2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

max time kernel
879s
max time network
899s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-01-2025 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/getr3kt.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

7^/10

bootkit discovery execution persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
3012	MEMZ.exe
1204	MEMZ.exe
3720	MEMZ.exe
4688	MEMZ.exe
3020	MEMZ.exe
1916	MEMZ.exe
4856	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\443f289c-9791-4425-9edc-fef4c1714d6b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250116125432.pma	setup.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings	control.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3944	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1204	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
3020	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
3020	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
1916	MEMZ.exe
1916	MEMZ.exe
3020	MEMZ.exe
3020	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
3020	MEMZ.exe
3020	MEMZ.exe
1916	MEMZ.exe
1916	MEMZ.exe
3020	MEMZ.exe
3020	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
1916	MEMZ.exe
1916	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
4688	MEMZ.exe
1916	MEMZ.exe
1916	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
3020	MEMZ.exe
3020	MEMZ.exe
3020	MEMZ.exe
3020	MEMZ.exe
1204	MEMZ.exe
1204	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
5896	mmc.exe
4856	MEMZ.exe
3908	mmc.exe
8148	mmc.exe
8232	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious behavior: SetClipboardViewer 5 IoCs

pid	Process
3908	mmc.exe
8148	mmc.exe
8232	mmc.exe
10132	mmc.exe
8584	mmc.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: 33	2060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2060	AUDIODG.EXE
Token: 33	5896	mmc.exe
Token: SeIncBasePriorityPrivilege	5896	mmc.exe
Token: 33	5896	mmc.exe
Token: SeIncBasePriorityPrivilege	5896	mmc.exe
Token: 33	3908	mmc.exe
Token: SeIncBasePriorityPrivilege	3908	mmc.exe
Token: 33	3908	mmc.exe
Token: SeIncBasePriorityPrivilege	3908	mmc.exe
Token: SeShutdownPrivilege	3944	explorer.exe
Token: SeCreatePagefilePrivilege	3944	explorer.exe
Token: 33	8148	mmc.exe
Token: SeIncBasePriorityPrivilege	8148	mmc.exe
Token: 33	8148	mmc.exe
Token: SeIncBasePriorityPrivilege	8148	mmc.exe
Token: 33	8148	mmc.exe
Token: SeIncBasePriorityPrivilege	8148	mmc.exe
Token: 33	8232	mmc.exe
Token: SeIncBasePriorityPrivilege	8232	mmc.exe
Token: 33	8232	mmc.exe
Token: SeIncBasePriorityPrivilege	8232	mmc.exe
Token: 33	10132	mmc.exe
Token: SeIncBasePriorityPrivilege	10132	mmc.exe
Token: 33	10132	mmc.exe
Token: SeIncBasePriorityPrivilege	10132	mmc.exe
Token: 33	8584	mmc.exe
Token: SeIncBasePriorityPrivilege	8584	mmc.exe
Token: 33	8584	mmc.exe
Token: SeIncBasePriorityPrivilege	8584	mmc.exe
Token: 33	8584	mmc.exe
Token: SeIncBasePriorityPrivilege	8584	mmc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2996	cscript.exe
3048	msedge.exe
3944	explorer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4856	MEMZ.exe
2376	mmc.exe
5896	mmc.exe
5896	mmc.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
3612	mspaint.exe
3612	mspaint.exe
3612	mspaint.exe
3612	mspaint.exe
4856	MEMZ.exe
6676	wordpad.exe
6676	wordpad.exe
6676	wordpad.exe
6676	wordpad.exe
6676	wordpad.exe
6676	wordpad.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
2228	mmc.exe
3908	mmc.exe
3908	mmc.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
3032	mspaint.exe
3032	mspaint.exe
3032	mspaint.exe
3032	mspaint.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
6044	mmc.exe
8148	mmc.exe
8148	mmc.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe
4856	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 2996	4564	cmd.exe	81
PID 4564 wrote to memory of 2996	4564	cmd.exe	81
PID 4564 wrote to memory of 3012	4564	cmd.exe	82
PID 4564 wrote to memory of 3012	4564	cmd.exe	82
PID 4564 wrote to memory of 3012	4564	cmd.exe	82
PID 3012 wrote to memory of 1204	3012	MEMZ.exe	83
PID 3012 wrote to memory of 1204	3012	MEMZ.exe	83
PID 3012 wrote to memory of 1204	3012	MEMZ.exe	83
PID 3012 wrote to memory of 3720	3012	MEMZ.exe	84
PID 3012 wrote to memory of 3720	3012	MEMZ.exe	84
PID 3012 wrote to memory of 3720	3012	MEMZ.exe	84
PID 3012 wrote to memory of 4688	3012	MEMZ.exe	85
PID 3012 wrote to memory of 4688	3012	MEMZ.exe	85
PID 3012 wrote to memory of 4688	3012	MEMZ.exe	85
PID 3012 wrote to memory of 3020	3012	MEMZ.exe	86
PID 3012 wrote to memory of 3020	3012	MEMZ.exe	86
PID 3012 wrote to memory of 3020	3012	MEMZ.exe	86
PID 3012 wrote to memory of 1916	3012	MEMZ.exe	87
PID 3012 wrote to memory of 1916	3012	MEMZ.exe	87
PID 3012 wrote to memory of 1916	3012	MEMZ.exe	87
PID 3012 wrote to memory of 4856	3012	MEMZ.exe	88
PID 3012 wrote to memory of 4856	3012	MEMZ.exe	88
PID 3012 wrote to memory of 4856	3012	MEMZ.exe	88
PID 4856 wrote to memory of 220	4856	MEMZ.exe	90
PID 4856 wrote to memory of 220	4856	MEMZ.exe	90
PID 4856 wrote to memory of 220	4856	MEMZ.exe	90
PID 4856 wrote to memory of 3048	4856	MEMZ.exe	93
PID 4856 wrote to memory of 3048	4856	MEMZ.exe	93
PID 3048 wrote to memory of 1016	3048	msedge.exe	94
PID 3048 wrote to memory of 1016	3048	msedge.exe	94
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95
PID 3048 wrote to memory of 5012	3048	msedge.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\getr3kt.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:2996
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1204
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3720
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4688
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3020
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1916
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4856
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:1016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:5012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
        5⤵
        
        PID:660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
        5⤵
        
        PID:3632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
        5⤵
        
        PID:3972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
        5⤵
        
        PID:1624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
        5⤵
        
        PID:1672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
        5⤵
        
        PID:4764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        5⤵
        Drops file in Program Files directory
        
        PID:2356
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff66d3e5460,0x7ff66d3e5470,0x7ff66d3e5480
        6⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
        5⤵
        
        PID:4616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
        5⤵
        
        PID:5056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
        5⤵
        
        PID:4724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
        5⤵
        
        PID:4992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
        5⤵
        
        PID:3100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
        5⤵
        
        PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
        5⤵
        
        PID:5672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
        5⤵
        
        PID:6136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
        5⤵
        
        PID:2696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
        5⤵
        
        PID:5464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
        5⤵
        
        PID:5124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
        5⤵
        
        PID:5976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
        5⤵
        
        PID:2364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6648 /prefetch:2
        5⤵
        
        PID:3916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
        5⤵
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
        5⤵
        
        PID:1412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
        5⤵
        
        PID:4420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
        5⤵
        
        PID:3312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
        5⤵
        
        PID:400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
        5⤵
        
        PID:3560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
        5⤵
        
        PID:1160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
        5⤵
        
        PID:2152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
        5⤵
        
        PID:6016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
        5⤵
        
        PID:824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
        5⤵
        
        PID:1732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
        5⤵
        
        PID:4136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
        5⤵
        
        PID:2136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
        5⤵
        
        PID:4468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
        5⤵
        
        PID:1620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
        5⤵
        
        PID:1728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
        5⤵
        
        PID:6032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
        5⤵
        
        PID:1416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
        5⤵
        
        PID:5328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
        5⤵
        
        PID:344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
        5⤵
        
        PID:4368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
        5⤵
        
        PID:1224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
        5⤵
        
        PID:6596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
        5⤵
        
        PID:6816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
        5⤵
        
        PID:6324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
        5⤵
        
        PID:6388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
        5⤵
        
        PID:5792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
        5⤵
        
        PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
        5⤵
        
        PID:3204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
        5⤵
        
        PID:2460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
        5⤵
        
        PID:3780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
        5⤵
        
        PID:2864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
        5⤵
        
        PID:1352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1
        5⤵
        
        PID:6260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
        5⤵
        
        PID:6468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10228 /prefetch:1
        5⤵
        
        PID:4416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:1
        5⤵
        
        PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9924 /prefetch:1
        5⤵
        
        PID:6964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1
        5⤵
        
        PID:5476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1
        5⤵
        
        PID:4836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1
        5⤵
        
        PID:4624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10300 /prefetch:1
        5⤵
        
        PID:7176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1
        5⤵
        
        PID:7816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10472 /prefetch:1
        5⤵
        
        PID:7928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10312 /prefetch:1
        5⤵
        
        PID:2376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1
        5⤵
        
        PID:6160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1
        5⤵
        
        PID:952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1
        5⤵
        
        PID:7536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1
        5⤵
        
        PID:7420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11484 /prefetch:1
        5⤵
        
        PID:6960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1
        5⤵
        
        PID:8172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11840 /prefetch:1
        5⤵
        
