c15460,0x7ff7a0c15470,0x7ff7a0c15480
        6⤵
        
        PID:2268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
        5⤵
        
        PID:3400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
        5⤵
        
        PID:3092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
        5⤵
        
        PID:1104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
        5⤵
        
        PID:1572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
        5⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
        5⤵
        
        PID:3260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
        5⤵
        
        PID:4948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
        5⤵
        
        PID:4968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
        5⤵
        
        PID:3776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
        5⤵
        
        PID:2636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
        5⤵
        
        PID:3092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
        5⤵
        
        PID:1148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:2
        5⤵
        
        PID:2096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
        5⤵
        
        PID:3116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
        5⤵
        
        PID:3532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
        5⤵
        
        PID:2032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
        5⤵
        
        PID:1984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
        5⤵
        
        PID:3284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
        5⤵
        
        PID:748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
        5⤵
        
        PID:1468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
        5⤵
        
        PID:1808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
        5⤵
        
        PID:4928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
        5⤵
        
        PID:8
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
        5⤵
        
        PID:3100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
        5⤵
        
        PID:724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
        5⤵
        
        PID:5472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
        5⤵
        
        PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
        5⤵
        
        PID:5756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
        5⤵
        
        PID:5864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
        5⤵
        
        PID:5236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1136 /prefetch:1
        5⤵
        
        PID:5464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
        5⤵
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
        5⤵
        
        PID:5392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
        5⤵
        
        PID:2076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
        5⤵
        
        PID:5132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
        5⤵
        
        PID:4712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
        5⤵
        
        PID:5792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
        5⤵
        
        PID:6084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
        5⤵
        
        PID:5380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
        5⤵
        
        PID:5368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
        5⤵
        
        PID:1640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
        5⤵
        
        PID:5544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
        5⤵
        
        PID:2216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
        5⤵
        
        PID:4772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
        5⤵
        
        PID:648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
        5⤵
        
        PID:6136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
        5⤵
        
        PID:6684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
        5⤵
        
        PID:6824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
        5⤵
        
        PID:6496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
        5⤵
        
        PID:6604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:1
        5⤵
        
        PID:6476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:1
        5⤵
        
        PID:6560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
        5⤵
        
        PID:4448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
        5⤵
        
        PID:4196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
        5⤵
        
        PID:6956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
        5⤵
        
        PID:6188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
        5⤵
        
        PID:7080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
        5⤵
        
        PID:4640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
        5⤵
        
        PID:7532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:1
        5⤵
        
        PID:7976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1
        5⤵
        
        PID:8152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:1
        5⤵
        
        PID:7716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
        5⤵
        
        PID:7832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:1
        5⤵
        
        PID:7860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:1
        5⤵
        
        PID:7088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1
        5⤵
        
        PID:7388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1
        5⤵
        
        PID:6168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:1
        5⤵
        
        PID:6200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:1
        5⤵
        
        PID:7664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1
        5⤵
        
        PID:7724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11332 /prefetch:1
        5⤵
        
        PID:4308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1
        5⤵
        
        PID:6236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
        5⤵
        
        PID:644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11768 /prefetch:1
        5⤵
        
        PID:8480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:1
        5⤵
        
        PID:8584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
        5⤵
        
        PID:8564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11872 /prefetch:1
        5⤵
        
        PID:5628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11840 /prefetch:1
        5⤵
        
        PID:4196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:1
        5⤵
        
        PID:8376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
        5⤵
        
        PID:8660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:1
        5⤵
        
        PID:8368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12480 /prefetch:1
        5⤵
        
        PID:7660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11856 /prefetch:1
        5⤵
        
        PID:7856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12320 /prefetch:1
        5⤵
        
        PID:7060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12296 /prefetch:1
        5⤵
        
        PID:8912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12268 /prefetch:1
        5⤵
        
        PID:8476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12824 /prefetch:1
        5⤵
        
        PID:9252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11976 /prefetch:1
        5⤵
        
        PID:9952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12992 /prefetch:1
        5⤵
        
        PID:10056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12912 /prefetch:1
        5⤵
        
        PID:8968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13244 /prefetch:1
        5⤵
        
        PID:9636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13148 /prefetch:1
        5⤵
        
        PID:10216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12956 /prefetch:1
        5⤵
        
        PID:9348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12648 /prefetch:1
        5⤵
        
        PID:9844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12920 /prefetch:1
        5⤵
        
        PID:10072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12916 /prefetch:1
        5⤵
        
        PID:9796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13736 /prefetch:1
        5⤵
        
        PID:9916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13932 /prefetch:1
        5⤵
        
        PID:9208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14060 /prefetch:1
        5⤵
        
        PID:9060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14144 /prefetch:1
        5⤵
        
        PID:3420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14244 /prefetch:1
        5⤵
        
        PID:9184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13480 /prefetch:1
        5⤵
        
        PID:9960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14288 /prefetch:1
        5⤵
        
        PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:2476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:4940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:1576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5080
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:1296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:4648
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3304
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3796
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      Suspicious behavior: GetForegroundWindowSpam
      PID:2524
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:1172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:3644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:2192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:4124
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:2172
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:1220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:2640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5024
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4684
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:2372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:5408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x140,0x11c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5420
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:6016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:5944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5940
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5300
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:6068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:5552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:5184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5128
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:3028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5348
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x90,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:1792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:3688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:2020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:6616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:6360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:6332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6336
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:3860
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:5432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6224
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:6248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:3808
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:4276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:7912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x120,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:7928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:7592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:7560
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6912
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:7596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:7588
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:7284
    - - C:\Windows\SysWOW64\win32calc.exe
        
        "C:\Windows\System32\win32calc.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:7192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:7524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:7996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:7180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:7012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:7916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:7236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:8416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8432
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:9044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:8392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8472
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:9100
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:8588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:8204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:9076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:5416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x144,0x148,0x120,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:9008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:6532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:8664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:2516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:9888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:9904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:9512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x11c,0x148,0x140,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:5296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:9596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:9548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:9316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x128,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:6384
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:9472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:9488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:9476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:9708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:8140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:8688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:9344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb4718
        5⤵
        
        PID:9184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x420
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4708

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:400

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\63da52c9-c0b3-4056-b3ad-9d37d7938ea7.tmp

Filesize
11KB

MD5
6c9a361d2b89577c60d17f2c9cb979c0

SHA1
e9d57434981a25f812cffc7791489de9ded9ec96

SHA256
d39844144ef9b65ab067103bad5a39b7eed275e000b905b4425ec0e0519f32bf

SHA512
6525835cd7dab7e2dee07c659a5eefcdde02d581863d4b1ef8ebfc73cf7a1b011a9a442e47695398e36525c77267017d20363249fac7c340026f7740e637fe24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63af7b2048710d6f167f35d94632a257

SHA1
812c8f140a72114add2f38cab52fd149ad8bdcfb

SHA256
15aafcc88226b6178e02a93858555ca48fb205ae317815ce31aa547555329046

SHA512
0519b7dcbce66aecefbd2aaea6120c0da213d8bb3e00a7599bf2e390bee3f643baf952cc553766f8c2779fe9fa303570a56a8c846c11e2fcf9c2075c1e41ccc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17ce65d3b0632bb31c4021f255a373da

SHA1
a3e2a27a37e5c7aeeeb5d0d9d16ac8fa042d75da

SHA256
e7b5e89ba9616d4bac0ac851d64a5b8ea5952c9809f186fab5ce6a6606bce10a

SHA512
1915d9d337fef7073916a9a4853dc2cb239427386ce596afff8ab75d7e4c8b80f5132c05ebd3143176974dbeb0ded17313797274bc5868310c2d782aac5e965f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ced4aad7256ce749edd2ba28023150e4

SHA1
c825c10448eb3b94e532b3023ae199c925ab1602

SHA256
c4458e5a2c81ec9941dae0361a0fe791dd6b9cb26dc824259ab33f450d31bafa

SHA512
30d4cab4d89a467b9a0c9395e0d30095619800682586ee3616ae1c0f146b2beacf264245952bc7e9d5bb0fc14290cdb2dd6a00f4b9b8e28aa338fd98a9a365e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
37KB

MD5
ae2b5e6fd36c38beb90ca24ed95ddb5d

SHA1
b447190bb67f2a881b718f6cc70a136d698fc5fd

SHA256
cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136

SHA512
5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
18KB

MD5
45f4d9e7d2e260e8288babc1c6509235

SHA1
00b2ff2b04aeae39c3a1acd010c8814bf9f775e9

SHA256
9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7

SHA512
f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
5b611912157812382ae02bde399ff48f

SHA1
6089fbf66004233d7f64b590c883156200df8c54

SHA256
8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1

SHA512
357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
59KB

MD5
c6b0f95171fa2aa59458f9c82f36fa41

SHA1
203e9f34c6b963cd318b7eaa65d35b036a88fb5a

SHA256
839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322

SHA512
da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
46KB

MD5
50e7c652cf5d57d97906cc8c89cccec8

SHA1
b44c48b98c90686ac69762412e87099693cfe308

SHA256
17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0

SHA512
5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
baff94c63010c402a48da7cb2ef08bf8

SHA1
a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407

SHA256
517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf

SHA512
d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
4956a5a7644eeec3c23c11c34eb8d8cc

SHA1
a5a07b734e130facc24e0d45b3931d23c4858174

SHA256
0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5

SHA512
bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
44b04e0fb01ff7fe77d0754a1c9567fc

SHA1
60c45119cfc6bc3a3d38d7566d7579cc23790dcb

SHA256
052dd7af1345124d893b13f98dda5087751cf2e0e6300106509fbbd846a20018

SHA512
0cff7e07115e35cdb21691851cb7946725ee3943b51b1e76b37e85cc95182fce7621286c26490fe2107d133330ed707c2186ee090cd00545346fb858eca84ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
125KB

MD5
7ac6764268ce17bbe20ecbe805a0aee6

SHA1
0c33c0dbbf22f3151a28064a1fdf489a2ed3e919

SHA256
78f280f4425ed6a51f7abb42ebe9e981fce27b577383fdcd12d44263785a6fd3

SHA512
0f69d231db4d99655145dda6d3906a4ac3f7bcd7efda22939829ff5fd09834547b817a979cc624b53cb7ee5998ad25f85167906ce630f20e76bf0e16ecbf5444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
28KB

MD5
1752326ce45c039f4c5e81ea24c27c35

SHA1
4a22a9151c3c94d170cd3d23659e8e1a5a6f0070

SHA256
13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad

SHA512
7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
127KB

MD5
520353fbc949033860ece7b86d3a57c7

SHA1
feeae42058185879e098b40070c4aa5f8612052e

SHA256
a596f9206af3006ca687bc7f88c49f6a039da60b9776dd147d2b7dbbfd65fd42

SHA512
c036a356607fcd32e7330bb4e4de876b9245d2a2b155f26fa26fbc8c41f04ba2f450d54e40136049d6f863f57dbbc8b0334149753522ca4da988b2fd708a6f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
55KB

MD5
68ecc58a934636e32b60461c4ee4f930

SHA1
8e8f1a3a09f4ea7aba307f4f23890eb0f867e4c6

SHA256
8b61d8c123333fd1cbb0eb7aa361ef2220efa43dd08e13747b68d311de4810f1

SHA512
7d4c8d057a8fae7168b6748a0179d46a0fac5c530b9747941aea29667d07b2a9d142e1171a63eb6bf9219906313ea3e283c3fc2803b534b7a782a7a284a8dfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
19KB

MD5
210e9767b38abfabfdf6fd84991ed2e4

SHA1
888a823752f83cd17294818027f9d6b1d20ce9af

SHA256
cfce71ad1afc9ed623c1a0596938966f9bfa9220fa388b3ab0dc430ca43c170a

SHA512
38e2847ba3765f79b8d24f739d34a6b1a5d1b148546837547325537506b259c6d4f2fc6ce3f102e198f4e194a7a2f5c07280a6fa945c93fb34aa85c44fc551b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dc520f2160b6d429_0

Filesize
415KB

MD5
4132194280f1a54f8a7fe1b20ad39999

SHA1
72348b4886823f1443aed462712084537f1f3db4

SHA256
a03988b6e442a20da6a82055e4290248c7aba215b03b7ee3e7b643b30d18af1f

SHA512
408b8543a4bbbc07095a887f111cab1c5636d9552ef9fa76570436ad0debdc018b341592118fa44007ff5f916fc3c375664ecf3822dc3192404411f1dd01b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
1ffbd3bd2bd1df8fa8c91ce2f7fb49c7

SHA1
981fbbd40ce88f5ff83f63d637210a68e2918a07

SHA256
b91532120db753d2b0246c82ac5eb3cf579713bcc2273bbd54d2642ab50b64fa

SHA512
7238b5103bdfc8c68371819ce70e931171738f83b88714ec3b93e96a01503442bf52a5c05ffe4db1fb7e15fb6eed5750852f603dfcd46659067d6ac42ce91bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
eaa46f18fc90cb0b43194e4291d5ac07

SHA1
e5bb8cc14c8531c99ac6436d968f8512bea87fc9

SHA256
3c13ffcd23f2b5ca818e8eaa8bdb48a691ea479fffc9f1687ef31ac5c1c37e62

SHA512
8c3f6cefccf7ed035da84d2755f07fcc6c7974d6ff390f0c2ca0f9591f8aabb6105ed5ad1dd48e1dc17a6f53282b00d032d968debc4ce7325557f3cd551b0c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33d290009c74e3a73c212bb92dc12b72

SHA1
6823e3ca3b839508f53c3060176c4d8416b05fae

SHA256
379b714afdde00bdc711efacb39abcb9609c627ca1537d1ddcf6f7e1acfc8352

SHA512
a49c8dae4d6617df67e10d44329d5d26c5379d5e60182651288f6721bf44534db2bc6f5afe54be55b71d0e46fb097ecefda66205e9d09d5f2f69720f9bc61dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
663cec1316b94685a325e5e96f98bfb4

SHA1
898fc0f49936bd201efc8b1545c99473bf6a64ab

SHA256
5193f7528bc274170d957871b024d1af456550567c0f50754891aa3cfe134347

SHA512
657e3aa8e9494193b4add622b225a5a04c867d1a6289ec6c9c6471817618ef98f7dad525f35b57848be70bf2161521e824f1682dd0cdcb2fca670327fa242a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
fba78d5d2f0adc2d21739671d43d5594

SHA1
8b38185becbefc81b7b49672343e116b86172fa4

SHA256
452534cfe8c97025c4593d303ca45007c1479ae857b91e295eb19ad82df9d602

SHA512
e4ca568a7e3b7e1f330ac0d8325712bbae6d71f6c0d5500187e9c45ad75412c66c5368d3150d652134aab9ca7435a63077cd26f4947f8a7f24f246d4d9297ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
37ad47fd85acc6307a4e32fc7441e79e

SHA1
4c85ccb780079c7164061efb922bced7373276eb

SHA256
fc726db504819d77450df85c1ae28ff1d4649670f390342ff28cf14ce8d28a2c

SHA512
6d86505e6b598843ae8ccb66b8ce585c951b13581bd00df25a9c263301f31da1cef504c775217706e0afb120fe7cbd90da3370f19b3bcf2a7e584bb1694a027e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5662b5f9e2afa7fd45f042c5b2f6acca

SHA1
a6f5ce7fe0e913b39a7c191d889c327c6f58d748

SHA256
ab966568fb739d2ebf5b6022bfd001dfe9034b46afbfe74477206b385e1da802

SHA512
18bb2e51a807e804fd784e980acab7c66fec52b7a50d7740356a5174831cf3c578e00d52a4f59aebec28478d94779015e16c2a4a93fcced8df9b6106813d1198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e71ee36640edec3a3875876811c705ca

SHA1
ff9aa544b82ed63adec989d489253a837ac9d738

SHA256
04375200d12ef48960007b0e63765750968cd32ee42fd0e11e799c1660d82cf7

SHA512
7c6321ef584a3cbcd193868213f2d31157bcc43cf9576ab2c97018f77bf4642d352ab09ab9bc72caaa360ba1cc4d4df81ff854016bfa8f87bc36175e51adbbfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
017d30f864c3b293123339c1fe814c08

SHA1
66edef7cc28122f2bb0e888027825993c0b6c7bf

SHA256
3e887c6cd0dd5f6e69a8198fa7f99e39e06ee3fb34f0ee7e65d8c961a7dc24af

SHA512
dced30538a0122c69937bf1e692f57c60cde78c8042734e103bf2142c1c2e92aeb0dabdaa2a2f66ac187148eceabde08808f1faf7f50567b66cecc6bdb0f36de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
150c0e280571b56c54e32970dfabb326

SHA1
0091e32034965d21470f2bf76979ce99b9a37ec9

SHA256
0285400e1036ec9f072b627fe861df3fe4bb8d9cd9f33a55314ae96e7af72c43

SHA512
4d4e273dd74d708127f28493abd1d60a59519c439b2dd9e9b2b87576eede7a75d5567aef4573f6ae8a9c0f5e36f9f60250f2213898fc53cc57ed042bee34292a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
305c52ce0da35862a22d184d3915d6f4

SHA1
04483b594ef00d489f61ba00fbbbf69ef380fac4

SHA256
3cb372241bd8e3d83778f0a8cc2420cdd0e75b585fd2ea99ab0937ddc247dea5

SHA512
1092f52372243dfa9444e33e1107dfc28edcfa569386bf17e9e8713762dbcb6853ebce112e2fe7ba74b4c5f6f526369208a5481e00335552810433f423547187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
f9981b1f935733e83bed4a46ec32a4ee

SHA1
783204007b90abcb40415ccebfb861cac0b850c3

SHA256
357b923252a5e40dec0a40c7ccd494f91e1f85876da4eca858f7e07b4acd77fc

SHA512
49a5086610c88dee18d5d4cf912c12cf277795e5a2a304f15e01523ab746a6c1b1ea0f0dde0a9c7309ff99bcfca3fda9987d98a8fa84507e476d9570117ef243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
28d8911997f966309c1fb15b6c680acd

SHA1
e123b5f2a6f2a7812652d25aa4ec595459052e76

SHA256
bca8ef90a5b7e6f1f4e13576fb38b070b9b7fa7d332c77b1a0929ebeb81b9fe0

SHA512
9ab9a35e62426f39dd564cc33a0333f2870ee7afcf27cee450a8f7ace47ca6ebcec072a82bbcd93e0857e7bcc50fb741b3152b045bb5295bc6ecb7c47aeebdc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
8a83ccde5850c2de5f83a4fff734668e

SHA1
6a0f794c594fa636148f18c7b2267f213710b9ba

SHA256
cf8316f86d26e7001db33fac2b7c35fcb84e202d6fa4223dab3d2ec91200c75e

SHA512
036a372e65cafd99df1bdd1422e14719f3e3e2edb7f47349a48efd82a1d7fa9da2036dbdf76b7de07b9fae86f01a74c10f563120ea68b404037b381181709149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
1ff5e2513f115b4f767a58d688641ba7

SHA1
0525cf462bbb1857c5c7ff7256d53fae101e46a5

SHA256
76dd6b9b96ca7734c81968074a7292baf699c3780a8b32e5a3eaaa92adacfb3e

SHA512
b6d3cb1f0cb6412960e239b4db4206d520ffc89d2708bf684ddf6ce2ec1ba42d108ae73d287588acb6314febce0a933d0eea57f7635835bc1111abe9d339506d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
646f6fceb072ca4c8164edd7ff19876d

SHA1
80c0baa4429f9199474514c1ca85b315a828ef46

SHA256
4e400ffeb8ef64c25a8e03cec16653699666555d813ecbb0cbb1e01246a705c1

SHA512
f2eb87de3a1f0d89b370e52e0f12b36fbbd50b9ccfe9101a5c5cbb87cef468052f5907269113e643f2138719cde8b7f97981a30b6c5c80717e12ed9c86231467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba419a335221083283ba114d7b08525b

SHA1
63c89a651ef498b1f9e54c3feb99f6587a983b6e

SHA256
f84a7468e4a84d83ff12cbf186a72ba4bc2045fce48037408f553fe96bb6dbf5

SHA512
9aa65c6acd33c943b7eeeb2ba19a8c73483ce2d44f4d484ed16d8ee8d30958c01624a9c2bc750f392641f55ff2d5ecf5d5fbd4f51665f763c467aa1d90409f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0725f9ea6afddf46396a3acd2a6f5023

SHA1
257204a56a40727ed96e83a5e87471521a1c4fa5

SHA256
56b33b2995b8c3d5fee892043673264a85881c14160f90abda50b8b0d2669439

SHA512
5799a3b8c4ec55f7809d0ab62068f01ceacb25e9670f1c5b7b3f584d484044824565a7698fdf2104b013589de06dd4a07ba2246a1f16db4490af072168a200c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a08a8c46331ef41bf3ca6ab408f4d78c

SHA1
a5e0471f9a27e2ac3632d8bcfb5d941f751a6c7a

SHA256
6afdfab14e8e1b0ab1b1ac36cae1ffd80368966b4245d840eb4fe582479943ee

SHA512
725854e20337269801429b4806bb9072c9ee9517d0f6f355f21e30bb55b64fb77261e1fc26d63773e7c64a3b0ded995008ae7f5f41e38893053edb8e05d7af2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6afd3581f4e1c957c09c43bf4a0ebe28

SHA1
17d98fdcc909615691dcf7c4407f92d2da22d988

SHA256
d7fa04c4f47fcd6d2570a7538f75cd757ea144b8698fe40f1391f84f077066ba

SHA512
b306c943525bbf6eb31e899a2289abb365f4d84cd041c8041fb5cfa4c92d71c223963531df48946a6caf3b102a7a3a548a91925964562f44486284702dce9052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
30d1eeb364f1eab894cf37173bea4030

SHA1
3172dcc71f94bd69d6180e1747c306859a5aee3a

SHA256
f622ec1fe108d143c33a2a6074e3cbb109543e1c2174ec9c2d597666e52e026a

SHA512
b5468ece7e38e17f7092ee6965994917354d749806d5908850e46aa7fb6c747f5907138e64af1b49205f1502b3c7f325ca18f47e7e7860b61030b521c9d90880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e9206f4a7ab800cd6e354f405b1cd451

SHA1
a5cc953fab613b3ae74d1d572d209971f989aeee

SHA256
972e8b8b2c8fdcad00d49190cf63f76f90fe787acf0866a7eb12a2f0094932c0

SHA512
e85cf6188281bf9ac46178b0c37330c260c2bfcbb09f3db73bfd9afd954ad88b74489117d5d719c9771e851cb384ccc7e7b8e67c6f0f71ce22248b9a59e4a825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5968d1d3611be0b7b8dd5a90e944370d

SHA1
f0a1e4e60337cccef074bdbc718b14bb80ab41d7

SHA256
55cba4712829004ba9e02d9ae28694e19da9ab02f27dbea657b7dd124b178804

SHA512
757ddc4819a3162b9e9465431ed95c7f4a722ee215c132d42a35fb8d90c0d74b4fa9ba4b730e7a575e245284e4c2a26ba7716d05fead877062356472b4a1a33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a4c213d5e2fa3ebc857f0795a5a0ae06

SHA1
fac59977f21cad609fd08167090ab77cc0424920

SHA256
f8912e4bda92b89b7d01d001424b183524b0dddbdfce99a5cf761e4c74cc12f2

SHA512
638205a4a2721fac540d5aeb94e7bf91651d0592bf0a87ed731b265141229a24eb168e9ab4993cca5d342ab3225884f64c5d6d35737a088497950f382f9d063c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe592011.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1aa85a1afc3ff2d0d15094128c8efbe7

SHA1
b2013ac1f76a8a80fc7482bc4d70a9a3d5252f6e

SHA256
60218991febc220de1dc90ef03a870f8d58a2b4d806b4a266a3aa9019b4e1a2d

SHA512
4c95a90af3338a3a39068cb8ee6f63fc79986eba002992528a42cc639e633e92fd392d7ed9a1f28e17ca1373f6efeb12bc2628ddfc1b6c682db9f92130044ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9636daaedbf499d7a3e1642e5d407bf

SHA1
bebff0cda2d615fccfcfc50cb78c4548cfabd926

SHA256
8611d7cdb61c8c5023229ef49d46b402079b1c6e69236eeac1795d49962ee481

SHA512
c628a9820193412dcbe2f3ae80fa13130ad54875a533bc28ce7727ead0d11d00c4ccf06f398e95a6c3b7ea01d984cae7a006222181a1753e26b87cfc5b5044b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2469d637243dc3b19f4311b79cd4081

SHA1
0291e24de289068a16c06561bc24b213f8321369

SHA256
43ffd487a87c1e3f0d42cfbfae65a626d606d8eb6b11e9e30353cdbea76d8067

SHA512
4855c820c91f9a02d476619411fe7eb5f719b5c12545e9b84096dff2578ce192401a2e41a338d394ed74da4ab5c75bb87612ffd566a0de318dd8508a41ebd2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
058ddfe5d6e74aae0ef4ebe14c6a22a8

SHA1
6bd6f403548fe99676c46cb23a11ee48e2fbd29e

SHA256
de3503cc603117d15ef6c9a97affa503191b9ddc286eabc003d5b77aa8e585c7

SHA512
6df7a05f1b8740bc7d34510a036d705f84a8fb19483fca0d7c837bfc944f00f38873b590a52be651e9f27edfd0ca3d96717f5039ab9a80fa3dad27ce65806a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
998f53849edf084ae5dff84aa393f2e0

SHA1
65b449a0072430d928b77edd089d919fc089acc2

SHA256
686687b968bf417ee1f56ce7a7502bf6b927d6a63d6fda7f5bc4f0259cb8dd23

SHA512
502f06c7578d161f101d21c265561aa4ff7c6275a1f1000162657c7e47a92ab99beec77c12b129f861dda03d2333cd26c2faf328b194fd25ab30607ecde135e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60239b4e7b203907120d6e42cf3b2f29

SHA1
35d88768bf4aa18c64affec8b901bc262650897e

SHA256
6436cd48bdf2ac4b538e210328e2184b7b3add3d8394cf9a272cdbd3a35cf1c1

SHA512
d8f2ddc8deaeb58cebb06ea45a61f07015357e1a0ddfebaa384a9c925411c4e0990b8000bd92be97899f2b4be5778736ec2591d46db0114c0c10cef054c86913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba7a7acd4a8ef1f45f7a18a714d89af1

SHA1
440b1afed1d1cb1088201ed69d867aab5fccb8bb

SHA256
0ebf6d13e4eb5759d73bea0c819846913d52ff1bf96b4434e78a291b2a3cd83f

SHA512
dc8b16a946bcdd251a5ce0ae7ade523c9cf3d74c412e55969987aef4f164436b4d9d1afe844663555305411530288af1323731100dbd544921c3497dcd6c8d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
30d41c26340bc3ea217e8179820c7eb4

SHA1
f9f4f6ecd05e46e660f46523a5c86029ce14f69e

SHA256
123b58d5ea3eab470b8b9193a55769fc2c5cda86217e00615fe54f59f6b34c7a

SHA512
969eeeb5ba0a19fd6a7d25c87f2fc67cb9ee80ee084ef26b76c5c526244a64b620c8210e4bb2b9136d35d0e69051e7343682a7229ad549feb7b71b6e7b26439c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
14e95430df11f4486879de4e72674a3c

SHA1
cfe46106b3fecb9eb8f557ee3fc071f752024406

SHA256
9280d5e2d60372536bfce4850fd7c54772a0abe561e42dee537fc0660cbc9f23

SHA512
dab1490ca3d9668434da1fef461616868ea597a739174bfddc87cec0b33053bfb4bf280ed488dff11096659acfe42c5bdd00f2429cc4512df650e844394a58b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ea0d79fb863ff4083ed8357b8c923dfd

SHA1
3ae2476ed5d8ccd0060518870422f878bde37be4

SHA256
aab0029e86f21788f21e83cd026f506946caac357916bb92d319b0ac57903807

SHA512
2b00bc08877939f9621e98118f01c8941f1caaf5d2b7ba6401cc5c3b4faf4bc95d5a4a9849b0ac735dc7cae9a17808d4f1db4ec3827c57f42a60d8039d6cf388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1c729e885df9d1302449240ccce1441e

SHA1
702ec71330d566015b0d37a996a2cea26d792ba0

SHA256
5126081bef8f241c29a73f1538ace95d9b19f6dda76fbe0ad54220c7cc492dd3

SHA512
9c9eca2d50bd6af1e156165f2f2a1da8b5bbc7f23f21baf56bf8b70960a5c37abc5bca54fe21f329255237ccc027bf8cbe334b1c7516ffaced5fc894fc77aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59034329dd6daef168448694ff494fcb

SHA1
d22aa016a91b7f9d3a5018ef44392caee1e1ebbd

SHA256
911fb903efc7066ef29a0b86894fa7e1fb6872c74dfa0e36b72d4edd6aaa090d

SHA512
903556a0ce59f836c306e0e7c52efda2303850f063efa1ced2a4bf1bf50b944147af2e70d6309e3ac9829aed4b6fb0879f26b2ef8caf3dbdcd31b26070bae22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
672cd95713d960742d542995cdf26863

SHA1
3c55ecee872294f5b56c91cf8339807053c73ebe

SHA256
52e583a0aaf69b197f897470d46a53efff55a751ee0e87b365451da08afdb070

SHA512
69158a36475d31b1464f9ff2bf3d4c8838c8c2dc20fdc24d2e7f41dacae11b8e51bf4e0f4e775a6fe032452e98f2a5feac70b9e2698ab3d84b1958489e499ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e4e87cc50de2e5861f925ddb00fe46db

SHA1
b0c8038a6782c20fa1a6e7422178b0be17d00ac6

SHA256
ec2cbae41c635809a4dde1c8b8f4721900d84f4db952e7029c7206eea2d6ff51

SHA512
07a0d6d9279a1db8354b58be13a45581ef68a01c5decc0c4cca687b107e88f2cc229971572e5e2e0b8935f8071597805552657aec2d2a6a0e1feb5132af1b770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c55a096b2ca8554380604dd12a58be53

SHA1
c74c6056190e30f8362ba4871338ba2cef65f499

SHA256
10ff0a101761d4f4bbce68e4f41c1edac2940985fc33c3082fbcfa92429db48d

SHA512
d3b23d6fb951f557b16e834d962ed673b8c1273178f6cd2d9fc5b0e312f1a6941babe9b588bc3de2a9e16f91038ae4e3c1705e65378092831ea49f6cdba20cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1e37facec23fc152cf5309d47b0ac8e3

SHA1
83a4f36f2dde3c58f9fdca3ba01c70ee41ce4c24

SHA256
be72328d878f1b1ccbbdb99fcb7a79d2058561e610fa0752cf35836a2aad9cd5

SHA512
f44120d8b236c575d5f12a8bccb389b4c41ff1b7bba20a6fc7798332a7535b2d1b485ab02282941e9504905af1ccb5e04d654e87fc24c186b458316ad85fd097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f61aa030fecbf73f6800c8c5f552676e

SHA1
938e6e63a25a4f0b899940411c011092a2467075

SHA256
1ea32e320d8993db7cc97b6b7c6b767a9be8a9bb670e0c3173a3ac4a43daf555

SHA512
49d50fdd3abafa2c3d5e850faba59fe1de83b810a7493bcf65db017778666b4c49e087ec2aba3f5844faff52a0ace9f91a0e5d6e7a925af130edede74468d676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
062b4f646552abb8a15cb37c279f63a4

SHA1
9bf18b09174981fb4148def3a8f2b0b8365d458d

SHA256
0d1910478cdb74f3fddc0fbf916cc64e2bc32f0302d3429679c6d90cb1e36abf

SHA512
05650d2710bb16c54773372e135a0d3829e69b4c4e19f9a7514415abfce305becc3231929b04ec3cae7fea9c22f44de523c2dc0d0eb9870adf6da697af0ba097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bf0683fc13253b6d12094efa8cb7fba7

SHA1
c888c566494879ccef56f94119369251b882f264

SHA256
a3aa5fed16b1c424df799661c6272da075c3ea93ca7b282f7ef5e7234da82475

SHA512
4f5f822dcbb09d35572beda63a1d377cb9202a4a847457dcf6f9a014cfecda01dfaa72b0c1942abc3b2164442fb5c7ac48c28fff1b67a3b4ff2ed311a2ad1994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5a6b97712b928793e85fe4f60398b604

SHA1
2db5a3fd8e97d6545cf2a8523057589c9ba04190

SHA256
4b2c65c07a9a3f4cd497512d17c4eb16f09786b8011e717f1357b27570cbb6c1

SHA512
0247d1ce6f7c5181aa6b70de39138c86e32d6179303016f5910b9709c508cd1ce727380ca57fb21e9f228b8402a55c6a7b96f98b54322232054a330ceb50d53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c68f9d435952ff7abcf24a03dd755348

SHA1
263edc2796d03fa1f8ac1645e3b250553a7f009b

SHA256
9419a710254d7a24e86e843727a2bc23a61413f283b8a2200490f505f60d9721

SHA512
d2a9e3687ebd210ac3c35f5ae74e92924b8e3e3c554698a6c74206da2cf4196ddbeabee272ed7e93bde1d25990b72ffd9de81e96ef231bbf6984a3007ddc2f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a46b2ba83d872dec125a07cb8bdd8380

SHA1
2d34d8bad006262ca36f60c601d6d04dad1fe5d5

SHA256
3b13d97358c9e13891b1180565d4b5189a857c670350e26dc3b6af946293fa1e

SHA512
4e7769d35e7843a01184cc52b0dbb1779f9002185b1f430f57a2f8f2af632591831370b9b7e8e1d65a4c75a75f932fa4ded22f1aa4d43bb97561723a5ade523d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2006589f245fe00e8ad87a39f8237650

SHA1
81a33293cca3795db6f2ad39ecced23044ee9a0c

SHA256
4fa6e06d7e858b4517d9e07b5eba890b41330a9b08e6fb57a26ddb8a0a4cf88d

SHA512
42853d6e910b803d80a9da1d8796b664e815a8ee20abe05112fed1be7dde0fbb3186025bf665bf5379520fc29c4f8b7489963b54c928477e3e5f20eb66f1aefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
005dff3be155cd94a7ccea5a0fd32c1e

SHA1
a6ce2d4f268903be33bbb0ce3ae2b5f690d1c812

SHA256
4b9706f7ac4a710994bc231b01296598e68942e13d632bc3526310a9303937de

SHA512
682a728f60f96109913383d7cbbe1686037861204dff742e66f97ff6e83c9f7a651b76d351edbcfdf0207d1219e49b146190ca472dee26bfefe1e054dfdaf483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4350230c0d94109b7759798818d5f218

SHA1
8719428e3df3e2f65dea0f007441a3fd39ea7eab

SHA256
c2b820596a633922c7787cc5c2ecf8155f5d7f579853b655114b7b2cbb9e9103

SHA512
c86ba79f412ea43464b800a1c9581c229916f6ff4bb1a940806a9e1ed5ca76f0b5ba5757e6e02cb905eaa89267a63dfab2370ec432d374b733b75d05867d828f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
49f73209f22c0f9dd3a4f2c803fd574a

SHA1
c88b3992bfd40868c499b58d3bdcc7b2b64fc4bc

SHA256
33314f705dfba1022ae541b403833d27759be2b22bdbb3fb458372463d36873e

SHA512
8f25dbecd62e151b0694bc1e69d52e668d14d08b6ab2fb1b9c9086b187181cba58c887cfdbc8aef722673b47772c57dde11f96cc5f7a49db3b461d140c3b86bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6940179bf9dc571b94305d16838a2c04

SHA1
051311a69afe858284cc76462fcd88b18fb294f6

SHA256
06f9f8f1160b63c39a1ba96b4322ea5dc8b0b03e3e06d2884ba27cfac425e0b1

SHA512
421e32c650613cc5fa554c7439f8587ffcceb3fc6d8eb9de442e8a7709b5e2d17ac18e770bd55a161da65b1e04d6b406584ca1503fc958782e8a520cb5a16daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf5525187b60d5cf364d6e7122348243

SHA1
f6b33ae5f08e0933ff9b0aa356099d045216aa92

SHA256
50043c868aa235a74a8afd1a8a966345b56a02317ee7261dee3327c72160e029

SHA512
1b8c38600f39ff78840f9a59af2ea0c03da0d01200cac54f23f0b047aa756845f4d8919875e4b31d5e9b6c1d13c95ccdde60ace246bdc4303cd9c4c9d6c83a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
98e79c7d6af62e2dafe140b9d0fc5b92

SHA1
d5f9ad38088c9c758bab9f488fae92c0e20bdc88

SHA256
f1f89391e6a8482af1598e128b5b20f344e36a8c4f3d1ced85b97acfe781a7c5

SHA512
b758977d49254ac989c8283e3c9573cabe471be6e110a955161cf7336fc42b79ab910cd37491034a028e5defa12cf7d4c8e021e0076f25296c90b78b9b750965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bceba90126178525970caf6b9b8974a4

SHA1
3f069934844217309cd73da8ba6da3d67eebad59

SHA256
ad2ab579f49a1cfef9ea3e8f8ad36a75a576e39934668e67c52a985a81a18af2

SHA512
bc55f13ab0550338fcdb7a65b054901796b36f74aca406cc7c339dae557bf6e11cf47edfb32516b6b6a64166ca9e411999a89f68c898ba25da6ffd23e598df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7e05c1fee194b0550334353b9fab5e00

SHA1
34a06593eb017b50ae39b8dc2c608a97fdfd2f0a

SHA256
cd21f6a2e133b4634264958c1ede09ff0478a31fe98f07853276c8d2a4986f60

SHA512
641a39d945d598b57681d642f5b12af9473d59765f9fc5e99bf486e06cb3b3b08881252f4a98f252efbb1ec6623aef2eaca553221b80c682c6149b8250b81aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ff737dbf53ea2f31e8d57df0bf0a2ef0

SHA1
7f8c88a7e39ab5216f97d4b66c7e9d6a6a999463

SHA256
0c7a6e8fddc957e4ac847cfc9584bc2512d8040f25ab2afc507ebf0f0a5a2975

SHA512
8569c84c163ccc7829e334fe02f8b7eb3f6f90c7f5500a333b53fdb157aedadc94240ae91e2387ce9d1bb59c49f56b30d7e7dc84e756a89fb300aecc324a59d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2b8055a4c163210a021ab2f0ccdf6fef

SHA1
a2af7af0545127548d75bbcb89212ac34e4cce23

SHA256
1aeff4f4c72af55f0128ce59878e699b5d59ad4aed617f09703c7441df538a24

SHA512
0ab9e3b5c4ea89917fa84566c85001a3b75f23b9eb652eb424d0b3381a63ffba36fcaeb1eafd1b1179b086d8d040be1c4786d8b658373817faadbddc3956389a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eb6f5b5945af2e873d112427aef77f5d

SHA1
6343e759b0ff10302285ed4e4f0eb78fb64ec85f

SHA256
db78ee504d01f3549dd713b373933161d963be18290711ea1d426aeff77fde82

SHA512
494063f2e3dd724f075e7fcc4da31cbcec4e9999591cbbd9cd7eb03781a967e192df2b5ec81d32ab7c38c452720ec0d07965970ed79492e20af9f52db12a3c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
75e9b659c8938baf0ea464c350ece972

SHA1
e35c6d2c801404e3ef0ee50df6884132de3f7e0f

SHA256
2838c032863bae82377532138019d818523a832a6ae29c4e1e4ac7b51320ccfc

SHA512
8fecefb4247ce46b1389b5c609350ffe4aa0c066131fe7686b9d1867605db1b6e41d4dec0516733e81fc01515356318322c678611f11ba92d178b5b14950cdf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5731cdfaf18ec01efeab754e1567c139

SHA1
8cbaef310a88077d00ca8ffc994991a51055c97b

SHA256
8194b32c97da1423e052aad319c250a3748674f30fe2646ab5be28aa93f3cb8b

SHA512
d498805299721d7f604521b348102f8e82824478bacac7cbff037289c7a38ca57ed35b879f3e758dbc46f2ecd4e0d1fe03ee039725ddddb48e88d2212499ae24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0a9b696af6b5930f45a7135b0ac457f6

SHA1
b1c7f6764d175bfc164ca29389c0b84356a1a060

SHA256
bb9a8e86cced0a9cf80c1746dc60918c52401298c79c23713cb068640aeaeed6

SHA512
43cea47c7e0853a366a297bd4b22f6b6868da53ce66974d44f16937dfff2944b182c94c34578905f0d67c498d8840c8191daeb5fa7b1b8aa3d1b418357483c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f9d75e00d305f18eaf9cc15e6e3ea921

SHA1
e25caf9bf1e1beafdd7d2103e28a7349ca8a016d

SHA256
29f1d02625a8d04ffd7ccd31bf2b3f83f857f5c773166fc0ac62a0981da5117d

SHA512
5396e5265222a02fbd97b9eca8ca370a2cef5dee10c8b5521f2e8c9b8764fb14fcdc0b6915a9c4a6d357acbc6bb38ea99bcb5a3b348d4972c15d7bc728b7b498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
86af08faee9179a9c69dcadeeab99d95

SHA1
c6c44990c4480b7a90fd0cb619943e452ae72e72

SHA256
2c26b8b60cdba42c63e2430a415fee0034d3d27698dc0e67f31d61b553f9f4cb

SHA512
f3588fa2a94766bc086a8290f9405e20bb8f1c1f0ebfdd37342f9157cd56a0cd3712186c06bee7a1b0b258fd3c13c4f60fb0fd4cc6f7c2f4d97f51fe19860846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b8d5a6329bbc5edf31844f6bfa4ae972

SHA1
1014d91ea7a8867459e7014a725794728d75793d

SHA256
2d90e12869f60c869911a3030ea58211b6b0da7c53d396769f4b3dea0c406309

SHA512
d6b4a08d7188e48b3ec2dbaa78f1ccc23334f43266602c677ba5c52d54554ad02e5ffc32e852de47291e3f1291dfc34db62d4a1eb5f631aad0a0340d30e5f7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8ade2f3a82060e6d5b1e97b275213d86

SHA1
a13c13d850addf7c1c1d58c583255f77b40b7834

SHA256
fc73beb5ec396531d7267cd4980e720590ae4c7c34b6bc63bcceef59730d324d

SHA512
51d989a44462ffea680e4bd9b20c46705793236712d11f0400e12caaac3512d662a41b4b49e7e309c8e752dc7738eda080451b74736c6428541196dd7bb8ca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c6fa09e3f24b752c20fb5ffc82fff2d2

SHA1
8cb8608ee9fb3c0dfd70e6b31263138709afa62e

SHA256
809c6cd3ebf6da70957744b4b070a61c56979635595046b7029136729f1b359d

SHA512
33ead604642704c0c9049564215b9f6dd92b1d18884e286ac1597156057bc181ed453fbbdecd77e698bd754679bb70f94da021362fba0862472f68923467e108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6139dc.TMP

Filesize
48B

MD5
59b7233d6beae189d1b50e2781972fd8

SHA1
ee124c305b9b8d27db1b1d87a58679bad32fd08f

SHA256
004e4fad2c43e45ba4852ca641d3103c58a54b3dcf5b129b92328252a2ca3f18

SHA512
1c898dc7c60f3922602410335d2de865abf55307921f5a5cce98db9d02f21e4cfdaf7d274536ef3b6d7fec7131a2896c75052589643ca6274483d8b5009c3ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1777bc4c7828ca2c8629b7d6d5e515f8

SHA1
a2595909399a6b533ff2b287ffa34dd555b87811

SHA256
bf32bf0ff8ee2b69e6e326d6358035923532f19b2a29476f3a649ea505e428d1

SHA512
5f1bda6e8d9544a38e233a65555eb000f8bb36c13d3aa307be276c384815b69d7713bee181c433739e79c8e12e7f39cfb7807461c130202429d48e9ab457bca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d8167521a17f8c7f9c61b199802e6a74

SHA1
b16187656ce2eb9e927adeadc132d03014b040a9

SHA256
6ef11b0b494b7cea9ac9a54a05eee6bd2c4cb0784153cf71bab1979898a8dadf

SHA512
8c9f55ce0b23fe36bb54eef735f84a75183f01b24eb6757adddeeb8dea80b8c1c99a6a47aa23397b2821e8441783cb63a7cc9049e9dd695a9a28a11a94027b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
35c171bc614c15e97b4a17c1d06ae459

SHA1
00ecf33d4e1a89efaf54ede67e0697e1b258078a

SHA256
e4b23f8e6985440286128b62b0a094aeaa09e67ab8c706c5b5f1deeee56e7bdf

SHA512
a0fc34a7ec6c6719f4702ab6f72495e4f56fe5aed10cc9452dc0e3bb81fcd53c720b1ae793283ab7cb714b001add63f9e190acd56619f949c59ec68c2d1d7019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bcfcba4171d79792c6ce751249411c8

SHA1
20e316b85189db2fc6691595231893427fba820a

SHA256
f40f6bf11d618afb17bb8e80b27f76f14776ed4617a0b58d7b36f2943f81df5b

SHA512
d7b4ca1100f862b45ab25fd820849048039677d6518e627bb7affc3eaf3a72d66b6495a52ae7583996988ad25413f530d22a9079df3546f30e05f2ad3e5a1803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
017f417b947e9c737b400f6755197831

SHA1
f8156fd515e58b4bbb311d4925832e9bca445097

SHA256
48cc00d1b31469d87e240d2a2402a91d4dc08d80f465b2a39b071756eb98d706

SHA512
1426ae9866439e2ae8559a63c4f0aa1bc16fb04d8d29d3673982e61530677a739f4e8a9b2c3a7fb1dd0ebd1261d4f66106b41614883a7fdbb324ae27189da635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3bb8cab9da002b985af405e27bfbe22b

SHA1
ae3621907e649904c20fe57e6214c70669a35cc6

SHA256
3a6a61790aa2bcf9ef5088cbf291d15b509c515217b9121724483b8a415e466b

SHA512
e13ac34398ffdaad849c1afce75b3e6a965b604a9d33bf3219474a69245119a1d98b62f0ba2c053bfba7d9449a5f1a2d44050cd3cf350bfe1306650a96794453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d29c2.TMP

Filesize
1KB

MD5
ae200ad4f53c4a3154df821623d87afb

SHA1
93787dd258cb0d401541fb7c1e033dbe9865072d

SHA256
f353109d3609b326a8d2b261d4eb96b01311406dd7c2d9f831f56ac80f59f058

SHA512
eedb2275c219fb11fb14bb02822d608ad3ffd6b7d67d8017bb19a5ae9aed84f283bdcb54af969119732bd9f0580fe127bdd7ab055dbc27e00e1117ad66cf9fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3013902-dbb2-4371-9ce0-b4f6cf04027b.tmp

Filesize
8KB

MD5
df95b1f401cebe29d4acf67d71c6574a

SHA1
28529de1ffe4c4f5a00134a148d024275068319c

SHA256
8aac0a25f7c07372eced9d5f133cef02dcf1de4810bf4b15e86071dabe2ef84f

SHA512
f9f793bc15072224ef3b3810f580f21f124c204add68a5a69de8fa2171874daf886e479064adf9b17a87d43dbcfd311440230cedaba874a3630aba7e1cf8e27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc057b4e7451e4135acb2f4e1c9e6bf0

SHA1
6139aac88114ff3aa69f338be2f0fb0a25e6e5a7

SHA256
867991844e6615d41365730a9dd2fdaa5565d51340dbe04bbc4cfa023cb8d60c

SHA512
f5db9885f6fcda7125796eb8d73853cddab564cbe2eae56a2b7e4e025542adad85c3f19e71982ac860ddd124a54801130957cc2cf5523ac68a7a8babc590fa16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41c09d2038e0a41b462748e896853a51

SHA1
cf850fe6d09c5fe8c8588f8ad48b921c30f36d06

SHA256
fca4e6c59fd3693ef564c01e8468bdbe5e64210d0bbfb18f72435d2c5f21f27c

SHA512
20e64492ae132b5487f8debda7af50247b546604fcc047388901717e64371636bec0aec0b7f6ca3e8f66528134546d1255baaecb5b8000021635f6aa2eefd2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4d5eafc82bfaace8d8320cc423d5062f

SHA1
316b9175ef50092d2bb64c332d5d25f72e30d083

SHA256
b5acee6044a3b2f0036d8366d3ff9ace35bfb9b8ba0864d930d3223176c29036

SHA512
baab3c9e5607b34525e8ca6a621365c5d433d078e7e909484b5a9c582f320a75746baa57e8d80d6960625f69db774ddc4058890152c340675a9c3b9dd89f9e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd2fe47797e1887f44077e2aaef52c73

SHA1
5e71704a68b95dc3bace4cdabab0b878086698b4

SHA256
18ff7230384081f33e7803a14d2c2f4ef57eaa46ac845811dae467963982628b

SHA512
7ad3b5c8939797491ccfccc07757e8a32b4fa4450deddeb1974ae39ec7a3fe2d7c8b3c5aa588557abe3a17bd0f1ee077c77a2ac7c297279ecacfa6df9da6d83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
374f6281916f67510a3470179d69423a

SHA1
83a1b33b4491767e53522bd662acb377410bc8b2

SHA256
758133bfbe527eb17c7359e388a5112afc80aa80497951176ed2f3f58630feeb

SHA512
f8f0d4ef661a2915f26c80659700332286bf6a64c1c72dda60899d0c6b98f4cc5435468351412aef27c22bdb1ca319bcf0f544b8dcdd48a2e445c82f1dd4aeee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b81336557c30a76092e417fbb5300601

SHA1
36466357f52ef260d17b8e53a0f790ea65fb5b36

SHA256
b36a53709eefd3c83edb70877b2e6d2e651eee3eb318d336c9679cc91e682778

SHA512
a7baf1668e328d5ea00187d4dc59b5f43e8798c3d59b5e5fd9d92360d8a76338a622fa710da69116eb46b491fd671316c78aa84121603a81e9ffc660c084c364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c708c806b705fb5d594d1fb25320824e

SHA1
a8b5f1cb96b1e7ecda1a71a3934a3bfd062ff8cc

SHA256
aebda7dff69b9e583fcaf1db63eb83d15513196b13fe75e1492b39347f660850

SHA512
c515c6f7077fc7cc921b996d0ee970bca148ee21a05d22b5fed7b6cb760594afcd1d3194bf0b20c2b82c74343a9f3f6da5bfa4f03376e9ca20245094942a4624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03e0ae0e5e186823a48cdfb2fdf12119

SHA1
07713bf4a1bd152ff973f56deb6dd5d307041d26

SHA256
a8134f8f6ff98ceded939ca544be1818b5f5dfaad5811e70ac57b2f96eb727de

SHA512
4bade74f2cc43ac06b02608f34ef7fca7f93b4cda48c92b391f436b911844c3daefa9045032ccbccfba65c11b2cc62512323ede29af0aa033001a8d8436c9f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06f83fcd66da591cbab5686c33358cde

SHA1
ba76b52dd523afbe2bca7421b0cd12dd01b043fe

SHA256
c401feb01594ea06ba5a137178c3fdef2a640056f28cb87f1b1ef62fefbc6a8b

SHA512
6c49518ad3a140af99b2be174fa3d5b44470a8ffbe5c314fe2b80b3e6e17f8c0e1dac3471ad7011679f9909c8ca7d741a875e67ba1428cd8e673d17ac4ef9d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b862db48bd4f4e40306eb9a2a69be0e0

SHA1
4fbdeb79aa6ec762ac26887411ffc35444065013

SHA256
fc4a4bbbedc56883ba9664d8753b0c4d567a8f3be1a8e5b84e05fca887b141b5

SHA512
45b941a9f34d98600325e62b5047fd533082bf81a925afe84fbb1aef5c3dec52947d46e1fb3f9fd3f044e3b2d2e296cc216c7cf705eab4e0e6fb86120944ee18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8bc71c0fde5cd0704f686ad714dec11

SHA1
023b1159b6227d9cf0ee1ff2a8d9add7f0137b22

SHA256
a8b09c77382c5df64e0b34d6f0d15d9843c8e142b22522a2e55ca6419fa1b885

SHA512
431bdb10b798b17438716dda3c9290e0253895cfcbe47a81a9312a221589db8b86d1c8a6393db5bccab4219747f4192e9cb1a61beef697651aa7b559db5bcef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3767bae80ad586d6bd74fd3b48f04d7c

SHA1
0d3acbfc8122086055fe31f792de010a4f700822

SHA256
f55d71d421daabc99876ab10969e51145505b7e413e498c99d95225aefc5615e

SHA512
4f5bf112c37e117236e1f2cbfc5983971f2a9ac517ebfbcee45f101ef11740f93c71f2d743bcef8f50800534ace1c57b640c7e59b24af85b4778c390d2579312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3258a4cfaf2b62586c064da35a141a3

SHA1
4e0303f1d34315c9341911112c535b8d9240b174

SHA256
7433c6f86e4a7c016cf4d4e83e33c3e0b3ce134e5a2b27df4d25f82211e82c79

SHA512
f7845b21711f760cd2e01bf0b943f06fd83e823ebdd22752df2448e24e72cb2108b352e97a16ded49a61b8abffc5ca66280aab76393e09d04d7710595d505d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
971cf6ea294278f7313cefdffdd2d197

SHA1
6d8de96e7c95a4af5d9052d8d4684bdf1057e832

SHA256
cc3e65ecf0780e7351ad2d9ca29d7aea8fe3e12908c3be1cc7518883eff58741

SHA512
4129c8e7a6a43e6a7475beed68318700d0769b02f481e36651317d8b00cec31b2b504892697de1e0e3c457e77ed03baa20090ab4a63eca72262c6cb914856777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ce2e6de470b2a972b0f0d37c934d1e3

SHA1
1bb0c59afecf7e198467629c73b97365660037e2

SHA256
95d578ed0d4660c79b9779620efdab8ae409ed30c387ef32a8052cd86ef4e2d6

SHA512
b47f987728bea7d14ed33b642efb6cbc53e8cc082febef1c1063e1836065206885513ab7451ea9eb77630cacd219289892321bd8f93ef0018859452a90670369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a3466b3bd8cc6e59fa6e646a7477c1e3

SHA1
f1097c07270b68b6ac6fef5a07af55f66795e67c

SHA256
3f08f8a80fb17fbef20909457b69288d8cee8dfa6095a1de265516f3697165dd

SHA512
edd0e1a7405f68895bc283e77f93ea4dd541caf2338ca97f3e5156943dbbad5c16e38dad29c6596cc6af5a770a5668fd00c7e1d54f12f9f310ba080cc325ed53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e5b41e8a138dbd15ea1a6075c4e5a61

SHA1
54cfea8a01c8dd27a798a968eaef8371a711c488

SHA256
0c2189677e6b799668726e64a27428e50541b8a55cba4d8ca40601932714090c

SHA512
abfaf65899ed330112d1ea1c68ab62c40f108bb8ac0dd23384c600c87518b23f01873e98036bc65a3b297c4734ad949fb8d22711272cda6d90c2339dcd9a38c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6bb0de482fa21c33931d826f071f41c

SHA1
f2de79d7b8153239e17d83fbf6e8d02dbdb66cc3

SHA256
ea6197e946d167186a6a0a05fb352a531c605e7c23c3c9fe68e5d73b6befd38e

SHA512
884cd174981226c96509ed0a36e037fab326d03ccd822d2866cbd2708400fc326fbe512843afdaf8edac94e6e231db7f16baff2e75cf279359296347b4a7010f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a07b7e00aed15a6d23b1a3859803a822

SHA1
908849455404e890622e01a9a058556d59be310c

SHA256
2bb85c466db0590fd89b94dfdd1275b221c43a635b0ca0a6767c1d7ccbc3c25f

SHA512
01027632284397eb9746f12c827299aeb566639004bc25d65b380c57b9b1c73d968da7cdcd83e5fcfe23b5cae7b37a006427f151bc7ea1aa1d4ed885065dbede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bae24cf30125ab4a56a520c58c84828

SHA1
97755daff55d24ae91310e3b75f0faf4afd78062

SHA256
7ce1433cfd37d7a35497737f7f54ec07bb91f8350288143617712d65e739f146

SHA512
511e813cae262e1a6a1e853a558f7bb0e10c6b5d6a882753dd4b09cf31bd8be52c27ffb906657aa2dc65fef11dbd211ef518b22518fb3963a0b9f1c7977eddfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1be01552334ad714f40e5ddfffb6c37e

SHA1
c973ec6bbec8eac142c89db493da5c05f83c4c9c

SHA256
4de10e86cc16aaeba1be103e5927df2220ccbdffba01e6d913ab5cd69466b199

SHA512
5e2c4a8ed51cc40eb9575af44e2d03f31061de3829c1abace1813f30d44982576b3bc42fb5f6947baf0ff7d9e3c71ba5a9c39a12b247ade4f9f5aadd9f3089b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
082d00c1999a96cba8f06392913447ba

SHA1
60ba1f848c85438dfc910d116bd04bc7c87f4cd5

SHA256
6af4b1d1eed05f25e6545c1d723626ef35ef58939cb7303d866e0cc9aa44d6fa

SHA512
de77ed2e6da951fe34a050a849dc9ea04b41293a3d2b559bbcd93c7e3197365112c7da1538b7903ca74f2a48e7074276cd5195e783a3b1df2df23ddc12a80d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d811a3c88b240075b61cbb1dda7260ba

SHA1
4b3a88351b11bdef9f74333163464546d5ee17da

SHA256
4c84a72e2ad40ab89b13006f5b2a46e3dce149e607c5af58baed951a99d1fe4e

SHA512
d2badd88ecad04bfc93f7d84ca10e1e4fb71b74be79c2a69ce72c16ecd2fe137c2be670ab76a8a8dae1333c2d92b80e9ff34ef3514794898fcc76a9f696a9e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
159b483c9c1bafc7194060f74fca0e1e

SHA1
372fcd1f3c7ac2ead9863c414d1cc13a13c7e0ef

SHA256
619ea0777f24baa85f1b7bfc1511d422022498dd3c2ca9f67ba56168f1a82d3d

SHA512
cab9aa79e81fd22e59e8f36cf2fd749262b8a474926dc691de47d6ee967f030553c3933b5f79b21fa7902d0db267d4304970186e8d1c410428c8a9a9cf7c1ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ce91112045d201f207103d74500c6c5

SHA1
9751f4303af699c4ac4686b1ddc1f8a3659cdb1b

SHA256
a03a4a3f7392b81cab9a17c8ea5f0120a264328c5aa32a68b177671be99f9693

SHA512
2974cccc40deb762086fe5bed122afe4b82997fe46b69a3a1d72a6a6556c74c7a7f4bf9c6e081e92a6a6dce83329ab2e336e03badc42e4af1b92d004e30175fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ed033510-7e3e-4208-b0e3-99d166c445ef.tmp

Filesize
11KB

MD5
3730d5a59b8d3fb20d4936bf1cbeb612

SHA1
7b19aa0af4afa083e294fbe98774e5415eecf34b

SHA256
8813e16249586d1e70a0c918612ddbb1c9d3b123990a0dd8e50cdfe231ae7a58

SHA512
db8f181f42f4e31d0ed17a08a30832967575b14832ae79cd49b41e50af96124a2811847fce8a6fe1553718d01529ad76227d02148f0e25d419c11e403e8aa557

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
187bff279b4c4d7a436d1f6741830ced

SHA1
baf8d3dbc621501ab6ffea89fd8d6d2aa05fefe5

SHA256
fb64d695b81c4480668acb70f6daaeda22a157392bc93d3f0cf12ea9d0d8bb7a

SHA512
edea82c084465a38afdf265ada8af556adac16d1cfd80ce9f8040511f032480a5867e9287a99a507a222e1f20f1ca61e40ad65390b6d9e26ff2ffd1c8e7b4538

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f30b35128219be3cd5dd5ba96ebf28f3

SHA1
8fd53600c957c3a3a6b6277625935b25b54350fb

SHA256
113ec4b779f824e8f1102d75ae52d7ed7807c7ad36631490e304afabb24d3430

SHA512
cdde2f5c82c67674a50fabe26931e9dd6df132c478e1a6428787edc04c0a8c983b087a5e65962ed916b6c61b9d410d61531a23195c8c5d7ee88f8e4ef7ffc469

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/9100-1902-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1909-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1910-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1908-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1907-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1911-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1906-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1901-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1912-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/9100-1900-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download