994d6a3c00f42e919b596a6234346a095521ce84013474aa462570aa49b0e3da

Analysis

max time kernel
899s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16/01/2025, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/getr3kt.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

7^/10

bootkit discovery execution persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
3732	MEMZ.exe
1084	MEMZ.exe
488	MEMZ.exe
2732	MEMZ.exe
3220	MEMZ.exe
2580	MEMZ.exe
5020	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_nvmedisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_primitive.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe

Checks SCSI registry key(s) 3 TTPs 35 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2532	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
488	MEMZ.exe
488	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
488	MEMZ.exe
488	MEMZ.exe
2580	MEMZ.exe
2580	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2580	MEMZ.exe
2732	MEMZ.exe
2580	MEMZ.exe
488	MEMZ.exe
488	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
488	MEMZ.exe
488	MEMZ.exe
2580	MEMZ.exe
2580	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2580	MEMZ.exe
2580	MEMZ.exe
488	MEMZ.exe
488	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
488	MEMZ.exe
488	MEMZ.exe
2580	MEMZ.exe
2580	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2732	MEMZ.exe
2580	MEMZ.exe
2580	MEMZ.exe
2732	MEMZ.exe
488	MEMZ.exe
488	MEMZ.exe
1084	MEMZ.exe
1084	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
1136	mmc.exe
4172	mmc.exe
976	mmc.exe
5672	Taskmgr.exe
5020	MEMZ.exe
5060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: SetClipboardViewer 3 IoCs

pid	Process
1136	mmc.exe
976	mmc.exe
9316	mmc.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: 33	4172	mmc.exe
Token: SeIncBasePriorityPrivilege	4172	mmc.exe
Token: 33	4172	mmc.exe
Token: SeIncBasePriorityPrivilege	4172	mmc.exe
Token: 33	1832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1832	AUDIODG.EXE
Token: 33	1136	mmc.exe
Token: SeIncBasePriorityPrivilege	1136	mmc.exe
Token: 33	1136	mmc.exe
Token: SeIncBasePriorityPrivilege	1136	mmc.exe
Token: 33	1136	mmc.exe
Token: SeIncBasePriorityPrivilege	1136	mmc.exe
Token: SeShutdownPrivilege	2532	explorer.exe
Token: SeCreatePagefilePrivilege	2532	explorer.exe
Token: SeDebugPrivilege	5672	Taskmgr.exe
Token: SeSystemProfilePrivilege	5672	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5672	Taskmgr.exe
Token: 33	976	mmc.exe
Token: SeIncBasePriorityPrivilege	976	mmc.exe
Token: 33	976	mmc.exe
Token: SeIncBasePriorityPrivilege	976	mmc.exe
Token: 33	976	mmc.exe
Token: SeIncBasePriorityPrivilege	976	mmc.exe
Token: 33	9316	mmc.exe
Token: SeIncBasePriorityPrivilege	9316	mmc.exe
Token: 33	9316	mmc.exe
Token: SeIncBasePriorityPrivilege	9316	mmc.exe
Token: 33	9316	mmc.exe
Token: SeIncBasePriorityPrivilege	9316	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
2532	explorer.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe
5672	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5020	MEMZ.exe
2744	mmc.exe
4172	mmc.exe
4172	mmc.exe
3444	identity_helper.exe
1732	mmc.exe
1136	mmc.exe
1136	mmc.exe
5020	MEMZ.exe
5124	OpenWith.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
2988	mmc.exe
976	mmc.exe
976	mmc.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe
5020	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 536	3112	cmd.exe	79
PID 3112 wrote to memory of 536	3112	cmd.exe	79
PID 3112 wrote to memory of 3732	3112	cmd.exe	80
PID 3112 wrote to memory of 3732	3112	cmd.exe	80
PID 3112 wrote to memory of 3732	3112	cmd.exe	80
PID 3732 wrote to memory of 1084	3732	MEMZ.exe	81
PID 3732 wrote to memory of 1084	3732	MEMZ.exe	81
PID 3732 wrote to memory of 1084	3732	MEMZ.exe	81
PID 3732 wrote to memory of 488	3732	MEMZ.exe	82
PID 3732 wrote to memory of 488	3732	MEMZ.exe	82
PID 3732 wrote to memory of 488	3732	MEMZ.exe	82
PID 3732 wrote to memory of 2732	3732	MEMZ.exe	83
PID 3732 wrote to memory of 2732	3732	MEMZ.exe	83
PID 3732 wrote to memory of 2732	3732	MEMZ.exe	83
PID 3732 wrote to memory of 3220	3732	MEMZ.exe	84
PID 3732 wrote to memory of 3220	3732	MEMZ.exe	84
PID 3732 wrote to memory of 3220	3732	MEMZ.exe	84
PID 3732 wrote to memory of 2580	3732	MEMZ.exe	85
PID 3732 wrote to memory of 2580	3732	MEMZ.exe	85
PID 3732 wrote to memory of 2580	3732	MEMZ.exe	85
PID 3732 wrote to memory of 5020	3732	MEMZ.exe	86
PID 3732 wrote to memory of 5020	3732	MEMZ.exe	86
PID 3732 wrote to memory of 5020	3732	MEMZ.exe	86
PID 5020 wrote to memory of 2172	5020	MEMZ.exe	89
PID 5020 wrote to memory of 2172	5020	MEMZ.exe	89
PID 5020 wrote to memory of 2172	5020	MEMZ.exe	89
PID 5020 wrote to memory of 2744	5020	MEMZ.exe	90
PID 5020 wrote to memory of 2744	5020	MEMZ.exe	90
PID 5020 wrote to memory of 2744	5020	MEMZ.exe	90
PID 2744 wrote to memory of 4172	2744	mmc.exe	91
PID 2744 wrote to memory of 4172	2744	mmc.exe	91
PID 5020 wrote to memory of 5060	5020	MEMZ.exe	92
PID 5020 wrote to memory of 5060	5020	MEMZ.exe	92
PID 5060 wrote to memory of 756	5060	msedge.exe	93
PID 5060 wrote to memory of 756	5060	msedge.exe	93
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94
PID 5060 wrote to memory of 3720	5060	msedge.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\getr3kt.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:536
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3732
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1084
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:488
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2732
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3220
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2580
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5020
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:2172
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      Enumerates system info in registry
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:5060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
        5⤵
        
        PID:3720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
        5⤵
        
        PID:2060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
        5⤵
        
        PID:1112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
        5⤵
        
        PID:1320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:5052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
        5⤵
        
        PID:4204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
        5⤵
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
        5⤵
        
        PID:3296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
        5⤵
        
        PID:1860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
        5⤵
        
        PID:3756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
        5⤵
        
        PID:2552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
        5⤵
        
        PID:4180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
        5⤵
        
        PID:1036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
        5⤵
        
        PID:4744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
        5⤵
        
        PID:3136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
        5⤵
        
        PID:1860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
        5⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
        5⤵
        
        PID:5072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
        5⤵
        
        PID:2872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
        5⤵
        
        PID:2352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5728 /prefetch:2
        5⤵
        
        PID:3112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
        5⤵
        
        PID:644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
        5⤵
        
        PID:1752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
        5⤵
        
        PID:5472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
        5⤵
        
        PID:3560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
        5⤵
        
        PID:2764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
        5⤵
        
        PID:948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
        5⤵
        
        PID:5816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
        5⤵
        
        PID:4260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
        5⤵
        
        PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
        5⤵
        
        PID:6148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
        5⤵
        
        PID:6296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
        5⤵
        
        PID:6440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
        5⤵
        
        PID:6732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
        5⤵
        
        PID:6044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
        5⤵
        
        PID:2408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:1
        5⤵
        
        PID:7140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:1
        5⤵
        
        PID:6524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
        5⤵
        
        PID:6740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
        5⤵
        
        PID:6544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1
        5⤵
        
        PID:5636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
        5⤵
        
        PID:6552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
        5⤵
        
        PID:5160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
        5⤵
        
        PID:6400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
        5⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
        5⤵
        
        PID:5084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
        5⤵
        
        PID:5772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
        5⤵
        
        PID:6632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
        5⤵
        
        PID:6844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:1
        5⤵
        
        PID:7104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
        5⤵
        
        PID:1872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
        5⤵
        
        PID:6316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
        5⤵
        
        PID:6900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
        5⤵
        
        PID:3800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
        5⤵
        
        PID:6948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
        5⤵
        
        PID:7284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
        5⤵
        
        PID:7864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9564 /prefetch:1
        5⤵
        
        PID:7988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
        5⤵
        
        PID:7768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
        5⤵
        
        PID:8036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9696 /prefetch:1
        5⤵
        
        PID:8184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
        5⤵
        
        PID:7516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
        5⤵
        
        PID:8088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:1
        5⤵
        
        PID:8076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10780 /prefetch:1
        5⤵
        
        PID:7608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10548 /prefetch:1
        5⤵
        
        PID:6400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
        5⤵
        
        PID:7784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1
        5⤵
        
        PID:6928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1
        5⤵
        
        PID:7016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:1
        5⤵
        
        PID:7656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11136 /prefetch:1
        5⤵
        
        PID:7936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11312 /prefetch:1
        5⤵
        
        PID:7380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11536 /prefetch:1
        5⤵
        
        PID:6892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:1
        5⤵
        
        PID:7656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11436 /prefetch:1
        5⤵
        
        PID:8948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11620 /prefetch:1
        5⤵
        
        PID:9080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11924 /prefetch:1
        5⤵
        
        PID:8476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:1
        5⤵
        
        PID:8348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12132 /prefetch:1
        5⤵
        
        PID:7668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1
        5⤵
        
        PID:8312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12252 /prefetch:1
        5⤵
        
        PID:7196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1
        5⤵
        
        PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11076 /prefetch:1
        5⤵
        
        PID:7476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11276 /prefetch:1
        5⤵
        
        PID:8348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12336 /prefetch:1
        5⤵
        
        PID:8300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11744 /prefetch:1
        5⤵
        
        PID:9128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11780 /prefetch:1
        5⤵
        
        PID:6640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12780 /prefetch:1
        5⤵
        
        PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12404 /prefetch:1
        5⤵
        
        PID:2988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12876 /prefetch:1
        5⤵
        
        PID:7436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12596 /prefetch:1
        5⤵
        
        PID:8536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13236 /prefetch:1
        5⤵
        
        PID:6532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1
        5⤵
        
        PID:6252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12872 /prefetch:1
        5⤵
        
        PID:7540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1
        5⤵
        
        PID:7256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1
        5⤵
        
        PID:9240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13548 /prefetch:1
        5⤵
        
        PID:9664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13584 /prefetch:1
        5⤵
        
        PID:9752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13232 /prefetch:1
        5⤵
        
        PID:9900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13452 /prefetch:1
        5⤵
        
        PID:10008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13460 /prefetch:1
        5⤵
        
        PID:9516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:1
        5⤵
        
        PID:9548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13820 /prefetch:1
        5⤵
        