        PID:2456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11272 /prefetch:1
        5⤵
        
        PID:7696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12184 /prefetch:1
        5⤵
        
        PID:8016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12064 /prefetch:1
        5⤵
        
        PID:8240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11372 /prefetch:1
        5⤵
        
        PID:8764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:1
        5⤵
        
        PID:8952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11700 /prefetch:1
        5⤵
        
        PID:6336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11280 /prefetch:1
        5⤵
        
        PID:5320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12676 /prefetch:1
        5⤵
        
        PID:6116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12764 /prefetch:1
        5⤵
        
        PID:6428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12912 /prefetch:1
        5⤵
        
        PID:8636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11932 /prefetch:1
        5⤵
        
        PID:8604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13200 /prefetch:1
        5⤵
        
        PID:8160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13160 /prefetch:1
        5⤵
        
        PID:7152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12384 /prefetch:1
        5⤵
        
        PID:8296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13080 /prefetch:1
        5⤵
        
        PID:9060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12852 /prefetch:1
        5⤵
        
        PID:8812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11012 /prefetch:1
        5⤵
        
        PID:5744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12756 /prefetch:1
        5⤵
        
        PID:9844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13168 /prefetch:1
        5⤵
        
        PID:9936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13668 /prefetch:1
        5⤵
        
        PID:9416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12776 /prefetch:1
        5⤵
        
        PID:8432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13588 /prefetch:1
        5⤵
        
        PID:9296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13840 /prefetch:1
        5⤵
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13736 /prefetch:1
        5⤵
        
        PID:9456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12508 /prefetch:1
        5⤵
        
        PID:10000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13152 /prefetch:1
        5⤵
        
        PID:6708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13920 /prefetch:1
        5⤵
        
        PID:9408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13884 /prefetch:1
        5⤵
        
        PID:10184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14172 /prefetch:1
        5⤵
        
        PID:9704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14416 /prefetch:1
        5⤵
        
        PID:9308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13936 /prefetch:1
        5⤵
        
        PID:9340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14244 /prefetch:1
        5⤵
        
        PID:9636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13588 /prefetch:1
        5⤵
        
        PID:9304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14272 /prefetch:1
        5⤵
        
        PID:9256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14736 /prefetch:1
        5⤵
        
        PID:10004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14616 /prefetch:1
        5⤵
        
        PID:6708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14660 /prefetch:1
        5⤵
        
        PID:10052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14724 /prefetch:1
        5⤵
        
        PID:10896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13920 /prefetch:1
        5⤵
        
        PID:10440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13796 /prefetch:1
        5⤵
        
        PID:10764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13892 /prefetch:1
        5⤵
        
        PID:11120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13840 /prefetch:1
        5⤵
        
        PID:11180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13152 /prefetch:1
        5⤵
        
        PID:7976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14848 /prefetch:1
        5⤵
        
        PID:9116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2404026818982984368,8418202444800154794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13852 /prefetch:1
        5⤵
        
        PID:10804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:5516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:5456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:3328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:1108
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:5468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x154,0x158,0x15c,0x120,0x160,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:64
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:5144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x12c,0x15c,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:3084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x120,0x154,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:4996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:1428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:2588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:5052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:824
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3612
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6676
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:6736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:6528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:6272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6276
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:3908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:1048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:7124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:7068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7076
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:6748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:1432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:6832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:4400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:1380
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:6396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:4848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:7752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x154,0x158,0x15c,0x130,0x160,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:6620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x14c,0x148,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:2360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:6500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:8024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:6504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7952
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6044
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:8148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:6168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:8700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:8716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:8388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:8396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:7556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:9172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:7980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:2448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:8960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:8852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:8416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:1320
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5956
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:8232
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:7780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xa4,0xa8,0x12c,0xa0,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:8392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:9696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:9712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:7560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:9004
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9292
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Checks SCSI registry key(s)
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:10132
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:10084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:10200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:10220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:9544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:9292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:6816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:7244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:9432
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:10036
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:8584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:8484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:9784
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:9632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:8552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:8168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:8576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:9440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:10816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:10832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:10372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:10416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:10732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:7844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:10960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x120,0x144,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:11128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:10700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffcd80046f8,0x7ffcd8004708,0x7ffcd8004718
        5⤵
        
        PID:10704
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      PID:11192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:6840

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3944

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
501a25f290332c25255eaaf70ee6f240

SHA1
23cba10495d7098ad6de6936cf31c1b0eefd1246

SHA256
420c031363bcb69b4cc540b0afad7180d21b4957a2d6eabe23a40e669aeeebcc

SHA512
84ba813e4036be7d9fa08d5fab885421017d008f8fe8d99f56313b54f490c9151a27a67734bb17101691df563efef7e5379250f476e869a848f225786a913081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c2eb126a03012e4645cbf12fa576adb

SHA1
f4fc0dbbe2fca0aab23014eeee6d533aad91b5fb

SHA256
ce9774b847a66f7dce4153518d56469986dedfe78acbcca8e97a64d21df5a1ec

SHA512
40008285483a37d186c6feaaea96e92f8d665193eb2cd4af0ccd2e77544fa2afedd8aa89b8f09e49e1d6960cbe8543389151d2413c8be408794b70da0eb122e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87d33906de07a1c708d64d88278caf05

SHA1
adc90f355697bf78fb356544bce655590b24bd87

SHA256
46a22c0f86c1d82be2a6e1ce801491338aa21d5367ed2c2ae6a64c31f9d71586

SHA512
17ca162b8a9353ea220d99ad4ac1ece0f388812a0bba21460efa96ca793e2e1a768e99285472e0c0a9b4a18cbf8926c25398aa3f8a845d326aadfec408dff9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
ae2b5e6fd36c38beb90ca24ed95ddb5d

SHA1
b447190bb67f2a881b718f6cc70a136d698fc5fd

SHA256
cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136

SHA512
5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
45f4d9e7d2e260e8288babc1c6509235

SHA1
00b2ff2b04aeae39c3a1acd010c8814bf9f775e9

SHA256
9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7

SHA512
f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
81KB

MD5
0a7b46f388d1f7a3553b9128c6ca043f

SHA1
0712b4c5f1b985235d5a7e3edbba046532ddbaa3

SHA256
016f7e2b94e1d76931de09e88efd65064d964868595b13a0ab16b13483522fad

SHA512
b03a25ddbeafec814e97152acc577ac2533c1fa8fd9e1f00a47159d2764ebed4938601bf53f7891040405c0b3d2a4002ff966e8bcce8ffbf1e668b3fe1a0385e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
28KB

MD5
1752326ce45c039f4c5e81ea24c27c35

SHA1
4a22a9151c3c94d170cd3d23659e8e1a5a6f0070

SHA256
13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad

SHA512
7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
5b611912157812382ae02bde399ff48f

SHA1
6089fbf66004233d7f64b590c883156200df8c54

SHA256
8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1

SHA512
357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
125KB

MD5
bd7a5e341d2289988cb92cb8e2e910ff

SHA1
c5de99feee9e66e953fe6f4580243f9a192e5e2e

SHA256
b64e313a81e9c2d251ea5ba0da6504f1291c8956e060c4077d354265307e46d4

SHA512
da848a89d2981df32629fe7d7079eb3da2c5df1e38a40e5690b9cfe0560b9f3cc21fe371c150010b2ab81fd1856a4188fa68a7435f96ba8abc4f113329354905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
46KB

MD5
baff94c63010c402a48da7cb2ef08bf8

SHA1
a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407

SHA256
517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf

SHA512
d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
46KB

MD5
50e7c652cf5d57d97906cc8c89cccec8

SHA1
b44c48b98c90686ac69762412e87099693cfe308

SHA256
17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0

SHA512
5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
32KB

MD5
4956a5a7644eeec3c23c11c34eb8d8cc

SHA1
a5a07b734e130facc24e0d45b3931d23c4858174

SHA256
0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5

SHA512
bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
127KB

MD5
e775e0599b9aa1e5d778f05452beab3c

SHA1
c0ca38af8d4a042d8d4e690a5cd25a250fd9f60a

SHA256
81b6011cdcbcdef7253e8109a1af1e512da9aae38c839f924efa5648b987f4ea

SHA512
8e16a8cdd45b00d3ac1479c3ddfabd42fcfc9b752faade816c7bc849c91e9d8dab9c90bfffaf0fcad8d150bc8311c377be1a5863f8e16253d383eb4bce2f6696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
59KB

MD5
c6b0f95171fa2aa59458f9c82f36fa41

SHA1
203e9f34c6b963cd318b7eaa65d35b036a88fb5a

SHA256
839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322

SHA512
da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
55KB

MD5
68ecc58a934636e32b60461c4ee4f930

SHA1
8e8f1a3a09f4ea7aba307f4f23890eb0f867e4c6

SHA256
8b61d8c123333fd1cbb0eb7aa361ef2220efa43dd08e13747b68d311de4810f1

SHA512
7d4c8d057a8fae7168b6748a0179d46a0fac5c530b9747941aea29667d07b2a9d142e1171a63eb6bf9219906313ea3e283c3fc2803b534b7a782a7a284a8dfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07dd562784967df7_0

Filesize
247KB

MD5
073473174ea4a652a9b31ad5141ee2ad

SHA1
c7d08916a96e0124cce1b78dacfc87d9ca34b466

SHA256
75499bcab62754995ad82657e0c368687741788e06a941a18487297364447e9e

SHA512
448cf095e854533c1f3767cf15dbe1b22fa54fc00c6a8d65b162a52d0c1f54ccdea3a00d573dd65ca4c8c957e1b218e603cb03f186e57b43549d1352b13765f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1db0f6df0ec8e8b0_0

Filesize
352KB

MD5
675299b21cb966a17dc111527ba6d27b

SHA1
f1f2e6eee39d63001d767f1518090e53daa8d13b

SHA256
37a8a4fd867e1a804e71ac4b0eee49955b802ca89925d4b672394bc3e194e20b

SHA512
81246a005008380ca268ce103be3025bc2ee3ca6e80ee1c852df01ec49a33dbafc33e223e1a3b775ecf2984f2cef2629cbb337eca9b2d027908913371ef15859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f188dd20105b122_0

Filesize
268B

MD5
10e079a892e836c28cb8454c4a724161

SHA1
d41669f6d4eb407ceaac901e41d56d43d89f206f

SHA256
f11948b1ed37eeb3af51dc6624ac09b9ec538151d4c77e703a899d4ab86ba872

SHA512
abca768599a2b353d5ce0a660e50220696de3f06611ae26f48f88c33a1d4761a0daf23828b0bde7cdc1f21d891123ce9ceacbcb016b64cd1eaac8011b89eb202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3efaaf03595f4768_0

Filesize
315B

MD5
8de91a6772c30d52ac8907ea82d31be1

SHA1
6f669e1b39bb4eda164012dba43bc128e674933c

SHA256
bada9967327373ac66f2ae3710eb7cac111cae288fa088906a6239b48a980a07

SHA512
b88c1f12bf852b4a39cb43a314d4388545d575d5ee63750fefb88ad6342ef7e63399162a9379de7944f144aa813ab251aebe350de083747704592dbc37148ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65e7964c128da83e_0

Filesize
270B

MD5
461ec04f44536f4363aa61540843c672

SHA1
b6c112360a62ec16b963a8f31bc273212e6955ca

SHA256
2914c7b6c8e7f247646dcc77736e46620e1fe9aa0bd069e437c8493ebc2af6c3

SHA512
e87201dd51f93ce7dc9c5c2370c8fd75ae4720a9b9416f75f5e2f8b27786036dd70d0c7ce160b925a72eba86f2d62c8b85efd8ba6fb1ec212b6fbe2f9a16420b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
19KB

MD5
61e2529647b702df1488bff3a5bc5dd2

SHA1
d46b4755365a279b4d6eecff8f75ccaa860b62fc

SHA256
e696184db952780ac3972e5319fb0e6256970cba1cc6510dd244b83b62c41c66

SHA512
55e3c599a4102e1e24fc224cc23c983c2cc9c77f22f125c068248aad988cb660cff48fb0b20df87352fdb7495223dd98179d77788ea4a889f76e32826992ead1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\751e2bd28c2a1f3f_0

Filesize
78KB

MD5
a299b7fb23bf5a0fe0606218545d5ff7

SHA1
c34f21f0139d40767cf3c25facb6fd0819aa464c

SHA256
3a21f67ff4141ddf04934d45fb3a8bb2b2c3405d3c6e1d81af902731a7164147

SHA512
8305404936bbcd9f7fbee174359a248984d8a1d0202f578f90db9e105e51743898679e1c11d0fdb3c63f2d739a6d273092cb8f57701d1731af0911b4c695e58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\918c566bae86b841_0

Filesize
281B

MD5
e180ccae20383c3496c46cc073ac0e60

SHA1
94cc9c8a43614e5606ce72778c2fcbaf794786ec

SHA256
0a6a5d802b7387491710c8596514ae1184f277892ec55b8e25433a125c1e83ba

SHA512
2224876459a2e3925efc2b6a097ec2d20b8b66bd8173ff6e82056c64e12418174a08841b950dde8512cecf75d0bf3ea3590668fce759dafe6041f6db5718d402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93280735512c1075_0

Filesize
255B

MD5
d8b826b7459ff146c98d384051e28fbf

SHA1
470fe7f8978067cb187e0308517b2e2ae7dc9a10

SHA256
98dc669c71f41cbc55decabe4f4520480fd451dc440095e7e24b230b6ffdb716

SHA512
f448e4ea3aff9175edaeaf51ac7185fce131ae92893b5ba3fb4bad5126827045d8ac524f20e2d6d4c0dd6001681610f9f746179c32a21b627a00b6444c825886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a45bf6d8a21acb21_0

Filesize
415KB

MD5
21e40821857fafb2dc7938c6a58c0e6b

SHA1
1728d9003edeabf7cf56722aa846f4ab2e9a2558

SHA256
7608da0d3039c9feca6bba3242acb1616a8fada2613f4046af75e63561b08b41

SHA512
408e9ed60f6e685a1933f3fdaade56e2337e79ae0fa06bbc9378e5621684a737628e6a06bc5408bd73566c3838b8cbb3e0653ea430d63726a808a5bd92f19d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a85cc9d7943ca6d3_0

Filesize
97KB

MD5
f1610ab7cb115786631481ff1cf2ebb0

SHA1
2918462c513f6b17c71e2f2d72651c8e45dc23bf

SHA256
dcc2fa0ce1095e5e9ff6e59bb2a34ec465554d96e99153d173f6e912bf9c25ca

SHA512
243938bb20e021f80b8d375774110234464b1d91805ee032dc6de7226298210fca4dbad5dd8b053f928c0940bc2015551153231f4fe625de2aea75c2ab5c5e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6bf668545805de7_0

Filesize
310KB

MD5
fce6b0bcb0d8729563ad0e679cf15173

SHA1
2eee9bfdbfbefbc093af668b6c54d1d5c8f5c043

SHA256
90fdcc056f3f54cbb2c15cdd652a3b5978c87508791878076b3db47493a74f5e

SHA512
2e21841d19d1693b2693187313451c96c8628e826dfeb340def6ef69acb5943c1a0aafc716c2b30a34f7273bb581e09d8a302cede5b9909c3613e630163c3e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0542216335b29f1_0

Filesize
516KB

MD5
dc831ea298bf7b7108b1e6feddd18167

SHA1
03556ff12659780ca5a4bac476c54e2902d96333

SHA256
5de913a8e84c0eec1d16b7df30ef2d798aed33d6c26247dd76623f32390cbda7

SHA512
6907a8b0b422acd584ce4b9d3dc4261ab203e1eafa204e77d1a5f7d15f3b4cfa619a43f08f21296d80c74681699df09ae8ad879101a118641cfc6cc8128b4569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
74d3b7d9bd75d7058a6037110b38be5c

SHA1
e7e0df5a596a4d35e3ce2764637cbde4fdd59d04

SHA256
8949a26bd51d58c28633fe20a82fa30e3eb078942376c5810c305d5844aa9888

SHA512
09f9c67add37e234f299b266932f34e096e35d5edbd103dee522fe3b9f7f788b817d66b4c2b8163b20523c4c15ce2395a0143df5a80a9a4f02f89402dea804c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb61d6f555441bbc_0

Filesize
258B

MD5
354f94951366925502d3323a66338941

SHA1
fb6860bfd3e67673ba589ee39b25f96be624d522

SHA256
4fac1b39563c918708d592059e55d8f1826ddee67f793ab5e0bcb8dc18aa62ad

SHA512
5e0c071b584e9deaf4bef7faf18dae3a8dabfeac0671b6cfc1b3e9f8beea29b412aa709f5d0663bb88b1557f0880c12fb99246f69d654509880d1a18858bca2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e6b1a5b72320a4c7b4e75f635352e9d1

SHA1
14651ccff77baeda4284b1d312a8624f37319e08

SHA256
2b6fe690dd4496af39b1a281b0f1ad67eab4051dc5821cbc0449e89c0980895b

SHA512
ac6fb2ae09cbff985af94b121df31b8f968c38abbf71f4ea8109c28383367138b103143d9f2f24f5261b670e19903459b10cfc404cb82d87f3e2a2c19d2c64c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0b95606cf78ebc709678804eec6c4d7d

SHA1
956866b620763f9a7bf83d0381d474d31fa7cf49

SHA256
ea81a14349f2d85466c701278990464455bba50de53d030f920e0fda1d7990c2

SHA512
dddf2b7e2c61d25b1f1e228a3611e1696caae602d048b7e3c113a26ff21146d9be24dc022c362a6db1ca12e73e1c3f72a8ed91c45261d747f9260c256b409a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
02cfe3bd32f2dcbb700332e937b2bad0

SHA1
b3d505003830ab15e8e8dced15f23d5a7a57a8d5

SHA256
26be2e3887f8ab1257b59f9eab35777851fdcdb473f90ecdbb190740b682119c

SHA512
089a0ca1ed553bce609f063e60c62cd3df60a27a36563dad0e4c15cb4ea21431a8c70cbf483f7af402ae389fb6297b2e4979afb2f288b8a6e00387ea94297408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
56e381ff7d56690e62c2e426e1093d78

SHA1
20ff954403efe5149ea268f530d66f32a9e29111

SHA256
91f14aff42b926dbfe3acacb332225c2e8343587e17bcbb78ab25c3b3c889df7

SHA512
7b9ed8f010043e60887ce2cede967b619d80d22e1f82379e928ff5396a4a430ac8d282ff229977db1c7a8d3f4c56734aa57ee188db79048ee84b19bc25b95a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
5899f949d9033fa36c4d65034f772298

SHA1
d6e472217ce8b18dd1211139885a521307b1895a

SHA256
b3645d97d530480547151456a3a9a40f663998864686f763828363f10c43717f

SHA512
ba77f30edbc19a8efc9bd02829bdee6a0870f020ee482422a1e931e7416ef9bd360a19bcf74d5271ce991f51a124380b232ce3c2337ff7a29a581c234c8d82f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4aece14341def1a742c1066ce281a4c4

SHA1
d4cb1c929c9820345159fe95c3fc98df4a0e0a45

SHA256
4d0c9b2eda41f2c2be3e7d096f6fd33ec1c24a5616854670a78c19da2ecfab84

SHA512
4c184d1170fadab59910cecf590ab40ecbaddd42886e25f7646c281663a087c330bf3b9a040a3145a79a8a34a0e331de9a27f8650eec47b42f82a79d8a6325d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e7979ea404926156ec97587b3ae12392

SHA1
e0c07653a9f1e1104c02b784d398c823e5f87829

SHA256
3de16116fba8b0fc398e6e2114354290c22231c59cc0e6d43b01ccc28505a0ab

SHA512
2c9a109a3920abcd8c76e528b6323ff067b356215ceaf5a19d0ba6ca9ebae7c4cc49a3a8f7cbe4bc06868a3b67e6ecd6478b405fab510d6e6869148eb79ae8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b9406266e360a11593ebfa8b26908459

SHA1
7483061120f0c8388ef1e37c4d07a573c195706a

SHA256
42468c502a4ad28ae2a1733cd4d3265ad0a2c3fa167ebfdb7267a5e6356bccc7

SHA512
9f49f9b9dd6ff35611f4e72a91c0cee4c1d335d9e0c0354341f3a129630124f5db92927be0f97c7b8a40f360dacb78bb05e1c75bc5092720b0d444e04ab83bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e29410e2e750fbb088762629b63a0a00

SHA1
68c179f1f6152b8f428959ca5cfb29d492ca05a5

SHA256
99ecdbb74ca6b1b3f07a7a8829448d4500a980cf9a8252c4e1c0b899932f513b

SHA512
c759aaa500dacea11b17743a332b4fefcb9308f396d47b4730fec8bcbe79c9fd425770a3538f3a39d0e9bd5a58350fbe6dd2dd47884e4fcfc6b9eef0a3ee5588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
253a75934b7dbf1ae01d263f6c0e5e31

SHA1
385bb4b3b53c024cd0f05dc59f3cd9d05a470f33

SHA256
7d996b678af3ce8a6989dbf2b0509e4e587b111acdb0b9f3fa5699fcb7e3ede6

SHA512
dd69a83ed69e7cbed0979e8f94d7cdf7cc46d0c75d9cde036371400b9d84947bf64f0176a71ce019b8db12a73531fadf2cb35610a968eb1b2c9ab38b210a77fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ac6fec1bbe3e3c0d5e1a099a96e150b8

SHA1
c3e4d0f8d04029c5a43d024b25d42b349a2f48d2

SHA256
40bc3531d2564655ff5d671094648a13e2226c8e43bb9a8a756d396596802ab6

SHA512
ede925ee0d7fe93f281ff3af9245785835068969d07f38b2dcc40b4b0be1e3ac23f97dd25974695fdaa1b058697941f23908ad83542cdc48d820bcccb80602fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
9d8fe88d3a5e2ece9d586e15115b93d8

SHA1
6519cac3fa3082d86011b32c264538d2b21653cf

SHA256
7a3fc63d6d6e23481c1838fd72b403ee39dec20eed779825afe4a6ca4e956284

SHA512
11046124d317b9090d37e2b6eb2979f3d545461b041f515e610efef80d3a2459217e9ab4aa56705b97057aa838d3b1e85d905e28154bde56a10cb7b233283e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
c76a0761c4b9dd6151ca513de3a75287

SHA1
e9d0aecaa59446b81c2de5738329cdd336bfddfd

SHA256
6d77cb7135e7d13a6cdb736e8ac6eb8238151b6566ee432d69e7e23587564e0e

SHA512
2d0cc01a2384159403f4e4db261a5df8c31265272445d103306be22b25f452c2382e8261c1416eaa13f40dc4bb9759629c2a0220f698b9d337f4b605f71db7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
23c1ae2486adcc73643752e02633aa6a

SHA1
670322b45524369e875cfd167397c90d120c57bb

SHA256
4cb9ea6a300ba0b81a232904805961aa5960f66130582586d7aa4e68bdc48f8a

SHA512
2b63381543b1d2df2f8f05b39528f3f11d1571cc615a60483d1b85487af129487f13afa937fa656ffff5f89b1f461df78a7cbd83711f87403058a720d5eafec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
5d43a4ea70a02150a50cdbfc42492514

SHA1
867eeb4b6f26491a9a97c80609374b396a4362d5

SHA256
32997c6d2d38c7a0fda0908f5c912b521065c1c6f6b1534e113158157cf1aaa3

SHA512
4eabd8d3a737e7ef047c065273ed7ac4affdfb90639290c35af1663395722c609566ef2d295e1983ca8f8bdf984c4997877b003910c651404adc468482afe255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1a253162b1e2c7b8b9c3327db12bcdd3

SHA1
038f1affb2e3bec0b0010836504477996acf155d

SHA256
38ffca66e1f8e8679775c6aca059a06e08a453e8f669dc50d18b5e443225634a

SHA512
d47ba11925055a1a4575c55a577d1f1fbacd99eea54c537e7ff90f73c90a57dd57f003c3d71f366e23bb102828fb5533641f05a97d0c8f3534cba1edc50addd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
784B

MD5
ec97e844fb81fc8692634ebeaaac3f5c

SHA1
d579f884fd2dd047f443459699b079a2a99d563e

SHA256
e1cab9c03030ae42abb4d26756d85e34304ebbc2a3d0106ce4f0708c5f515b1f

SHA512
750c0ec0ca5935125b42ef9dc03ffac6ec655e677cd84270948bb3949a93a787b652745d6fc38bdda8dee4ec14bcd2c3f2ca0fc844f0510d2114f57360132610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a36122c290670820e4d41e870104bb2b

SHA1
8add1e7ccd9683b20e4d29d74934b8089cb7df71

SHA256
f1014f04ac0e7f4355342362b11fac65a6b9e3fdbbcde267caf60c59ff62a699

SHA512
5dc88c0127674e311cc615475b1571f20e9743f8b2c08ef8f6e18106168ec01528f4049184d18ecf26d4ea009c188fd2391b081816396c6e60cde75a5b625fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
6a3ea49495ee7a6ed7009846eb2a5689

SHA1
637a414c3dbae6dc7c150cb3cde990ce5bbe3d95

SHA256
150bf900aba03d49c590a76a521cbfae51aa684cafc4e7df38ab516ed7763c4f

SHA512
0550739ef2447dd5b9661c9ee27b678bc2ebd6d2509fd6bbe23c8ca5968f13dfa0e73190a54aa31a6464c51ba51772f9e9acbc064e3ab325061e0ea654894ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1bcabdb96ef0764ff23dd37e9340ac0c

SHA1
f4fc4f795e253e46da7e53d08cd0558feccee3a4

SHA256
85b06d8c86700bc0af477e75d6c116c45dc672f47956e20b9093d0d86f1708ae

SHA512
a7158eb25120fb0f5aa9361a707b1196eafa18935d6a8aac16086a36a341342587700c0e5c9a9f4a8f5a048e46f5a92a4ca655694fe687d0f1b5bd35f918b88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
acd88a1152083fb8bf2b9170260092b2

SHA1
b61ebe0ee331fc198d0e22f8df7ffbc135e9f66f

SHA256
b8d65ea6c01043e456d1db3b18f214f6a98f015e84c3a5234d2ec934eb46571d

SHA512
9a74236b8b79867a72d6f4532b5bc752121917de1bbe7e4bc35ef5ef333f7500750a394acd75c7a9fd48f81a8f9e5f3f29c023d37e75235785d1ea9d62923e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e81786ce1948d2b989fa581307eff337

SHA1
0546af19da2d0c878e787b422a67b9b9bdcebaec

SHA256
97627b689a754975a261914d06aef02d79db9364caa00077aea0372ea1828f33

SHA512
718fb0c955de9f0eafd86131a264281b542d90705049f2e66a79e44273978995e6c0cd66213ead8e91ae3d8b0032701e49758b8b6c0a8307e0c71e4ec69bc721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5970b2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87cbf5a83edb8de8cb6abc2523118f14

SHA1
53f03bea760debffdee29bad4679d74adc49638c

SHA256
c27041eb487c75b5f79c7a5c9b363f44a0746cd4b77d0da7ca6ea0b26d3e01ca

SHA512
5dcfc21a48ca8b5e9ce50559a05691a58e737c56fd3c202f6e3ef70736a42b5fc862e967e11f4fce3adf619bb72ec9a7e8d6b601052030ec74676dc4eaa14e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0de5188ee76f07aeda8c626c81dd6551

SHA1
b43e919cf4adc4791ea605459de8734ccfe9f2f4

SHA256
31c108a54189c17305a2cf549e0449c8aee0f4e5d3a60bf6021f2085d7dd0b77

SHA512
9aa4a25dcd06a6423cdd37bc804cdb96f0ad0f05267a67d1739b997862b309f5386f5397080dae0adfa31ecfdbe8236ce9d0a15840a05182c0ce96f26cfbeeb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
310250c3ce290f97bcc34ec6ac7f06d6

SHA1
2bc43d3bab980cb0f122529fc1b5590f5487370e

SHA256
907ea1f4ad0eb9bf4e7b3f9a3d4d4cd5167d1cb84e37783d6e428e5d550a37b6

SHA512
9bd58973405c81192230ec7eb47f7f0e0e90063cae43375e4b3e43bb73bc835fc2e53ecb8bf60780634052563ffbffb3b57f1a122ccbda67c2b233f4ca7ccf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
980db941ec91bf344b7a670b9921ad2f

SHA1
614908f1eae82769647620207548d905363fa128

SHA256
c14f5004715d53131510be656e6661410a69ebaa7a1a267c24b0525819095ba8

SHA512
4c3073d77cf5438dbe3b9817379f672e522fa2d625d383c638f74389f0b55d22a4a251444bf5bbd40326deedc8861351863fb4882121d02568f6f0fa50bf7fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
579f0dbec01425b6b24b38e37bd856aa

SHA1
0d7f067c2c1a26e15648db5fd1031ea45daf73f9

SHA256
33353bdb9d9bb7072a116a928a98c5d8ce042dcfedbab367f5f04ed180af06c7

SHA512
7c07b4286852ee4f2fd2f2a3a165fba1821e7daf7fceb08e47570330a11c1d99b3d21fd610f1056ba976919c1c2edca38947bfca5935117165ce073488dfab08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2c137c2c41030df29779a6cdee41d28e

SHA1
b9b3171c8191e2f7b78259f46c125a7981410ec5

SHA256
916bfffca675062cde6d6728411674f60d769d3e903d37e742b69ad681b86177

SHA512
d61b53fbd2d1dd2ebcdedd5c6887027238b0f4a96bb05b3e756b4026208c67f515bdab3a2f1773ae088c56052eca744acfb72787bfe5cb220f2ba550555b8fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c3f77af703fd4040f87b446c597b449f

SHA1
5955c745a01f4697f828774fa79db76fa28cff52

SHA256
49d8356f57795f715977ac0a5754a9303f7bae948bb6df2a95ced089ac7ee122

SHA512
20ae4b22693ea82bf5065728b3589f0f541198db9b3a9613018048a53046ce9fa96ab0f8125f0c6026ac9956109be4562e0a015ab0edf9df9f3297a7386b94bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f064fa45617265df6cd77ea157697517

SHA1
02bf09ae2b383acaaf5955f77a60eebd4b975073

SHA256
94e0d0bb477320ae440bb5c4ec8442ceb0dfce5211f88ba2706b1d1bd7c5ab82

SHA512
b2bc3382b81e9c336afb0638a741caaa90eb15f6f0beffe6724c5af56db13f02554e1fccebbc23199ccc5f677f66b304f5f5c266327d9b0b5cdf02a5e776a359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3e060642e743e018e984841a44f97734

SHA1
3dc5ce3439eefeb5a3dd1bc06acc1943b283721a

SHA256
05c4188d6ffaf5fdd36e05d405fd177db282535cfe933e67c510ec56426b1a5c

SHA512
551255b9abd12924917900a7b6aaefb305435ba7885ea312ae1b55e55a073b98aeb94e185ffabc9502c8005977e84d04017b248abec25137b8220e260ebb9299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f85c7c0c57d9c9df770df059d13182d0

SHA1
25d6753c85f42a1db265aa14d0e4e221f1c8210b

SHA256
59085cc0a4d2ac88b92d61b970e422e400c4b2e450e7804f450038dd6b616309

SHA512
8ff50a7303b44cd5891c77b4c848e3f9ba9188d5824741e970a4983ce29b589e4bf2c590cd173d7d7612f4bfacc92808d0896ac78b2c0897650d2f3f5787385a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
18d0b0e67fecea4d8b04faa992fa3273

SHA1
89d3a4a2c8ee7abbc3e725902cf96b1946fe1b1a

SHA256
f041ccd5644c700989a6a5c611e70ebfca328cdf147a2d45d83960184a16c474

SHA512
3ea33b08b9f23242550c265b84b9524bfaeb0084e9dd904e212945df948c7cfd136805911b98e5ae9c8af12c491c5fa830db12931edf8cd5fad1d870a81f335d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1440191708f42c5dadb81d5fa4787f5

SHA1
cc7188e89f111972a3fd46b9bbb8edb224a37bbe

SHA256
0972b206a25f7d5f12a833596c93ceed12184839a2e5c54ff14d9a2e4eba1256

SHA512
c7a23b65b7d9b576e2013b4f68aeb72221d96a00a58ccc323963948f63aa3d607692361159f1d0e3d5941276b08dc503b599ab6c8a71a8f45147426829be7ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69d7d08ad1c5bc08bfd964d299951b73

SHA1
3d5204788a1142ea3ba7427bfe6e49ea1ce14918

SHA256
58a35f46c9f8459e98762ac2a84df8a8ac49cda609cc3f411815de9d776d7c03

SHA512
b4cfa3a312112ce233589ebd77d02cc5d998a6dd476c4a4ae668df94bfb180372af26a5b44c493f58bb005124550bc51b6f0834efe1df06257b6e9bd15e3c3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d05cc529c57744323e37117a4ed11c2

SHA1
ac4e07982c400e1ea0d77fc12cd47240280ec81f

SHA256
b24bb3d16dab95415936da6bb68d07ca3e213ad2a9dc2a37f718b18a94354f40

SHA512
fc7cd52423cacf428e437956e9426076d34df081c0146295b9f78714670574d1eaedee0ce218cc4c690d2190565ad8e958423f6bf28cd37bbf492bb469901fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc541c9e14111f25475c895993402f6c

SHA1
3b0a422d51e68629efe004c7112f7da0e4489c47

SHA256
9fb819016a879e856413476c90531428d5bebdcb2618f69224f67cdf6856069c

SHA512
9f5e25370f066d4876519990299ccc1ae3552ee277e770341507f60fa67977e82cdf90eb808c02e66ae91b4bc7fa430834d4ad4c077e66a89873ef986b6094f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e1a24474c7272dccc9045858d9516352

SHA1
2d78f9f4879d746980216b3b44626cd568a83e3c

SHA256
80c8195b0d3814a3fa562556eb080643583e01d32892f5dfec902408cea11044

SHA512
3395232a9325c2c96534b2b0935053f923175a3577eba2d4c0b41db2f1dc91592cfe6925596adefb2f866ddfc9f82e4d9e3f6b75e32125981bc254b3f575e9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e3bd7e989d94433f052eb6e7e7e6afb8

SHA1
95be7dc0472caaf6fb7725930dabd9b555bcb2a3

SHA256
cc0b04a853ca92c4d4466a3ad045ea436f4cee2478653f2d1902d1c55fdb5945

SHA512
5a04cbd597cedeba1c17c04f2b47f2fbc1c4d70ed841cee6ce5a172ee91b33363f4359f02cf1745555c80b11c3776e14865482ca70d1713dbd49e5a7f09472a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
44f39adf23e03a949000680c747ea7d3

SHA1
f520ff4f3614dd49e7238ce194ed74ce6cc15f43

SHA256
c01f2a8e912e195aa64e0ccfa52179a44b6c46ba358407f4f2b88d47cfd5eb29

SHA512
7a28aec4f364dff7a1763cd1ce6b9d7eba50c9420ea880aecd5b6194899ec7b4ce975a67c80b48bbcb05f4240ddaca430a61e4202c1070571f26d23ef4710abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0ad17710cbcbbfdb5b036dfe068c5b18

SHA1
889b5ab885c94a63b465327881a433e08263176f

SHA256
9367d750908468f5b4bfaabc870cc7793fdcd237ace92870a086d54b50174621

SHA512
cfbababb5c8e864ade78ed5c3da6336d29ce5c070f128eafa05947937410ac90d36fbda4b4e6d615c7be34576444c6f874191c89f419d117d6a46397f8da7724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d27861e5488cacbd18091a24783b0d3f

SHA1
cc99da5cb7870c503572142a1b1030c7f4049f69

SHA256
1d819420b6e91e0c8cdba02ccdf5e79a62c50fccb82bf680a8ed4ac87993ff34

SHA512
face30903d9288b893a73ab57465c3819f1f3b165671a3b3d1f1dce3eca815497fc557ce7ae207320c63c902d77ca72e3b4297f4e24670e4c76705b387a79dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e759c566f5df0fb5703b4259765d532

SHA1
0f1f13a7b5fc63a3e1c59a296b1021e911a1d42a

SHA256
36186d5470c950d57674d199a5c680b59921d4d3bc0cc66fe42278442a481873

SHA512
2c5c2f6f8f1ff0709ae5ea231d051518bbc88d96006d3fe8bb2429c5b84c83bdcd25e2785ea71c05a1f1f6addb5bacf23e940941e8c8d883629b81d5232baea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6907eb8467df91e610f3c57082b52c3e

