994d6a3c00f42e919b596a6234346a095521ce84013474aa462570aa49b0e3da

Analysis

max time kernel
900s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16/01/2025, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.exe
Size

12KB
MD5

9c642c5b111ee85a6bccffc7af896a51
SHA1

eca8571b994fd40e2018f48c214fab6472a98bab
SHA256

4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA512

23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
SSDEEP

192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_primitive.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_nvmedisk.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 28 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\1\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	MEMZ-Clean.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\1\NodeSlot = "6"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
704	explorer.exe
704	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
1408	msedge.exe
1408	msedge.exe
4684	identity_helper.exe
4684	identity_helper.exe
1344	msedge.exe
1344	msedge.exe
3756	msedge.exe
3756	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
704	explorer.exe
704	mmc.exe
2224	Taskmgr.exe
460	MEMZ-Clean.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious behavior: SetClipboardViewer 7 IoCs

pid	Process
3644	mmc.exe
5520	mmc.exe
5492	mmc.exe
5848	mmc.exe
6748	mmc.exe
8256	mmc.exe
7620	mmc.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

description	pid	Process
Token: SeShutdownPrivilege	704	explorer.exe
Token: SeCreatePagefilePrivilege	704	explorer.exe
Token: SeShutdownPrivilege	704	explorer.exe
Token: SeCreatePagefilePrivilege	704	explorer.exe
Token: 33	704	mmc.exe
Token: SeIncBasePriorityPrivilege	704	mmc.exe
Token: 33	704	mmc.exe
Token: SeIncBasePriorityPrivilege	704	mmc.exe
Token: 33	704	mmc.exe
Token: SeIncBasePriorityPrivilege	704	mmc.exe
Token: 33	4288	mmc.exe
Token: SeIncBasePriorityPrivilege	4288	mmc.exe
Token: 33	4288	mmc.exe
Token: SeIncBasePriorityPrivilege	4288	mmc.exe
Token: 33	4288	mmc.exe
Token: SeIncBasePriorityPrivilege	4288	mmc.exe
Token: SeDebugPrivilege	2224	Taskmgr.exe
Token: SeSystemProfilePrivilege	2224	Taskmgr.exe
Token: SeCreateGlobalPrivilege	2224	Taskmgr.exe
Token: 33	3644	mmc.exe
Token: SeIncBasePriorityPrivilege	3644	mmc.exe
Token: 33	3644	mmc.exe
Token: SeIncBasePriorityPrivilege	3644	mmc.exe
Token: 33	5520	mmc.exe
Token: SeIncBasePriorityPrivilege	5520	mmc.exe
Token: 33	5520	mmc.exe
Token: SeIncBasePriorityPrivilege	5520	mmc.exe
Token: 33	5520	mmc.exe
Token: SeIncBasePriorityPrivilege	5520	mmc.exe
Token: 33	5492	mmc.exe
Token: SeIncBasePriorityPrivilege	5492	mmc.exe
Token: 33	5492	mmc.exe
Token: SeIncBasePriorityPrivilege	5492	mmc.exe
Token: 33	5848	mmc.exe
Token: SeIncBasePriorityPrivilege	5848	mmc.exe
Token: 33	5848	mmc.exe
Token: SeIncBasePriorityPrivilege	5848	mmc.exe
Token: 33	6748	mmc.exe
Token: SeIncBasePriorityPrivilege	6748	mmc.exe
Token: 33	6748	mmc.exe
Token: SeIncBasePriorityPrivilege	6748	mmc.exe
Token: 33	6748	mmc.exe
Token: SeIncBasePriorityPrivilege	6748	mmc.exe
Token: 33	8256	mmc.exe
Token: SeIncBasePriorityPrivilege	8256	mmc.exe
Token: 33	8256	mmc.exe
Token: SeIncBasePriorityPrivilege	8256	mmc.exe
Token: 33	8256	mmc.exe
Token: SeIncBasePriorityPrivilege	8256	mmc.exe
Token: 33	7620	mmc.exe
Token: SeIncBasePriorityPrivilege	7620	mmc.exe
Token: 33	7620	mmc.exe
Token: SeIncBasePriorityPrivilege	7620	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
704	explorer.exe
704	explorer.exe
704	explorer.exe
704	explorer.exe
704	explorer.exe
704	explorer.exe
704	explorer.exe
704	explorer.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe
2224	Taskmgr.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
4808	mmc.exe
704	mmc.exe
704	mmc.exe
2656	mmc.exe
4288	mmc.exe
4288	mmc.exe
4608	wordpad.exe
4608	wordpad.exe
4608	wordpad.exe
4608	wordpad.exe
4608	wordpad.exe
3936	mmc.exe
3644	mmc.exe
3644	mmc.exe
1356	wordpad.exe
1356	wordpad.exe
1356	wordpad.exe
1356	wordpad.exe
1356	wordpad.exe
3348	mmc.exe
5520	mmc.exe
5520	mmc.exe
5708	mmc.exe
5492	mmc.exe
5492	mmc.exe
464	wordpad.exe
464	wordpad.exe
464	wordpad.exe
464	wordpad.exe
464	wordpad.exe
7124	mmc.exe
5848	mmc.exe
5848	mmc.exe
3492	mmc.exe
6748	mmc.exe
6748	mmc.exe
8984	OpenWith.exe
9196	mmc.exe
8256	mmc.exe
8256	mmc.exe
7780	mmc.exe
7620	mmc.exe
7620	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 540	460	MEMZ-Clean.exe	77
PID 460 wrote to memory of 540	460	MEMZ-Clean.exe	77
PID 460 wrote to memory of 540	460	MEMZ-Clean.exe	77
PID 460 wrote to memory of 840	460	MEMZ-Clean.exe	83
PID 460 wrote to memory of 840	460	MEMZ-Clean.exe	83
PID 460 wrote to memory of 840	460	MEMZ-Clean.exe	83
PID 460 wrote to memory of 1408	460	MEMZ-Clean.exe	86
PID 460 wrote to memory of 1408	460	MEMZ-Clean.exe	86
PID 1408 wrote to memory of 4872	1408	msedge.exe	87
PID 1408 wrote to memory of 4872	1408	msedge.exe	87
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 3716	1408	msedge.exe	88
PID 1408 wrote to memory of 4964	1408	msedge.exe	89
PID 1408 wrote to memory of 4964	1408	msedge.exe	89
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90
PID 1408 wrote to memory of 4640	1408	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:460
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:540
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
    3⤵
    PID:3716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
    3⤵
    PID:4160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:3532
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,7735110084444902437,13589497846422972672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4684
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
    3⤵
    PID:624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:3776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    PID:1216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:448
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:1592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4816 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
    3⤵
    PID:1172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
    3⤵
    PID:4104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
    3⤵
    PID:2968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
    3⤵
    PID:3368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
    3⤵
    PID:1316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
    3⤵
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
    3⤵
    PID:5768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
    3⤵
    PID:6044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
    3⤵
    PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
    3⤵
    PID:5964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
    3⤵
    PID:5676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
    3⤵
    PID:5968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
    3⤵
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
    3⤵
    PID:3328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
    3⤵
    PID:6036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
    3⤵
    PID:6168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
    3⤵
    PID:6488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:1
    3⤵
    PID:6560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
    3⤵
    PID:6864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
    3⤵
    PID:6956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
    3⤵
    PID:7044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
    3⤵
    PID:7136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
    3⤵
    PID:6404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
    3⤵
    PID:6244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
    3⤵
    PID:6736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
    3⤵
    PID:6564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
    3⤵
    PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:1
    3⤵
    PID:6728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
    3⤵
    PID:6976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9556 /prefetch:1
    3⤵
    PID:6628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10036 /prefetch:1
    3⤵
    PID:7016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1
    3⤵
    PID:6600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
    3⤵
    PID:6288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10220 /prefetch:1
    3⤵
    PID:6216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9948 /prefetch:1
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1
    3⤵
    PID:7008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
    3⤵
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1
    3⤵
    PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10288 /prefetch:1
    3⤵
    PID:7600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10992 /prefetch:1
    3⤵
    PID:7704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
    3⤵
    PID:8064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10648 /prefetch:1
    3⤵
    PID:7232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10604 /prefetch:1
    3⤵
    PID:7284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
    3⤵
    PID:7260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11128 /prefetch:1
    3⤵
    PID:7628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11368 /prefetch:1
    3⤵
    PID:6444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:1
    3⤵
    PID:8076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11144 /prefetch:1
    3⤵
    PID:7480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11020 /prefetch:1
    3⤵
    PID:7604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1
    3⤵
    PID:7664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11564 /prefetch:1
    3⤵
    PID:7556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10992 /prefetch:1
    3⤵
    PID:7876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11804 /prefetch:1
    3⤵
    PID:8116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12032 /prefetch:1
    3⤵
    PID:6964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10248 /prefetch:1
    3⤵
    PID:7512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12060 /prefetch:1
    3⤵
    PID:7440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11364 /prefetch:1
    3⤵
    PID:6772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12416 /prefetch:1
    3⤵
    PID:7904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11996 /prefetch:1
    3⤵
    PID:8132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:1
    3⤵
    PID:7884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1
    3⤵
    PID:8244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11684 /prefetch:1
    3⤵
    PID:8628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12524 /prefetch:1
    3⤵
    PID:8704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12860 /prefetch:1
    3⤵
    PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12804 /prefetch:1
    3⤵
    PID:8332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13172 /prefetch:1
    3⤵
    PID:8944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13124 /prefetch:1
    3⤵
    PID:7144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13008 /prefetch:1
    3⤵
    PID:6400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13376 /prefetch:1
    3⤵
    PID:7220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12828 /prefetch:1
    3⤵
    PID:8784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5805691461695688215,11758061334237559962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13400 /prefetch:1
    3⤵
    PID:9108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
  2⤵
  PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:2136
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4808
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:704
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2656
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4288
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2772
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4608
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:2824
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
  2⤵
  PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
  2⤵
  PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:1496
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3936
- - C:\Windows\system32\mmc.exe
    "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
  2⤵
  PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x78,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
  2⤵
  PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:4888
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
  2⤵
  PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
  2⤵
  PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
  2⤵
  PID:3580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
  2⤵
  PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3556
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
  2⤵
  PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
  2⤵
  PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
  2⤵
  PID:5448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
  2⤵
  PID:5860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:5876
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3348
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5520
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5708
- - C:\Windows\system32\mmc.exe
    "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Drops file in System32 directory
    - Checks SCSI registry key(s)
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5492
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
  2⤵
  PID:1860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:4920
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
  2⤵
  PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x4c,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
  2⤵
  PID:316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
  2⤵
  PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
  2⤵
  PID:6412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
  2⤵
  PID:6796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
  2⤵
  PID:6308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
  2⤵
  PID:7132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
  2⤵
  PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6092
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
  2⤵
  PID:6680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7024
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7124
- - C:\Windows\system32\mmc.exe
    "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Drops file in System32 directory
    - Checks SCSI registry key(s)
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
  2⤵
  PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:3812
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3492
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:6748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
  2⤵
  PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
  2⤵
  PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
  2⤵
  PID:7532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
  2⤵
  PID:8156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:8172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
  2⤵
  PID:6704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
  2⤵
  PID:7872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
  2⤵
  PID:6712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
  2⤵
  PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
  2⤵
  PID:5292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
  2⤵
  PID:6336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
  2⤵
  PID:8116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
  2⤵
  PID:7780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:7020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
  2⤵
  PID:2800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:2532
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
  2⤵
  PID:8552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:8568
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8920
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9096
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:9196
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:8256
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7780
- - C:\Windows\system32\mmc.exe
    "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Drops file in System32 directory
    - Checks SCSI registry key(s)
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:7620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
  2⤵
  PID:8528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:8524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
  2⤵
  PID:7460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
  2⤵
  PID:8576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:8420
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
  2⤵
  PID:8580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff60da3cb8,0x7fff60da3cc8,0x7fff60da3cd8
    3⤵
    PID:8324

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:704

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5056

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3368

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:8984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
05598e03ed38c3a0b5f7db0bcce2fe6c

SHA1
325b313027c97d87a115b6ab154a5b49f08cb5cd

SHA256
ae2a7b31954fbf093d08d62036a86b8af99ffefc18c58ea522ed70914a71cfba

SHA512
b636d2f8530a4bfee5c200564dae3b9542c01c58a4f6f5103dc101d87a40982e0b01f27685a8fe36007ab409d2c3b778e9779dfb76f5a8d57b135e27c9ce9e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d317cb06e84df81f67fba4a58f33708a

SHA1
efb2b49000cc3a01b902ab996f4947780902c388

SHA256
88f60dbe582576625e168a41afc1f40d752fc81a9fcc5d1cf5221a3a1d36918f

SHA512
81089d6f621c174da6f572a484b9903a0cb3ba25bd945474c72303bb777d851b91981ed1a6d10b9c1c9e811291d9c1b393f3150a75966a28098583bf029647d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
e0298bcdaa632f109db6aab85b35949a

SHA1
28502789cf98c21d8f620878cf0964206226e25a

SHA256
456b28a83f9f6908cee9b94cdf9a1f57fa929fb2c607c60559f0b6cd38dc6ccf

SHA512
d46b8d5ffcce9e6b38142f2f0cdf1346b0f99737eeea81386e40e3bf303e871d870f75f1da0b5432b6095044c8392254cdcf8d602e8ed181c3c097027008547a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
65b05bf48e1aa6be6d4fb01a084a98f8

SHA1
50696d1a74874144a7ada76452a95c7f3fc73aad

SHA256
f9ddd73b33976099f158e1f17feb7dd1320029f5074684d42dcdc72cdc977f2f

SHA512
6d42fb88014a013f8d09ecd0dacd2f441c47aa84937f6f43adb1fddb7c23033b8a3d54089cbfab4b9d82c904f95ad3ba9bfe2e6718ca16e6ba82479628e74e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
d880f30a4eb19b5560edc10495ea6634

SHA1
c68ebec26664ff13610c2f4d160b150e53cd99b8

SHA256
93ae3a553a15af99e4b69169de4671ca6319b10134378b1622b0e2899f3eed43

SHA512
3437dec41bf3f007874b30a170b49369c4a40a2e6f5f158637f0c5b0d88e8a2dd5d8028491291d4abf2185ad54a0651e5389e78fc83e826a5b18274c538b6b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
2e1ffebab4f2e0991b51cc2016fae4a2

SHA1
6ebc014a2bc5bc53606ed6f0b07f952219b2be2d

SHA256
29e12c843ef8811754af55d94ad15479256d38caa10ef6eb13cd3393bfff24bf

SHA512
8af1344d848339c17a747b5a950a556ab4026c00ffe017f09ac520b2068de497d4f462b6fec55346d0e23d169808a24847661f62b9c71a8d8c4207edf12d5955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
37KB

MD5
ae2b5e6fd36c38beb90ca24ed95ddb5d

SHA1
b447190bb67f2a881b718f6cc70a136d698fc5fd

SHA256
cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136

SHA512
5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
47KB

MD5
5b611912157812382ae02bde399ff48f

SHA1
6089fbf66004233d7f64b590c883156200df8c54

SHA256
8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1

SHA512
357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
45f4d9e7d2e260e8288babc1c6509235

SHA1
00b2ff2b04aeae39c3a1acd010c8814bf9f775e9

SHA256
9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7

SHA512
f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
46KB

MD5
50e7c652cf5d57d97906cc8c89cccec8

SHA1
b44c48b98c90686ac69762412e87099693cfe308

SHA256
17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0

SHA512
5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
46KB

MD5
baff94c63010c402a48da7cb2ef08bf8

SHA1
a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407

SHA256
517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf

SHA512
d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
81KB

MD5
d4df1785b364f298c87f47fc1dc58375

SHA1
b8f7cb81c72c34d68d7d468c542c275cb8c1bc0e

SHA256
a825e3de497644f6814734b830cea91f07ac72ae04803e741cdf339b38c05da7

SHA512
95758661e7eec5ae0896cef24cad756ea9c95e5a286e8de876337c3d79ecb42fec40a697b9b53e9d8a47253e987b2ed92652f0ebabcdfb0e898b07e6322b4e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
32KB

MD5
4956a5a7644eeec3c23c11c34eb8d8cc

SHA1
a5a07b734e130facc24e0d45b3931d23c4858174

SHA256
0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5

SHA512
bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
59KB

MD5
c6b0f95171fa2aa59458f9c82f36fa41

SHA1
203e9f34c6b963cd318b7eaa65d35b036a88fb5a

SHA256
839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322

SHA512
da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
125KB

MD5
c3e1bf3a4907e43dd12d46df73ae17a5

SHA1
73ae6708dd6832459095c8c0cd4174e42195b4c0

SHA256
0552a0f0a8a5c6de1c1bf9ed0c55c4d330cf8ce1282c77c6c9def49e3dbc9ce3

SHA512
c67b3fd3adf8e0a0c27311ccdda547925230191ebb972ea0c7ca6f420e0ecae8f533b4a8781746bdb0fcc37726fd1d4ce87abba07893752eeec2ba32a3e34ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
28KB

MD5
1752326ce45c039f4c5e81ea24c27c35

SHA1
4a22a9151c3c94d170cd3d23659e8e1a5a6f0070

SHA256
13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad

SHA512
7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
55KB

MD5
68ecc58a934636e32b60461c4ee4f930

SHA1
8e8f1a3a09f4ea7aba307f4f23890eb0f867e4c6

SHA256
8b61d8c123333fd1cbb0eb7aa361ef2220efa43dd08e13747b68d311de4810f1

SHA512
7d4c8d057a8fae7168b6748a0179d46a0fac5c530b9747941aea29667d07b2a9d142e1171a63eb6bf9219906313ea3e283c3fc2803b534b7a782a7a284a8dfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
127KB

MD5
e18be10e2ed58ede4f239a2515470573

SHA1
047dd06d1f9c0116a7c8d4af2b80b5a9a5f6d10a

SHA256
a56a64e128fa6ee372b07a01450fd8a5886bb97617952cc43b31a8ad4788d153

SHA512
5fd6e65e3f3e114057e4af581ba147207bc62b105ff137b6a20cbf907274cd9c6335ac37415174a07011eb0751464a89b57172c8aa20b096705b791b0a9bfcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
19KB

MD5
913413915e60e40f365fa03d349175a3

SHA1
a7f6abba98fa09a59510b7701249e5bd35b536f5

SHA256
82bdb2cf53ac633d3928d8154e15aac7f42dbf541d3b2abaa630ab0ae9ce2d8a

SHA512
e55d4c383acac0b6d7107f020348f101b43a20757179b52ad9c32768edb9fdfd0c31575a69f6bc6f03aaafac5ba6105a4ff87688c34336cb03ac268dbe096230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89128c84fef8ced2_0

Filesize
417KB

MD5
8ae0ffa9392e9ff0ed18854b02a2ad94

SHA1
5ee2158ede2653f5d813325f205cf9ea02fa9e47

SHA256
3cfcf07c7b6c7682712ce5d2ed92f75eb7a850b2176498ccf9357828b919b5af

SHA512
9abf4534cb05fa15e550f00f7b95748cc86c6628d7017c78734bb57c2c60db8c7cb92c40d8d1c13cd5265fd9109bf02f43cc4ef6a080f408771fb383854d3b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
c09ccd53872f7a45bf65b7eda577a627

SHA1
3b0dece405229e618187ec0498944112575c2d53

SHA256
9c2d4f25508b1b47d913547a939df0e79c846c0bd2dfa31ab01f733f6f9d04f0

SHA512
6d9cbf61cdd06675a8a4db31cb22db1bcab523980bb3b8257caaa1fe2c198a95cc6229b5f7887af3708e20a7ec7bc37df87bcb940c0687ecad0d4ae972d05443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3049af50539ead94c9abb6d10756747e

SHA1
4ad98c91e0dd5f1543818dc787e8586612b8a2bd

SHA256
fdf0707e0f4e900333bd08d724ef420d3933b5c88254cb41eb0edac4a4f56882

SHA512
b7f19020182a03fffdc827e3f3aff8f00f7b351211d1130e5cb5b6638983457135d8ec0b0e09cc6d89dcb9980699d529bb0eb74fe1928c75a71990b9ac0d82a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11642af9f94d1fda84233a1affdd5007

SHA1
267e7ffa36b7d8e72cf6897173ff7e6844d5d41e

SHA256
3997adff1cc13d1c1000f60f6e4fc249c38171d986322227e82c318f0ee93e5f

SHA512
3ba69dc5f0bac81b997555ea1dbeadaca714cb90cb4088fc631e853552693d05b69e37fc1eb5799b930a2bd09e2c4994aef3abcdfa1c7f1f1cb0d26f9328a9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
95828a7666592d9d00bf2ed1d3209d2f

SHA1
18d7474a259c02d3a9e8e7bf22f9f8983fde2193

SHA256
ed6b9444a87f71955017e5723417a5a681db80cee69f5d4a1676a44cab266498

SHA512
b9eab5fba06ffd3002c460d33f2db51c32889ad81cb1e2f90184c601ca78824f678dd9c84f07a7e2cf3726b94ff38cc8b439f653dfd329b7dfdc0d01d42c2f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
80eef184981ec3c18b778acb41ed6b4f

SHA1
2abb3d088af4b3501137091681919d1bd3040f6e

SHA256
a12d7ea8ff8e83358868a846eb40cc3a710e06af282cb07548f634a50b0eb938

SHA512
f0b9c85863cf2be18120a29fa7ba48a6cd6fefab1183b2356aa2a769ae04b3c5068184791edcf70a2786d98b7a7acd88e13883114870b14ecedb5bef4acca87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d531752ed98d3041244b382309324ab2

SHA1
35a9cdb5e5fb1184eca1354239d928685edc0559

SHA256
dbf12d42cf4a159800738549f75ec398a5314985386017b045718dd4cc258ebe

SHA512
9df97abe8d3c3aa8513951739bfdd7a8f97a966c2c0ae83b172f32296c92f02b2d84cec661a0129d016ce3f5a0da9aa43ff5a9bf15e59cbd5ca0e6771ae6f1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
916ed0c0e9975355d59522ec3bd72350

SHA1
3b3933cb39061b02cdf78a9bea0af8c6ba025500

SHA256
eed0793b2acd1d4fb99329372a649ebf638d3d4b7a17e1b343183bb5088388eb

SHA512
56308e5d131dbfe5d78e5e0c48d5f1b6ec902f475b5b83e3c0341b0dac3efb88866985516c1e166fdd71580c17d0405658cbc90f60bd8ab80071055ca9ebd509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5597026d6e89bdfd51497dae5d89416c

SHA1
7f18b6cb107037fe1deb2d11d90e81d5106d1459

SHA256
5994fe08a899f7b4559e8f189709e5f145b003395fcb09786fcaf804a2bb1c85

SHA512
9e56eb450358b616774dcef23862252d425e45d4d84c67a43a9ec127aa2573f0e7df0711d687f12a703f2659c7b1cc1bc3014e4dd46a3b3e5c9ec5cddfb5254e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d14119edb8c7c256d5901bafdadf0798

SHA1
8e1a582c486c7162310d94c9cf6df76deebc3692

SHA256
586b6fbb71626cb3477c549df41798ac607341cba6c279aa87cbd4d32d837163

SHA512
7d1a3557a894229630653c33cbe1f4c773a4271b8b3ff03a20f070888766010426f18a91ae0a865cf7587f28d1f3f1f5ee7ff5118c1b6c3dc647c894fd29f1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cd7d1173fcc40eab437eb87e71d09c09

SHA1
495b44190c150db05b413d2fa764a31526fa4be9

SHA256
10b5cb3e69235427121fb284672029c159b4d978879cf8eb71fd08675e12571a

SHA512
c173dc5ea939c4e2f5f1fb5d071f1d8a86c365a696471d22696cb0bd491071d2166a4e5d903b77633ffec8164c9463ec54f525c17125b4bc3605c0150860f1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ebfe625cfd65e508c8babda846543e9c

SHA1
3544263ecfd8f1ef69f1de0eb31c1bf1860f4519

SHA256
d8030c05700d51d55af2871038882b4d587734c450134a8ebc197a15c859bca8

SHA512
dca882b85abeda6571094d40f513a6178f685cf66f25bc38206513d6c71a90718eb86fdd297a22c5a12eb668f79b42711f91a0f55d25211717d7dcdb513cb2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e73b9eef73c07ff7c0eb7d5ee94f51eb

SHA1
60cbaf3e93d03fa74071efa2dbf300428c9219a5

SHA256
56dad267f9656be8096e31fd07ea0f52c6c9f2b550ded5b81289c1121991247d

SHA512
f407e56a4320c3b4415b423e4bc225943519cd183a727add68711645aef58e8b4cd1261c616556671bc6cb51f169315593cc30b3b99838405328f71087c089db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb8bba37c0904b6239522932abf2bc32

SHA1
6a956bfad49870b9eccefe722cf0f089c9b82acb

SHA256
98f4507424b65b0079b9ab80c76d7d898c2753730c991bbb87b8bd7a75662248

SHA512
f82a56ce5bac891a840e2be51f2dcf4ca9d6a79c23fc1e5a1cd9b19a64b28448821f61ceb013f7eef143f74820cb66991bfacc08f48af6d5fdb102cd442b0ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
bd9ed58b567bc62b6c3df620c7e302c5

SHA1
62a383aa0b8f2d8406a75313185a5d69fb432eea

SHA256
400a1b18e554f4a2d676fcc51bebebf224fa20f57f6460892f030cf8642d9e35

SHA512
2255c3a5091144b127e343a3535bd51144d3cf74a139301a152aceeef4cd6f83fa89867be8447ee4cdd89920a6daf5a58c1d1c9f4d11af99a29afefe3df6cb7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
6c9ba8d59f8aae12e50fdc9813285704

SHA1
6a5fd98434fb14d3e21c7682371f5e2d8f2cd230

SHA256
0e14d3c07f0e4bada2857b1770e2da40708bfbe2b53dd24008114bf4e9e79dbd

SHA512
8f684dedb96493eba6d3a8b3e491acef8c0741e73a4c887ac00635d22c61ae4e66fea4de264b5a8a4a4f666c09a5b4f4d14fcf4808ed323255738494e7b58a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
7abe1db5d02e54f190f4736ba51abf82

SHA1
ac70ddd9ab07daad468c4eb3f6c6814884f780e2

SHA256
59aeefad937be92a2af9d3b68001431c3bf62b7dd9dd6aa95ca4e879bb1a3562

SHA512
389fbda044192aa704967c3215c33ffd5ec2784ba211b2a6d1df4b9aece75559565a5b043490ffd282384ee082931da05879fd23d75fc4cb502f5c8c750feba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
2a67e82145c8b0dd8b5acfae2e799200

SHA1
51b18b0b04e49245b9b12d244f4a98fbf2cf18d1

SHA256
af32b5a73ec5b0fd8bede41fa0ac92340127f726af4d0fc10b7bd198affc4c6e

SHA512
d1594307fcc85fd326e574911f26aa743b5bcf99d74ec1d9677d33be6323f2e0246427962d2f7acebcbe0cd9011f974bf471049c96b742e1a907f09c206d0377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
2KB

MD5
ee8841dda37e44a0c27d17b5d7c5a375

SHA1
ea8a4491d77594c668c72b5b1e69e766006fefe5

SHA256
1d34a976c7e368bcf8a9d9fab6902556eb1a200b04b8dff99461a9396fbf808a

SHA512
08badd9537a04ea48c3a6cabc0441de7ff7100280dff2213811feda271f91c0641ba1b21717d6d214a972d7e0a93dd0d0ebbee2f554c34ac7e155ed2394fa46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
2b4a69b8e259aa604d2af9bf22bcd55f

SHA1
7f409c935ffa6863dafcb54708368d44062f1e4c

SHA256
1467bff0fdf08b1d149594813638f0f7ea47768dedf4972b7073679529776525

SHA512
d8ef322ea72de2b9bdfd6bffc94bf322086018670dd864311de442b943c5eb3cdabc27634d32b93eac2c8162ff7f6832d759e0fca6a28d2a95bfee94506e7d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
12KB

MD5
92c5b01a418f0ba4ab13642cbf71f46c

SHA1
8bfb3a1099f535950b8d8874f01d3be3bc96d8af

SHA256
c4123d3b310c4fe4f3e141bba982d4a696b4091e5583db97117aa6a82eab5739

SHA512
4923c6277759dafbf5d80d4d854f882b1b0e2183d9ba9b68a95e217de0a361107170ed8f37f19e748b253dee165dd1c4994fe790c8f414548f5655e5578ed669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal

Filesize
4KB

MD5
730ac4d38096721fa92a21bc192f7828

SHA1
19286438262f200402ffdb8fff612c1479a48ccc

SHA256
4a20f86b6acd24f3765588d0a0e416522577e124e1910482f55beb9435f0778b

SHA512
c53588d8e7922747686ff12829a2610481dbf0d32f37914a6146fabb961b1b9ccb468b7766b8ea8a9e29754c36299ae27826d0b087928c31a0c321a46746a5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1d073cf564ce74aa230f4094976c4e83

SHA1
00a96f734dc30e0b56521f6bdeb4d4597f37e398

SHA256
f1e474bd552a383ece59424ec7f986de796c29928fb7c702ad03002b3d600a38

SHA512
80c2f56b5580b7d559980880a7028a9f729b2091d90cfef41b79c27f467df23f9e3028ace317d2a0bad24c0af2421108e275dec3bb9a4d808ed00b025930a086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
9f63ac06cc4b476835ecac6d04704ab6

SHA1
65100526706f1e2394fc394decea85e38f435e57

SHA256
3bc6453e7c070b95bf276843610af26ed8ff5be1359985bc78f0a2a240711406

SHA512
6b49fe6e0f7f7367feff809940ded7f7001078ea656da5c310dbb3356b1ad300e98e3d9133344682823d947d72dbfc0200158a4d6b8e19565c5240f6036b3122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
c0f4e3ec0503813f3f9ce5ccaf89d7db

SHA1
435b303533a91f0045a3abd8355a7237a8be3ebc

SHA256
244aa595ebf79fc924a0900dd51a426760344c7b6e2c95e0b1411ae5fef6569c

SHA512
8cc0c6bce446b5254529118700b63efc6ad7494705e81de3b6dcb0cb3ed525bf23167d8881a22a7df8d89a0fe21007648539ac040196e7be96e88a7790caf544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1f9713ced0154295733ba0df69f69ddf

SHA1
6d5f81f668f924904684788a89f2acaeae012d82

SHA256
1998d33a3bd16038bbcb822625ef6c72d12d720abf9a9ced04bb30d93b57683a

SHA512
d79892893a55138421f16bdfd69c0de262dd489c273da139e70a38b09d008e4b9970eb3170cbe1413f6edfdebcb448ffdbefd3d178a90e2aeb7108b1dae1c41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e085310618a0e078aa1cdf18f43f3758

SHA1
9bcd60a9ee00d080bb064b42621f6c5d521de9f3

SHA256
f7ae3be61f833d38e83670bf8ed7ffca8cba4f17fdcb57bf284ca83632f033b4

SHA512
1f276df2c4f379206f0626b762cdbff051687aa87d6097ef420e7a2f8aa214ab5802826f55a4f51bcf769c2f6286cb7d6f0f3fb9127e63c5e679d7f7bbe927d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
46c91e8bf3637c9a1f9e0ac9e37cf68d

SHA1
a74e7efaa336758bb6a3bcd5149692eb09331dbb

SHA256
cf96467a89c071c2eb52a9a0c937651c61cfb21a8ad981f3870edc9f5530ef32

SHA512
b19e582991915356de480a7e19fab69bceb4d67736d579ac23c354826d1641dacea09dc5d2dd12df01c33830b72f9a8c732551841797a5833f920952de633acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3f4f93f22aa3d4a629de82aed1b0c81a

SHA1
252aa2f1665ae2ec0f91f30349889504e290d80c

SHA256
e99c1efabea7764816e9682fd79fe02be9bbbaf135fb0e0cb76220b81c4ab2e7

SHA512
c5da97db01573acbb1c2e4a1a7069f3b1a86977f9314e11990ddf0c8ff4c360ab1cc3642c6400e2a6aa6bf143e68676af40642f9be377020999e45a38afd2939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
697869884a940c6e232cde01ceb34938

SHA1
243f0a91ae758b959ed65eb6fd2ccef099be1b82

SHA256
21ef07f60859dea88f50f33ddd920f16b6af0db8fe388eb0da31e250bab49a05

SHA512
7e1310b92cf9b88a1d9ef145b54b78857868e686fbbeb98595c4244f45292ef8c102356fe671268950a88c8a25be97ee62ca945adcdb2f4f774171dfb0cd3214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5db47fcdc50e9a57582e99ddb77731a9

SHA1
8691357bddc532bc7d8b8520aac553d3aefc1f81

SHA256
206f13077b960703f432f25bbe359d10336b51a9fcab0bf6fb0d496aa6556cbe

SHA512
b6a5b0c14e5c2261490a854499a72ee99a715ddd2f0297a0a13f4a1c03a6551f92f65acc62841ef9ef970ad7217198fde8ba65a20bd3ec9b5677624bc11fe601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0c400e267ca80b953642d80496a364e3

SHA1
d14ce5151da8aa904e05cec9208282d6c618530f

SHA256
4a03a43bb60acf6a1265c849af7db2a387a5812d1f9f021fa2b712ba386f03e1

SHA512
2e08ee05ae5b8416e3883ea963fb73e82182adf7831a97c8914615536e8f8089d45ac73061f66412f1d8407d5464751ac2b8778158eb49c3222623f48768e699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
93d7bbcf03b98bfe369bb0083f4c6649

SHA1
cef2a2e5c32509f956f530dd4c951146d4d45103

SHA256
5273c7b6b69af1b8bca4c9973f48f2e6a24869bfc5bf006c588a6da8807674c8

SHA512
c00e01aae7609f9a46576301925dced7cbcb39eb32106363cfeba03b71fea2947eba6faa2a3a18e5cfc53c0807bf0e4a8c5e759c72fb6bd3da8c6d1bf8615591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3b620732a705900f5d6e4b3e04bcf714

SHA1
5458f8e0311d9642c98727e996a482c495b4be3e

SHA256
343ca106ed9fae4bc31da4d4c0bd1b53bcbe65a15a7d96a91463e15c3966d34f

SHA512
28de4992bae6812d3751b0b6db0bbd63c0d47568b0a0a8570502d4a9695ba3bbe0022242f93e35b04165f1a11c1378473333152b56644dd27b0e4ed58075e70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5106d863b904f7adce9defd462a8103d

SHA1
0ca40760efcd1822b1ec30418af0116f2b2b9586

SHA256
7126c843656ae14a033cc3243723be3bff45a6ff99b49aefe6a65f1a627c978f

SHA512
cdfff1e626808d1ff18effbdf879417ce1aa25c8cdc787dd4993b247cf80569fdba19e2cc517af28a00ec575ff8734c6897cb6218a36707abaa4f055610a5b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cb8657169f3edcde6baf7499b3044c9d

SHA1
510033b102c15eac95a1967801a80f6ec688dbb1

SHA256
f2b4258e20f1c2801cdebc43adeb90fa12b039d202aa7c1e26a8dbc3079be5a7

SHA512
5a40718d64c2d29aa54b8eca5eebacea3191762df70da6980d3d6a06701eb8be6def8257b035f9152e1ee15218eed94ca71995fa934cb424f88b3d681985661c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8523a87abb389edea7097befc47fee1d

SHA1
2baa9a440c1e66099997b065ba382ff8503b9a4a

SHA256
0f857b5c3f3b1184dd8b552846ad9b51809168517a5dbe81faeb731468fa999a

SHA512
a5d882d34416423742c26df7e76986bc3e788ee7ebf51b2ed6f72cc82cb1de82e3804d268b16dd20602bf650b67b8e6f6d74def72532e0e6321314923cebc242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
54fdc518471c8d5f30809e45d39c8c9d

SHA1
67a21de2cfae2030d0753f3857a852bac15cec19

SHA256
fc5d90bcc0a255b1357a96a8faf3682507325178fdde5b00bb9ba3c62a3aa16c

SHA512
c8a503ccca36481bf2f3c86b537e383d7cec2f9686d4c05ebb5a4bf20c10da068d4b6a7991f43e6f600c49c2dda8e0a86a306103192f6759a048f46493e9ee5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cf81a5bcc99a3e37b41c5617216085a7

SHA1
edd74be9919383bc40237359e44120c0c184accf

SHA256
ec2d69112eb285d8ffc3d3cdab529281ae9b49893923491c381e6611c80fb872

SHA512
02f4fda23fea104b9c34f3670928cbf330497f7c62088d81c19bcf2f5e725de103c875c587d82c74a6fe531732a120d7a9512d1654728b60b33b0a930c383dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
52596746725b8d964178b6d44247a738

SHA1
732134aadb20e5ce0fa675742413e2f9445aabe5

SHA256
f2e5f7db3c2f2a1208a1578c3dc60d5bba5aaa048b6095a73afa771a2c5c91f0

SHA512
0076f775a0227d6e012119c423f991077f163082727f999df8f67f654343831a6b9a69a943057e2661864bd3480be6dc2c1f138bc5b91225f854f17d1b1b358e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
dc72da216b0006076cb9cab00db1f46b

SHA1
b21d2469a13dc263d0ae608dce1422eff93f176c

SHA256
36dd05ece03d20224dce2304d98805081a982e069dc39b0c174b22c49f936eef

SHA512
c6851ef7dd2b7aadeb47629f9d6c7801fe502d686feac066e51fa1bad0aa55b7bc76044a57ec41088b8557617c99f11f42876823411c534e44c3c7129b2c8865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4b7aa15d2d63ac4a7ac954c29ae0e83e

SHA1
a4cd6e243e2f714a30c10f9f614aff7ff315ccc4

SHA256
4cc95f33c214659d6959905c65eaf157f1ee446be069cb85a55fb594e5b0879d

SHA512
6ce6c5ad6fa387892f6855836a3557a7479d79f3a125df8f288b73f8f2556d0089784669f8cfc055d3bc2715eda2ec3c138b0566255649a64d7c9052c933e5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
92ad2d129f08d0269ed851cd3a06d27f

SHA1
c3e89e2fe74f1a38679907e50b3946651573a0db

SHA256
a2f7c23552caee9d37ec69cc30efa3866e2c9df812a0e1f40f8864d823c23546

SHA512
c0339ecf5029d27541fc0c98c70ec5be75a8f61ead56732a85022ba980b62fcadc73dfb9abf2ca04872e8f8ae3a902fe8b4edb25d8a8aeb8fec0e5396f5263e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a666f710b4653702fecd0f5093836f63

SHA1
26b2a49698d76a9611bae4afbd68f1f512dd3616

SHA256
e698eb14e448ab592d460812c13219bfa0684e270905bff086312aefaa12c80e

SHA512
dae53e83fc0f7951fa87ad8d5a4c8d93fa27d99796d5c56d57b71c672cf5b9aead57101bd2101f1b0b2285625f4102d0a5c44350dff8382337e8daddb88190a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3c1a94b1d37eafbe450128d0f41d9a30

SHA1
9f9e663756354e68b59d1dc212088da8d593d2d6

SHA256
a70ae850003a5ca899d5598612c6b9b97788fd2889d233a15a7ca9da3ea9f55d

SHA512
91d12cc673ac6d279b25e381489ef2f92044c36a66b3f936d87a0a63f0d00fc4c2b2bdf00c4b05f53c34b13751b843daec537db942e8779e5986d6f8345ea6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fd898d6b6cf5effb15e1a11f6e9e4ab2

SHA1
eb08ed054284f616db2ad44b2bda3bc68445b7ad

SHA256
ef3ebf90eca841b91fbca10508198f9ede3a7292bd13820bc06774b8312c206b

SHA512
52d40e42211cfec42fe9d3f0074f2bc436571d9dfc10c2696953c8e886d6fdc6eb52480784651c27f6511d410548b900b88d69362dcc45a5905d52be49d6b94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2c85e9efe649f537840f242f07dffcd2

SHA1
2e36a46be9589122de6e5947e16e5bf4a950d66f

SHA256
1f583cb6cf583465f718a3fd64bceda301d4719575ba7b985e5efdd200b0b426

SHA512
5b942a77f36fb165c0bd9e4b84cb4862b7a1e6a206d570e733b6ee04b034969d55d50196c6b4e213338569fe37c413a33dd1f1e417455a1d11e203ddd6b00b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8b85ed3d4ff252ecac81694cb1197323

SHA1
5f3860a1519e487a7396f17fc7ccd061e4105ae9

SHA256
670a940bc62d95a90df6d48e5d22ad3903ae3eb34bc83463159e9c8c9fc757cd

SHA512
2ccbf5f4eddc9404039094d6246df12f5fe968da6ce1723db1d4de9067662de4b05288ab3690d66fc7c2dcab8bfc354a6f11302197cf0dcd1d4ff8f8b2deb688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7cbdcccb447ffeed08bd0adceed37c9e

SHA1
a244d6fc703cb2f78b4d3f483b72d54d1ede4d91

SHA256
644f27d5c45fa36dd89e70abc9ab1526b51d7207f8880c821384cc3bf7475a27

SHA512
35a1adc3cb9096a56c4486e2cc4a2d48d613bc837106e1e6fc1d8e0b38e96a485b6eb08954ea0696c33c674892837eed04a33527251bd5051c17b9119aae7e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c8a932f70ea3affe53be99580d1c63c1

SHA1
e62e020796b484ea74878c588690f10a064c9b30

SHA256
81323695470ec969a70bfe68deb9dd7d3d621f37881fa97d534b6dbe8cb0ffa6

SHA512
fcd1b077584f6a28b5537993b7d16ffa08815cf371c74b1ddccf33dd6927d58bf3ef6527953397180b8390fc345279e7b090962aa9025ceeb7db58f6efa7d158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3a47366d82c76ecca8bf116d1e7ff625

SHA1
4f51a8bc2ca71a6069cf264b26f70a3dcb79f636

SHA256
b41e36a91f1d845afa1e2926be50dcac3af1fc3835c3050b6804d78ae95423e6

SHA512
7414444bdb994043260deb25029eeb9548abcabd8ecfb5b4769b3523e76860bb215542d4d1686cd70c8d61bba46c587745484e38be1108be12f6cfc6c9c66a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4dfc9abe52191444e5b4be83e4d81260

SHA1
aab7e2344cbae732cf9f107c928bd9fc6b14f014

SHA256
4083afc76bc8b12ee1f27d4347d26512fca2a9531153f6fe62879b5067fb9ce2

SHA512
63347a92a56a9395366d8e2a8a59a71748ee28385e7a506d6bf9b832f3f2f86da907f7d3d7bdc6894753b655916686fa58613d1d4f4841c23cc2fbbea4752f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
717c25d3da0be9aab6c9239aa6678e2f

SHA1
48492b629bc4bb0416178c68b6854ea254d8dae2

SHA256
c3e97b5d284930c26953a7f48e1795ce1550c26e21242689b3824bc2cc3aa3bb

SHA512
78142b2a3135712a150815828fe7841a120f8317e50404694f4941569715d8b407bbfd82999c2ef805440ac2f3eb4055f89190099d743ed119ad72297cbff67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
85d4cbb9ac50faa77a4c0100a2474f19

SHA1
6d8e63f70074d5c28b959097a2aca52b0b7d1f72

SHA256
f99918f91f212ccc14a47bf90ca6bf048b8ce3de1455e6b66a8c5eb806e3d543

SHA512
9bdc6466f646e6e078e3e398ed4fe38a2c77ff9500851ce891302da43d5879d910a2b267e1e485ae3c553957de271dc96713a9f1a4ec17c2a44d4d8087ec28f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
34a817123a7a8f1a8aba277171e976e3

SHA1
6b279772ef179b738b2fa6c88a698abc02b52ceb

SHA256
fda7ae2b46e45b8b6af152478db471d2ea1f48e14a24aa5c9920c82c123dab55

SHA512
97d5eb272c27e54cd92fc3359e99e92eeeef161e2e7f9b6f4fab8f322c989fb7e5ba3835171090f2be23ad7d67a6445d5372d9d2d12e93714b5c4dad5e9e789e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c117effed9fb7ee34e6ac522bfeba6f1

SHA1
ca615c7f03bf92c3820cafbdb5390cf2cab3ccdc

SHA256
e3911174ffdfefe23104dc727f244972161ea8855530ebbd4caebfc27c3db702

SHA512
bfdcf5ca3c36978ca2107fe502ff194e10db59793a84e6694f2082ef421b2750765a47898c5c1d0a08a83056cb90ef577435c4f438823014f795cfad56a7efd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9c807da38ded92aff27333e6ff40849c

SHA1
d7424959cf5d8e45e251aec7e4141b1f79d144a0

SHA256
d50cc34c8ea2e7123330312aa10eb6ce8acdfba625282426e95015903195c230

SHA512
4a34440cd501e336a70acfd2cbbd4c696f6325f4531aa7ee142c4be30eaa897e5522ce64ddd155b121d15bb46e5b41c7bfdb687535d8cd783c14414132aa9a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
309cdcf101190816c103d646b482c6e4

SHA1
2d25bfbc00066cee9a5a73ed61ab610901025a72

SHA256
d64e7b6e6d5023c3581adb52a0587ee7bbe77b4ab46af947ae849aadd7d9ceb6

SHA512
e84b59bd20fae86c49982c643926bd8dcaa777e17323241f85e9fe11e420596fe96418055f6696e663eb5c250ec3708bb5bfb1b69abfda1e283de0e064e95827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
345e6cbb89d92f3d08028cd7b11f5edc

SHA1
ccdbbbf28eb44df78b5e1858531a260ab0848b59

SHA256
380410cf7894c6d46724cdbe15201a19801d77a906e9b8ee57a2d3604f2e6cbc

SHA512
97726531417ef3abc5ef1a594144e554601841f6426c2ea83d0c4ddc5e8f5e3370ec09951a89b3cd6c9fcdfb7ab59bccdc1a22ffc9e8082d4d7376cbd37abb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
284ae59108a72c61c81167ee0daf9469

SHA1
eed7f070afae422be2d7d726ca3071f266d070b3

SHA256
ff08efe6d405d6177147ff4ba3d3e52463032bd9d6db5e16820fb579cf5a1c0a

SHA512
42c24b4d0557631927ba4deee30669bc13c370d50c1b190736fa1a9369d77c4e6006006b5f024dc317f4b9893c27cbceffedef3cc09eafd4b5fedbc8542eb41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e344a4b35ff13c5fc7b3281baec517a3

SHA1
efbf886a04b0e6b9595877ed6c4ff9b6a98238f5

SHA256
9ba9a241dd352cf96f32d97550c0d49a8343239f6d4c3742f0f3f69d8612062e

SHA512
b3b04e8161dd284aede002ce410cb3d6142f887987000d7f26891aab25bd920efb4d7afd78fbb2355a81dc133882caee17cc71be64aa651a255f89d8e59964de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
45599cac37b0f8f65fec7111a62f8c86

SHA1
4c7a3da3d575a7cb445ba579d52f4ee8581e660d

SHA256
cae72928a3feeca4e14e1ef64b46bf0c2bde22bf4cb70ebf1cef7dfcf5352a14

SHA512
867f36e7410d8a6d64a275617ef7d3047e33c6400c7d7bad4666e5158790a1f633cdf53be4faa272b9ae0ac63947d12cb75df579626187c40645bfa50ef27d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
cf40473fca49decc41b4e768abc6dce9

SHA1
78b5b9c978341ce5768ffb17eacd6467aaba1de9

SHA256
9fe5d6dcbf216f197cbb1e0bc353ee0dcd456694aaa441012251fefe795a39c3

SHA512
8341c9b4467478a4b7a094685dce186ff61c5198f762861b5cc79546514b6d022b05bcee8977494a81d762c91fa8ccda51d5776db9c1fbf6e0287fffe316adaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
e0b62072a3d16c9a0096d58807a902ff

SHA1
f923d2e33da3198a1d321d8f0ac9164970ecf99f

SHA256
1bddee0033683af570ab04408859737d81107a476e9267cd250d520b1cb2d0aa

SHA512
da5ab793fe778dc452fdbe18524cc1a54badbad9e5dac5c090b75870a89825e1eeb4e60af4b76fc10d84f097c754c00c629ea99074be2f8bdfb53170e78e09ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13381508137326737

Filesize
18KB

MD5
dab8b7b38a34e8bf36bc873abb57f7fe

SHA1
2673fdc6e6e4d36c3eee909093d2c420cc745ec6

SHA256
e0a67dbbf23a3ac3e774b2dc59f9f1c554dc1be10e35ae5fe827f1566a62349d

SHA512
1933273dfb3a9fbbb349ce9c469eac9b7a40fa52e9d89215cad6c20d465b455c5ff656d9fe2d7bd7908f7fe7529277025e548d9d91c95c372ee57b7c71971b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381508137546737

Filesize
15KB

MD5
c65b7b5b66a94df4c981a8b9f86affc5

SHA1
0a2077214d699d85cc343370a7bf7080971a13eb

SHA256
2b2f8d793f2b57291dcc4c654f71a6068101845f1345a6e20d0872a58f9bb9a0

SHA512
5b2955ee4344fe430924997caf80a4e33d6248676974b7d54da9335851646674521b9be4a6cd92dbc3f3b314906a3d392648bdb49389535c2cf69a1647cc178e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
8be985ece811ba0a3f10087f5f4e6fd4

SHA1
c87c84d4fe182ffb8362f3cabd33349af94e9b55

SHA256
da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

SHA512
901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3064798ce8061471a6feacf19c697610

SHA1
3b568c4d0d72442cf8dd42633c3903889f3a0f8d

SHA256
30601874764331b39bac7b0455ba9e7da4b575208bcf3584cb1c1ee7ae147a51

SHA512
c51169a62f963881544f34b4bb6426bd5725adcba67a9b8a614e6d7d08755b324e5f665cf507791200ab00d8c455a45109683d3cb48b92a1767564281f7ce4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
4972af886d0a1ae00a64378b824ba1bb

SHA1
74547d3edba6690c0a4fb533f4a0d5a0dae46a50

SHA256
123921955cbd8afc20ebbeb82f366f7f6b8843093ebfbbc1e6bb868a231828a7

SHA512
edfd6c0f13ad6c5a325500e8703357846f57411e14749f2f4319be59463435ad4d2949494c1e1406e09ebd3575cd79ae2e7aab370fc3b1aa643e28dcfd6fd79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1850557cea76b7ac918cb76dad17e883

SHA1
31293441d73020ec66198189acb88af56bbc6271

SHA256
276d0db36a579018b745a107ac1c0fefbb9fda67951e5cfef7be672a09fffb8d

SHA512
fa2e2ee715b72061a9d5c2693fc1ef84bd1c48f52bb18afbd609cbc189c4b9f5b12fba482572ddd522969343464edf886bce17637982d8f7aab5e6aa8d884a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e03c34db3a861c7ff194d8b4d8f40d7b

SHA1
edb484b1d56cc67f41ed28a7937ff2f7fe3b7da6

SHA256
be74731fea3b1afdf079639ba14411ece5ad927d97a1b7bd778ffae94481ffeb

SHA512
29a03410ed14ce587f579e6a09301af95b4e845dedf576743e50c55c67b4e5f7d6ecb3bc4ffdea00cac1189d6cc3bec5be39f22c65a5d0f5f0a5ba54b230232f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a3c82960cc0ecefe1de4cc929897c8b5

SHA1
7545601c6eebed4eb534f771b5739d9711dc4d32

SHA256
8c37acf3688ee03dee94915386e47aeaaaddff6affffc1643368e41ffb53f978

SHA512
a770c99021d554592642587eec382c574048e723814ffb90734727dcef53b2b9f9e80424e2b3f0c77f7ac39519fe165d96b10e986fae100e14059f9a9f03d4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1dd6052cd0502ca2c00663c210a467e6

SHA1
4c69f408b7d83f3eaa863cf8ed4c2a54cf16118c

SHA256
7d13cf7f6ef924fbfbe986dd0e23bad5162d7f14168cad4110c1ed5504cca371

SHA512
bbe74e7b31abaf4010a1df163a2c9468d976d5ee5335c151d448e6d2fe4d98cbe40b3e5f1d39149814a2d481cf208bd662d590b569e4b0f0663ccdd543405f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1caebd08334445399b8f5dad19fcbc24

SHA1
c3c3f6ecbcd77aea1d3407c18b6c9b8f4e25e336

SHA256
82fe5363d44743caf507abee771fb5c1198f1fd5b16952fca8751b340be3ab07

SHA512
af89b952f46d99db48fee7c4c74329aa9ffffbd2855338cb4a1b14cf6df1d5fcc93acc228a2a85615cc70c7748109c15ff9642932034bd33110dd327b803b373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5fffd0c12581fa9344d6fa7f2eb7d840

SHA1
24200f0d3bd27818a2be9f5db2d023604e9fa2e4

SHA256
3e2b973159a5dc20651b040ec5ccd3fca3d17baa40efaeb7998cacfc27943d91

SHA512
a11bb91f694feefde8d89db51950b899ced802631c293ffe70953672e6feaa8cf27e61095aeec9ae3770a01a41ea715d9ed8bce09fd4aaec37cbc8515ce70b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
de6bbc49b315641ee734dfcdf8b28d29

SHA1
ce4cb041e5090ea7102f136d7ecd5321bd061918

SHA256
61874628b0b68cf45e8072f1181e2f22f8c855f0f260d0856ac5603faae70e05

SHA512
fea1119d544806213584403df7bcd6e596f9ad9d2d65ee4d1236f45dbf132b19b2862f119910ddfad9b610da9a893847c789de22d9e96cdb3f280ad63117b58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6c18be310f2632e71a80b741bc77a15e

SHA1
da3c2593ada505fc71352b7f19d7b60b5e0b0912

SHA256
d1eb1ecbf5ab80fbc72bc7dd4a7452830879b28de615f5aa9e4bc6b861e01126

SHA512
9f07d383a994e721f6621b89d031f1cf77226084df885c551230c390e28d72b095e0867b1baa57a0c3fc4c8c6d2bf096c713460063b1975eed794e9dbcdb0001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
3c4d0246140af23826a8e8872b5a5463

SHA1
d8966dcec9d6bac4c6dfb9e04c3a79f02a0647f2

SHA256
c856e7c1421828471f6be3ba0d66ddeeda55a22bfd15da654de55d52131fdf39

SHA512
1441943318cc03e2b4baef3674ad49670c3a30a50165633066f80eb81ca2b34971dafd8d0e861dca1b6acd92740a1267a5679773e19e5031dbba1473788b6ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f400b3ad-71cb-4816-81aa-7423030246b4.tmp

Filesize
10KB

MD5
cb7f9dc29add4ba32aed4d4d5cfbcefd

SHA1
9ca5b0db3f4b4bd44d2039236bcc851f329c6d4d

SHA256
8ddd1069338d741f02bbc143f327072b8e3404db906fc9a272a6c85dd2b7a1b4

SHA512
e7222a4ca47b44956c00103c43c277476f07bed908209c533765de10c62a8c3b1db88a9fbbe1e50dad42c79021db4f1c1c8948093a61c23b2b9e0ff8e421a688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.0MB

MD5
06f5a7d794b69bf85ce1551ba8dce8bd

SHA1
8f8a4be4da5ef2bdd764927fb85b483c5bccb03f

SHA256
f55cef8e6384cae0c273571e9b0b11400179d9d3e97d8820fd311ddb8a598142

SHA512
20a18196d724962003c87a9bbd345f5badbc355bb729a991fe0fadc31b1c797afe5e1fa3b5c6aa470aae37b5e8ee1979cefbdf596967c66fda70d89e5bd46287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e016d21fb23156b319d39fc77dce7f43

SHA1
0d74ee8ed8a16c94e059c0c75be700cb51f5fb5d

SHA256
39ca42a80e6ca05dc595dcdcc262fc77ce9f39e42cfd62ef088487dcb121b4c0

SHA512
bb8faec27fbc03713346271ff3d316025cda1c9bb6ff407021f2e7c8aff22ae3632d63a66156b1531e38dae47a59f68d2c96bd7f72632b30ba4a04abbe63b199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
148B

MD5
4807b950aa0badc98d3a102f6fbc82aa

SHA1
a7765a326d394b83f8a982c6f05088bdfd500fae

SHA256
22bca3dc113a7fe8a0e068a278b375419cbbcfca8846058799f5799fcaf718cb

SHA512
34457a4d85e30818070fa3a760e7e2a2918de83a839ed326c3ab7d6c805fc8f8c051dab9e805beda075e62f2b10074ba8877e9a286d44bb062c0ced427c2da7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
6d88db83ecfa31d660e40917539766d3

SHA1
0bb4f066e454a9315742e44f13e55846eec288d3

SHA256
2674998f1bb02e792ae96fdf7e918c2b0e7d007c14fc94b15b78d459f654a8d4

SHA512
aa2fd7fd714b7a995d09ba6f790c6210b44512e5108179141859145561cda2497f1cfef2bd1b9f7dbe5dc928bb8a584945b555efa54eb73a2a8abe0c131a45cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
106e05c39ca6746fc0d718b194982cff

SHA1
aa9a9c1189603587bb505721d30377fd7d42be57

SHA256
28683de22fe366bfb1e623a398af0cff5478a1c27bb593acf4810e278a6a71de

SHA512
899aa518b610d69072fc52e4fd6b577f2b90f946c637d98da5ef024921bba3703d30aa18c82bcdb6ae9745f6a9cb6f9cd331ff9680905711b00f7aed40dacba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
44aece5948efae67164d247d3d3afc95

SHA1
dce9ba6a3cafdb786da5b25338e2991c4ea8907a

SHA256
d31f6f287ee38313104d2d8b8dc34f1bba3a87ebee63f3aae0b41a6cccd7d9fe

SHA512
617a5a63c1d680f27a08ebae0cbffa61f3647ea0f25d4229904dbb66b277edf2ab59f661085b6f9dade039778ed3ffb6e7779ad834a1de6cdc9e8738c8dc1eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
d23f5cef8d5c32f8e572a91ea2d87b5f

SHA1
45eeef499e6957a9968b7c9b70305d56d4331347

SHA256
400ecf34288f7299f342a218a735d8528474b73762b63737db3f6532073077c8

SHA512
0132314f7df1aa6c204f1e5eae6e4ead1010d941a41119f21dd433572e6135ca15b3454de0a860b0836b4bc53d4432cb8ac15377cfda5d8732acac6e74b0652e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd3d772e35c6b42b93a4a3c819edd816

SHA1
91f5f92aaa586c1a1a3a53a76af329d12de54022

SHA256
2d779f842bdc0a23d326e191b3a5b7f4fc900fc7efbd80c49d4cf5b262f9be41

SHA512
55dc1c3e11fff53d0390298c4c24890a3cfc622a078fd350a8b2dfb019738a2bb7bc939f5c97725db20e56bf3bb2bcf6b0a57e66d7636ebca822dfd385b4987a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46758903160c1841647b6d0374db01e2

SHA1
2086c86bf90f3d02bf124604c2f8cac1bd5f1410

SHA256
40012495f718f27b31d579d67b54c41cdb91529d2f9246ecbf74bcb5587c7fdd

SHA512
ff7216a443c7315515feafb6e6fd9e9c3c2c170b704b12b36addb3c5bbd783f565075842be1083166948e34e18c3479f7431de4052bfcee2179a94405de4f118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3390ff03fb20bb018c39852bef295781

SHA1
91b7e72eb5833a4d0d7f5bc7f91479f7cd708216

SHA256
f49435dc19d7adf480335a14b98859b976cea4fff3e97f8bceda4a70f2df2e26

SHA512
b747c548bd73173a670596f39979893458a25ea656a697b7ebd98fb5e1690983e4f48c1bbe19f01c433662042ade2446bbcfb3c820d6408613ce881482505f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
760b604c7653ce22aa6635b71afd1f26

SHA1
eaf31089edd80bdce3d71ddf02b6e936b5089376

SHA256
9621a58960d51ab2eb865bbb567c7cf6c8721944d244f79964a0ae4f8fab0ff8

SHA512
6f8190504eb0ce84c0bc9674d946691efc40718d965252c2cf7616382d1de2e7aaa3f1018ebebb28a7b3f1b78d8755e6be7d9fab0f13c2d8c441120a4e56c69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42244afbb3ed344950292f455bae1dbe

SHA1
701817706758f46e20820c72978fccbad6249b65

SHA256
902cf3067b4293c50c28177ca052b1dfaec59fe8b1b0c4b0804c5744a42f5e90

SHA512
5ab8236cc1aa6e98f0cbadbe736c7bb1df807d47285d4fc1f6db19f5a333c875fe315c3a3eb245f5e22c0f254544d7df568ede9455219c698528b5429dee0ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01e5b124d105ebfaec2e0462241a3c85

SHA1
4d68d17441818c88d779d2f33dba87ba9acc7d4f

SHA256
d963f489d9d6ae4ca193bdea6010d3fb5e90c38542dddbc03cd1aaa564106143

SHA512
f05968cfee828affc51d608c84cd89afb8795bd4ab8ed4cd2f43987b9f503435f89f1ac46c85f597a3a674f2a72784aacbca45847d2a94726183aa3af2712434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2c5b713bca06c03715543aceb2bb4ba

SHA1
3ada043601c44f52274154366d56145f52899b15

SHA256
67c9890f12de2b47463c89d126aba35e7b5c84b327c6a6d306555f8488020e7f

SHA512
cd0578a23e6d4bb6dd6c904a3973dfb40009d58f5da1d31cc6c3cea16698b91ba8719c1d40b4362c03d9143aaabd5977a5f6df43e1b0c4d7e35ae4bfc10ba275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
d28cca9771587da43492c63a483379bc

SHA1
9c305b228c11e872dfa60fb9e362f99bf16523eb

SHA256
e3b8eba2ffec52d13e3659b283386ab345dceafdada5e01200b276340d4d307b

SHA512
586c320e092aa5f514b45168baee82a29dc435acf68a2649d97e05bd5098520a8bb464301f7c373df8f5ef40d9418b79203c72480380f32c506fe8fd112058d6

Download Submit
memory/2224-494-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-497-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-496-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-495-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-498-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-499-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-500-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-490-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-489-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/2224-488-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download