        PID:9768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13956 /prefetch:1
        5⤵
        
        PID:10152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13520 /prefetch:1
        5⤵
        
        PID:10076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13924 /prefetch:1
        5⤵
        
        PID:9728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12772 /prefetch:1
        5⤵
        
        PID:8240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14216 /prefetch:1
        5⤵
        
        PID:9312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11828 /prefetch:1
        5⤵
        
        PID:6028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13336 /prefetch:1
        5⤵
        
        PID:9448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13620 /prefetch:1
        5⤵
        
        PID:7292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12820 /prefetch:1
        5⤵
        
        PID:9368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13992 /prefetch:1
        5⤵
        
        PID:7052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13992 /prefetch:1
        5⤵
        
        PID:9416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14496 /prefetch:1
        5⤵
        
        PID:9716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14712 /prefetch:1
        5⤵
        
        PID:10540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14120 /prefetch:1
        5⤵
        
        PID:10688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13976 /prefetch:1
        5⤵
        
        PID:11120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
        5⤵
        
        PID:4188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14144 /prefetch:1
        5⤵
        
        PID:10956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14700 /prefetch:1
        5⤵
        
        PID:11044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14560 /prefetch:1
        5⤵
        
        PID:10116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14792 /prefetch:1
        5⤵
        
        PID:10336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14144 /prefetch:1
        5⤵
        
        PID:5168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,16273241628751617447,2199676813398057607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13568 /prefetch:1
        5⤵
        
        PID:5376
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:4524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:3064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:2024
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:3864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:4168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:4380
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:5360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:1496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:6120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:6132
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:5800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:5192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:4560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:5956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:5064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:5248
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:6708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:4588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:7068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7064
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6360
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:6880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:6672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:6584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:2728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:5436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:6140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:3444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:1704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:7800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:7672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:7464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xa0,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:7732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:6720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:6692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:8028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:8888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:8900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:8384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:8316
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:9200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:8936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:8532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:8132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:8556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:8004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:8548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:6764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:6808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:7548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:6760
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3960
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:8892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:9460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:9540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:9692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9864
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:6108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:9336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:7496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:8332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:9980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9584
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:9096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:6340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:3932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:8272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:10700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:10488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:9472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:10388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:7252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:9432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:10864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10920
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:11080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:11140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:10584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:8228
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:11204
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:9316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:10836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:7144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0xd8,0x130,0x7ffa630f3cb8,0x7ffa630f3cc8,0x7ffa630f3cd8
        5⤵
        
        PID:10640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5124

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2532

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
236KB

MD5
c39d75bc50c34a50f076e6aa16d34e80

SHA1
e772eed461b1e0c3d316e0bc880a50d60a909624

SHA256
9bef68b93a772e98b2b99a1659fecc443e42fd772119ada486634cf6a9ff6aa6

SHA512
ac06f88d2c5228e74ee639d116f9710f084ddc29b9e12640ea8fa143d722fb37b9786816642fb7d87fd10e4150af61fd67005b4a5f710ea72809d752037308b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
4c61b65d01183d6f60bf80f29bd6f330

SHA1
6f94b52518582e8f519bce8c3f739d38cfb2436e

SHA256
fc70e55ad50ce4e6fd5897d6f4903df528cbc881b31afec77b42bb06f799e150

SHA512
24deea2490bd4ef1192a73c0c32fdc39713e3cc818b568e23e461f0baf7b40c9fa6d9a87437c25fdcc69cef8463deee40298437e4bb94cabd5b5f2bfeaaf7be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
8f275f3c748cfe377684dd90ed2fd2d5

SHA1
65fa8030eff79a8e49ad47905b26629426c15032

SHA256
2de7e29e82bd06fdc071f3a6f9af9d2d5b3b051dfeeb335be3b3677e24e66f94

SHA512
1426d5ebf91a51a4e827c682f2349bf196a94edd510af6dfb1733eca19e4045ac37e8bf8197bbdd5852a9c5ce921c8ce4190a2cf7cb4feae21d55e072e018965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
45KB

MD5
84faa419d86403180ea636a6fbd34a29

SHA1
1e8455f4310f3b0a653cc0eb472fc7003c90ee0d

SHA256
726f4e79e52a765cb444b96e1e41e31053a17daf41db81aa545b87fd73152bf5

SHA512
2eed684235c73c296252b8a2fa06a428c4dcf1abf169b8e8aa51b5f0c621454c6a9b97e83e03e2f67e24c4a075f7c7bb29f9d5fff352ad30e5f94bbd3693ee70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
31KB

MD5
6ce4e6a94723410cea915401fb2405b9

SHA1
62b18c253f9a8bdb5107fdbc05e60e9ecae1662e

SHA256
bf62913a7548899c0920a258904e5bfc50e0abb96af46f2be50e8a0e42cd9ca1

SHA512
2fcade70ae872bab3b9be201e68eed917844052aee6d27899cffd435fcedb6750295c91cb53a8995c241eefa2d8b46649b260d47e14c5ee404f7bbd15b328b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
49e4787d628bda07a6824bb05cc0d0bd

SHA1
4f27eccc6ced1c3a535ee1533876efc46d31aae1

SHA256
191f4b66ee855c72250fe7f4f7c92ad3a184e0c5f3b4df45f91a7796c5e38fff

SHA512
ab43ffd39189d0110644cb34196df0a336479f1e7081edcb9bd514fd82b67a0ef32a898ce2dd69cefc234522abd12e8cac905c87375a1c0406eac25c6e732bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
21KB

MD5
344c09d87755a0715e3be7a6869e0ed7

SHA1
254ae4accb099eec2e67b13017d9b3de6b6cf8ab

SHA256
9df11d479cd044bb9f64134b7325946185e79ffe54b45024c5ea5c0a5d56f298

SHA512
9ea2b692b550973c1057eedea6d649a4db3b934049714b2378eb385dfe021051c596a49272c6a29da5c93fcb7e30decb02dfc3a2bdf6116670a81bf5521ac0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
4fd9e1a4cc8135664d1df164277e29c0

SHA1
8c3637673fbad779dd9315b81ebdea58d28e9db8

SHA256
e8ba6fd025b9e152b1d105db5c76df775ae9b657b227576f9a66229a95e0c4ab

SHA512
ee5df56010dec023472b2b0fd53a17ae7cb26d4c7b0ea9a910500fac5553749624574f3a9ac77c3aa8e1b6baabeb1e3fbc5a4e5c4d95c020c9db1af88a5282c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
136KB

MD5
aba480be70e30abc103f261c18cc0f15

SHA1
aab1fdfe6b0f06a9e959cfd266151ee082cdefa0

SHA256
9fe478d06f06c550ae32e48d5121ba9eb03f3552535d7603192c8275b60f2cb6

SHA512
41d2cd371de5bfa4c04ddd4f4ef59b476a84b8d0a688929cae643f9a1ddd1ed2134f9908c6a282f9e5da357c4907c087ba4fa8ccf099b6dedfd68c295fc0506f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
29KB

MD5
071d0628cae2c51109a5b5f5aa5ef53a

SHA1
8a2223731b9befe68861f0ffbc383cee8c17cd0d

SHA256
bb1d14cb6dbf3d24b28df7823ff19bce6c0e2e8c2d35fe4101e16876399bfec3

SHA512
b31e83eca2e14e4ff600e3e852c9a34e7d218e723451a6a1ef6bf4a15996d502c602871cb92e4dc463572e9b7c1232f9cc70c07663f4a767cfc57168fdb4e88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
43KB

MD5
e9e2d197594b7331d92c27c33e16a38a

SHA1
4e534bf3ad1ae51e1ebca0a41d6666331da5047e

SHA256
7f2f944c4a9fa58b14766623074bc10e82e843eed8a4bd334f0edebb79c482f0

SHA512
ab994433b856247d3665dd5cee5bd6feba8ede2123aab69def2a7301676de4cd99fdd166812eebd4cc177a4ef2c2ce7bdb10f6eeea28a55d45b450a3a146806a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
37KB

MD5
22eba3eacf0b3b1b7bdcc8a587a75f42

SHA1
f5f486f632703d5a38cac5a09b8452236eed3905

SHA256
ad77da6eff8c1b6fe142f0ca82d20022ca9ac090fcd2c40188658aafdeba3235

SHA512
108d336d199374dcbd546eb66d78e3a6bc297083236488fba2ec3cc8fe5af67cc53fc3bad5946ae3907fc0d174bc28c6764c4475daaadbe3afb16dd8ab648a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
31KB

MD5
5f6fd03348fc1a22948ec13be81c8e17

SHA1
5af9ae409ffb1a567a177ebd469f6f5274e1b247

SHA256
667ed19993b71a9f30de3e96602c64d00d9985c8f7d7fb8406b8e5b9df2c93e9

SHA512
46afd1a1cae9f261c09b21f01643bb1eba87f42f1db1260329d2cf8c803f8eea71004d850acc5416334e30e9327089e7b7665542f35300ab260fd955a53e9160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
45KB

MD5
2fb4d0c41c094ec09125dd9d0df01ca0

SHA1
25d35a25a816f9e29372ab9bd0df84bd5481fcaf

SHA256
3072b2d08bf1ad8854fe66877f605ce9a8f62b9a5d5ded682fab5e41522b9b37

SHA512
7bf32d8d1e1c8c05cd91406f66d71f13d791dd41aeb1e5defe7438021f9f2fae9b304079f326495dcf46b7b950e195a18ec08ad86e058255d70e0324f6b0debc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
33KB

MD5
59a837920cca8e5bf845be9e20323634

SHA1
b868114590bc93079d6d610253939279c728de08

SHA256
626ca4e0eb258e5ea712950c3717707c2d633949f6d08fa7afdd2549b02f8c03

SHA512
ef876008b0ecd265918a8fb0b3443c3d5bebd3861bfb1e28187a3448818a6c38712fda10df95dbe64b780048eb7c6bf8ed61d8acf890d984ec7c63a90c00c1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
28KB

MD5
1cb56eef859422178e829561a4474fa4

SHA1
d5d79d13d52f84081c958d458c5003bb5f51887f

SHA256
f26587750306a3b683873b469c9471d40a9942831d12fd694f8babc485246637

SHA512
f2b67a40d1fd43e6d0caf6e66568eb6907d0ee83e2a9e939fb8ae2a3df26b0c455ee865df3a724f6aae9a02506b5b9ce5b7107fb60c09b83b05b1fb432e012c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
60KB

MD5
b145c1357eb028397bff7a38098b910a

SHA1
ff905aa566aa5054c622d31c1beaf5234e7c2d62

SHA256
682b3f37e4ca680de6afb7647c27793b4c5f16c4d73a816c1265518ead6525d1

SHA512
d799b3be705984f4e725a364b47f1f133eceb0bf02dc1cc94d6652d409c6d11e94a4ecd6e0669c731bafd51e160ff922dab59e7ea408873b4108e0e8524070f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
37KB

MD5
6ad721b415f4635a9b54a14b00e9bcb8

SHA1
da13b8b3efa9fa51545f85ca9d0c9ef6406b81b9

SHA256
857736720a419ba49f0c0b8f633448edf1ba55715e546b121351bd5a59911fb3

SHA512
c0d30edb522a189517c79f74046e713b37bdfc714a43ddf83249d3b0930e3a4a268f2f07bfd3a455b1b6375505a48386d68c3e7ce215d4ce19aac79fad0ab401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
49KB

MD5
65da8d6932ad74d3b51694b5a28dd0bb

SHA1
aa6e37cdacda153f499c299299a4dacf50c93765

SHA256
309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482

SHA512
bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
86KB

MD5
8055605e6a20a1b6312224c983d10609

SHA1
5ace6729565c5a048e18335339f3e7c3be47c318

SHA256
79faa78e851a39c5d4546b8a72c27ba8c6f103760d488aa160fb1ffbc94e5916

SHA512
c3477e6c5b8751be49dd24fb571a8caf5e78b8ea71bcb45741ef61703ff2fe463009ec59ea6b64d6ef700f1900e84d3af73a612430ea8f259c1db79005455acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
75KB

MD5
bbcf82e11fcad7def4f6bfaf7f08a77e

SHA1
883551b16c15bbe6a9d505cbfdc9cf06929e54be

SHA256
0647c1d9b00a0fc5928ea5f61bcb6c44b4e15c9a335d0c98cc4fcbaf734250f8

SHA512
df4f66a6c77da5d2e909432e66690b0ba62d6b87be781ee6aae0e8a00fa8bcd8658f5ad07a1534b2c1c8585ffd290b57447adcae4b1f902da5e4fadab6253586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
108KB

MD5
c2fd32708cdd9400691914a23610eb04

SHA1
c16609615f8a352cbdb032fd9889b825b5a04f4a

SHA256
7fdd933de190897886c271c2db8ebe729cd8bdc63b1712cc254cc5d889f0d579

SHA512
4e39baa6b133de5c0fd763c6b91e3d2e29426022dc4a650b291d3749ee7e9b948f0f4a6a3c3736204b8636c91032a2d702dc3ef490c42122ae19d62dd6a6cddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
155KB

MD5
d49abb990421fc54f807d208636afa82

SHA1
dd89dad898189bab3968d0aaab099d6be0690b88

SHA256
ecf0873b4e5f03f88b4c5d8d71b06e7dcc581b60e63004178885ee1d3f6a5430

SHA512
b13919e6d9983545449fb0ac6d99e98fa4b89c6f8969f9342438c366bd0a670eed4f89b7280c4f557c72329a3c49f662addb2a010df7cfd807c02b776d0b9a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
69KB

MD5
59ba235c06fa4ff47e09cae48c47c4d5

SHA1
f365127d5cf4a2eddada0013ca55bd4523e9d837

SHA256
fc9d8e4b257d3221c48b83fc93807019efeeb0b121d5b371817fd273a21e98dc

SHA512
8ba04b8de213e429f831e7152a579921d6a6277af6270394bdaebe34561852a326faf20abd06c6b06cbb0bae017a8ee13f6b81678fd8dd36e77d22bdfe9bd840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
34KB

MD5
d74b9d94121977b55b511eb72f20b014

SHA1
764c6faec43aa5abd0da58468bf14a22d44dba63

SHA256
aa3247aed53ac3005eb62ea8e51ab5d0e4bba6fb14f0eaade2be834b46bc2677

SHA512
1faf9e03370e7fa9787364f3fdef36a96222217a969ed815c9e37ac8d3f1d6cf7cd6816177ae3d8c9e380f99ff2b4256f43d5482860ae06bee17f21b8245d492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
42KB

MD5
0c74385e7737386aa46ae9cf3aa09966

SHA1
a5703db8b6ad7256d932cd528a55e9c3d23cc85d

SHA256
7dc1e70e67a65dc2032e0fdf7ef3edb35c5cb1efee4ef548501ea9fd953601c9

SHA512
3f7f85d4b52a285b85928683e3c36ffcc75e6c0ee6d7801f7afb2069eae6ea555378fbfa43e09bb46a192ca6a8d40d06389a453e94de2da7a290885065182caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
35KB

MD5
d6d1fe34f4092c8ba306b3525301c81c

SHA1
ac1c88a5925bc1a7650fc4328cad45ff8a106935

SHA256
f8c39dbf87610443a29a100bef37296b484502eee032de63c03e76c9cc1f3926

SHA512
a768cee0879a75f38fe2c111231e14eeee668fad88fa1ac6360ce9c27d1bcc0e40a9b17e0ca2ea158901604af0bd007eaa279bafeee2542d98e8a15642e7c980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
e16d19bb6aeb47e8ef03488ce4b276a5

SHA1
b493dfa53209a0279b53b6186fd1932593c35ac9

SHA256
39d576fa539cda5bb8a5df714c5e061600f3248d5e61635431d434e85d96db5f

SHA512
1f9f7958863791a968aabe185c7483d5f2db4b318c84f8038fcf547c0158b7d784f5562b223349222a9ebcb63d5807544d0edf3b346224a70abc3de8eefed4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
76KB

MD5
992cf2d4e32562d36beabb60e389e02a

SHA1
869a08eddc17c4d618cdff36991074555c47e9a9

SHA256
18cb8ca0ca2343bab55af38ed59ee4192cc402b4912f31f733cc63ff33fdcd05

SHA512
5e101999382e8e36504f9eebb768d2febfb00f645bd48abd0ae76b4abfed4c9be64ba13763344f1024d54ca508e369940e43885e3b7068343a050cc6a84204da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
32KB

MD5
8c94d6216b7cfbd0ba4fa4fddd6710e7

SHA1
c03dac2fc172722ef34631c25b31171fc3284bc8

SHA256
d7338011e86e8d26dd8f178fdfafc5d6d0f9a352c1a8c97a57833a75579db57e

SHA512
d3bbea04e537a84fb9542a0948a293577bad6cc76281dfaf0286b8dc4c905f4852b013f0aa0a283d60f0d9a53e0ac63eaf6ccffb431c64c20214525641bdd548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
67KB

MD5
ceccfd63cc0e640070c25a8ec4c4c8fd

SHA1
b8787c340a3300072f04ff89b05558e1e5754c90

SHA256
fb62be9fc4381bca0e194cac28ec4784cb5cf9f5d689105e88736c82b5f63aab

SHA512
76c4c685592fe86bd0aba35fcc9d428366cc626f565123360f04f60dbba45daf257ad388c7c4885d1568046510a82133a64d46c27279ea636580b6109874cfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
22KB

MD5
2b41d3512250b9521aba871a5707cf23

SHA1
2bf8a039e31b6a549d10482f58d9ae7823ee012d

SHA256
a450a6398f0a16e5ad065b2f3e4dee62db08ec1105cf8cd025561e78db2d3692

SHA512
9c20fde1f3e0637a9ca38c72dd73f83fcb90ba54a8a4212e5654b3ccb85a2d23d0d2fafebaac871a3eb7c054ec186eaf7d46cd366fac192092276b901116704b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
57KB

MD5
d7ef1882cce4c08a6b00a466ed9cb196

SHA1
6d2d8ca92916371d9317acc8bc0473b837c79eeb

SHA256
a5428cb3f3c505c3883682d67d29e5995c8662da10390b9f7278d4977caff36d

SHA512
1572f8f1aa42ed5ab5550548036ffe2c2b64716e353be8aeefc76f2ccf20f5e136da999657e6bfd8d61b14c18ec7bb927aef00d94bf078515fe6ae34de6e5890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
41KB

MD5
9d775bc13f54b749123a35261274964e

SHA1
e07d2a8269cb847c9cb17fcd571d6e12bf51a0e6

SHA256
5eaecdee0aee948d2b6bbccf828861a4e78daea5572202196e762562782f700c

SHA512
3e5ad4bafbd8211c772df809f2260477eaf206eee9dc5cbc979414152d89535a0e24386d4ef9c8d0c073ff379d44c41750313a734bd40d7ca5214fa1c28aad6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
35KB

MD5
bcddce72e89d14010a2246ef1771fbaa

SHA1
7da33bcff5a929ed54a98c82a13aa6137e11124f

SHA256
1dfe5319b74457c58fc84904e2b6b7feeb4cdac5c301218b78db6bd45f83581b

SHA512
3c8b5d663c44ee042a21437714e12d352b827f2de319884aaf7156a68aa4378cca8d780214c28a76f0ce966d79a2b8ff03f37e0b0b9ebefb8d57bc9fe93e1fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
50KB

MD5
b7b2bef45d2c61e30d85de49841bafd2

SHA1
75414e937b35fa629eee26b25a666c00de26592a

SHA256
87b5161e1a7fcadb5c841a634f0040e9e50635fe159de9576d489953e360189b

SHA512
294e8b51794e5addbd6fdb3f1e72cba6acfbaa71e93a33670806d39f8577c5445280681dd0e76edf82a302a5e926e951a34f5c60afdb96974d47f85e94517b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
102KB

MD5
5fb52a07b6a497a7cddd9aea15f3d4cd

SHA1
dc43ea60d33694d89855c3f7b76845f0313c3267

SHA256
33a64eeeb223ba0cd16bdebd9188d6a4a62a17a3cd40f54fa85d5f7c15c58fc7

SHA512
51d283162b82f7186048b151c29233c9f8bafb2285234e462d5efc12b9d187c99c8b4cf956f042396bf736a1809bd1acd7e8baeee1e7bd5c1baaecc05d273ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
204KB

MD5
3f48bfb659787c6969b6ad5e3d228dac

SHA1
08343aba5b017127f9d0dfbc757cc31de942cd97

SHA256
f64fb7add28f4b1b12bc446c955f94ed841e59f3dc82de31986ace2b38f069da

SHA512
e5d4d5f6345deb2befcd789fa23948595604934bfe834c10c0bfff4ffe1591ed672f287d7edb846b5e3906bd23af6a98db1531cc1ff2312ec803df90a66eea2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
70KB

MD5
25a5734df44285db3e981fd80b537c27

SHA1
20ffcfcac9a520a132eb339fe6ee98361704cc4d

SHA256
37d0ac4a35ec149fe053fa505313fc69cecc3677aca15c6ad0f3ea878439f163

SHA512
65237286316b798aead40f325e69dca47cbfde7989b5d1bcd7a0c8fef44f36c539a440a8de4f39d46677d96920cca84f13f05cd6a9834ca285d53c1ddf7cf77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
223KB

MD5
b0aaf57c2b8d877b21c43b8ed9d1a3d7

SHA1
c289167054dc6e4590ef919671664ba9b9812a12

SHA256
b1a51a10c96a25c26b6ca1a5871bc30094879015fe75f5842bfdb6bc322febbc

SHA512
88aff7e775caeb9ad2ef0d9f98d78839f24bf43678b904f530a2b5bd9a1c2f5f56fbd16a42949e7758fbd8a21f9fbf16bc1876f7188a8156acfe0590818e12d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
98KB

MD5
c0fc67fbc5c5eceb437b516b4365aa86

SHA1
6b5a02dc604f8b87eb9d456969b12b45dda79baa

SHA256
0b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea

SHA512
e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
40KB

MD5
b786554392ab690a37b2fc6c5af02b05

SHA1
e7347fa27240868174f080d1c5ab177feca6bd84

SHA256
ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

SHA512
b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
181KB

MD5
5600049b0f0909a371eda70bcc2923d3

SHA1
937588d6f2ad99e66b27d2fc2467b9197f260c99

SHA256
581c531851d69d7fc6643e8adf32d2b92a6cd1ec3125c227d3d7bac955c6a0ed

SHA512
05e019a2055693029c8b07e9eee89cec67aa729857da8d55ffc139b51d119fea99fafe15ff8bcde57d916a9471dd9fd838f6148c52b1c9d120c4976d97de5df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
31KB

MD5
0c7dd36ad55fe6d0ef1971dec6a3fc93

SHA1
76a7e768908dc16009c58100150bdaa4c3c38f3c

SHA256
528961b18c15d0350ad5635713e448c83f2faf991176211e5546d35d62cf5faf

SHA512
dc267f7f3c389ac56229303847899606bab0e579f261522008f7ed7fdfc7c333241718a213fdab1ed00dde21a98ad2cc6f358518353bef8252f8429a672ff6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
410KB

MD5
d50a990b2d071d694f2410f38e0617fe

SHA1
15d7ae91ad288a9bb902a078c754c59ccb672d7a

SHA256
fee916d1271c44796d833de60d6e2f279d92cc4858f22a370074f8378ea186f3

SHA512
0fd76ab2be091668fbd816038dd23ad58a8e4b38623e8fcb2c921bb1bf7cda958d519e69aa7629cf21b676cde329d21483c3812e4014fca2499555ed2695fd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
51KB

MD5
238d677a325e264bdaa631bb7687ee61

SHA1
75f19a5eececd9fcaa15487eb1e6395d121a7da6

SHA256
eeac2189f5eaac434001c24cc412fb547f9173ed8be3e9fdf05f041615594672

SHA512
2859088daa8140e14ed31c8f197ee50d6b415176e13aaaf7e2a309de52869c126c7f0607158d10a8c2f1a67a8e7091b746b7111c78d3294177f673e2bb400f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
21KB

MD5
586fbd03a7f8e8efcfb44c02a0c721f3

SHA1
9be4c35c9e97db3dd6a6d16604ab58c170f70232

SHA256
c676919c631bfdf174da2ac3dcb2e3102be25a93edb1ceda7187cf8165ccf3b5

SHA512
d79b99b84daadd575e8979b5b076358cba724e522673f43962e65dc9b81da438bc688cbbea1d378a79c5674c58514048f622e8ccea0a41059f2abacc7afb7701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
58KB

MD5
46e427a29c3247944951780bb6ea8817

SHA1
99f2acae68a9a9191047c56d2e5e619c71abdb76

SHA256
2f3f7b08c23c266af1670293ff537d6dbf6db94066f27357e72587bd2abebf7a

SHA512
90c89e3f4c5930f488ea54c7a78e78f40483124d0945976c39282b8d33e081ed224c570ff3975ee321d89d3ebfdd6bbba8983de6b5abe24bd8a3fd15492e9411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
37KB

MD5
ae2b5e6fd36c38beb90ca24ed95ddb5d

SHA1
b447190bb67f2a881b718f6cc70a136d698fc5fd

SHA256
cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136

SHA512
5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
81KB

MD5
24cb30310433d948e57915634f748c77

SHA1
2fe0809905d39886c53948acddfbd2d2b5c6005d

SHA256
54fc6b10156454d9cf64499d324d46605499abcef1f3487df300c4bffcccfef5

SHA512
050a2bcc8d6c80f4707ecc3601c24da3e08ac90a39f2303349e37bd0f3c1fa7e692c66c8fe6782e442ec3216ca85ab0f311cb1ff877ab58a142830e285e02d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
125KB

MD5
df4544c7db408602d5b693bd6d757917

SHA1
8366c77c3a2ebcb60a11e44d84f969506e0ce9e1

SHA256
1d3bcb9f804be967e3e158ea657160a3914fa29d5a73371549646a20030b75a8

SHA512
018d882309578a7f8c3aeda79072983b0b6f561b9aea16db53acd90bdefdbafbf22eda94fc40fbec2e51837b7a415cf84d953d37a1fd886697a06a45bfe84469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
28KB

MD5
1752326ce45c039f4c5e81ea24c27c35

SHA1
4a22a9151c3c94d170cd3d23659e8e1a5a6f0070

SHA256
13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad

SHA512
7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
127KB

MD5
a17f6c102e433af1556c3747c3579e66

SHA1
39ddb050a8fba4a5089dfdeaf31569ee71328da4

SHA256
8f52855131f3f4547b7fc202909f9014b62e052ca48ce8eb168a11619d05a69e

SHA512
588ba37d348caebc56030008d2a91bc9b6c36ef1127548990a8c2b999f3848243ba26788c27706341cdab1e15f009af42b9763de8632c985471ace82c91af71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
55KB

MD5
68ecc58a934636e32b60461c4ee4f930

SHA1
8e8f1a3a09f4ea7aba307f4f23890eb0f867e4c6

SHA256
8b61d8c123333fd1cbb0eb7aa361ef2220efa43dd08e13747b68d311de4810f1

SHA512
7d4c8d057a8fae7168b6748a0179d46a0fac5c530b9747941aea29667d07b2a9d142e1171a63eb6bf9219906313ea3e283c3fc2803b534b7a782a7a284a8dfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\270ef58c2403735a_0

Filesize
16KB

MD5
afefcdc38dfbeb33c9fc73a22e49ef9a

SHA1
f829d548dd4207c84c88c9cd068ca9f5c77baa5b

SHA256
793918652981c533ca9141d5c6732138dd4f9f8af289b71511b884460f40c7cb

SHA512
14071a36fa222190f39b64b1b005df4e7297db01889f5b0a9fb7fe542ab73889dc449c64ed12a9b05eaefd57e02229045ee774516d2662cbf64e4db6aa2bbe9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6300d8a88e47f588_0

Filesize
417KB

MD5
7abe00566dc57b4070f80e8016811fdf

SHA1
cfde5239a158eae28e716d1c7951dc764af48a21

SHA256
eedd04f61f79c6fbcfd91a7d09c4f6e96c9a3fd7ce0bb6befe8c392537971ef7

SHA512
7bc3d331d00774a74f478a757594ed6fd1a3814b236fd4b4c99774c82b2de3d9bdbe26192408098a630cb4d3e752811da099277ce89971afb14657f66288fa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73a9896da2e8f016_0

Filesize
19KB

MD5
1ab04b32960d5d8dd2a1739db591e8c2

SHA1
f7ee9c498006eae03cfd0cb3c82df017e6ddd7fd

SHA256
0dfb9ea3d3a975cd95e986a898c8320048e8987899444506056f93413dd4a5ca

SHA512
14fa2abd5bc47aebf7f29c0da10b4e31da4bbac0bc6b8a8560f3681fd58cc50cd93e0761ff8ce172960a265fea86d7145910f0c286018cf5835957a310c49d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
bf38dd1e09d40bf7196d68fd8a502ba9

SHA1
f92edcf0664d8af26b2ff02c394adcb916417b7a

SHA256
2ca4f68b89aeded60283b5731ec1e514a33ec55df1d59fffdffc2399963b8a85

SHA512
15daafa9eecbbf40e2db0664272e1924db3bf90828815636e8caab757495822907387b865866619c04b4ee1e05fd43d715ed1bc1e5b33d0233cfc7595ee140b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
442b599f8651d82895b782add26ecb78

SHA1
2f46c0dda15212e8ad3f1b0944a66fac399d3441

SHA256
3a3cd5a595b49391ba5f3fda9b697d4ee18520c336ae029598ba80782937e6bc

SHA512
3defb5587da3a8577cac612d14682a6015ee2e97aa38c75278a04efada6db3ad98fbd50499097b5b8251eacb9dde77e3054b7265a09056de1fbe9cc8188d0473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
111a275cdb92ecbeaee841b2dff1f6cf

SHA1
6298f2609bee45059c02dc8df641bcafd3fd28a6

SHA256
7027b2484065f2fc0a65fd2d5be3ad5962f90a293d3713512f89d1ea92d6ee2e

SHA512
f837b7cbef170f22616584219031c95816bff7da9434214d99b1c440603603fe075cca2fcb639ef444ac7163d561d9bc5ab1690b969c1a6dfcbe0ec18d3ee17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b3afc9249ed9291d27f19f1a1a47c521

SHA1
226a8048b869e82f66f579e1b667c8135f662efc

SHA256
011fa7031389bc23636d9caeb2ef50123694986bcf3ea87aa181efe1de65461c

SHA512
0f5f15695b3bb4209d6184dfd25aaf827d69debf105a3742d5ac6100d3e13da47aef374daeea26ef083d3a002ebeaa7d578fafe5d16dfddf43411ca1ac77eeb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
27ab1c546fc3054566941a472bc00b18

SHA1
66a850f613a2823df0852a7f33b6913572fc8cdc

SHA256
d5956d4c5475311e4eaa1641147643ccdd95abd9a479d380e60d5a0f8f5e0aa7

SHA512
1831edbe55ada2027c8c14f5c4a9f61e59ecb61ecc9b5e5d1ab7c7ab2be93f672ce3df1d6f0674e0053e2d8c58f7b9e5fbcc69f0c8359b15c310afe9e99c58e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
54dae62757d06910972b334f3b5b46ce

SHA1
96fc4414e9bbf5d5ba21c115885db3437ca2c98f

SHA256
e8dda979a858ec694d03ab365636173f0a8e0a90d136dc8ffd3ef06887e2bd92

SHA512
5881a369ddcb9d2394e17894755bf48239c1bc0e08f8fc459d366e3edc7e723a9307ef31222dfc84922b252082c53c452278de3ba0a80e58f414140cb6c5d468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5cfc72a37b94c33c19270925fff97087

SHA1
3caa69f191821e4e6172eee4779dcefa712b05c6

SHA256
8898e51b53be78f3c2ef261e36e05e4bc76962b5719e8f8c66c321b166982856

SHA512
f04e3d32ff98697b67bd02a59c409436585416151d0835c4f23ecbd115f181e5b4c0487dd9269ca25ec1c68635ff07f1ebbf807900aeb4d803c32dee95d63f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
965e2d62f8c4a9bc6765afc953e8ad54

SHA1
ddd877cc187d4889605ae03ffa625e7fa3e4cfc2

SHA256
10e7e09db4ff57e99df079fef09c85ca8f6fd9c08db15c62765454b66fb1d3d5

SHA512
6ac0c1748ddeaa4c9469267e14d5295ea6d35ebdd35c17ab46a5879dc1cb91aed9aa428650de691ffea63b930d1618ac4b761afb25d7d472cf3da652870076b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cfbf76de39e64031f2b314b0e8616036

SHA1
3b8eb8264ae080c220f04b7cca7738322d58ef78

SHA256
2787279dc5e7583b155b0b8761dc30e3b068f2f3ec0da91ddaa24b306817de7a

SHA512
db5bf263ba313cc0d1f5589bfae4d9ea0f4a2c59d880d89b9c5ea516e6118a9cee9533dd4c54d8a5f93a5719b2b1d87e0d2dbc98152a484172f74a7cd3f07f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b3e518840369c5f84c65a3b347553bf4

SHA1
fcbbb503360766c0f253c1486dc0ce864b34c656

SHA256
55f457b95cecda77c2e9724b63094c39bb5f5b10ddbb20477f3bb19e62319a20

SHA512
e76a7814afdc4b0e2e85e6d9f5a17081289297ffb1e2d748f1cde998c9cdcca8ec7b25fefdf0e895be7d76472da3ba2f27998686fa67b2443778952154584e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cd1c630d357c0c5d3af2a86cf9abbe39

SHA1
34629920f71e723d29bd189f148428d6bdf238bb

SHA256
ad1f1137f120627be53fc6a20f40f78fbbe227ca93a1bd9a143225f70e096417

SHA512
e68018c317fe0358403820b8f17a2346c4c376c9b9daba2af365b59b5d54a7e2dd92cf8c1ba99d7eab9d95f12a0de337c35a490f71dd3edbce1818299cea2647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
365314bd20207b476bebabced0b69748

SHA1
966e7a90bb64ccd87aa18c42a2d5f63754755088

SHA256
a0243a3f804e4a370d2d2173683578248619cdff814df662a72e649992319a92

SHA512
3aa49a8739e4f593367d232c71df1056a9db6708d945edc995f763178c46d97bdb5ea0582e1dcb2c49669a21898ea214c11ca0384239bc5b537469d30974d8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
2574bcbe85e533352bec372ba1d118d0

SHA1
7e9376caaad5dc3c604933282c72028065e56418

SHA256
9bfe6c81a8843bbd4f785b20d668ab63a97c8d30593b6560dd69e3ec021760eb

SHA512
7bd4b76dfc4d6e19aee12e6a20226a0eef1fbf3357851d0cd9f4fb5105d430482ad4d9724aceae77b57290777ebc72deb52959d7bdda0f85219efd40fae1192b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
723de5663683ae6ab8ef5256b985760c

SHA1
8fc792a2cbfa06291272cc8191b40bf4b143d7ab

SHA256
e7f5c3e8dc3b0e7ae7b2d460c39ee3081e3b93bd65d68dd913d9f59816164acf

SHA512
e4e15a6030d1eb855aba400b50f924cdab484407a2c4d6da97526069596184324ae0d5f418b47be4ec8aaa9d15c450e25ef3fb815c05cb5dfdc2d5f5ab9b850e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
5bc2a15c6f62ad2b469686c6fa94af3f

SHA1
f8f673f3cbd1c6e897555f06edc7323a610954a6

SHA256
9c57c6b211a9c1402a09eacf6438d02136927eae864323a55474142f5f2867d3

SHA512
198c47859976a0ee6828b974c55195ac6e07b15394d30a609da6d94ae3b3965a37a03915e4470807fff8f31cf3b75dd6ea00229efaa8e296225e14af3171bedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
01cdee20b8403736b8913ab01adc8dfe

SHA1
0b6109c966eff5d2f9d7a42cffdd654213391176

SHA256
28c70b14e3a74a6185594a5ca4f6a1594e1186908c39c94d3b9be69f6a6a1211

SHA512
04b94fd85aea0d1ef35b0115813eb6d2dd67c038535179bb607ef3dffdba247aa6ec8c01f6d1228f55a8280fe3772b1b17c0b695c6b61281526a867cb76b4b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2582926aec0eb7d93d5eab9920c90923

SHA1
7f0d611fb62bce0a3aa56f847b5660a5778225ed

SHA256
78f21af4a4f7e581c0501d0767a8de8c51cd04a8ee944dc0d7757cbdeafd7b83

SHA512
eff4a0605694a8d9c3ea3d94fd5ffe611e87194415257f28ab8d512a128a693ad8b1a6bfcedd019bb699629770eeafe04d5dc3a6ba28b3d0a0c0ab346d97b2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7b4762a07fde766d131f2dae1b746141

SHA1
865a0b462de49c202f7dfa013a0d5d1b5ff00b46

SHA256
51a280c20b5aee37ef245bcbaede7bca08ecbeba7345d7db1e75fdd8830663d7

SHA512
d5c4aebc945a2165ead54e0dcc9bd6c76af6ad9223e21f7e92ecf8486bdb38af694d9fe93e8952272c6c6b4fc656e4be8474bac76d5c22acea58417568afce79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7db27259d5ad93638192f5f8666c39ce

SHA1
b7c853191f22b4c4ba2a1ceeb53d2b898f6dc382

SHA256
de35c12fda32331e786a0af48ff56f497225eb67d41837a3d28e5921ddb2859e

SHA512
c2a8ac76fb7e8cda08e278877e47065f58a69e592a34a923e308ea14068c1e69b7d1d4c9474b25a4d75a0928f7018ad72b36bd89d83b80853b2dbec85cd963cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2474343245aab1cc1ea6a564d6c7820e

SHA1
2fe52a994580f7fe7ec1ee2ea174ece0832316f1

SHA256
6f13da1849b4c6d7f6cf06763f2abfdbb7d03de169f50696e122fcb56bcc36d8

SHA512
a6c47071297462306c4900287ce2ddb30138dabb985f8964c27a547d536b25b748ce0d493e3cd941011cecbc053210bdb79f8790c329ac3ddbb1101fdb26e956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8e46ac6f1923a640d40ff80983a6b98a

SHA1
51d07f628d05be424815cfe058657e24e5349614

SHA256
4bda7017252533cb8db063d8cedc316ad13a420b98e66c7c9630f34a4da5aa00

SHA512
b93a8b52566d3668491527b7f8ffed5342ef526f962f7ec4c821086f62ba10d084b4397c471cf0ac4314761fc8267ea9524414145232e76caec1c6243a4e31d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2a6ecebd1fef7a84ef0660e804d9147d

SHA1
d14812db89135e929414f64e9119e6cc007d0aca

SHA256
c30986a941ad3acdddc66d04624003410daaae2594cf845a4704966a87bc3656

SHA512
14cfb490e2b8a73910c55775e14dd4ae48409e7e9babc99fdbec518fdbaa2aa792f34180fdadd786cf44ad6d8fbab335128db88e621438715bca679ca9590d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bd0c6260dc3aa24efe725c47440920b5

SHA1
f5fe374a4c5b408c51d2379581f87f4b27af0bdc

SHA256
6ea55bf95058d244c8587741cf4dbb6f6b47e1ef9c2d898e857ccc969ebe13cb

SHA512
9be40a64dc320f97cf9f858f3da18653f6b9e56d373e8f468817a4f135c72c619dc8b623f281367860fb37a2e3c90bf1662f9446faca9048b086dabfdad04bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b895d9a7ef4240fab1c954a28b242c89

SHA1
25afe43440876cabc66ff343fe45a310e096c32b

SHA256
d0bc2f7b81088d9bc3cbcc3bc654418b30025ee1eed5de4fd6bb4f81eee721da

SHA512
a46b5b3a20eacde5277a7e14bb98247bde99a539376c1a431aa99ffc3b650a6300c96912a44aa3882189d038cd87360eb699bb47f5f7fb876496fd490ab7ef28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bc830574aca773ea4b925ab1ba1d7ae1

SHA1
c47cf657b722c0da92632799cd177f081fb9c254

SHA256
e65156c44ad3179f24d5d94365b05eedd2c2337d2c0f49b4f8a0fa3cfa17d6a8

SHA512
1222bd3429400b34c8066ab788e94eb06a4a83054a53fbe7468c725c4958e53b14a1c9e6e658cd600e00be108747ee766e923e9079787364dcce77d5d94b2e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0cf6a9d39b7fd38cdc85a479622d9374

SHA1
bf02845f1e9829612636c21b2fc9782d4cbb5e49

SHA256
3bb30d0226b42b0d423ba1b447e25366fa0371cf35998eef53226f32ab4edea4

SHA512
92e881378ff398a169911af4ec6f11ab5d816e01f545c3f02642e8950c23020d020593773fdc4ef978c8ccbb20980ff7e560b5b6c240c71a844247afdff83a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
62d0f9d7632fd8d147cadad785902103

SHA1
7bd1867a0bc78612c26e11cbfb8fe87b077bdee1

SHA256
b4b31f12f33a4b1bbefa3074be970f7f3efb3439909a3603d33d8af8a90bccad

SHA512
ed950d4fa2d7541ad771d382196cfbc0870bf2b98fd9b11f21159d4e8b0c3c2c02678434d6348c2d0764f76c7b20d9b0f56e0b61d360f9c665c7eb7d55a35538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0062d665f452ada48d359d7d2d8a16b0

SHA1
54d5fca657682592b61363bf1eacd549b33b33db

SHA256
97f2d45520a901eeaee962c003b73db1409e881d95cbbc8470905307b46c9376

SHA512
d8edf72d198b4c5b0114bf0da44712f69929c7ee890dea689ad3f0d3f0ba4125fd51b88eb6bc3a55a4afb3687108c3ff2b3c6fe3885f813ba4ddeb7f9a3db6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c8dbc09152654f78d9336ea85340349c

SHA1
1491c1251fa1368b657faa05f0d564f3744c46a8

SHA256
b0f6f19ed5e6eb8f1f0c0d1c40ea6b716e5c67deafe81e97567fca437c2f499f

SHA512
9459c2f050de846889f6b4b696884344e27090c1ca287e38245ff2e26bfdb1a9b739e3ef4d0b2c9fbee8d85f413beb84bef5e75e9e56d9ee25b0f5d3739d2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
95617a973196bdbee6b5de38c045adf1

SHA1
014dd891145d6f60cc66f4fcc0709c9e647bd2e2

SHA256
4b0614f32f6f87a49e101fc9b8f05b8984cebe22486b46c280b3fae96aca6f24

SHA512
b91e0971db60093a829cf46aa7607d85ca6938dc1f8cddac2ccc28f8dcc81551854ce3e256e4ac7c73aaa361646826f45b01b6cf12ebea146e102084bbdedf81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
dee14fbdaffefe4b8b16e80c344c2e67

SHA1
af693a3cba990ebd3a49cb24fb5a944587721915

SHA256
1c88876420e7391650178288c168b980c9c36b9aa152cc8bc39d3459d6750dfd

SHA512
584eb7afe7042e3072e9b66d1906b0a08ea382828dfe968fe772813f7afc7b5afbc1aba7043d61e3e3346a6464b2243ce753dbf9dadaa35db2ba4b75983bc056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
812fcd396f8f7ef3308ca550ce710c33

SHA1
7db1f895adbcd0e53de9ea53102969b66114fb68

SHA256
ca4b95030434e645f7cb812fb0ed68f410edba878a3836f878cb699009fdc19b

SHA512
d2f020191f87e250d4e36de72d9d6a8ba5380702a8acc7d9620e395e872637cb038bcf79d84ae8b901f17b9871d85c97b252a4e3b9907da49acd4d48178dba64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ddaf84c5517311ad43af7f0b22ff9b43

SHA1
7852b3cad7866293f79b01b538775397e774478e

SHA256
a213ef06743cb9e2430cb38d40fe0f1f4aad1c3c75c0aa0dea35f4beff8a3fe4

SHA512
90367ea8b04a0e21c9f21aab4d09ac24bed9642b1375ec98a2268c667820a5175d2f7432177c5f62b7421190deaed6788dd87ba71ab4c9d64ff2052f6cb74595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8a8429b7648dfda55c086e58ed0918b6

SHA1
9e61d0b6cac2b49c1c992acc201b02d12afdcee2

SHA256
9d7673ab346a63c91de147c3ec8763cf00f285ea6d9d7ff2483ee39a02519e58

SHA512
286adb7f2c18962c01d985e911021198177822501d063f8425376ca074efb068a3c25e162d3f5cace7999db21b79e1f1edc4fe8e34009f3901bb3f5894825df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
347e620005162b8d6790c92d12ac4c92

SHA1
eabdd0bed2f34f98eb2e67ea51dd8f6abf73b609

SHA256
1ec704f3edded448134dc5fae7fadc32178d74099e8699f87fb83adb769c8bf1

SHA512
c2e814604a3b468cbd3c0f3e080200e39520f0359eeb65270948d0e2a4c1ddca1cd1c23e7d9d327ec188ac1c1f5beb5d21566203878213a27f02170b798e7d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3064516f96218cac42de444f1504180c

SHA1
fae85dc8fda63c757a2d48de0939657ca6835daf

SHA256
f41eaefe5d0a0eb59239685c627a4c70c3fda931c19a5abc2262cb02d0a84258

SHA512
1a3caa332640001b53a1a2e2e750586adf10715a90bd1b33397688c68daf96830c23ff5c4f263eaa9075ca55e70428d070f46302388987e3aa92c7c342c1bbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
cf12d2a631ead47a2ea14f3c610780c9

SHA1
2b39c63e996f8ce0b98ddf23b404f5953d601802

SHA256
677b98920b904663d6bc669b066b35c00e4764d11d347a91d3dc8221bb4af7a1

SHA512
acee1a30ba1855ee67e559b625adc47d6db8b330f12b4fe2312044c42f107540a1ec3729f372b3375985a513b58e877a0aeefaf16aa4669679b21cf3c85c0dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a0b0b098b494039423de6db45923607f

SHA1
4fc5446d76ef1ce41bc243903f7af7e39075435e

SHA256
0f2786d9fe7c1995e2263a9ab52a8b06b052b902f91e6a4e5a7cf74def3d2270

SHA512
88bb35463caa5eee43b7f947e4dc34b2973b9af5b872546d32c6d18230936c856d2a056297f54f482f6cabb16a906de8f0837939ce30a3d07e836f23b402be68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d82c34e3c9d8fb02ae8815dbc5b35afd

SHA1
9c1b030efcd46acbfa8c276434680b077127c81d

SHA256
11adf9bdbe4b2b64fcf7ec865939f09ca0f0d522c45f734365692a01dfb24d96

SHA512
b86ed6c350f0e82c08a1323e5e33db964901e14b8120930c9a2485a417b86e4c551ddf3485f34a4b0e730e9735f0ffa545abb28ed4b2bf2873b580bc1510e12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
806c6eb9492bc8be2a7e0767794830a3

SHA1
853433b9f21f88fc7c8ae3c5c30c89188783e32b

SHA256
21bdabd6e6e3bd587ad0b31bcdeb6c73a1d87f156321f12e7ca71661217b3513

SHA512
7b7b0274657a30115607f87c1a0f1fc5779aa7cd1bbd221175afc1c1ce96bd9bb2df24fcc90e5a44703be122d41555f4bb01b4202dfe5e4fd2801520027d888a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e9dfd7703356ea3fcbd86ae5eae21237

SHA1
568a0117d5f50d31a9949248c407390b3a79dd57

SHA256
c2a41d80819f9ee0a2717bdaf894850d332aaeb6a6665e3f646ea45a098db6fa

SHA512
2ff37beda93cdc88aaed87ce71322845af5ed1b89b3c4cded47e17aaf81ac0f26db4646189d07a51dd7f1c1d1da6439430deae3734456745d66d688834f8b901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
069e771fecb155e247fcc3e825ace928

SHA1
1f533653e96dc9fe4001a6128c9607b8dd60ec78

SHA256
fda2d498dc5e25aaae1314677457c0451d91aa5563bb2a6d2dcc363d9e92278a

SHA512
63a1b85614e915e6c35aa8c09782f9655fd2e39e3ca5b8770f7d9a080e3a30fdb933f95f7637e2c3e25b68932215d76e06e940cae83c6643d6a6eadb5097d2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2c61509ad3f677a581eabee4605623c1

SHA1
53b1c0cefe57b9c574591ea66e5ddc6e6c377801

SHA256
30cce4f23e7ed0a9df5ed55f3551be805de4ddff04fe541161150d15d543f090

SHA512
154703c60f2ec4fa119d2bc6a55cedb84f4be5385c213533b070d1113d4ab6b94de43636d7e18db9e3acb3bb723572d53cf438288825936f7ae3c2de30a502ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8255513007bcc22140f6b2810e0b41fb

SHA1
3793e3d4ec98c309f48bd0db6cb6ae5ae0040e8c

SHA256
c0c28174253d63e99294186b92f5f6c54304e5abde2fad23e2b2730e8a59773e

SHA512
d4be7d85f22c3579e210af4138f87f3de0b10f22f2759a75281ec23c2f983f9eabbb7fb53e835bc11044d77953380f7a05060421c0da257b303f074f2b645014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ffdad95979c88412d95418eb078e4809

SHA1
c56aef134b6a204a781e17539ed96df7cb9f10c5

SHA256
ef743ff8b7d1645b29133ea686af2fa397de1d619087744bcd8b6cb092f4d595

SHA512
950139fff4b9bc39ac1378f8ecedab31eb2e067d950eb3677def4ef9f9db29c55883c03b41b925896522f8078d34475734328b8cacd6ee36e379b7841ecf6464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8927c19011cb12a872fa7d546531a486

SHA1
ff84c8389fa280858c7b09e75071be695282c15b

SHA256
0543e092dd9425321955fc336bb65eacabf411c80e9a27f4dbcc474e31af331d

SHA512
bb207b9f66e6b85fedd848cf6d633e22b73cbfe08e78177bf015cf115a1ca5f3d653b03c802d0ce8e15345cf451581ebf954bd5c995e14523e10b57ca8a3a252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ebf5ebc0693440df6a4142dd7c5adeaf

SHA1
e101bd680490ac7528268cbc24ef5af7dcb408ba

SHA256
76792a32ceef255ead6b18cb4cabf4d12ce9ad84ce299996cd97e3e29214ad7a

SHA512
0f1ca2c0c252cb85e06dd90d36ad756aa52128b07c2dacff543a8de931f85d464729695a4cb93773d1e83d32d9fc2898bedba17cbdab38d33555afc0b14b1837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
10aaca89982ec77c9991689230209920

SHA1
5c9469582b1109ad7528f56504b077d761df0633

SHA256
db9d941e6fd347ac9050c13fe1ce9de8e34a3f97185bfba683112ec6ac0be485

SHA512
c2478fe123427a8e047dbea8ffc3ca656b65714abc48213a3f26980f4a283789aae824361599ab0cd2d38c9056b325872b26cc22a71f80319824f3878349ac07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
864f86e81b68f54f012d21738c66e9c7

SHA1
1ca5a699103f9976c2adf4d9bad7b1e832d8a198

SHA256
ceb3f04f0db1cf7efbed94440a257b16f8ed5d05562a94f3b2e950bcb793e436

SHA512
66bc5f9c595c3b895d0781e2b2ac8c656c5f948603afc21b6c51683161cb2676724d5348ba700a6e2f18ec610392f78cf539aa41f029fe02ae9a83d2c0082ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
42ae2fd4b0a22ccbcf46a63d7ec4e356

SHA1
af037e54027987c0dfa4f291d8fd3ab40a020aa3

SHA256
e925a453c57b3fee1c1a002c8c405483e02fb28de8fb9eecf0b8ddcc613734fa

SHA512
bbc844eba7a5079edeae2556cc799e90e90b00c9d863bad93a5992ec6adad543247e4af11955b8328a6b5aec292d9c37400e9a243d7f0b9243e18bb11d1d8323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
362cee408a511800d3c44988be77049d

SHA1
01396295983972309a95f0fbdcb8168786bd3afe

SHA256
c4521ded5d30cba83b5c49cb28e6b30b3318095f510263cf316100763d21ff4c

SHA512
5ae8558d8d70cca90fb02f1fbdf9c3c8d1bf59ff82752effe4d82cf0bc6e4bc5bf8f45ed3e956f7238f8e66c73c7080195615671355020a85cb251e4cefe1990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9297eb27bf099b0b4211e4ced5614ae2

SHA1
b9e2bbb663541363146fcd490929849a3d57a497

SHA256
b2c877c1486cdbfee62c1748678129ae9c9de826d6392f62ed9852ca0f864c73

SHA512
73854d4d5db392e6f29139a91d2ed4d5debeb9f9c3867245b88fee892abfbce09b4e0fd43dc6be6c0567f6b1a32a2621465d1b69a6ef86440a4e3a5391a61e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b5de7e72aa63c2feb58cf379cb2e9b25

SHA1
43406ed26e7615645460a0b1f3c7320b4ea571ca

SHA256
a805a5a7f78f94b749fbeaf685234a2d474cdb6362e72382fec867421fcf8b21

SHA512
88dc416dba3b15028f9beb7be99f1b199240ec65f0296035120959fa9a11ecf4507085ce95ea716a28133ecf9df08caa34db54c2e37e977eafb3c697abbcef6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5a78901d1cd7d095aac67958049e7214

SHA1
a2043fd46b2828396f767bd5c7aa6813f40c9b00

SHA256
01ef0bf56a131ac92dc4668bd59510ffdea1bcbc30514aac4440b58d1b07d261

SHA512
51f39b5ee22a9d08936041da65442f669901d3dbdc742a1dc9da67d44ee73e7eaa877c0fed9de1cac971af74c4614ea4d8c4a864cbf01fdb6a9851ffb80ee93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e7885064affcbcdf8868bc22a2544673

SHA1
8b12b2d599395603717e20aa98890a8ca0438730

SHA256
226933185cc6490c1b6e412dc40ac54a4a512027d870bf3a8b4aaf8f74c7c9cd

SHA512
802b72ab0e11d72294247356555d53c1a3bcbff562a31b1d9d01d03016574e2b901e663036d3d17f521d4119d71729a30772d67fcc9c73788348198840b06987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6472565b4c6bd96bafc94229c464f9f1

SHA1
67d1ec549b4784d1f8927a8e7c736a60cb3a7ab0

SHA256
9b2ed405587f8b57053e3309de0603dcfe36668188aec39c415bbfcad5678112

SHA512
11390fbc459e5ee51c96c617c098ee4808140aaa5f88dd44a1b2e4cbd326567d85c51d4990b3d9b0831842436751516b76a6172c0d5d6afe6d5bf3309316a4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
312bc1e0bd0a93f13bca8c2d10aac077

SHA1
13f93aa05e8ca6f3d34bbcdd57a39efeb3743e7e

SHA256
701fa94a2a1237ba32f12af5e5a3d12698d1241cd936b54d9b5f696d62ea9bac

SHA512
01adb9fe79c567887e0688399c4ba1105c553b483ebdab42a7418ff991661800de16219e80b8601f41c8c3bef62573e264fe2ef710fb7acaac2c825a1d138bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f692758631b46ed20d29d29c7fbcad3

SHA1
90fde3ad1f73bbf4f931661476ad5fa37392f0fc

SHA256
fe1b5d7a257edb36c86898300e195685c9eae199e8b529317a768329cb8205af

SHA512
45d3e52b36e412683d0874a7ed41dde53f2877fffcd3849ceb4930ca2e2dc118d2d19d097232f909855e7663ed9be8261daa816d95221382dc5f2e3bc1f9058f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3102b4b5acc487498742ad82e5cf9720

SHA1
6b9325542f48ca10773b70bba08c9de103af77b7

SHA256
c6ee953f5c73c13037a458ee11a14395a813a7f00b73b47fcb166eefa95f7bd8

SHA512
169d3d58d82d70bd9298fe3c205d9f296f6c3865754331f4cbb1a099b30d9aa5dc1f391895af245fe3388e69960dd332e5987abc8f74917ab214359833fe5452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
546b0f33dacb056b8a0e83bb3a119d72

SHA1
315f6c5ee829b9fa17ce55da8eb26a399d48c75e

SHA256
fadb360f06712b95ec29da40cf7a7cf5cfe8ce38c68596dac8929715dd514f32

SHA512
7562afc3463c627c86db9d51c4b7383375f1705e2dca62c26f864628a79a6b69ccf2bfa1447508185887e45cbd0e0b00c4df5877155489b9587465c138bb3bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6ea58b6d542763ed27d3a7c9f8314c03

SHA1
0adf6d91d34481beb29cdb41b3e783fd2c8c4fab

SHA256
605350fadc24a7527581b01c216a8b825ef63f6c9c6f2d93bad0ba9416dc4f25

SHA512
6814b183c67e5fd6019be2a977dc27beb378ae31db0640534545a89eb28f1b34ac27463867a174ee3d2a1ecf75527a1a26d809170b697b920ddfbe9b3412652e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9e1282341bd44f08d28ec2c4f39d9011

SHA1
4d8d535fed0e5f34cd0cab47bd1c00ca4715d635

SHA256
54f708c7c4186ed19024693fbcd47dec6cd0f1acaf4945026244f60e134c501b

SHA512
27d4d74709fdc4704ad8373349330a685de04ecaf614a0ba5b27c3364aab8e14cad4cc680359a34b3611b3e88989bcdaec1fb33d1c5527a52553c1ddc8ed4a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
90b2fe2d35cbf3ad777151689d7c8651

SHA1
643e3f457508d141cac9d802ce7fac14d4c1eac3

SHA256
5c996129e92a161a6911f42e867086f21476eccb1aa0a68a8fc1a6772e66095c

SHA512
23651b2b1be1752c0618f12480ffc3204db65bd34b6adbeeab51b31b961a517f490b7297bd578f271c3a1edddf83045ea23159eb2d25052cf595de655724d816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
ddeff62f62f0738843adf9cfbb83b8bd

SHA1
6f502da589ed56414bc5d128ab270b684db50c51

SHA256
be586bcbb46e7a8d7010e41809663239a2148164c82434f5444d22a938583318

SHA512
886b4c5a808bc4daea7d14f8b32a4b137c541feb983a8d1ebc9646ca80dab03340467bea876d47e71d0e782400a9cbb60be0eca575e793d6335c065e7814a05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f865f.TMP

Filesize
90B

MD5
2c10b3fad1b989dec7a21556375018d1

SHA1
c0fb389261b847c20f9cbc95145fc3b6a646784c

SHA256
7983a631f4a2f5e40ea0b1cecb57cf0f52c8488a7da5c206896e09f17f7b2329

SHA512
7f8cc9e3f07f5fa9c62d737ee9784344f519a16034dcf8c8863b9f16257c7aa94201028c3b06bc79c7e2e44b43cc0f831fe3b0152772a633014ad9c8264db11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
53bf3e491efa769cde151fdbb3ea87a8

SHA1
a35ee15179bc30004417409f1033eaec460db6a3

SHA256
2340ed352cb43111f2d516a4ba1449cf6c3eb58097054ae36039809c6f3b9b9d

SHA512
9371d6978358d64789564ac2bd09dc4d00d01b93aa3b8a83f63713806db0a49b27ae3f481efd6bf2458a09a0c3309243963b3dd0ee5c0c7315f1cbd9e729589a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f80d1.TMP

Filesize
48B

MD5
bbe2375f730a097a3ea904f4af05f03d

SHA1
0b86b64fcb68a64af63ff5a2cdfcf908a82b635b

SHA256
8a70dc34f4db640515c769a07e14c61f5e17c8dfef6730dcd30425f2b1d7c623

SHA512
d6c41b94ae9a7112e1bb50b84db7c0b1b0452454ff8450e2b695082ee0d9772f1fe6844fb93faebd8125a12dcc18383fc58fb2a6f8fc6a2cc6bd7a7825b6196e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a4d76511225fcde9740add20b0545ba8

SHA1
beaeaef4bb29cd60009647947873622322cab112

SHA256
f27ff6e4caea4f91a001e81edb7fdf7fa0ac858aedbb2444a274d1dfa4ed9795

SHA512
c18340d489edbe38d6a6394adbb2b8da515e2438e869e0991099a291369b2f4f8a0a16e016da1a455621d320963edb04c4fc3827dd8228f313ce2ad9800f8a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f21672de4febd7b1637da4c9f2c31050

SHA1
44c093870904c4e347da95f853962ac509aac216

SHA256
15dd655bd9c94328beedb90a9388f0ce9c2cd7dcc58fe0b9a4ad639d854cf922

SHA512
792796c84166425db10262a8981254c24238946ba98c7237ff6edd1be215535077d54759d6b3accc4136f45e23faa91365d09802ed42ce8990ab8ec071487cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
77b8933bdee18e9cb25d16fb41e9b12c

SHA1
b7dff99a3a2038637896337c2f41aecc7bfec049

SHA256
4e1b52ffc8f11c6dcd506e6cd3e1f10e285c1e366c4c1bfb67ad62abd458f5bb

SHA512
2bddeb6517e1049aa563f0ff111293f77ced705efd5430048c95cf8cc75512806c45d82609f8b1faf5179afa87b62bdc6fdba4e6c7f54a0901d812cf00721ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
524c41f137282c4b6f07438a30872581

SHA1
e46854c42ee2437c2158147bb044cee4ca6370e0

SHA256
24c5619d10c5c0e38df7f2d0a4f130632720fd6eb2772747bed555f9d609f0df

SHA512
9da6b5aa68a69635fe7fb657d04c0c8dd9995994ffb6a872b41ffc555ce6038cb2b24e3239b308ff025dcceab1fb2134ad481648f5b3aed5a88c02cab4322ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bcf23efeb0d61e08d8fb027074a23165

SHA1
89beec62a11ec8813d00576a0055568cf7350940

SHA256
89c6d273699a17706af0f704fdef289135418aab51fd3f79a5345a000cd5b1ef

SHA512
6a39b0f2fe19cbc09df9b22ded39176664fe856fcbefa7178550f3940fa667690956752834b4920fda689f96467af0dac71e4f4315b1ef6e19bd3169d8b00496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9f9a2e2443f865e7d556e535407a59b3

SHA1
6c0e3659cf7eec4cc705046964a7b17a563aba4f

SHA256
70bd2580c874cadb8e26488c87f3a29560d853f12d1280c8389edb715a0e66ac

SHA512
1674b38ccf3e0bff1abb734eb91621cfa84ffecfdf76717c8df389ff43aca36e54170b041d25e743bad8c4e3f096fa21f609bf7712d105f9fbc58b750e9a6edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6caec5199f3ac5a834924155912e1244

SHA1
62ca75e91f153eaad975179d956f54f0a856d30a

SHA256
d4853cbff4aa544d8693707fe49bc4a95ef67ca7cb6923a8f1b6f971dd20771b

SHA512
794565d9b53e74cde6366a5ae1330d32a515a2ffc1af4fc435b836c17788d0a90584f151eaa9590237d49ffa65de05a1ac850d20fb3000555aef6f09c6c2e338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cb9ab7733cf33fce904f4cae4b37b9cb

SHA1
d2ecbdd6977dadd20c370489421e56e8a084f121

SHA256
38c8c90b821d919f4005c23679abff38fa106d6b1b8e6cdfa730687bbff65304

SHA512
5cd830f7666015c57d63ab568f2268ee49c0958922be5e22a186bcb7f86f946c2c4b6e8dff8a832e7ee141390b9dc3d25811b9d60c2bf96c53ab228c3e63287e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
604d20e433b0edb8d0c8657b30b397ca

SHA1
d0bc507c0172de3a98170269430a176993ec2660

SHA256
09385f5c86ecd7bd5decf8f451f66f86f366f39eeedda6ddedd7a591ebf123cb

SHA512
4648db55916bd8f71207462df5142e69bc9c9903e984908d50ce16bb5aa35835c896876ce943aa5adc9417e92bf778649caa2ea4cb56a104d7049440901f6cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dd1340450232eecefc2aafdb92031af6

SHA1
91dc26be2dd08011c2747b0bbcbb48aeda5abe62

SHA256
6a69f092e224f67af505574c112dc9649bed70d5281670c234e5328cb23c95e4

SHA512
86da57d7cf803e62fd87f3e69c2b0eff0af6bfe3cc636b55654cc0d163d8a98389245e94cdc1cbb8ce2c158b339020ec430bbe4076422510e360dadfbdcba8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
81e23a5279ec64321abb2ed25fbb1226

SHA1
30a3e681bb7bc1f96abbcbd03c42817a0f71e542

SHA256
c6adfdd1acd3ce46b5c49ec9a71359efa27851fba061e47dd2a786a6e010cee3

SHA512
75f82edd38d517b3653540719e8548d19d0106f27ea5612f38964bc2f6b36f7ef6c38db2fb7fa3d7b285a7bf1328a42cb4325113ae9f6031a05a91614ede5d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
737faaebd57d07b9145b34f2bcb479ef

SHA1
e09edcd565dd4f7336e172796effcb6956328b40

SHA256
d0197b25c1472229f7e113e1517c048cfa78db5adace9037753b88aa282fce02

SHA512
4d4adebc593cede4f0df0e77ea0c2ae4423202eca2dfe61b8241ce9af7ea7fcdd14e2056a05e43a886297b14049c4613c0e084ae8fd511b83d83e8953b4a1428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0e86ee3664f80f8b029172f4847653cc

SHA1
6d9a7f6d4f9f9d70cddff96579f6fce5ec662ff5

SHA256
ddb8a8bf29ad960cce884b77b9558ab73b8708283f49a73899ab0b404f9a6419

SHA512
7f181e383c5f87a24fa08281345ace58e087b3b8d20a776cbd77022ce310ee2eb475bddd6cefa7d7e939eb02e6fa496e782cbc2e3f2f68d2be434cec0f6e2e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e2cbb.TMP

Filesize
1KB

MD5
eec14507d57edcde8f950ca150fa0c29

SHA1
b5205530536c945fb3f01a74a7b787bdaac9ba5c

SHA256
d00d9a240b135e9eafce4f365dcf61805c8592de87995b94bc1884c9e115602b

SHA512
4c9809ea885404a03a2ad5d40ebc4599821f0d51e4974fe0eccfd8b6093ece94b6bb88f62f7dae8c564e04aa437a1b66bd350f4854c51f3d0fba31b412d88e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
969b6317f364c8e16c5a03bc9db8f8d5

SHA1
483f384da56f568ff3c03e69c46371c9dd420850

SHA256
a748d3f5c9a396594ae8f9e335fe4df9e7b29e7902f91fb3c3dd9bc663cf64f4

SHA512
75a9d24c624f494bfbd900479a300a629db8364084e12dd0d6799364d2e722aded9dea169ff1181110f4a9c79a2caedcc65fd8daa9b60a0d5db8e84b57dedf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eff67dcdf52e62e9e7b993b0641c286a

SHA1
07caed7c03947a7bbda9e8ecc547d3f7536f7045

SHA256
128cd0ade2482155993c13ccb3f42d63d02dfe96530057beca05f2a9c06fe503

SHA512
613088c3c5be65eacba7dbd2d7f9893b10086076fccb6b478dae3fd5c35c47e854ac3db8aea48f106e154bb8401a45a41b8de8971db5fb4bc4a65e768d49ed44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cd84733859081657eb65b0e020a7ce5

SHA1
c0352e62d473762078f8997fb0ab67c5b9455ace

SHA256
58e211c7edd2e0094eb8223ae0030df4047b13fe7453b0a065be23c6c30a2d7b

SHA512
97c613e59c068e363216b63ea99a50524e5c47f97777872031c4abea0c96e171bf88ddf63dab592fce8000170f268e2871dc421f78055829792bdf4cdb5f95c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
098eaf4f962b104a27b834ca670cbb97

SHA1
df853e8138df15d77a7d6b25c6959aabc36a2c7c

SHA256
287113f3614922ed79092cec55bd9242588b3d04ca804a9fad46cf39a30d96ef

SHA512
55ad026b954686ec730ccf325e95614c0e227da1fd7ead0ae534073eafc831870ee898ad9071e0747a045954ba94a7647ad805d71769e3d91a957d4def413e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd63981156f36fc8bb0a70ca851251a9

SHA1
1b1fe83ac87642486355e7c136f6d9d902e65508

SHA256
66c149f35bf92f861019d76ef031421c69b6a6873a73a5befa85f89db9e566d3

SHA512
b107307799dfb2f009a9e55f1225e405db36278c76549b4411f6e0cc8e8e357005a871c1c40f2bce21d230bcfba62d8d8424bcbc9d111739c4d7dca7963f8a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
980b9ba8d1491997489d576aaace31d9

SHA1
2fc9f94b822d3535847fc8e9e3622bd791fd1646

SHA256
91d9f0557e39e2e2b6ab1884ec48fb7c0878708053761c2431991750b930323d

SHA512
e67e56d1fe82cbaca8704e6ae9f35d043f9616fc1246d85423ed095f4a4021369338b92c3bffa04bb159b8d6eef398cb6ef429f7f4ca504feffa277276563b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92d3a18d56202b95d371b47a17deef07

SHA1
0c4dc9e7325a457ad3a8de00df2be0a3708793b0

SHA256
bf780a91d4ef68ddc295fa78fdc545eef01016e839709c44b0ebcaa2976730cb

SHA512
dd8a6465ed27e2bdd35d5a620bea4b4ca5f24c39cf4f064af9eba0091a35785f76845be1657d027c906133787c6735d8e774eab5731f1f498b88940c12552a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
621944d946a6c19f08579bdf7ba1d3d4

SHA1
ac09644fb48690b7d7749690c09aa77384dad301

SHA256
98289c97da493b301db397e1b7a548fa5de66c15f3b3a83e58bf766dfc182fe4

SHA512
be898930a6b241ac8e8edb067bb61eb164227825aae94531f4292a4e96ea1111b4dc7bfcfee9ee4cf58edcbe3b77d70ae7ab482016dc0e05e3482a536cf6a7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0cf306fc7f46a63dbef0534cbd78488

SHA1
287de36d972f7e98559447626a00e7ca45ea68c6

SHA256
af802c8725bf4914321651fde913db04a9988cf62db9fd7233adcfcadf811154

SHA512
029665796df8aa23926457a57d83ce8c1d5d9211e3e1b656a75d5f67f440d7b71d4e4b6ef10886927eb80cf4dc02a11cbb6e7d37f700c7f3c324b5d8b057d260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38b44a7dc546bba85549394142d7e839

SHA1
571a5255013f8e82d9eb54a31bc4d1a23301a3c6

SHA256
1ab9d249d0681385ae3c2b5bcd02f0e1ca5a987c5c11637f0b5544211186d6b2

SHA512
d0f5d2b59a1e6ab4097af84497f70d7ad7f70e4488f44b596df5bcc8d691dddf37668638af6c660c0e0514d5f99f1eb8857d53163728ecdcf05d0101c5599203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4eb0480810de6b1be460c38ca7ca2f7

SHA1
39c76df4e012875f77b9999af9ffb27207e327cc

SHA256
e06323935147499681f109d91d3889bdf6ae0301e361bba7b5f9616c9672a13c

SHA512
4fc8a90fbecce33a4734a825d0abce0c29fdf0998698351573f4050b4a610a4313232a710d1e2990e073e5c2cc7cba1cce267fe7ed411ffaf517cbc6f02ad17e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
719609e86d0975df5eb5d0df678583da

SHA1
a1d0541392e90fc39dadca6a09aa30ed5a4e39e1

SHA256
cf3925f1638f59766ba85e1a78ab55868748e7a37dbcb85381408480dd79f255

SHA512
838b354dd500ce5dba1b9c541ccb73cdfd6ce966988aca11135afafcbb0ff95fa3b5be9e494671aac7152b0ad61c0a3a96e71c0ae9b05e42f870ccb972bd0248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f735fd8b8af1d4e47534c452c1e1aac

SHA1
86104c094fb866827ffc54e42e02cc0baba574b7

SHA256
71d81970dac7fadc03d85c6a28e338fda6243a830f00376b0cab51485b70454a

SHA512
83b233f083ad234061a867dc450178e57ad9472c47b756b2de05060db20500e319468c785577c854b07c50805cd399bdee05d4b6245f1cb79443de51429ca5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6eebf4435f7e44ad20f1c815495e75e6

SHA1
0dd1f0d8da5b18a2289774c0ba8228d10210fc74

SHA256
e157fabed204c8c7ffacb793f248fd754210e36909030195263283f3a6c19dce

SHA512
1e4ee5afbe439d38bcf5d53bfce2334a453f5d1de204e2af9d9f5c7e12aa9d5439929029c8e402c59154d1df7492ff41ddebe3368f0565d777125ef76b3ab6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82f41b2b91fd5e4d4bea28a2ae64af52

SHA1
6a31492bd272e80d304146fdacbdca99323d3597

SHA256
293855a7db70c1c4ba12ec7f93675b56d5d60968fae6514d7947297df3fc9f1f

SHA512
9ca2aca1350e61030e2a0428e37f5e39403263d98bc0fd63d392ae70534890271e1fd586cb990358339c9502877195d9f7c8f44a0e3fa7fd80b5c9d882b98679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4af6080684db4fb7ef1c5b7ebb2ed5e6

SHA1
68105bcc4cbf65558bfb1c097a7ba59aaf8c7ce7

SHA256
ddd289f404b688d5166624ba6192df509034013ba2bf95c75178959320ed8ad8

SHA512
be660b8f9d21a0dc8e4eea4c18cb3a40627746b24b00d3ea3e4b44de63fe52f98d3639e979006a9910110391f41e6f146a012eba7a19c797235f33943f97b76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3eed80cfbde91e75294717e9fcc5363

SHA1
a614312450e6ff8bf2ebcee051beb6f29c3197cf

SHA256
7b0fe49142f8f21a6fd4bf31d8dc02e487821c3f09984a4a6020346108051ecb

SHA512
12f153a069004ee6c18df710f21393d542bfd3d8b0f04d664ac4c9eda244976858c4c9ce300abae464bc8688dc59b63c425b91f95966d5c99cf19c59f43ce45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c184280cdfc9b82fe52d5c8c4d3bdfc1

SHA1
df1787c6607850c9b0491e4a04c53e625a82c19f

SHA256
ea32719c5cc207c702f83f0ffc88131411de6c1bdce5e5d906d56d50759b8e8f

SHA512
88edc92fd966443a527615d32235e203a4a687cce5f122dea225095b8150bb0b2bac5e39329e4bbe5ba90ec27bc62b774b2b59038865b71d3881aff5e3e15c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5a93f6675afbcd1418baf802fca2dea

SHA1
6662db90ee22a2a8d24db69fa2096fcd5cfc2fa4

SHA256
1f2bc124312605500b570ab22ae9f5898feca2e31d69c5bdb7371aa236f54388

SHA512
c48cd89a8f7e30f17375f8b3aa80137591531a5f69dc9d5b65af3bb99ef4768eab46d3ca5dbed00d0a6b7cb568bf8b88f10f4cf9013aeceb5da696a7450197bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5672-919-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-915-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-914-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-913-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-925-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-924-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-923-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-922-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-921-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download
memory/5672-920-0x0000000005160000-0x0000000005161000-memory.dmp

Filesize
4KB

Download