SHA1
cdcca8b462451620e68546293b7698f21d4222d9

SHA256
a78942263b6ba025501d9ba0d3d83bfb537f568cb72be110481c375e6ac07924

SHA512
a22916fe8742cbc55ef859c2d48fd21df53db5775050e65884908d3fcdea51ff5c5e3aa752a2c946843bc39321f81844d5c3e974c7e07e93a6404f00e22cd863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d783ffce30726ecced9995edfe682120

SHA1
7924c05512bf4ded43b5634d2965b4e755dcf37e

SHA256
7963d6a389abde585ab19ff3286aec0ae166ebbab7dd15ac2713fe14e6b73d69

SHA512
63bb166cdc25052a4d5a531db97b17a8fe1277f3cd98a4d76c5168738af700eade286b9fe52150a9950dad1e0ca5997c9c614dc80c4f36ab9a6137fd9cfc23de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f7e6beaee1aed23a96999d3d31c1688

SHA1
a7345fca82e1ea18d1ce4739294092e0f92afd4e

SHA256
ba8ca53173480a1e6e4ea3b6ad2c709ecdb107bf92d0c85b6a683ff2cf22a348

SHA512
35d5314b99fd20826bd8b60ff802a3ea1a361d5ee3887d88c854ccfab6751bce77de4494f40c9e9186a7fee0a4a6a4e55127dae77b34a64493f42f92b4fc6d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ca8d022af8c654b7eab1504fc0cf4602

SHA1
716af40fc184efe8d309ba148685f22998ca43c3

SHA256
f9d4ebdc3e57a5e3a92209f3bcf5cdc93fa48a287629edf28d72e264539514b1

SHA512
30d4370f3fe658c62f325e4f3af4170bdfcf9ee45072def77a578f1737c07d55b3e24b00aba003f2807ce3f6fa465a481718a4a1aca5c07c30a7757227abad60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0261b9c2373fb26f7410fecb6a797515

SHA1
cdb438d120d6d439995d8f8c7f64e0bd284d11c4

SHA256
85e396164831485e555c7d07e1749a3b9f5fb9974454449145dc441c84abc089

SHA512
105c0a2c413f86343dd0d499125e6d3695f00c6a2eb51d529b28f486cc1c248bd45acf999a78bc9b6183cbc6ee4b169ac6a07af80d3e8d00fc4aa4a771bf6e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
319f7390964c09d79cc3e7e268064584

SHA1
4b026d2bb4cdd42a4c02404227a88e03cba54c37

SHA256
3d173b1284e633c47029e8f6e545651f47a65b40a1d044a6c52a98968f763c4e

SHA512
e0af618a687e5661e9f9eccfa162b4fc95b441c894cda67c9fc4dab1ffbc33e77a0eea295dd72cceec74b623b7f1229e72b5e48b51bbb903076cef3dbe8978a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0400f01793aedc77b66769a90a37cc17

SHA1
6a22c17869b1206c456a8959b0b3776bd3a2b51c

SHA256
8c470db228a95badde06678f673bf7008c13e9570a6269f6a5589d76f207fcfb

SHA512
cb7efcb44695721e3b305ad4d839cef03f53b8dbef01520d9e938a1b6e5742d1db09ca9e77ee7bf602a61f0d80f331943b0cbba5a3c4b9bf0e8b2099d8c45a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7a506b2f67ff6c9f807ac7b0d3c05cbb

SHA1
771cd48bf895c0e087f4eeb22549121c5d6f1718

SHA256
77eed62bf429e6ac325c40316e878724c5365e9c590c2bee206a1b11ac4e6eb9

SHA512
531988c79b36aec08de6d8ee721adf50c5122101882aef5aaca780b55f8d872d2bf7d73a48b2c80ab8f247681776cc45991f6409b1d94bc19af9d3e7239cb57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5e0b7e2ac97492ceb7f1967405447cfa

SHA1
ac32aa94f9b5eddf6bc0663e0f7753ed6704357a

SHA256
1135e019171ab034a64b83cb32d8ec575c2edc98c5c8daf1a4f410d32b9eba52

SHA512
18adc769094301e80798fd1e5fc25feb08276f5a10cda86c11e8a3bb0ad01fe1848290e482a4256826bc2ac14e7b3d075bb3bbfd93703e969f0b39cb51a8b155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e033a0659341a3b6c28cbbc5aa5edde

SHA1
aed647cf6ad1c2693485019b66b705527892c375

SHA256
e517757beb49b502e223a74feec14754d762894c2cc34a403f464da6ce05cd22

SHA512
f90e443f7fb4f68d9d0fe709c9695a35f1e84736dffeb6b1230ebc70908144bd7a364a61c03afa3611b3ac8d4f8301e656449c11887fcc4ead41b4fe757387e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
372c4fd40988b055d95e23d3978c6d5a

SHA1
e622d497e4ed86d00d54935ec7db2a6ad4b2e90c

SHA256
4a8e52693afa0423673ec119e7a48ede4da94e7433136fb9e2255e52ac32f743

SHA512
e6c93565ddbd46221692624f41feafc9436e87f1c4e51c097514855380eac8bfa0340fc83b885514daba1d6847f0581c6cf6a13014d8388f0776e192b484b8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ed3e5471b0aebc100617000141c7d98d

SHA1
305d4abb23126f65cc5c3def83881e5ae93ba41d

SHA256
4f13731b518ec6bd7a41933b53def3e71fa198f5900c07b7018862bb86fdb21a

SHA512
a09cc26d28adfec864b9a42a16bdb80d524035c8f637179e4ac000147a0371092eeb81ae99bb5a217125d5d7cc2aaf68f4431095a7ff9585c7ded7c71f5211d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
790a641f7973c6ccb240a4867d111e7e

SHA1
17847de686a96d660aa78ba2d5fdbc24b619e724

SHA256
a0464d7d15cd874ddb610800cc089d3f9aa0bfe04cd3861d6c598eac771bd09c

SHA512
50074aa3fecfe8da15ed990207b51fd3e289748f93766c08c07a2d931093595f383229d5719cc39807efb48fd1d5353ba987f12a26d87a6ffe64a327472acb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1510dbd8b8b7174ae559fb85613f36c6

SHA1
a0e54b4be6fd217fe3c338e9ab0842993e568f82

SHA256
a85b51a78d1be7561fb00ec65d04ea6445fdfd091af0d600e17be94f0dc29521

SHA512
f6d25b39945441bfa7991acfbfbcf1b3581cb2fca7f43bc491cfe2f4d19a1e4ecac35695734122ba60ca47e90c9b10756005618238ce451ab5c730140875663f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
84b14cf93edaf30e36deb0bffb804608

SHA1
0ca73a6895dafbcfe40e87d76c636b0793c00d14

SHA256
63986379baf50323b836596453d9383dffef73b0156c49e6d753b32d05de7d77

SHA512
564eb6056c3bcc7afb6c073534e59bd549867b24cf4bc048f7ba4e6993ad978f0cdf1515a7791e2d086a6676d2b4bea55e6b0cdb323e84f443d4a871dbec5a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc2269b436d032afffc389421cfafb93

SHA1
cd54afce5a94c3ea64832ca641fc730db711e2ac

SHA256
159906a399f952f897f108ac7764385f69cfefae9147468ef6e6a82e0d72fdbf

SHA512
aca90927dd40900e3a96f65531372bebd6f52438a7122d619b757cd0f8a4336e8fbfd73e7e8798a9433fcfddc49438d6dccd0ce029b509f7af94b744783cbcf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9678220245c745209a2eb0ebc7854169

SHA1
739795f189a7532e8d966be1c79e4e0b3cda906f

SHA256
5cb2a4e38899094ec5a8e0527fef0b3d7e3f8bfbb207418695676381baa79763

SHA512
0a4c7f1ba85c0c878891c24e781137bf6412f93cbab00cc7b8a4d714fab538acf7b88c498d2e4315795435e83b7d9bfefd7e19514406b627d4d7f9ee869602f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
73ed085a199762274128d5599981d386

SHA1
b2313609dfac13e6e8419feffc7e43b0f4620148

SHA256
4dc14726aa7cd7873d969623de17524fbe6d93f036386f33996ae1b959d9816c

SHA512
d930314fd1ef8acb07f006c927610a9ff5a0f489511ea203a2281b31d294d6ec6aa1bb99cb3a6a5c4ffca67b6d30121711a254620a0a3037d6cb3b2df4cb0aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
01243807e9944a0b703014443e098a4d

SHA1
65d7302bf3bdc218db82665837268f5fd788005e

SHA256
3082b7000d947331aa4deb32bcae3418f787c1bce74179cec2344757b6811336

SHA512
856e2b2f3c1be07e7444c57f16c2388851f67d9c00f97164d18704987c686644a6922488677519da616c53912e7cb144726481f70961980aef53938049f00345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c8f3a02a6c8925f549be49ad9f68fb8

SHA1
c7d90c72f6dc4179ec37990ec7383d820da57dd9

SHA256
89ec655f20db6a77d15a9b8376f1bf6aa3b8554799efd0aa656fc435b51c2dd1

SHA512
552488b18e7084cebe0b4fc4d66e75b6cdd912a16ea26aa04c47efd15e887fefc6c3a6cb545d942b0f9a54a175667f8b68747b6ba9b705d16f44537056cd8c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8df08d1e8ccc5e17dce7dfc144fa6c09

SHA1
2105d771d69dc5da18e993ec96d6dbfe5d7c0036

SHA256
02b5236e07138f225a6d17ef929e7da7c8d29ba0637ba4703833b753f8e812a3

SHA512
e672204a52a4472381daf79eb693672e4fb74c8aa3d706152b5dbb7326e5732a274900c02dd9c89f9cda609a650f056374f84bb4c1164efc4d976fe01665b49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1538958c6aabd1de1e6026f90a616ead

SHA1
50227955796e5f79b3866e78860d2bd764ea8b97

SHA256
fc420bc355f1c18251d893eb9aab235ad5f15d03d0dd6bd60847c2fc01f7f46f

SHA512
977bd2b0dd1d6a2d8f64ccdb6393325febb95041cac8f9110c94de8c222231ad2051ad32ea1d58f11cbce1ed98a602a9dd092f333b9fbabe6f292a5df497cc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
559212dba369fc7400561de36972a20e

SHA1
b48b9f2adf89e20f4e3c5b15214adf321d3ef4d2

SHA256
7348c97ee25fe67a46619cb587df66e9bce3ac586769c93f2992b59b09b11919

SHA512
04543b9058cbf864d9346c2b6747fc52724b9c7941e4f51dcf46f4c00bd5d14c83cf7e4ae72e38a25a71864b37aa9efa7e3450240b7ef085e98a37bc1e24d9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f3c515657e5523fc8ea1d7b4b75fd892

SHA1
876e3759a1a9005ad8c3a3204275e0d0d9cf6b89

SHA256
fd1793831f92f69618185f7a7317927e67599cc4c99e29e1cd00fe24ca24f2be

SHA512
d1832490f308d8b7fbba5bd2d641106550f7975d7f7dde2ca9569e6ebaf907b31e4441fce4003768cc3c6aa994faabcc7e8852b0c027636c8a2145d7db2c85e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
39b9ee631c4268486b5d6146954f74c9

SHA1
2aef3efbedc98cb8873a740dfd4de20b2977c8c0

SHA256
dfca4ce9cd12cfa2631b84b99268d3bb3d492c981c29df03b20be94bcf80f92c

SHA512
25e8b481275e26de8ea34f42298c26de197ebe053c0f3530bbab752bcdd537265c1aeeae49b141cc7c5519dc36d168f2a97e4ae67713881852ff8098d5e15197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c63fe7e160ac86ed833005d99adb3138

SHA1
8c869e699ee544427422f1e06497b4b4ced3b183

SHA256
54513dfc0ad67fbe2b7aa8d2526bf892c24796fea1c3ff2f1b06b602125ee19a

SHA512
9d57ce0ff2eaa5dbe9f00333973ca96d8f5550d7433d01cfc37e59f30e12fabc617b025bdd23a2db041edec0e4c8f7c385616da8a72ffe1cbe83fcf98b3a2552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
94ce4b2ff0abce6d838ac24a1b0f4e73

SHA1
02f4a956ed4f2e2e0ca9c4b75bf8e7245a1cec88

SHA256
06180545891f02875414f56a2a8ca3f21c2f415e03644674cff1c9674cb9b222

SHA512
b3bf05777fa4abbd7c475657dea5ca9c00600ab6226843150eff563837c3232c3b513afc0ac5ff1976e35979a51f34710ab74582d1316282bdcb67cc17493c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ef30b5850d78b050b13ae82ee13c6b28

SHA1
25bcd922ab2c62d47c9bfac3fafcca08317ad8e5

SHA256
dfd732ede1af0d6dc560b9fbef26f92f9fdf83a72da3e6910cb39843be4fed30

SHA512
f9bdbddff6fe99cacf3a670ab5504849668c9049053eca2a4b51f74eb050ea4d60629ce29a571223b1cf293101d646067f9f00e4fb3039738921e1c042419f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7b13e12912f1b6fea68c4892746dc08c

SHA1
2f3119965483b9e2c99655738ac7d43be9e69b65

SHA256
17374c0166411d83422d027c0b2dac7a4cea865993b1f644bd23b536ec7ea5d3

SHA512
bb36be107b3c7b6bd1ac1a1b59f71662eb95df4cfd2c778c92733fab1d21b9274aaa1ac6ceca2399cb3f2bffb0c9180f7df39b6c797d3073ed572613b90e3197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8a844e90843f3fab974a804b5c78759b

SHA1
76062b1df54e04785c2fb496aa2e463a2c70c646

SHA256
94c86bdaf1f175095ed21b32a3cadaa7a70a0e3dda6e129a3cbc33dab4e6b90e

SHA512
54e6477f206b36ea04da0ed2a48fb5d6e084986841a0f600ea2b77c73eda8abb214372f4b9a7b5dfbfa0fbca44b87189a07b15cfa8c4f767052b6b27f9eed878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13322979f2faf8091e7b70471befc815

SHA1
7a45fd37b9f87c754161fb6a9f36d487e0d1f9ac

SHA256
7e0e14bb5767b0993d80ca3682817b49492ee45dcde399009f9c7d0a5941fe93

SHA512
7bf3f8587ec79dd86340e59fb2d1a52f247398481661d18aec334c76ce94ccb46e7decd599d9430be98029620dbdc97d0413e6024b0aebb418901b3f0880b368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b431828eb0c46251acb895475dbc6aa9

SHA1
342761452dfa1b42e102b8ed7c136e48433fdd9a

SHA256
a70d382fbd0832198b132ba28ad29040fccd5bc49809cb2f820e67250e948ed7

SHA512
8a97d53dcf5dd994d237e682c0b697a53fa4e21eed4802bbd173cc9d88dbc6670c69e4eff5ce05122be32dfaa48cc87ccfba69a1e78065add8bc54eb4ea58e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0470c9f744d0c0a03b0f44bfc022ac01

SHA1
222428e300f58a9f18984a00e77ae890ea045330

SHA256
874405fbaa20984a3fdc3262cc486880c541a5f394673f24c9b1fad9927b136c

SHA512
99e459ee02ab0124db76076c3096a4e8e63139c6166820b53fa9b75198fec7fba17a5b566c43753119a5185d6a561881f283ca4ed9c8c17f35737c5985e97162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6cb2d3e4d647c2b36114925645a1cff0

SHA1
7597973ff357427604d7951209c3dc86279eb730

SHA256
14d89b09acc50445060fed7f809af7ef3e76dc1bf271146f838d7a67e087d074

SHA512
1cbef13033a5a362a932bb5b7f7554727e943534345d3be709e63e9879c939ed1b4c4b9d787659b12e579760380916dd92873982d2cd0ed681c5007f00a2412f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
439db93eb4caf7bac27ef53dade6e564

SHA1
c33409ccdfbe56c65d0b580eefd74e4aa5fbe798

SHA256
3743549be22d1365102801597e86550cc76fcec544124cdd3c9bd55ee4fc5528

SHA512
4766d9dfb0957c9c67e0e9d8088cb3f8bd9173b33822d8a0f4804281190461ccde9464a50d9298a710426e161deec7ecc7fb2d797ccc47e6036cbf27b6c545c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d2a20.TMP

Filesize
1KB

MD5
7007bbde0f916d6302b8c7fae3a49696

SHA1
44586a880a6d33941f388441ef1c1aa84347b92b

SHA256
38d23372c57efdad640a631506897deb5f5024486f035ee02b4bcac4ca2b173d

SHA512
db2e77b184b3811dd145a50817dc9b01449edf01c1361d6e1f3a6b3026c143c90ef15404580022f7a95a4ac2e787f5579ec6251665d2623cf848437af87dad82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ce83eb57644151f7f3ee501aae32ed76

SHA1
418c99be6e6a30c3da6e0c169c7cf2530720f43a

SHA256
f93d8ca9d169b69efc79f4366fbbcf1f58eb56dafc0580b65b86fd32c1311890

SHA512
9bdf809a6aeaa5b66ff0818691b80b8d0c48515399a93d151a77b8e0059c4dc993b308a0cde84a72224131fdc324d272f6a06b4249e509398d749c41801430b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59cfcb8f589bce15ad12f6e988b9c93f

SHA1
15592c2d5bf24528afe8763f343ffa14eefd8bb4

SHA256
c121a77fd9e830e9d5e58810da0ec97a4a75397b0c9bc4eed4241503c32f1598

SHA512
45de2e7f23443155993ba712128ea1b818a192a797407443a17f1be292d2991559016f8943162d2f2f03554871aba02ee682ae2688e11b8ddacd9a0f114d2c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0101b37019474905ca12d698b257bd42

SHA1
b00ef7919870ba3a32ce18af5609957be14c5c5e

SHA256
1976046a49de6de6fbe7fe04641e83f700c867ca41370fd6a3e320439d52e94e

SHA512
008c2d69b65a2f77b06a575a16c2af4fb9ba790a6c692e31f9413806e3e7086d1fbde688a6d7852ebcc14055d9c971716664f58746c8e5487dd4888a7c70a71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8b168a8b91670e3bb35821508ea9869

SHA1
3d657520cb714845b1339f2eadeae039290f8217

SHA256
81e3655d84207e4354be73499e9f27c167ac269e111de6f5a5c3715fbb6ae883

SHA512
092bfc51ac3512c1b669e199e9a2bf7c420f36eec6765f0692f457ec5eea652a7f4d463d76d16dbcf493b1ccfa69d13a63dfd4f96cb935ce1f3818f8a3eaa0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fdf8fcbd1969de83738bc49e8c2ea98c

SHA1
810aee1bc8e8acd693e418652e5696c10abe8ead

SHA256
8e7f743f11a81251d726b5e3216abf7292ac9b41b10a3e008437c4d2a5bab27b

SHA512
dfcfca15131c7c130af18926640de6c1541614f3e713cd04a7fa0da2943e1d0618e428b26838d1655c7b9c91f9c1f9a95611993a333b5bfc32d56ad9c46440da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa70ca88d07f52c562b8158c4637d2e0

SHA1
2113b7f4d66bc16822b4e2c5c0d3e524cb9301c2

SHA256
9e34cdb2996acfa842df6bd429541b18efe9cf791d7a7a54b94a77fdf6ececf7

SHA512
4160c39459400988dec5855cad22e91973f1ba7d065ed08932ba1db8d2b7b50237af91c00eb19ae245d308d853cf25ba05250cc79e95e0a3aae40c37a7741aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2c3a11f1684ef410081ec66995d5a50

SHA1
79866d68074d45d8e591bf249b43470f0617aadd

SHA256
0a8b07aa31753cf764487f1e3f341ef73518e0d29787cb02c6f7bb8e74039e93

SHA512
cd4c69a3eaef61755cbe9a11b9b188236bf2e6d707357fa1a8199a1f94abcc7662e10147988109c305c3ca039549545157e302c5ab174e2ef10cf86483c9349f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2bae859fec990221c6ab526ba52238e3

SHA1
190e5d1849bf1f3600a3e30ed4676d995aed3c9b

SHA256
74d8b84f68c1a7f3ccb13a98af4fc1b654f34cbb4779f25b10fa1ccbcb04a598

SHA512
71fe9b9f213e0e83e1f96d64841c89ae6d925c4d519f32eeee7b7ee2675ba96b00438adeed296c2c1e7f83df5ae1b8f1f9609474bffd55bf491b78f204d8d7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0457d571be6a6f5d7e8d8b93722338ff

SHA1
3bb4d53097242054358f07d3582a69b1d70dc851

SHA256
280a73926a948273115a899d7fc98bdd6284af1e3d0690c1f093fab36fee1e2c

SHA512
ec26a402a832c6d6643d306e209331496a1d039d3ff869172b00b387243d74391fd389b2ae9655d6bc28004cf7758a3faf804df4c36d3309130d8c553f6c4734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
625716ddaf05d8217db12fb3e57c4990

SHA1
de2e125d4b3d0d3d9e92ae8bc27901ce869d018f

SHA256
bbdd232c9671b9b996ec1df251b8eb91bf3bcd9bae88c4c40bc251368caae936

SHA512
642f1141f69f179b45fd93b83e68f5debf79626ba184260567cafb1f92b036460d691c89a6cf2b954f59ac937d3e2abb7109112ef0fa9acc87b9142fc7a9a291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac428e171b7b1c7e013717f9ab62bbd6

SHA1
f66365c4fcd093e27bd5aab2c38cf80e14456a67

SHA256
fe980657bfd83c23765fe4a614cd3d7f7dd0003c62fab141cba911dc1ada6ff3

SHA512
c1c08d12186a90c607ba7743c95fb5f4dc69103477036fac0c1634fe2fd52e22a8e0606ab755643c6d03863e18901a9411415798815ce9e16a2283256fa31eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6dcb360358f7c69783bd9dbae724f39

SHA1
a5dc8b988816c11cc16b7eddc0957127572c8381

SHA256
0be93aefa307971b98faf8a44079f17428a40ad74c3ced599dd1d46134036552

SHA512
27bea9e2292c4ee0ce6f978e4d95b9bc3454ba2e5c7fb7aaaf5fdc04fdb8835d4d21fc866a93fa176f47312b1485e5d9b4799d58f80c8f8eb7b080d863c736c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85bdd72b0bcd907212a0bcc226550d90

SHA1
07994286fb799f058a251eac3d96f668f87e48d4

SHA256
756d8679acbe4312735b6ad19bcdffb574e5e4a33350fc6e897cc299c3524a1a

SHA512
ff6f28ee8ac2f0a74940c36a5fda46791542fdadf608d25344e93d47789ff235c2528632164c7fee34a4597ec256440370604e489d931ec06d7bf31e600b9fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89d3fc632377a53cf45e3de86784e437

SHA1
cca6be8c3d6c364d6a0d2413671b4b27b76527ef

SHA256
272f7056ac96616cdb46d604b3204ff58c08fd75cfe78ce1c70b87589c9601fa

SHA512
355fe98203d2580a7a071039f1276f73489a6108bd8bc31fcb374fc59616b8491df63de09a5169a09028fb45b992f1fa34511c86f0e10e4597b74ec683b933e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c921fd787419c8aaffd7060def9f941a

SHA1
02ed80dc3ab5bee8723f9258225859a3058a947f

SHA256
6dd864e6d845a92e13c318115d5cfc822a66a84d6eb7d542050f845741fc3ac3

SHA512
a61dc0be75bda936ae94fd7e846edfd458da6a2ef9df76c37734d3f45a07d5fd19e36158794d0e5bad0e8ab8242e37fcf4beb17fa265ecd55eac1fd4df75b52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00a8ed8d13ae44f317f704edbdc740d3

SHA1
92198f387ebe3870023521a147a88ac574690e57

SHA256
fc62d957e2d4207bb5c2ca0a207efa24cd03bf629a9cc53366e1e211b04a5875

SHA512
5e252b4e902330a72527e151f8b2a85ac729497795f2c91e9f6dfe21f1f83c91148dda0bd858df168e750cd9104499473944ad8e47cb3010abcd83a3c662bfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ecd3c9cedb7c028100e6de33cb466e8

SHA1
98204b5db5404b2b17d7151f8bdf3b7062cd6600

SHA256
b2391d93a1070a88f7161bbbdd57a5c2a8f23e07c3b18f8ff703e42aaa8b93c4

SHA512
6ec46705bcbe3a7a95b9a84209c99f15ba1f89d0039978233ebd3adc72529063fe98f9372f622195ecad2815226321b7d1233b171f06762fe533e42e5157b6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
09b3d684da373b0650cb1eb02bb3c294

SHA1
350b465c4bb256ce2720d7c828a71289b1de629d

SHA256
4679e3ba3eb037ec41e6ec6fddb4ca0c42bf5ab1945d81f754f13f50d8c8f321

SHA512
e032546d3c3f509f7c5f606bee3d5f4c3e9383ce7bc6901675c048517941dee30e733e833777780493cdd922328bc03a34dfd7bcce3644533208c7394971bcf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a6edb592c99daee8d8f380c15d7388c6

SHA1
ed327e58bc36a28616a2f4418dceaaf169184508

SHA256
74a4fabdb0fa0b945cec5066b330a896ce502dc4335bf793f3eee720b1617b28

SHA512
18e24d30c2c0394f3b2e34edd0d953c66292e9be09d42d02c36af3503fa73d685500f7d0f833be04073c06eeacae22ca152b3ab9e72ccba45ac527bd21ba150b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18ab58af9c18b6da1240b50b597d9fc2

SHA1
68da8489f1d87d1f081bed4a7ccb31593506f6f9

SHA256
c2fa8c282a399d8a387c47e2df247ba6aac779f8192eeec65a8110f1997a9e8c

SHA512
9c0e5898d14994e1ac1df3819b0933d312d8f87a505eb40608180b28c247474ecfd67c83fc866197b81ac75f32459a945590ad3fdfdca6e5fb865ce40489d8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e5df444d215ea75a6bd57c9f8ea3605

SHA1
5fa26191c2841a670ee7b11ec41985630b2aad81

SHA256
a877314da3294a810821f0a414a0aa36b16d98bab25b65a10944ece49172b4cb

SHA512
c6207a490317f15b7fa16f317127b28c3fbff4173b1db76d5f914e6f36f0b2c1d0d45ee579be2f52f10c354a33a2280ce325e30bdd1376016d4ef637e24b8e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
1c604b4fef887029e9a3fa342fa908fa

SHA1
27bd3753c25ea4ea49c7c7b564a1fd641bd0eb23

SHA256
d6a4b048b5f28963aeac2e56db9ceeb4607c068cbe06c041631b9c878964330e

SHA512
ff804c5b76e5aeb6efbd6a7650d5614e922ab605a45873aaeec0ae898e1a7275dc4ec862cd0bef20998e1b741b2add2846e4cfa9c0fcaaf197c4c50aa934cdf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e0b08c4f5c42dc238081219012fff7a3

SHA1
bb061020a229d69704dd08e44b067cc6ef406c43

SHA256
0f7f3ac2a7a72f4ec5dc94559ea390300f054388a3602aab64a283caed8a19ef

SHA512
a6e403ead615bcd77a76ab30d3b4c965c23a13124317f31024f9beae60cf2921977f14a9a7601f19b805d2ff9ef11401273e34d3193e99be42174ed8d5f6e8cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0ae7d1d5fc59d0ffa8ce7599127b0657

SHA1
7da2827e9cd0958bbff15cc56010a285d801d1d8

SHA256
b23fd6688d73e37724b7dd4620ed563451d18ae2d9f2cef17394fcafdfd6caa7

SHA512
ae1eb66355c46348775536569c594e42de10de59fffb30b25b793dfa7d41d23757d5f812a001491da0da0a8712443683f55c15a50fb81a5fea9c184cc3f1959f

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit