Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Malware-1-...30.exe
windows10-ltsc 2021-x64
10Malware-1-...40.exe
windows10-ltsc 2021-x64
10Malware-1-...32.exe
windows10-ltsc 2021-x64
10Malware-1-.../5.exe
windows10-ltsc 2021-x64
3Malware-1-...91.exe
windows10-ltsc 2021-x64
10Malware-1-...ey.exe
windows10-ltsc 2021-x64
7Malware-1-...ad.exe
windows10-ltsc 2021-x64
3Malware-1-...ti.exe
windows10-ltsc 2021-x64
5Malware-1-...an.bat
windows10-ltsc 2021-x64
7Malware-1-...an.exe
windows10-ltsc 2021-x64
7Malware-1-...ve.bat
windows10-ltsc 2021-x64
7Malware-1-...ve.exe
windows10-ltsc 2021-x64
7Malware-1-...ya.exe
windows10-ltsc 2021-x64
Malware-1-...re.exe
windows10-ltsc 2021-x64
10Malware-1-...ry.exe
windows10-ltsc 2021-x64
Malware-1-...ck.exe
windows10-ltsc 2021-x64
3Malware-1-...he.exe
windows10-ltsc 2021-x64
10Malware-1-...op.exe
windows10-ltsc 2021-x64
7Malware-1-...rb.exe
windows10-ltsc 2021-x64
10Malware-1-...ue.exe
windows10-ltsc 2021-x64
1Malware-1-...ng.exe
windows10-ltsc 2021-x64
6Malware-1-...kt.bat
windows10-ltsc 2021-x64
7Malware-1-...o3.exe
windows10-ltsc 2021-x64
10Malware-1-...ey.exe
windows10-ltsc 2021-x64
10Malware-1-.../m.exe
windows10-ltsc 2021-x64
Malware-1-...o3.exe
windows10-ltsc 2021-x64
9Malware-1-...32.exe
windows10-ltsc 2021-x64
10Malware-1-...nf.exe
windows10-ltsc 2021-x64
10Malware-1-.../o.exe
windows10-ltsc 2021-x64
3Malware-1-...B8.exe
windows10-ltsc 2021-x64
10Malware-1-...ic.exe
windows10-ltsc 2021-x64
3Malware-1-...in.exe
windows10-ltsc 2021-x64
10Resubmissions
13/02/2025, 01:26
250213-btppra1pcz 1017/01/2025, 20:14
250117-yz7h3s1qfw 1017/01/2025, 20:12
250117-yy9l2sslcr 1017/01/2025, 17:25
250117-vy9p9sxpez 1017/01/2025, 17:21
250117-vw8eesyjfp 1017/01/2025, 14:16
250117-rk9ass1rhk 1017/01/2025, 14:12
250117-rhv1ds1lds 1016/01/2025, 12:52
250116-p4et7a1mez 10Analysis
-
max time kernel
890s -
max time network
908s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
16/01/2025, 12:52
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral2
Sample
Malware-1-master/2887140.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral3
Sample
Malware-1-master/32.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral4
Sample
Malware-1-master/5.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral5
Sample
Malware-1-master/96591.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral6
Sample
Malware-1-master/Amadey.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral7
Sample
Malware-1-master/Download.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral8
Sample
Malware-1-master/Illuminati.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral9
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral10
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral11
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral12
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral13
Sample
Malware-1-master/Petya.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral14
Sample
Malware-1-master/Software.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral15
Sample
Malware-1-master/WannaCry.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral16
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral17
Sample
Malware-1-master/apache.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral18
Sample
Malware-1-master/butterflyondesktop.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral19
Sample
Malware-1-master/crb.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral20
Sample
Malware-1-master/eternalblue.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral21
Sample
Malware-1-master/fear.png.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral22
Sample
Malware-1-master/getr3kt.bat
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral23
Sample
Malware-1-master/iimo3.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral24
Sample
Malware-1-master/jey.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral25
Sample
Malware-1-master/m.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral26
Sample
Malware-1-master/mo3.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral27
Sample
Malware-1-master/mo332.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral28
Sample
Malware-1-master/mysqlconf.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral29
Sample
Malware-1-master/o.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral30
Sample
Malware-1-master/qOA7iZJcoB8.exe
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral31
Sample
Malware-1-master/wintonic.exe
Resource
win10ltsc2021-20250113-en
General
-
Target
Malware-1-master/MEMZ-Destructive.bat
-
Size
13KB
-
MD5
4e2a7f369378a76d1df4d8c448f712af
-
SHA1
1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
-
SHA256
5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
-
SHA512
90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
-
SSDEEP
192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Executes dropped EXE 7 IoCs
pid Process 5112 MEMZ.exe 4380 MEMZ.exe 2600 MEMZ.exe 1016 MEMZ.exe 348 MEMZ.exe 2008 MEMZ.exe 5012 MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\467f8e41-5a83-41e2-bc37-d02bcbfdbb34.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250116125437.pma setup.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 26 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language calc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language win32calc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings calc.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" explorer.exe -
Runs regedit.exe 4 IoCs
pid Process 6016 regedit.exe 3860 regedit.exe 2524 regedit.exe 2172 regedit.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 400 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4380 MEMZ.exe 4380 MEMZ.exe 4380 MEMZ.exe 4380 MEMZ.exe 4380 MEMZ.exe 2600 MEMZ.exe 4380 MEMZ.exe 2600 MEMZ.exe 4380 MEMZ.exe 4380 MEMZ.exe 348 MEMZ.exe 348 MEMZ.exe 2600 MEMZ.exe 2600 MEMZ.exe 1016 MEMZ.exe 1016 MEMZ.exe 4380 MEMZ.exe 1016 MEMZ.exe 1016 MEMZ.exe 4380 MEMZ.exe 2600 MEMZ.exe 2600 MEMZ.exe 348 MEMZ.exe 348 MEMZ.exe 4380 MEMZ.exe 4380 MEMZ.exe 348 MEMZ.exe 348 MEMZ.exe 2600 MEMZ.exe 2600 MEMZ.exe 1016 MEMZ.exe 1016 MEMZ.exe 2008 MEMZ.exe 2008 MEMZ.exe 1016 MEMZ.exe 4380 MEMZ.exe 1016 MEMZ.exe 4380 MEMZ.exe 2600 MEMZ.exe 2600 MEMZ.exe 348 MEMZ.exe 348 MEMZ.exe 4380 MEMZ.exe 348 MEMZ.exe 4380 MEMZ.exe 348 MEMZ.exe 2600 MEMZ.exe 1016 MEMZ.exe 2600 MEMZ.exe 1016 MEMZ.exe 2008 MEMZ.exe 2008 MEMZ.exe 4380 MEMZ.exe 4380 MEMZ.exe 1016 MEMZ.exe 1016 MEMZ.exe 2600 MEMZ.exe 2600 MEMZ.exe 348 MEMZ.exe 348 MEMZ.exe 4380 MEMZ.exe 348 MEMZ.exe 4380 MEMZ.exe 348 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 8 IoCs
pid Process 3984 mmc.exe 3796 mmc.exe 2524 regedit.exe 4248 mmc.exe 5312 mmc.exe 5012 MEMZ.exe 5768 mmc.exe 9100 Taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe -
Suspicious behavior: SetClipboardViewer 4 IoCs
pid Process 3796 mmc.exe 4248 mmc.exe 5312 mmc.exe 5768 mmc.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: 33 3984 mmc.exe Token: SeIncBasePriorityPrivilege 3984 mmc.exe Token: 33 3984 mmc.exe Token: SeIncBasePriorityPrivilege 3984 mmc.exe Token: 33 3984 mmc.exe Token: SeIncBasePriorityPrivilege 3984 mmc.exe Token: 33 2832 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2832 AUDIODG.EXE Token: 33 3796 mmc.exe Token: SeIncBasePriorityPrivilege 3796 mmc.exe Token: 33 3796 mmc.exe Token: SeIncBasePriorityPrivilege 3796 mmc.exe Token: 33 3796 mmc.exe Token: SeIncBasePriorityPrivilege 3796 mmc.exe Token: 33 4248 mmc.exe Token: SeIncBasePriorityPrivilege 4248 mmc.exe Token: 33 4248 mmc.exe Token: SeIncBasePriorityPrivilege 4248 mmc.exe Token: 33 4248 mmc.exe Token: SeIncBasePriorityPrivilege 4248 mmc.exe Token: 33 5312 mmc.exe Token: SeIncBasePriorityPrivilege 5312 mmc.exe Token: 33 5312 mmc.exe Token: SeIncBasePriorityPrivilege 5312 mmc.exe Token: 33 5312 mmc.exe Token: SeIncBasePriorityPrivilege 5312 mmc.exe Token: SeShutdownPrivilege 400 explorer.exe Token: SeCreatePagefilePrivilege 400 explorer.exe Token: 33 5768 mmc.exe Token: SeIncBasePriorityPrivilege 5768 mmc.exe Token: 33 5768 mmc.exe Token: SeIncBasePriorityPrivilege 5768 mmc.exe Token: 33 5768 mmc.exe Token: SeIncBasePriorityPrivilege 5768 mmc.exe Token: SeDebugPrivilege 9100 Taskmgr.exe Token: SeSystemProfilePrivilege 9100 Taskmgr.exe Token: SeCreateGlobalPrivilege 9100 Taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4788 cscript.exe 1560 msedge.exe 400 explorer.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe 9100 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 5012 MEMZ.exe 1076 mmc.exe 3984 mmc.exe 3984 mmc.exe 3304 mmc.exe 3796 mmc.exe 3796 mmc.exe 5012 MEMZ.exe 1848 mmc.exe 4248 mmc.exe 4248 mmc.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 4684 wordpad.exe 4684 wordpad.exe 4684 wordpad.exe 4684 wordpad.exe 4684 wordpad.exe 4684 wordpad.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5300 mmc.exe 5312 mmc.exe 5312 mmc.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 6240 wordpad.exe 6240 wordpad.exe 6240 wordpad.exe 6240 wordpad.exe 6240 wordpad.exe 6240 wordpad.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 6296 mspaint.exe 6296 mspaint.exe 6296 mspaint.exe 6296 mspaint.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe 5012 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3300 wrote to memory of 4788 3300 cmd.exe 81 PID 3300 wrote to memory of 4788 3300 cmd.exe 81 PID 3300 wrote to memory of 5112 3300 cmd.exe 82 PID 3300 wrote to memory of 5112 3300 cmd.exe 82 PID 3300 wrote to memory of 5112 3300 cmd.exe 82 PID 5112 wrote to memory of 4380 5112 MEMZ.exe 83 PID 5112 wrote to memory of 4380 5112 MEMZ.exe 83 PID 5112 wrote to memory of 4380 5112 MEMZ.exe 83 PID 5112 wrote to memory of 2600 5112 MEMZ.exe 84 PID 5112 wrote to memory of 2600 5112 MEMZ.exe 84 PID 5112 wrote to memory of 2600 5112 MEMZ.exe 84 PID 5112 wrote to memory of 1016 5112 MEMZ.exe 85 PID 5112 wrote to memory of 1016 5112 MEMZ.exe 85 PID 5112 wrote to memory of 1016 5112 MEMZ.exe 85 PID 5112 wrote to memory of 348 5112 MEMZ.exe 86 PID 5112 wrote to memory of 348 5112 MEMZ.exe 86 PID 5112 wrote to memory of 348 5112 MEMZ.exe 86 PID 5112 wrote to memory of 2008 5112 MEMZ.exe 87 PID 5112 wrote to memory of 2008 5112 MEMZ.exe 87 PID 5112 wrote to memory of 2008 5112 MEMZ.exe 87 PID 5112 wrote to memory of 5012 5112 MEMZ.exe 88 PID 5112 wrote to memory of 5012 5112 MEMZ.exe 88 PID 5112 wrote to memory of 5012 5112 MEMZ.exe 88 PID 5012 wrote to memory of 2596 5012 MEMZ.exe 90 PID 5012 wrote to memory of 2596 5012 MEMZ.exe 90 PID 5012 wrote to memory of 2596 5012 MEMZ.exe 90 PID 5012 wrote to memory of 1560 5012 MEMZ.exe 93 PID 5012 wrote to memory of 1560 5012 MEMZ.exe 93 PID 1560 wrote to memory of 1064 1560 msedge.exe 94 PID 1560 wrote to memory of 1064 1560 msedge.exe 94 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 PID 1560 wrote to memory of 784 1560 msedge.exe 95 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3300 -
C:\Windows\system32\cscript.execscript x.js2⤵
- Suspicious use of FindShellTrayWindow
PID:4788
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2600
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1016
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:348
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2008
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5012 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
- System Location Discovery: System Language Discovery
PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:25⤵PID:784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:35⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:85⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:15⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:15⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:15⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:85⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings5⤵
- Drops file in Program Files directory
PID:4924 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff7a0c15460,0x7ff7a0c15470,0x7ff7a0c154806⤵PID:2268
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:85⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:15⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:15⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:15⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:15⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:15⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:15⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:15⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:15⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:15⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:15⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:15⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:25⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:15⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:15⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:15⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:15⤵PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:15⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:15⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:15⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:15⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:15⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:15⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:15⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:15⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:15⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:15⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:15⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:15⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:15⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:15⤵PID:5216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1136 /prefetch:15⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:15⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:15⤵PID:5392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:15⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:15⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:15⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:15⤵PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:15⤵PID:6084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:15⤵PID:5380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:15⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:15⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:15⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:15⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:15⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:15⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:15⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:15⤵PID:6684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:15⤵PID:6824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:15⤵PID:6496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:15⤵PID:6604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:15⤵PID:6476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:15⤵PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:15⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:15⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:15⤵PID:6956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:15⤵PID:6188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:15⤵PID:7080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:15⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:15⤵PID:7532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:15⤵PID:7976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:15⤵PID:8152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:15⤵PID:7716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:15⤵PID:7832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:15⤵PID:7860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:15⤵PID:7088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:15⤵PID:7388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:15⤵PID:6168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:15⤵PID:6200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:15⤵PID:7664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:15⤵PID:7724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11332 /prefetch:15⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:15⤵PID:6236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:15⤵PID:644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11768 /prefetch:15⤵PID:8480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:15⤵PID:8584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:15⤵PID:8564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11872 /prefetch:15⤵PID:5628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11840 /prefetch:15⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:15⤵PID:8376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:15⤵PID:8660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:15⤵PID:8368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12480 /prefetch:15⤵PID:7660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11856 /prefetch:15⤵PID:7856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12320 /prefetch:15⤵PID:7060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12296 /prefetch:15⤵PID:8912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12268 /prefetch:15⤵PID:8476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12824 /prefetch:15⤵PID:9252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11976 /prefetch:15⤵PID:9952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12992 /prefetch:15⤵PID:10056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12912 /prefetch:15⤵PID:8968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13244 /prefetch:15⤵PID:9636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13148 /prefetch:15⤵PID:10216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12956 /prefetch:15⤵PID:9348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12648 /prefetch:15⤵PID:9844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12920 /prefetch:15⤵PID:10072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12916 /prefetch:15⤵PID:9796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13736 /prefetch:15⤵PID:9916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13932 /prefetch:15⤵PID:9208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14060 /prefetch:15⤵PID:9060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14144 /prefetch:15⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14244 /prefetch:15⤵PID:9184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13480 /prefetch:15⤵PID:9960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18288004339642688353,547144662744665216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14288 /prefetch:15⤵PID:6420
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free4⤵PID:2476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:4940
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection4⤵PID:1576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5080
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1076 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3984
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays4⤵PID:1296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:4648
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3304 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3796
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"4⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:2524
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1848 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4248
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download4⤵PID:1172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5112
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself4⤵PID:3644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:2192
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed4⤵PID:2436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:4124
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"4⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:2172
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"4⤵
- System Location Discovery: System Language Discovery
PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real4⤵PID:1220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:2640
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/4⤵PID:2576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5024
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4684 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122885⤵PID:2372
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b454⤵PID:5408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x140,0x11c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5420
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"4⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money4⤵PID:5944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5940
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5300 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5312
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20164⤵PID:6068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6100
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download4⤵PID:5552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5536
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date4⤵PID:5184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5128
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download4⤵PID:3028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5348
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"4⤵
- System Location Discovery: System Language Discovery
PID:5740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real4⤵PID:712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x90,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:1792
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed4⤵PID:3688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:2020
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/4⤵PID:6616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6632
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date4⤵PID:6360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6412
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real4⤵PID:6332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6336
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"4⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:3860
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download4⤵PID:5432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6224
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download4⤵PID:6248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:3808
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/4⤵PID:4276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5532
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download4⤵PID:7912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x120,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:7928
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date4⤵PID:7592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:7560
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"4⤵
- System Location Discovery: System Language Discovery
PID:6912 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:5768
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date4⤵PID:7596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:7588
-
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:7284 -
C:\Windows\SysWOW64\win32calc.exe"C:\Windows\System32\win32calc.exe"5⤵
- System Location Discovery: System Language Discovery
PID:4976
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection4⤵PID:7192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6868
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20164⤵PID:7524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:7996
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system324⤵PID:7180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:7012
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted4⤵PID:7916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:7236
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed4⤵PID:8416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8432
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:9044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection4⤵PID:8392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8472
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"4⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:9100
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:8588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted4⤵PID:8204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8220
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi4⤵PID:9076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8528
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt4⤵PID:5416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x144,0x148,0x120,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:9008
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection4⤵PID:6532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8568
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/4⤵PID:8664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:2516
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser4⤵PID:9888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:9904
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20164⤵PID:9512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x11c,0x148,0x140,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:5296
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download4⤵PID:9596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:9548
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp4⤵PID:9316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x128,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:6384
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"4⤵
- System Location Discovery: System Language Discovery
PID:9668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free4⤵PID:9472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:9488
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20164⤵PID:9476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8856
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money4⤵PID:9708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8320
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real4⤵PID:8140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:8688
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20164⤵PID:9344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffeefdb46f8,0x7ffeefdb4708,0x7ffeefdb47185⤵PID:9184
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2408
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2cc 0x4201⤵
- Suspicious use of AdjustPrivilegeToken
PID:2832
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:4708
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:400
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:5544
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:7004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD56c9a361d2b89577c60d17f2c9cb979c0
SHA1e9d57434981a25f812cffc7791489de9ded9ec96
SHA256d39844144ef9b65ab067103bad5a39b7eed275e000b905b4425ec0e0519f32bf
SHA5126525835cd7dab7e2dee07c659a5eefcdde02d581863d4b1ef8ebfc73cf7a1b011a9a442e47695398e36525c77267017d20363249fac7c340026f7740e637fe24
-
Filesize
152B
MD563af7b2048710d6f167f35d94632a257
SHA1812c8f140a72114add2f38cab52fd149ad8bdcfb
SHA25615aafcc88226b6178e02a93858555ca48fb205ae317815ce31aa547555329046
SHA5120519b7dcbce66aecefbd2aaea6120c0da213d8bb3e00a7599bf2e390bee3f643baf952cc553766f8c2779fe9fa303570a56a8c846c11e2fcf9c2075c1e41ccc4
-
Filesize
152B
MD517ce65d3b0632bb31c4021f255a373da
SHA1a3e2a27a37e5c7aeeeb5d0d9d16ac8fa042d75da
SHA256e7b5e89ba9616d4bac0ac851d64a5b8ea5952c9809f186fab5ce6a6606bce10a
SHA5121915d9d337fef7073916a9a4853dc2cb239427386ce596afff8ab75d7e4c8b80f5132c05ebd3143176974dbeb0ded17313797274bc5868310c2d782aac5e965f
-
Filesize
152B
MD5ced4aad7256ce749edd2ba28023150e4
SHA1c825c10448eb3b94e532b3023ae199c925ab1602
SHA256c4458e5a2c81ec9941dae0361a0fe791dd6b9cb26dc824259ab33f450d31bafa
SHA51230d4cab4d89a467b9a0c9395e0d30095619800682586ee3616ae1c0f146b2beacf264245952bc7e9d5bb0fc14290cdb2dd6a00f4b9b8e28aa338fd98a9a365e1
-
Filesize
37KB
MD5ae2b5e6fd36c38beb90ca24ed95ddb5d
SHA1b447190bb67f2a881b718f6cc70a136d698fc5fd
SHA256cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136
SHA5125bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8
-
Filesize
18KB
MD545f4d9e7d2e260e8288babc1c6509235
SHA100b2ff2b04aeae39c3a1acd010c8814bf9f775e9
SHA2569e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7
SHA512f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9
-
Filesize
47KB
MD55b611912157812382ae02bde399ff48f
SHA16089fbf66004233d7f64b590c883156200df8c54
SHA2568495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1
SHA512357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707
-
Filesize
59KB
MD5c6b0f95171fa2aa59458f9c82f36fa41
SHA1203e9f34c6b963cd318b7eaa65d35b036a88fb5a
SHA256839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322
SHA512da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1
-
Filesize
46KB
MD550e7c652cf5d57d97906cc8c89cccec8
SHA1b44c48b98c90686ac69762412e87099693cfe308
SHA25617fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0
SHA5125b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668
-
Filesize
46KB
MD5baff94c63010c402a48da7cb2ef08bf8
SHA1a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407
SHA256517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf
SHA512d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4
-
Filesize
32KB
MD54956a5a7644eeec3c23c11c34eb8d8cc
SHA1a5a07b734e130facc24e0d45b3931d23c4858174
SHA2560cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5
SHA512bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e
-
Filesize
84KB
MD544b04e0fb01ff7fe77d0754a1c9567fc
SHA160c45119cfc6bc3a3d38d7566d7579cc23790dcb
SHA256052dd7af1345124d893b13f98dda5087751cf2e0e6300106509fbbd846a20018
SHA5120cff7e07115e35cdb21691851cb7946725ee3943b51b1e76b37e85cc95182fce7621286c26490fe2107d133330ed707c2186ee090cd00545346fb858eca84ce2
-
Filesize
125KB
MD57ac6764268ce17bbe20ecbe805a0aee6
SHA10c33c0dbbf22f3151a28064a1fdf489a2ed3e919
SHA25678f280f4425ed6a51f7abb42ebe9e981fce27b577383fdcd12d44263785a6fd3
SHA5120f69d231db4d99655145dda6d3906a4ac3f7bcd7efda22939829ff5fd09834547b817a979cc624b53cb7ee5998ad25f85167906ce630f20e76bf0e16ecbf5444
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
28KB
MD51752326ce45c039f4c5e81ea24c27c35
SHA14a22a9151c3c94d170cd3d23659e8e1a5a6f0070
SHA25613dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad
SHA5127ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08
-
Filesize
127KB
MD5520353fbc949033860ece7b86d3a57c7
SHA1feeae42058185879e098b40070c4aa5f8612052e
SHA256a596f9206af3006ca687bc7f88c49f6a039da60b9776dd147d2b7dbbfd65fd42
SHA512c036a356607fcd32e7330bb4e4de876b9245d2a2b155f26fa26fbc8c41f04ba2f450d54e40136049d6f863f57dbbc8b0334149753522ca4da988b2fd708a6f42
-
Filesize
55KB
MD568ecc58a934636e32b60461c4ee4f930
SHA18e8f1a3a09f4ea7aba307f4f23890eb0f867e4c6
SHA2568b61d8c123333fd1cbb0eb7aa361ef2220efa43dd08e13747b68d311de4810f1
SHA5127d4c8d057a8fae7168b6748a0179d46a0fac5c530b9747941aea29667d07b2a9d142e1171a63eb6bf9219906313ea3e283c3fc2803b534b7a782a7a284a8dfdd
-
Filesize
215KB
MD5d474ec7f8d58a66420b6daa0893a4874
SHA14314642571493ba983748556d0e76ec6704da211
SHA256553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348
-
Filesize
19KB
MD5210e9767b38abfabfdf6fd84991ed2e4
SHA1888a823752f83cd17294818027f9d6b1d20ce9af
SHA256cfce71ad1afc9ed623c1a0596938966f9bfa9220fa388b3ab0dc430ca43c170a
SHA51238e2847ba3765f79b8d24f739d34a6b1a5d1b148546837547325537506b259c6d4f2fc6ce3f102e198f4e194a7a2f5c07280a6fa945c93fb34aa85c44fc551b2
-
Filesize
415KB
MD54132194280f1a54f8a7fe1b20ad39999
SHA172348b4886823f1443aed462712084537f1f3db4
SHA256a03988b6e442a20da6a82055e4290248c7aba215b03b7ee3e7b643b30d18af1f
SHA512408b8543a4bbbc07095a887f111cab1c5636d9552ef9fa76570436ad0debdc018b341592118fa44007ff5f916fc3c375664ecf3822dc3192404411f1dd01b61d
-
Filesize
288B
MD51ffbd3bd2bd1df8fa8c91ce2f7fb49c7
SHA1981fbbd40ce88f5ff83f63d637210a68e2918a07
SHA256b91532120db753d2b0246c82ac5eb3cf579713bcc2273bbd54d2642ab50b64fa
SHA5127238b5103bdfc8c68371819ce70e931171738f83b88714ec3b93e96a01503442bf52a5c05ffe4db1fb7e15fb6eed5750852f603dfcd46659067d6ac42ce91bc0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD5eaa46f18fc90cb0b43194e4291d5ac07
SHA1e5bb8cc14c8531c99ac6436d968f8512bea87fc9
SHA2563c13ffcd23f2b5ca818e8eaa8bdb48a691ea479fffc9f1687ef31ac5c1c37e62
SHA5128c3f6cefccf7ed035da84d2755f07fcc6c7974d6ff390f0c2ca0f9591f8aabb6105ed5ad1dd48e1dc17a6f53282b00d032d968debc4ce7325557f3cd551b0c76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD533d290009c74e3a73c212bb92dc12b72
SHA16823e3ca3b839508f53c3060176c4d8416b05fae
SHA256379b714afdde00bdc711efacb39abcb9609c627ca1537d1ddcf6f7e1acfc8352
SHA512a49c8dae4d6617df67e10d44329d5d26c5379d5e60182651288f6721bf44534db2bc6f5afe54be55b71d0e46fb097ecefda66205e9d09d5f2f69720f9bc61dc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5663cec1316b94685a325e5e96f98bfb4
SHA1898fc0f49936bd201efc8b1545c99473bf6a64ab
SHA2565193f7528bc274170d957871b024d1af456550567c0f50754891aa3cfe134347
SHA512657e3aa8e9494193b4add622b225a5a04c867d1a6289ec6c9c6471817618ef98f7dad525f35b57848be70bf2161521e824f1682dd0cdcb2fca670327fa242a09
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD5fba78d5d2f0adc2d21739671d43d5594
SHA18b38185becbefc81b7b49672343e116b86172fa4
SHA256452534cfe8c97025c4593d303ca45007c1479ae857b91e295eb19ad82df9d602
SHA512e4ca568a7e3b7e1f330ac0d8325712bbae6d71f6c0d5500187e9c45ad75412c66c5368d3150d652134aab9ca7435a63077cd26f4947f8a7f24f246d4d9297ae6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize480B
MD537ad47fd85acc6307a4e32fc7441e79e
SHA14c85ccb780079c7164061efb922bced7373276eb
SHA256fc726db504819d77450df85c1ae28ff1d4649670f390342ff28cf14ce8d28a2c
SHA5126d86505e6b598843ae8ccb66b8ce585c951b13581bd00df25a9c263301f31da1cef504c775217706e0afb120fe7cbd90da3370f19b3bcf2a7e584bb1694a027e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD55662b5f9e2afa7fd45f042c5b2f6acca
SHA1a6f5ce7fe0e913b39a7c191d889c327c6f58d748
SHA256ab966568fb739d2ebf5b6022bfd001dfe9034b46afbfe74477206b385e1da802
SHA51218bb2e51a807e804fd784e980acab7c66fec52b7a50d7740356a5174831cf3c578e00d52a4f59aebec28478d94779015e16c2a4a93fcced8df9b6106813d1198
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5e71ee36640edec3a3875876811c705ca
SHA1ff9aa544b82ed63adec989d489253a837ac9d738
SHA25604375200d12ef48960007b0e63765750968cd32ee42fd0e11e799c1660d82cf7
SHA5127c6321ef584a3cbcd193868213f2d31157bcc43cf9576ab2c97018f77bf4642d352ab09ab9bc72caaa360ba1cc4d4df81ff854016bfa8f87bc36175e51adbbfa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5017d30f864c3b293123339c1fe814c08
SHA166edef7cc28122f2bb0e888027825993c0b6c7bf
SHA2563e887c6cd0dd5f6e69a8198fa7f99e39e06ee3fb34f0ee7e65d8c961a7dc24af
SHA512dced30538a0122c69937bf1e692f57c60cde78c8042734e103bf2142c1c2e92aeb0dabdaa2a2f66ac187148eceabde08808f1faf7f50567b66cecc6bdb0f36de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD5150c0e280571b56c54e32970dfabb326
SHA10091e32034965d21470f2bf76979ce99b9a37ec9
SHA2560285400e1036ec9f072b627fe861df3fe4bb8d9cd9f33a55314ae96e7af72c43
SHA5124d4e273dd74d708127f28493abd1d60a59519c439b2dd9e9b2b87576eede7a75d5567aef4573f6ae8a9c0f5e36f9f60250f2213898fc53cc57ed042bee34292a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5305c52ce0da35862a22d184d3915d6f4
SHA104483b594ef00d489f61ba00fbbbf69ef380fac4
SHA2563cb372241bd8e3d83778f0a8cc2420cdd0e75b585fd2ea99ab0937ddc247dea5
SHA5121092f52372243dfa9444e33e1107dfc28edcfa569386bf17e9e8713762dbcb6853ebce112e2fe7ba74b4c5f6f526369208a5481e00335552810433f423547187
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize960B
MD5f9981b1f935733e83bed4a46ec32a4ee
SHA1783204007b90abcb40415ccebfb861cac0b850c3
SHA256357b923252a5e40dec0a40c7ccd494f91e1f85876da4eca858f7e07b4acd77fc
SHA51249a5086610c88dee18d5d4cf912c12cf277795e5a2a304f15e01523ab746a6c1b1ea0f0dde0a9c7309ff99bcfca3fda9987d98a8fa84507e476d9570117ef243
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD528d8911997f966309c1fb15b6c680acd
SHA1e123b5f2a6f2a7812652d25aa4ec595459052e76
SHA256bca8ef90a5b7e6f1f4e13576fb38b070b9b7fa7d332c77b1a0929ebeb81b9fe0
SHA5129ab9a35e62426f39dd564cc33a0333f2870ee7afcf27cee450a8f7ace47ca6ebcec072a82bbcd93e0857e7bcc50fb741b3152b045bb5295bc6ecb7c47aeebdc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize960B
MD58a83ccde5850c2de5f83a4fff734668e
SHA16a0f794c594fa636148f18c7b2267f213710b9ba
SHA256cf8316f86d26e7001db33fac2b7c35fcb84e202d6fa4223dab3d2ec91200c75e
SHA512036a372e65cafd99df1bdd1422e14719f3e3e2edb7f47349a48efd82a1d7fa9da2036dbdf76b7de07b9fae86f01a74c10f563120ea68b404037b381181709149
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize960B
MD51ff5e2513f115b4f767a58d688641ba7
SHA10525cf462bbb1857c5c7ff7256d53fae101e46a5
SHA25676dd6b9b96ca7734c81968074a7292baf699c3780a8b32e5a3eaaa92adacfb3e
SHA512b6d3cb1f0cb6412960e239b4db4206d520ffc89d2708bf684ddf6ce2ec1ba42d108ae73d287588acb6314febce0a933d0eea57f7635835bc1111abe9d339506d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize960B
MD5646f6fceb072ca4c8164edd7ff19876d
SHA180c0baa4429f9199474514c1ca85b315a828ef46
SHA2564e400ffeb8ef64c25a8e03cec16653699666555d813ecbb0cbb1e01246a705c1
SHA512f2eb87de3a1f0d89b370e52e0f12b36fbbd50b9ccfe9101a5c5cbb87cef468052f5907269113e643f2138719cde8b7f97981a30b6c5c80717e12ed9c86231467
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5ba419a335221083283ba114d7b08525b
SHA163c89a651ef498b1f9e54c3feb99f6587a983b6e
SHA256f84a7468e4a84d83ff12cbf186a72ba4bc2045fce48037408f553fe96bb6dbf5
SHA5129aa65c6acd33c943b7eeeb2ba19a8c73483ce2d44f4d484ed16d8ee8d30958c01624a9c2bc750f392641f55ff2d5ecf5d5fbd4f51665f763c467aa1d90409f4c
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD50725f9ea6afddf46396a3acd2a6f5023
SHA1257204a56a40727ed96e83a5e87471521a1c4fa5
SHA25656b33b2995b8c3d5fee892043673264a85881c14160f90abda50b8b0d2669439
SHA5125799a3b8c4ec55f7809d0ab62068f01ceacb25e9670f1c5b7b3f584d484044824565a7698fdf2104b013589de06dd4a07ba2246a1f16db4490af072168a200c8
-
Filesize
3KB
MD5a08a8c46331ef41bf3ca6ab408f4d78c
SHA1a5e0471f9a27e2ac3632d8bcfb5d941f751a6c7a
SHA2566afdfab14e8e1b0ab1b1ac36cae1ffd80368966b4245d840eb4fe582479943ee
SHA512725854e20337269801429b4806bb9072c9ee9517d0f6f355f21e30bb55b64fb77261e1fc26d63773e7c64a3b0ded995008ae7f5f41e38893053edb8e05d7af2e
-
Filesize
3KB
MD56afd3581f4e1c957c09c43bf4a0ebe28
SHA117d98fdcc909615691dcf7c4407f92d2da22d988
SHA256d7fa04c4f47fcd6d2570a7538f75cd757ea144b8698fe40f1391f84f077066ba
SHA512b306c943525bbf6eb31e899a2289abb365f4d84cd041c8041fb5cfa4c92d71c223963531df48946a6caf3b102a7a3a548a91925964562f44486284702dce9052
-
Filesize
2KB
MD530d1eeb364f1eab894cf37173bea4030
SHA13172dcc71f94bd69d6180e1747c306859a5aee3a
SHA256f622ec1fe108d143c33a2a6074e3cbb109543e1c2174ec9c2d597666e52e026a
SHA512b5468ece7e38e17f7092ee6965994917354d749806d5908850e46aa7fb6c747f5907138e64af1b49205f1502b3c7f325ca18f47e7e7860b61030b521c9d90880
-
Filesize
2KB
MD5e9206f4a7ab800cd6e354f405b1cd451
SHA1a5cc953fab613b3ae74d1d572d209971f989aeee
SHA256972e8b8b2c8fdcad00d49190cf63f76f90fe787acf0866a7eb12a2f0094932c0
SHA512e85cf6188281bf9ac46178b0c37330c260c2bfcbb09f3db73bfd9afd954ad88b74489117d5d719c9771e851cb384ccc7e7b8e67c6f0f71ce22248b9a59e4a825
-
Filesize
3KB
MD55968d1d3611be0b7b8dd5a90e944370d
SHA1f0a1e4e60337cccef074bdbc718b14bb80ab41d7
SHA25655cba4712829004ba9e02d9ae28694e19da9ab02f27dbea657b7dd124b178804
SHA512757ddc4819a3162b9e9465431ed95c7f4a722ee215c132d42a35fb8d90c0d74b4fa9ba4b730e7a575e245284e4c2a26ba7716d05fead877062356472b4a1a33f
-
Filesize
5KB
MD5a4c213d5e2fa3ebc857f0795a5a0ae06
SHA1fac59977f21cad609fd08167090ab77cc0424920
SHA256f8912e4bda92b89b7d01d001424b183524b0dddbdfce99a5cf761e4c74cc12f2
SHA512638205a4a2721fac540d5aeb94e7bf91651d0592bf0a87ed731b265141229a24eb168e9ab4993cca5d342ab3225884f64c5d6d35737a088497950f382f9d063c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe592011.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
6KB
MD51aa85a1afc3ff2d0d15094128c8efbe7
SHA1b2013ac1f76a8a80fc7482bc4d70a9a3d5252f6e
SHA25660218991febc220de1dc90ef03a870f8d58a2b4d806b4a266a3aa9019b4e1a2d
SHA5124c95a90af3338a3a39068cb8ee6f63fc79986eba002992528a42cc639e633e92fd392d7ed9a1f28e17ca1373f6efeb12bc2628ddfc1b6c682db9f92130044ab8
-
Filesize
5KB
MD5d9636daaedbf499d7a3e1642e5d407bf
SHA1bebff0cda2d615fccfcfc50cb78c4548cfabd926
SHA2568611d7cdb61c8c5023229ef49d46b402079b1c6e69236eeac1795d49962ee481
SHA512c628a9820193412dcbe2f3ae80fa13130ad54875a533bc28ce7727ead0d11d00c4ccf06f398e95a6c3b7ea01d984cae7a006222181a1753e26b87cfc5b5044b3
-
Filesize
7KB
MD5b2469d637243dc3b19f4311b79cd4081
SHA10291e24de289068a16c06561bc24b213f8321369
SHA25643ffd487a87c1e3f0d42cfbfae65a626d606d8eb6b11e9e30353cdbea76d8067
SHA5124855c820c91f9a02d476619411fe7eb5f719b5c12545e9b84096dff2578ce192401a2e41a338d394ed74da4ab5c75bb87612ffd566a0de318dd8508a41ebd2a0
-
Filesize
8KB
MD5058ddfe5d6e74aae0ef4ebe14c6a22a8
SHA16bd6f403548fe99676c46cb23a11ee48e2fbd29e
SHA256de3503cc603117d15ef6c9a97affa503191b9ddc286eabc003d5b77aa8e585c7
SHA5126df7a05f1b8740bc7d34510a036d705f84a8fb19483fca0d7c837bfc944f00f38873b590a52be651e9f27edfd0ca3d96717f5039ab9a80fa3dad27ce65806a68
-
Filesize
8KB
MD5998f53849edf084ae5dff84aa393f2e0
SHA165b449a0072430d928b77edd089d919fc089acc2
SHA256686687b968bf417ee1f56ce7a7502bf6b927d6a63d6fda7f5bc4f0259cb8dd23
SHA512502f06c7578d161f101d21c265561aa4ff7c6275a1f1000162657c7e47a92ab99beec77c12b129f861dda03d2333cd26c2faf328b194fd25ab30607ecde135e0
-
Filesize
7KB
MD560239b4e7b203907120d6e42cf3b2f29
SHA135d88768bf4aa18c64affec8b901bc262650897e
SHA2566436cd48bdf2ac4b538e210328e2184b7b3add3d8394cf9a272cdbd3a35cf1c1
SHA512d8f2ddc8deaeb58cebb06ea45a61f07015357e1a0ddfebaa384a9c925411c4e0990b8000bd92be97899f2b4be5778736ec2591d46db0114c0c10cef054c86913
-
Filesize
8KB
MD5ba7a7acd4a8ef1f45f7a18a714d89af1
SHA1440b1afed1d1cb1088201ed69d867aab5fccb8bb
SHA2560ebf6d13e4eb5759d73bea0c819846913d52ff1bf96b4434e78a291b2a3cd83f
SHA512dc8b16a946bcdd251a5ce0ae7ade523c9cf3d74c412e55969987aef4f164436b4d9d1afe844663555305411530288af1323731100dbd544921c3497dcd6c8d68
-
Filesize
8KB
MD530d41c26340bc3ea217e8179820c7eb4
SHA1f9f4f6ecd05e46e660f46523a5c86029ce14f69e
SHA256123b58d5ea3eab470b8b9193a55769fc2c5cda86217e00615fe54f59f6b34c7a
SHA512969eeeb5ba0a19fd6a7d25c87f2fc67cb9ee80ee084ef26b76c5c526244a64b620c8210e4bb2b9136d35d0e69051e7343682a7229ad549feb7b71b6e7b26439c
-
Filesize
8KB
MD514e95430df11f4486879de4e72674a3c
SHA1cfe46106b3fecb9eb8f557ee3fc071f752024406
SHA2569280d5e2d60372536bfce4850fd7c54772a0abe561e42dee537fc0660cbc9f23
SHA512dab1490ca3d9668434da1fef461616868ea597a739174bfddc87cec0b33053bfb4bf280ed488dff11096659acfe42c5bdd00f2429cc4512df650e844394a58b1
-
Filesize
9KB
MD5ea0d79fb863ff4083ed8357b8c923dfd
SHA13ae2476ed5d8ccd0060518870422f878bde37be4
SHA256aab0029e86f21788f21e83cd026f506946caac357916bb92d319b0ac57903807
SHA5122b00bc08877939f9621e98118f01c8941f1caaf5d2b7ba6401cc5c3b4faf4bc95d5a4a9849b0ac735dc7cae9a17808d4f1db4ec3827c57f42a60d8039d6cf388
-
Filesize
9KB
MD51c729e885df9d1302449240ccce1441e
SHA1702ec71330d566015b0d37a996a2cea26d792ba0
SHA2565126081bef8f241c29a73f1538ace95d9b19f6dda76fbe0ad54220c7cc492dd3
SHA5129c9eca2d50bd6af1e156165f2f2a1da8b5bbc7f23f21baf56bf8b70960a5c37abc5bca54fe21f329255237ccc027bf8cbe334b1c7516ffaced5fc894fc77aa91
-
Filesize
9KB
MD559034329dd6daef168448694ff494fcb
SHA1d22aa016a91b7f9d3a5018ef44392caee1e1ebbd
SHA256911fb903efc7066ef29a0b86894fa7e1fb6872c74dfa0e36b72d4edd6aaa090d
SHA512903556a0ce59f836c306e0e7c52efda2303850f063efa1ced2a4bf1bf50b944147af2e70d6309e3ac9829aed4b6fb0879f26b2ef8caf3dbdcd31b26070bae22d
-
Filesize
9KB
MD5672cd95713d960742d542995cdf26863
SHA13c55ecee872294f5b56c91cf8339807053c73ebe
SHA25652e583a0aaf69b197f897470d46a53efff55a751ee0e87b365451da08afdb070
SHA51269158a36475d31b1464f9ff2bf3d4c8838c8c2dc20fdc24d2e7f41dacae11b8e51bf4e0f4e775a6fe032452e98f2a5feac70b9e2698ab3d84b1958489e499ada
-
Filesize
9KB
MD5e4e87cc50de2e5861f925ddb00fe46db
SHA1b0c8038a6782c20fa1a6e7422178b0be17d00ac6
SHA256ec2cbae41c635809a4dde1c8b8f4721900d84f4db952e7029c7206eea2d6ff51
SHA51207a0d6d9279a1db8354b58be13a45581ef68a01c5decc0c4cca687b107e88f2cc229971572e5e2e0b8935f8071597805552657aec2d2a6a0e1feb5132af1b770
-
Filesize
7KB
MD5c55a096b2ca8554380604dd12a58be53
SHA1c74c6056190e30f8362ba4871338ba2cef65f499
SHA25610ff0a101761d4f4bbce68e4f41c1edac2940985fc33c3082fbcfa92429db48d
SHA512d3b23d6fb951f557b16e834d962ed673b8c1273178f6cd2d9fc5b0e312f1a6941babe9b588bc3de2a9e16f91038ae4e3c1705e65378092831ea49f6cdba20cb6
-
Filesize
8KB
MD51e37facec23fc152cf5309d47b0ac8e3
SHA183a4f36f2dde3c58f9fdca3ba01c70ee41ce4c24
SHA256be72328d878f1b1ccbbdb99fcb7a79d2058561e610fa0752cf35836a2aad9cd5
SHA512f44120d8b236c575d5f12a8bccb389b4c41ff1b7bba20a6fc7798332a7535b2d1b485ab02282941e9504905af1ccb5e04d654e87fc24c186b458316ad85fd097
-
Filesize
8KB
MD5f61aa030fecbf73f6800c8c5f552676e
SHA1938e6e63a25a4f0b899940411c011092a2467075
SHA2561ea32e320d8993db7cc97b6b7c6b767a9be8a9bb670e0c3173a3ac4a43daf555
SHA51249d50fdd3abafa2c3d5e850faba59fe1de83b810a7493bcf65db017778666b4c49e087ec2aba3f5844faff52a0ace9f91a0e5d6e7a925af130edede74468d676
-
Filesize
9KB
MD5062b4f646552abb8a15cb37c279f63a4
SHA19bf18b09174981fb4148def3a8f2b0b8365d458d
SHA2560d1910478cdb74f3fddc0fbf916cc64e2bc32f0302d3429679c6d90cb1e36abf
SHA51205650d2710bb16c54773372e135a0d3829e69b4c4e19f9a7514415abfce305becc3231929b04ec3cae7fea9c22f44de523c2dc0d0eb9870adf6da697af0ba097
-
Filesize
9KB
MD5bf0683fc13253b6d12094efa8cb7fba7
SHA1c888c566494879ccef56f94119369251b882f264
SHA256a3aa5fed16b1c424df799661c6272da075c3ea93ca7b282f7ef5e7234da82475
SHA5124f5f822dcbb09d35572beda63a1d377cb9202a4a847457dcf6f9a014cfecda01dfaa72b0c1942abc3b2164442fb5c7ac48c28fff1b67a3b4ff2ed311a2ad1994
-
Filesize
9KB
MD55a6b97712b928793e85fe4f60398b604
SHA12db5a3fd8e97d6545cf2a8523057589c9ba04190
SHA2564b2c65c07a9a3f4cd497512d17c4eb16f09786b8011e717f1357b27570cbb6c1
SHA5120247d1ce6f7c5181aa6b70de39138c86e32d6179303016f5910b9709c508cd1ce727380ca57fb21e9f228b8402a55c6a7b96f98b54322232054a330ceb50d53d
-
Filesize
9KB
MD5c68f9d435952ff7abcf24a03dd755348
SHA1263edc2796d03fa1f8ac1645e3b250553a7f009b
SHA2569419a710254d7a24e86e843727a2bc23a61413f283b8a2200490f505f60d9721
SHA512d2a9e3687ebd210ac3c35f5ae74e92924b8e3e3c554698a6c74206da2cf4196ddbeabee272ed7e93bde1d25990b72ffd9de81e96ef231bbf6984a3007ddc2f43
-
Filesize
9KB
MD5a46b2ba83d872dec125a07cb8bdd8380
SHA12d34d8bad006262ca36f60c601d6d04dad1fe5d5
SHA2563b13d97358c9e13891b1180565d4b5189a857c670350e26dc3b6af946293fa1e
SHA5124e7769d35e7843a01184cc52b0dbb1779f9002185b1f430f57a2f8f2af632591831370b9b7e8e1d65a4c75a75f932fa4ded22f1aa4d43bb97561723a5ade523d
-
Filesize
9KB
MD52006589f245fe00e8ad87a39f8237650
SHA181a33293cca3795db6f2ad39ecced23044ee9a0c
SHA2564fa6e06d7e858b4517d9e07b5eba890b41330a9b08e6fb57a26ddb8a0a4cf88d
SHA51242853d6e910b803d80a9da1d8796b664e815a8ee20abe05112fed1be7dde0fbb3186025bf665bf5379520fc29c4f8b7489963b54c928477e3e5f20eb66f1aefc
-
Filesize
8KB
MD5005dff3be155cd94a7ccea5a0fd32c1e
SHA1a6ce2d4f268903be33bbb0ce3ae2b5f690d1c812
SHA2564b9706f7ac4a710994bc231b01296598e68942e13d632bc3526310a9303937de
SHA512682a728f60f96109913383d7cbbe1686037861204dff742e66f97ff6e83c9f7a651b76d351edbcfdf0207d1219e49b146190ca472dee26bfefe1e054dfdaf483
-
Filesize
8KB
MD54350230c0d94109b7759798818d5f218
SHA18719428e3df3e2f65dea0f007441a3fd39ea7eab
SHA256c2b820596a633922c7787cc5c2ecf8155f5d7f579853b655114b7b2cbb9e9103
SHA512c86ba79f412ea43464b800a1c9581c229916f6ff4bb1a940806a9e1ed5ca76f0b5ba5757e6e02cb905eaa89267a63dfab2370ec432d374b733b75d05867d828f
-
Filesize
9KB
MD549f73209f22c0f9dd3a4f2c803fd574a
SHA1c88b3992bfd40868c499b58d3bdcc7b2b64fc4bc
SHA25633314f705dfba1022ae541b403833d27759be2b22bdbb3fb458372463d36873e
SHA5128f25dbecd62e151b0694bc1e69d52e668d14d08b6ab2fb1b9c9086b187181cba58c887cfdbc8aef722673b47772c57dde11f96cc5f7a49db3b461d140c3b86bc
-
Filesize
9KB
MD56940179bf9dc571b94305d16838a2c04
SHA1051311a69afe858284cc76462fcd88b18fb294f6
SHA25606f9f8f1160b63c39a1ba96b4322ea5dc8b0b03e3e06d2884ba27cfac425e0b1
SHA512421e32c650613cc5fa554c7439f8587ffcceb3fc6d8eb9de442e8a7709b5e2d17ac18e770bd55a161da65b1e04d6b406584ca1503fc958782e8a520cb5a16daf
-
Filesize
7KB
MD5bf5525187b60d5cf364d6e7122348243
SHA1f6b33ae5f08e0933ff9b0aa356099d045216aa92
SHA25650043c868aa235a74a8afd1a8a966345b56a02317ee7261dee3327c72160e029
SHA5121b8c38600f39ff78840f9a59af2ea0c03da0d01200cac54f23f0b047aa756845f4d8919875e4b31d5e9b6c1d13c95ccdde60ace246bdc4303cd9c4c9d6c83a15
-
Filesize
8KB
MD598e79c7d6af62e2dafe140b9d0fc5b92
SHA1d5f9ad38088c9c758bab9f488fae92c0e20bdc88
SHA256f1f89391e6a8482af1598e128b5b20f344e36a8c4f3d1ced85b97acfe781a7c5
SHA512b758977d49254ac989c8283e3c9573cabe471be6e110a955161cf7336fc42b79ab910cd37491034a028e5defa12cf7d4c8e021e0076f25296c90b78b9b750965
-
Filesize
8KB
MD5bceba90126178525970caf6b9b8974a4
SHA13f069934844217309cd73da8ba6da3d67eebad59
SHA256ad2ab579f49a1cfef9ea3e8f8ad36a75a576e39934668e67c52a985a81a18af2
SHA512bc55f13ab0550338fcdb7a65b054901796b36f74aca406cc7c339dae557bf6e11cf47edfb32516b6b6a64166ca9e411999a89f68c898ba25da6ffd23e598df14
-
Filesize
9KB
MD57e05c1fee194b0550334353b9fab5e00
SHA134a06593eb017b50ae39b8dc2c608a97fdfd2f0a
SHA256cd21f6a2e133b4634264958c1ede09ff0478a31fe98f07853276c8d2a4986f60
SHA512641a39d945d598b57681d642f5b12af9473d59765f9fc5e99bf486e06cb3b3b08881252f4a98f252efbb1ec6623aef2eaca553221b80c682c6149b8250b81aa1
-
Filesize
8KB
MD5ff737dbf53ea2f31e8d57df0bf0a2ef0
SHA17f8c88a7e39ab5216f97d4b66c7e9d6a6a999463
SHA2560c7a6e8fddc957e4ac847cfc9584bc2512d8040f25ab2afc507ebf0f0a5a2975
SHA5128569c84c163ccc7829e334fe02f8b7eb3f6f90c7f5500a333b53fdb157aedadc94240ae91e2387ce9d1bb59c49f56b30d7e7dc84e756a89fb300aecc324a59d3
-
Filesize
9KB
MD52b8055a4c163210a021ab2f0ccdf6fef
SHA1a2af7af0545127548d75bbcb89212ac34e4cce23
SHA2561aeff4f4c72af55f0128ce59878e699b5d59ad4aed617f09703c7441df538a24
SHA5120ab9e3b5c4ea89917fa84566c85001a3b75f23b9eb652eb424d0b3381a63ffba36fcaeb1eafd1b1179b086d8d040be1c4786d8b658373817faadbddc3956389a
-
Filesize
8KB
MD5eb6f5b5945af2e873d112427aef77f5d
SHA16343e759b0ff10302285ed4e4f0eb78fb64ec85f
SHA256db78ee504d01f3549dd713b373933161d963be18290711ea1d426aeff77fde82
SHA512494063f2e3dd724f075e7fcc4da31cbcec4e9999591cbbd9cd7eb03781a967e192df2b5ec81d32ab7c38c452720ec0d07965970ed79492e20af9f52db12a3c62
-
Filesize
8KB
MD575e9b659c8938baf0ea464c350ece972
SHA1e35c6d2c801404e3ef0ee50df6884132de3f7e0f
SHA2562838c032863bae82377532138019d818523a832a6ae29c4e1e4ac7b51320ccfc
SHA5128fecefb4247ce46b1389b5c609350ffe4aa0c066131fe7686b9d1867605db1b6e41d4dec0516733e81fc01515356318322c678611f11ba92d178b5b14950cdf1
-
Filesize
8KB
MD55731cdfaf18ec01efeab754e1567c139
SHA18cbaef310a88077d00ca8ffc994991a51055c97b
SHA2568194b32c97da1423e052aad319c250a3748674f30fe2646ab5be28aa93f3cb8b
SHA512d498805299721d7f604521b348102f8e82824478bacac7cbff037289c7a38ca57ed35b879f3e758dbc46f2ecd4e0d1fe03ee039725ddddb48e88d2212499ae24
-
Filesize
8KB
MD50a9b696af6b5930f45a7135b0ac457f6
SHA1b1c7f6764d175bfc164ca29389c0b84356a1a060
SHA256bb9a8e86cced0a9cf80c1746dc60918c52401298c79c23713cb068640aeaeed6
SHA51243cea47c7e0853a366a297bd4b22f6b6868da53ce66974d44f16937dfff2944b182c94c34578905f0d67c498d8840c8191daeb5fa7b1b8aa3d1b418357483c9b
-
Filesize
9KB
MD5f9d75e00d305f18eaf9cc15e6e3ea921
SHA1e25caf9bf1e1beafdd7d2103e28a7349ca8a016d
SHA25629f1d02625a8d04ffd7ccd31bf2b3f83f857f5c773166fc0ac62a0981da5117d
SHA5125396e5265222a02fbd97b9eca8ca370a2cef5dee10c8b5521f2e8c9b8764fb14fcdc0b6915a9c4a6d357acbc6bb38ea99bcb5a3b348d4972c15d7bc728b7b498
-
Filesize
9KB
MD586af08faee9179a9c69dcadeeab99d95
SHA1c6c44990c4480b7a90fd0cb619943e452ae72e72
SHA2562c26b8b60cdba42c63e2430a415fee0034d3d27698dc0e67f31d61b553f9f4cb
SHA512f3588fa2a94766bc086a8290f9405e20bb8f1c1f0ebfdd37342f9157cd56a0cd3712186c06bee7a1b0b258fd3c13c4f60fb0fd4cc6f7c2f4d97f51fe19860846
-
Filesize
24KB
MD5b8d5a6329bbc5edf31844f6bfa4ae972
SHA11014d91ea7a8867459e7014a725794728d75793d
SHA2562d90e12869f60c869911a3030ea58211b6b0da7c53d396769f4b3dea0c406309
SHA512d6b4a08d7188e48b3ec2dbaa78f1ccc23334f43266602c677ba5c52d54554ad02e5ffc32e852de47291e3f1291dfc34db62d4a1eb5f631aad0a0340d30e5f7ed
-
Filesize
24KB
MD58ade2f3a82060e6d5b1e97b275213d86
SHA1a13c13d850addf7c1c1d58c583255f77b40b7834
SHA256fc73beb5ec396531d7267cd4980e720590ae4c7c34b6bc63bcceef59730d324d
SHA51251d989a44462ffea680e4bd9b20c46705793236712d11f0400e12caaac3512d662a41b4b49e7e309c8e752dc7738eda080451b74736c6428541196dd7bb8ca98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5c6fa09e3f24b752c20fb5ffc82fff2d2
SHA18cb8608ee9fb3c0dfd70e6b31263138709afa62e
SHA256809c6cd3ebf6da70957744b4b070a61c56979635595046b7029136729f1b359d
SHA51233ead604642704c0c9049564215b9f6dd92b1d18884e286ac1597156057bc181ed453fbbdecd77e698bd754679bb70f94da021362fba0862472f68923467e108
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6139dc.TMP
Filesize48B
MD559b7233d6beae189d1b50e2781972fd8
SHA1ee124c305b9b8d27db1b1d87a58679bad32fd08f
SHA256004e4fad2c43e45ba4852ca641d3103c58a54b3dcf5b129b92328252a2ca3f18
SHA5121c898dc7c60f3922602410335d2de865abf55307921f5a5cce98db9d02f21e4cfdaf7d274536ef3b6d7fec7131a2896c75052589643ca6274483d8b5009c3ffe
-
Filesize
3KB
MD51777bc4c7828ca2c8629b7d6d5e515f8
SHA1a2595909399a6b533ff2b287ffa34dd555b87811
SHA256bf32bf0ff8ee2b69e6e326d6358035923532f19b2a29476f3a649ea505e428d1
SHA5125f1bda6e8d9544a38e233a65555eb000f8bb36c13d3aa307be276c384815b69d7713bee181c433739e79c8e12e7f39cfb7807461c130202429d48e9ab457bca0
-
Filesize
2KB
MD5d8167521a17f8c7f9c61b199802e6a74
SHA1b16187656ce2eb9e927adeadc132d03014b040a9
SHA2566ef11b0b494b7cea9ac9a54a05eee6bd2c4cb0784153cf71bab1979898a8dadf
SHA5128c9f55ce0b23fe36bb54eef735f84a75183f01b24eb6757adddeeb8dea80b8c1c99a6a47aa23397b2821e8441783cb63a7cc9049e9dd695a9a28a11a94027b94
-
Filesize
2KB
MD535c171bc614c15e97b4a17c1d06ae459
SHA100ecf33d4e1a89efaf54ede67e0697e1b258078a
SHA256e4b23f8e6985440286128b62b0a094aeaa09e67ab8c706c5b5f1deeee56e7bdf
SHA512a0fc34a7ec6c6719f4702ab6f72495e4f56fe5aed10cc9452dc0e3bb81fcd53c720b1ae793283ab7cb714b001add63f9e190acd56619f949c59ec68c2d1d7019
-
Filesize
2KB
MD52bcfcba4171d79792c6ce751249411c8
SHA120e316b85189db2fc6691595231893427fba820a
SHA256f40f6bf11d618afb17bb8e80b27f76f14776ed4617a0b58d7b36f2943f81df5b
SHA512d7b4ca1100f862b45ab25fd820849048039677d6518e627bb7affc3eaf3a72d66b6495a52ae7583996988ad25413f530d22a9079df3546f30e05f2ad3e5a1803
-
Filesize
3KB
MD5017f417b947e9c737b400f6755197831
SHA1f8156fd515e58b4bbb311d4925832e9bca445097
SHA25648cc00d1b31469d87e240d2a2402a91d4dc08d80f465b2a39b071756eb98d706
SHA5121426ae9866439e2ae8559a63c4f0aa1bc16fb04d8d29d3673982e61530677a739f4e8a9b2c3a7fb1dd0ebd1261d4f66106b41614883a7fdbb324ae27189da635
-
Filesize
2KB
MD53bb8cab9da002b985af405e27bfbe22b
SHA1ae3621907e649904c20fe57e6214c70669a35cc6
SHA2563a6a61790aa2bcf9ef5088cbf291d15b509c515217b9121724483b8a415e466b
SHA512e13ac34398ffdaad849c1afce75b3e6a965b604a9d33bf3219474a69245119a1d98b62f0ba2c053bfba7d9449a5f1a2d44050cd3cf350bfe1306650a96794453
-
Filesize
1KB
MD5ae200ad4f53c4a3154df821623d87afb
SHA193787dd258cb0d401541fb7c1e033dbe9865072d
SHA256f353109d3609b326a8d2b261d4eb96b01311406dd7c2d9f831f56ac80f59f058
SHA512eedb2275c219fb11fb14bb02822d608ad3ffd6b7d67d8017bb19a5ae9aed84f283bdcb54af969119732bd9f0580fe127bdd7ab055dbc27e00e1117ad66cf9fd9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3013902-dbb2-4371-9ce0-b4f6cf04027b.tmp
Filesize8KB
MD5df95b1f401cebe29d4acf67d71c6574a
SHA128529de1ffe4c4f5a00134a148d024275068319c
SHA2568aac0a25f7c07372eced9d5f133cef02dcf1de4810bf4b15e86071dabe2ef84f
SHA512f9f793bc15072224ef3b3810f580f21f124c204add68a5a69de8fa2171874daf886e479064adf9b17a87d43dbcfd311440230cedaba874a3630aba7e1cf8e27f
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5bc057b4e7451e4135acb2f4e1c9e6bf0
SHA16139aac88114ff3aa69f338be2f0fb0a25e6e5a7
SHA256867991844e6615d41365730a9dd2fdaa5565d51340dbe04bbc4cfa023cb8d60c
SHA512f5db9885f6fcda7125796eb8d73853cddab564cbe2eae56a2b7e4e025542adad85c3f19e71982ac860ddd124a54801130957cc2cf5523ac68a7a8babc590fa16
-
Filesize
11KB
MD541c09d2038e0a41b462748e896853a51
SHA1cf850fe6d09c5fe8c8588f8ad48b921c30f36d06
SHA256fca4e6c59fd3693ef564c01e8468bdbe5e64210d0bbfb18f72435d2c5f21f27c
SHA51220e64492ae132b5487f8debda7af50247b546604fcc047388901717e64371636bec0aec0b7f6ca3e8f66528134546d1255baaecb5b8000021635f6aa2eefd2d5
-
Filesize
8KB
MD54d5eafc82bfaace8d8320cc423d5062f
SHA1316b9175ef50092d2bb64c332d5d25f72e30d083
SHA256b5acee6044a3b2f0036d8366d3ff9ace35bfb9b8ba0864d930d3223176c29036
SHA512baab3c9e5607b34525e8ca6a621365c5d433d078e7e909484b5a9c582f320a75746baa57e8d80d6960625f69db774ddc4058890152c340675a9c3b9dd89f9e06
-
Filesize
11KB
MD5dd2fe47797e1887f44077e2aaef52c73
SHA15e71704a68b95dc3bace4cdabab0b878086698b4
SHA25618ff7230384081f33e7803a14d2c2f4ef57eaa46ac845811dae467963982628b
SHA5127ad3b5c8939797491ccfccc07757e8a32b4fa4450deddeb1974ae39ec7a3fe2d7c8b3c5aa588557abe3a17bd0f1ee077c77a2ac7c297279ecacfa6df9da6d83b
-
Filesize
11KB
MD5374f6281916f67510a3470179d69423a
SHA183a1b33b4491767e53522bd662acb377410bc8b2
SHA256758133bfbe527eb17c7359e388a5112afc80aa80497951176ed2f3f58630feeb
SHA512f8f0d4ef661a2915f26c80659700332286bf6a64c1c72dda60899d0c6b98f4cc5435468351412aef27c22bdb1ca319bcf0f544b8dcdd48a2e445c82f1dd4aeee
-
Filesize
11KB
MD5b81336557c30a76092e417fbb5300601
SHA136466357f52ef260d17b8e53a0f790ea65fb5b36
SHA256b36a53709eefd3c83edb70877b2e6d2e651eee3eb318d336c9679cc91e682778
SHA512a7baf1668e328d5ea00187d4dc59b5f43e8798c3d59b5e5fd9d92360d8a76338a622fa710da69116eb46b491fd671316c78aa84121603a81e9ffc660c084c364
-
Filesize
11KB
MD5c708c806b705fb5d594d1fb25320824e
SHA1a8b5f1cb96b1e7ecda1a71a3934a3bfd062ff8cc
SHA256aebda7dff69b9e583fcaf1db63eb83d15513196b13fe75e1492b39347f660850
SHA512c515c6f7077fc7cc921b996d0ee970bca148ee21a05d22b5fed7b6cb760594afcd1d3194bf0b20c2b82c74343a9f3f6da5bfa4f03376e9ca20245094942a4624
-
Filesize
11KB
MD503e0ae0e5e186823a48cdfb2fdf12119
SHA107713bf4a1bd152ff973f56deb6dd5d307041d26
SHA256a8134f8f6ff98ceded939ca544be1818b5f5dfaad5811e70ac57b2f96eb727de
SHA5124bade74f2cc43ac06b02608f34ef7fca7f93b4cda48c92b391f436b911844c3daefa9045032ccbccfba65c11b2cc62512323ede29af0aa033001a8d8436c9f98
-
Filesize
11KB
MD506f83fcd66da591cbab5686c33358cde
SHA1ba76b52dd523afbe2bca7421b0cd12dd01b043fe
SHA256c401feb01594ea06ba5a137178c3fdef2a640056f28cb87f1b1ef62fefbc6a8b
SHA5126c49518ad3a140af99b2be174fa3d5b44470a8ffbe5c314fe2b80b3e6e17f8c0e1dac3471ad7011679f9909c8ca7d741a875e67ba1428cd8e673d17ac4ef9d7a
-
Filesize
11KB
MD5b862db48bd4f4e40306eb9a2a69be0e0
SHA14fbdeb79aa6ec762ac26887411ffc35444065013
SHA256fc4a4bbbedc56883ba9664d8753b0c4d567a8f3be1a8e5b84e05fca887b141b5
SHA51245b941a9f34d98600325e62b5047fd533082bf81a925afe84fbb1aef5c3dec52947d46e1fb3f9fd3f044e3b2d2e296cc216c7cf705eab4e0e6fb86120944ee18
-
Filesize
11KB
MD5b8bc71c0fde5cd0704f686ad714dec11
SHA1023b1159b6227d9cf0ee1ff2a8d9add7f0137b22
SHA256a8b09c77382c5df64e0b34d6f0d15d9843c8e142b22522a2e55ca6419fa1b885
SHA512431bdb10b798b17438716dda3c9290e0253895cfcbe47a81a9312a221589db8b86d1c8a6393db5bccab4219747f4192e9cb1a61beef697651aa7b559db5bcef7
-
Filesize
11KB
MD53767bae80ad586d6bd74fd3b48f04d7c
SHA10d3acbfc8122086055fe31f792de010a4f700822
SHA256f55d71d421daabc99876ab10969e51145505b7e413e498c99d95225aefc5615e
SHA5124f5bf112c37e117236e1f2cbfc5983971f2a9ac517ebfbcee45f101ef11740f93c71f2d743bcef8f50800534ace1c57b640c7e59b24af85b4778c390d2579312
-
Filesize
11KB
MD5c3258a4cfaf2b62586c064da35a141a3
SHA14e0303f1d34315c9341911112c535b8d9240b174
SHA2567433c6f86e4a7c016cf4d4e83e33c3e0b3ce134e5a2b27df4d25f82211e82c79
SHA512f7845b21711f760cd2e01bf0b943f06fd83e823ebdd22752df2448e24e72cb2108b352e97a16ded49a61b8abffc5ca66280aab76393e09d04d7710595d505d75
-
Filesize
11KB
MD5971cf6ea294278f7313cefdffdd2d197
SHA16d8de96e7c95a4af5d9052d8d4684bdf1057e832
SHA256cc3e65ecf0780e7351ad2d9ca29d7aea8fe3e12908c3be1cc7518883eff58741
SHA5124129c8e7a6a43e6a7475beed68318700d0769b02f481e36651317d8b00cec31b2b504892697de1e0e3c457e77ed03baa20090ab4a63eca72262c6cb914856777
-
Filesize
11KB
MD53ce2e6de470b2a972b0f0d37c934d1e3
SHA11bb0c59afecf7e198467629c73b97365660037e2
SHA25695d578ed0d4660c79b9779620efdab8ae409ed30c387ef32a8052cd86ef4e2d6
SHA512b47f987728bea7d14ed33b642efb6cbc53e8cc082febef1c1063e1836065206885513ab7451ea9eb77630cacd219289892321bd8f93ef0018859452a90670369
-
Filesize
11KB
MD5a3466b3bd8cc6e59fa6e646a7477c1e3
SHA1f1097c07270b68b6ac6fef5a07af55f66795e67c
SHA2563f08f8a80fb17fbef20909457b69288d8cee8dfa6095a1de265516f3697165dd
SHA512edd0e1a7405f68895bc283e77f93ea4dd541caf2338ca97f3e5156943dbbad5c16e38dad29c6596cc6af5a770a5668fd00c7e1d54f12f9f310ba080cc325ed53
-
Filesize
11KB
MD54e5b41e8a138dbd15ea1a6075c4e5a61
SHA154cfea8a01c8dd27a798a968eaef8371a711c488
SHA2560c2189677e6b799668726e64a27428e50541b8a55cba4d8ca40601932714090c
SHA512abfaf65899ed330112d1ea1c68ab62c40f108bb8ac0dd23384c600c87518b23f01873e98036bc65a3b297c4734ad949fb8d22711272cda6d90c2339dcd9a38c2
-
Filesize
11KB
MD5c6bb0de482fa21c33931d826f071f41c
SHA1f2de79d7b8153239e17d83fbf6e8d02dbdb66cc3
SHA256ea6197e946d167186a6a0a05fb352a531c605e7c23c3c9fe68e5d73b6befd38e
SHA512884cd174981226c96509ed0a36e037fab326d03ccd822d2866cbd2708400fc326fbe512843afdaf8edac94e6e231db7f16baff2e75cf279359296347b4a7010f
-
Filesize
11KB
MD5a07b7e00aed15a6d23b1a3859803a822
SHA1908849455404e890622e01a9a058556d59be310c
SHA2562bb85c466db0590fd89b94dfdd1275b221c43a635b0ca0a6767c1d7ccbc3c25f
SHA51201027632284397eb9746f12c827299aeb566639004bc25d65b380c57b9b1c73d968da7cdcd83e5fcfe23b5cae7b37a006427f151bc7ea1aa1d4ed885065dbede
-
Filesize
11KB
MD51bae24cf30125ab4a56a520c58c84828
SHA197755daff55d24ae91310e3b75f0faf4afd78062
SHA2567ce1433cfd37d7a35497737f7f54ec07bb91f8350288143617712d65e739f146
SHA512511e813cae262e1a6a1e853a558f7bb0e10c6b5d6a882753dd4b09cf31bd8be52c27ffb906657aa2dc65fef11dbd211ef518b22518fb3963a0b9f1c7977eddfc
-
Filesize
11KB
MD51be01552334ad714f40e5ddfffb6c37e
SHA1c973ec6bbec8eac142c89db493da5c05f83c4c9c
SHA2564de10e86cc16aaeba1be103e5927df2220ccbdffba01e6d913ab5cd69466b199
SHA5125e2c4a8ed51cc40eb9575af44e2d03f31061de3829c1abace1813f30d44982576b3bc42fb5f6947baf0ff7d9e3c71ba5a9c39a12b247ade4f9f5aadd9f3089b3
-
Filesize
11KB
MD5082d00c1999a96cba8f06392913447ba
SHA160ba1f848c85438dfc910d116bd04bc7c87f4cd5
SHA2566af4b1d1eed05f25e6545c1d723626ef35ef58939cb7303d866e0cc9aa44d6fa
SHA512de77ed2e6da951fe34a050a849dc9ea04b41293a3d2b559bbcd93c7e3197365112c7da1538b7903ca74f2a48e7074276cd5195e783a3b1df2df23ddc12a80d7f
-
Filesize
11KB
MD5d811a3c88b240075b61cbb1dda7260ba
SHA14b3a88351b11bdef9f74333163464546d5ee17da
SHA2564c84a72e2ad40ab89b13006f5b2a46e3dce149e607c5af58baed951a99d1fe4e
SHA512d2badd88ecad04bfc93f7d84ca10e1e4fb71b74be79c2a69ce72c16ecd2fe137c2be670ab76a8a8dae1333c2d92b80e9ff34ef3514794898fcc76a9f696a9e7e
-
Filesize
11KB
MD5159b483c9c1bafc7194060f74fca0e1e
SHA1372fcd1f3c7ac2ead9863c414d1cc13a13c7e0ef
SHA256619ea0777f24baa85f1b7bfc1511d422022498dd3c2ca9f67ba56168f1a82d3d
SHA512cab9aa79e81fd22e59e8f36cf2fd749262b8a474926dc691de47d6ee967f030553c3933b5f79b21fa7902d0db267d4304970186e8d1c410428c8a9a9cf7c1ee2
-
Filesize
11KB
MD59ce91112045d201f207103d74500c6c5
SHA19751f4303af699c4ac4686b1ddc1f8a3659cdb1b
SHA256a03a4a3f7392b81cab9a17c8ea5f0120a264328c5aa32a68b177671be99f9693
SHA5122974cccc40deb762086fe5bed122afe4b82997fe46b69a3a1d72a6a6556c74c7a7f4bf9c6e081e92a6a6dce83329ab2e336e03badc42e4af1b92d004e30175fb
-
Filesize
11KB
MD53730d5a59b8d3fb20d4936bf1cbeb612
SHA17b19aa0af4afa083e294fbe98774e5415eecf34b
SHA2568813e16249586d1e70a0c918612ddbb1c9d3b123990a0dd8e50cdfe231ae7a58
SHA512db8f181f42f4e31d0ed17a08a30832967575b14832ae79cd49b41e50af96124a2811847fce8a6fe1553718d01529ad76227d02148f0e25d419c11e403e8aa557
-
Filesize
11KB
MD51882f3dd051e401349f1af58d55b0a37
SHA16b0875f9e3164f3a9f21c1ec36748a7243515b47
SHA2563c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0
SHA512fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf
-
Filesize
4KB
MD5214f98cb6a54654a4ca5c456f16aed0a
SHA12229090d2f6a1814ba648e5b5a5ae26389cba5a0
SHA25645f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037
SHA5125f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873
-
Filesize
448B
MD58eec8704d2a7bc80b95b7460c06f4854
SHA11b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210
-
Filesize
8KB
MD563ee4412b95d7ad64c54b4ba673470a7
SHA11cf423c6c2c6299e68e1927305a3057af9b3ce06
SHA25644c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268
SHA5127ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7
-
Filesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5187bff279b4c4d7a436d1f6741830ced
SHA1baf8d3dbc621501ab6ffea89fd8d6d2aa05fefe5
SHA256fb64d695b81c4480668acb70f6daaeda22a157392bc93d3f0cf12ea9d0d8bb7a
SHA512edea82c084465a38afdf265ada8af556adac16d1cfd80ce9f8040511f032480a5867e9287a99a507a222e1f20f1ca61e40ad65390b6d9e26ff2ffd1c8e7b4538
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5f30b35128219be3cd5dd5ba96ebf28f3
SHA18fd53600c957c3a3a6b6277625935b25b54350fb
SHA256113ec4b779f824e8f1102d75ae52d7ed7807c7ad36631490e304afabb24d3430
SHA512cdde2f5c82c67674a50fabe26931e9dd6df132c478e1a6428787edc04c0a8c983b087a5e65962ed916b6c61b9d410d61531a23195c8c5d7ee88f8e4ef7ffc469
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf