2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

17-01-2025 20:14

250117-yz7h3s1qfw 10

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

16-01-2025 12:50

Analysis

max time kernel
495s
max time network
513s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Destructive.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5152	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3936	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
4656	MEMZ-Destructive.exe
4656	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
4656	MEMZ-Destructive.exe
4656	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
4656	MEMZ-Destructive.exe
4656	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2504	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
2972	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
1356	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe
3936	MEMZ-Destructive.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 59 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	4900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4900	AUDIODG.EXE
Token: SeShutdownPrivilege	5152	explorer.exe
Token: SeCreatePagefilePrivilege	5152	explorer.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
5152	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
64	MEMZ-Destructive.exe
6652	OpenWith.exe
64	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 2504	3612	MEMZ-Destructive.exe	96
PID 3612 wrote to memory of 2504	3612	MEMZ-Destructive.exe	96
PID 3612 wrote to memory of 2504	3612	MEMZ-Destructive.exe	96
PID 3612 wrote to memory of 3936	3612	MEMZ-Destructive.exe	97
PID 3612 wrote to memory of 3936	3612	MEMZ-Destructive.exe	97
PID 3612 wrote to memory of 3936	3612	MEMZ-Destructive.exe	97
PID 3612 wrote to memory of 4656	3612	MEMZ-Destructive.exe	98
PID 3612 wrote to memory of 4656	3612	MEMZ-Destructive.exe	98
PID 3612 wrote to memory of 4656	3612	MEMZ-Destructive.exe	98
PID 3612 wrote to memory of 2972	3612	MEMZ-Destructive.exe	99
PID 3612 wrote to memory of 2972	3612	MEMZ-Destructive.exe	99
PID 3612 wrote to memory of 2972	3612	MEMZ-Destructive.exe	99
PID 3612 wrote to memory of 1356	3612	MEMZ-Destructive.exe	100
PID 3612 wrote to memory of 1356	3612	MEMZ-Destructive.exe	100
PID 3612 wrote to memory of 1356	3612	MEMZ-Destructive.exe	100
PID 3612 wrote to memory of 64	3612	MEMZ-Destructive.exe	101
PID 3612 wrote to memory of 64	3612	MEMZ-Destructive.exe	101
PID 3612 wrote to memory of 64	3612	MEMZ-Destructive.exe	101
PID 64 wrote to memory of 4868	64	MEMZ-Destructive.exe	104
PID 64 wrote to memory of 4868	64	MEMZ-Destructive.exe	104
PID 64 wrote to memory of 4868	64	MEMZ-Destructive.exe	104
PID 64 wrote to memory of 2908	64	MEMZ-Destructive.exe	108
PID 64 wrote to memory of 2908	64	MEMZ-Destructive.exe	108
PID 2908 wrote to memory of 1752	2908	msedge.exe	109
PID 2908 wrote to memory of 1752	2908	msedge.exe	109
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110
PID 2908 wrote to memory of 624	2908	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2504
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:64
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:1752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
      4⤵
      PID:624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
      4⤵
      PID:3256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
      4⤵
      PID:3664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      PID:4128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
      4⤵
      PID:2844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
      4⤵
      PID:2180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      PID:3780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      PID:3672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
      4⤵
      PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:3872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
      4⤵
      PID:4592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
      4⤵
      PID:3648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
      4⤵
      PID:3568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
      4⤵
      PID:3680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
      4⤵
      PID:2740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
      4⤵
      PID:3648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
      4⤵
      PID:1836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
      4⤵
      PID:4296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
      4⤵
      PID:1360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
      4⤵
      PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
      4⤵
      PID:2368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
      4⤵
      PID:3656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
      4⤵
      PID:4172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
      4⤵
      PID:684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
      4⤵
      PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
      4⤵
      PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
      4⤵
      PID:5104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2
      4⤵
      PID:3428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
      4⤵
      PID:4968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
      4⤵
      PID:3228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
      4⤵
      PID:2432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
      4⤵
      PID:1224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
      4⤵
      PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
      4⤵
      PID:3848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
      4⤵
      PID:2528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
      4⤵
      PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
      4⤵
      PID:3512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
      4⤵
      PID:5324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
      4⤵
      PID:5756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
      4⤵
      PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
      4⤵
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
      4⤵
      PID:5864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
      4⤵
      PID:5664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
      4⤵
      PID:5936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
      4⤵
      PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
      4⤵
      PID:5844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
      4⤵
      PID:432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1
      4⤵
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
      4⤵
      PID:1508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
      4⤵
      PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
      4⤵
      PID:4472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1
      4⤵
      PID:756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
      4⤵
      PID:3524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
      4⤵
      PID:6196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
      4⤵
      PID:6844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
      4⤵
      PID:6952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
      4⤵
      PID:6452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
      4⤵
      PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1
      4⤵
      PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1
      4⤵
      PID:7040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1
      4⤵
      PID:6264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15952438898703791439,5903229803507094085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9740 /prefetch:1
      4⤵
      PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    PID:2312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:4068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:3556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:2060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:3300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:2500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:3444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:3996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:824
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:5952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    PID:1748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:1924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5812
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:5316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0xf8,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5820
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3704
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:5620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:4376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:6780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:6796
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:6572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:6288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:6280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83fea46f8,0x7ff83fea4708,0x7ff83fea4718
      4⤵
      PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4900

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5152

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17fcb42b-bcd2-4fd2-9688-023ca3448a9d.tmp

Filesize
7KB

MD5
b95048ca625ff8d9c382a944bc44be2d

SHA1
f05cb5f33bfb20d3f101a38221d9309c9f2195cc

SHA256
e8dd45fc11bb86eccb5101ba2d333f93eb88029a22befcc8fb207242f241e932

SHA512
3b5ed875bd30ce4ef1f659706dad348403058ca7bf90d0cd9a27642705c545f553083aa78eda31230e0bef34f81ef5549f13ea044ad859ed29093445d7f6c677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
98KB

MD5
c0fc67fbc5c5eceb437b516b4365aa86

SHA1
6b5a02dc604f8b87eb9d456969b12b45dda79baa

SHA256
0b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea

SHA512
e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
181KB

MD5
9f2974b002503518b4aa202ea711f449

SHA1
1fef5a59a10bea577607980a3f416b01fd1f04fd

SHA256
951e9c9b0b597ecbddd5ba82577b5e0210454664a870460c03b695826f36b104

SHA512
b6f7753756bea7a9a4514f2750e56a0d2100748a8894fff967e4ce994888401c7b97d9aec2b1088a47534f01a9a24388de58d2891ad7f9782319ec8b199790f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e3ad5a80ba7db88_0

Filesize
19KB

MD5
6361f5eaa3fe8532ef6c5c86cbd8db6a

SHA1
a1df642d5d8b202689febaf404c83e5dc7032d87

SHA256
7893196b72a4fbfca66555386f7504d1f6c50f6362a1ac1de4eeedf031688592

SHA512
722c5b3f113bca46ed9c43145bba86734312e03faf3f6d0c728301bb41822a9e2a82d40192d505b325597eb6a965cfb255d53859635b1f5ee3b2edf68010a28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efd1508ab710870d_0

Filesize
415KB

MD5
96538e0e2f8617d23242da62728cf4dc

SHA1
5f41486c42948b3f8242a4239aab2193517aa308

SHA256
d4458e0537a6da39e2518a9e58d47de636f0b77c27170180b8ef9520d632dbf6

SHA512
aa181ced7da164def34d749d8d6ee11c83cbcfbf3586e7c2b6af5b42225f076a6c8636534af184278449fe7b7d88d2b9685a59c530cacf6ffcdf2d27b5a45761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
71008e9c8e8da73e38f345d316b64859

SHA1
1af005e4a5f9b3cdcf3570486868e37ecd352776

SHA256
80246df052fe1d78ab5c366746dc9d9ea46d846973a6525924ec45a862fa57de

SHA512
2f80ea8fde536a22534da4ee09b83940e58f4e2343b687e46f388f0ca8e87927ccfdf8aad67878e195687f5003458f14a05bcc0c71c7bf63788b8f67cb03c3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
c7fdde5e06c0ba24a2dccb40d02bd873

SHA1
de78f9af8f16382317b1a8b19414fd309cca10f1

SHA256
2605c77001a861eb29cc6c153f3806d0a02c8ed0e61c2d978a0dc5cc188be119

SHA512
0b53f37597adb74082efc9ccd176dc4af318089491bc458d982ee5fa76adbcdaf18506874ff4047a91e51b186f6690ebc8535e95f36ce9e9b7cdf4f541cd12cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
d906915cdb5835decb8bb7bf16a67459

SHA1
89fdfa72a6fbcd7472bca39b140a630e22a896ea

SHA256
fa67bbbbb8bd6b49161dd5538749dccd2dd60527f2ba5c0f7e889a81bfa44da4

SHA512
1f950c2e53c777c8d28572b7d18d388bc5ef5658fe522a2e61aeb0e420e7ec8e6bf24dfa9aaefa1aabd63d7a1b8278751e8c7f6f0e48200c3c51046495c4abda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
f46625eafb3a44b4a0fbcfbafebd18c5

SHA1
9e659e190ee504e8fb6435ee7a142d399bf7eb14

SHA256
ed34a83887248a5b0abcea73c1a09471f68a0cc6f6f3203dd3154f954703bfc1

SHA512
9de581fd3d1a97111abeaa21b651269e78c2482162458e48c61b35ec85ebf5aa9b390d107eae2b886cbf61c4fa8d96cac95ff0e73db5612515848dcf9f1732c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
62c3897457108170805f9d00a316bbfc

SHA1
296d6f977748d382a3bbffc3f31ac764264c27cf

SHA256
c8e8fa4724466e8097d622524e62f902582ed5053e6065512bef6e0712b6c2ed

SHA512
10f801a0b6229a0dd02499cb6eda3c8b41559761d90cc15a86e44a39b23f15aa05eb3f5771174c346e9ecb12db7442dde00381c56f65b508914bfd303d99c750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
3d4bbf53e7b286b97879bb342916e6c4

SHA1
10ce6373fad5b18d50e97ee7388f526970951043

SHA256
f4ee0d24fb062105dd4ffd0fe513f9ccfc301439c8e51db0cc3d2305665ada05

SHA512
d951a229caa27500cf9fd8a6e648852901e4fe29d9a0595cc78216f6bc47424b5f2acce4d2810017769f6d98ff7408b88cca92b4bc0876e6904519758e705516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2253066596e7122c1395b340035b96f8

SHA1
3e40a837ad74f321a217314c8e3e547d7bad81a1

SHA256
67adea4a30a4f93d95e7966ce6099cf7182a0a0a1cae3f1a7bf3b925ddc43a39

SHA512
209558ca8cb66e622e994533fbe7bacd38452b52084ee34d9946ac6df799b9280384abc53111b557862b16087fbb006cc89f62432e8cbcbe2e80a4c481160932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2f83eb26984071201df83288af621b2

SHA1
b647800094bf1258c4c84882c6859d9e95aeb52b

SHA256
9817b30cbb460e33fc8ff8a1b47f35b94b536081e83a55087405f6fcc89b276b

SHA512
8aaebbefb21c4bb3880a6f2501f9e540e90e644ccb103de229b89bdf180ae86661b5374e7eefff77cbe326b94988194c8c6fa2a67651f30f58a1b163c725873b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6f621df7edc1c4a2f4d410812d2d4710

SHA1
17bf3ecabaad4ca1b05872c6152c7aa68ba4c37e

SHA256
fdf2c2ff0833db00c3c6e82fc3daf76b84559983ee2a40302721fab70794b16a

SHA512
aaf74c2b043c1a6888be97d2ae51deb7e7c26cff6a95653d9ef5319619d8b1cefc29fa0dfc26d598f06d1706cbf676fa280a10af130d495f6424ac8e0dd8e626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4943be763e6c9cb172061d75b3b88a3c

SHA1
7b764b61d1cd1a15311b38b9799996a1a6e78bc6

SHA256
a51aa7af4b265865b25835ae2bf0c9fae39078ec04dea3ea7816ed56d2f79aa8

SHA512
57f252922b63c53aa64a4889eae6beb7098e545fca26009cd213cfbb7f60ac2fa8745d125189a24889bd5e850fedf5b3e35439674a39555003cf718d3e1cebd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9ff8b44edb3231b7b55d500aa8695732

SHA1
bc1e3c32cb70c423ba853dc45bf272f110268719

SHA256
192ea615af961f102e7070d6f1ed992cacd7c4b07f0a1b30475720be854d68de

SHA512
b54ac2e2481b015d773054fd72e8cfa45990bef3555f7fd5469f7315a8764d93edac821952a6b557f4e2c8267970894ec358a74d88d52673b170f11806758de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6036313a1230b2e53a212f1da6b009eb

SHA1
fb5ec7489f60183eeba9280cfd179b501826f799

SHA256
05bec37b4909af5b451a0f5396e225fde1ab6c89959432e5bbbf50bb4bb3b9c1

SHA512
c2c7a0b1b59ff8f9a2f7917831089e538f66cb58b91dfcdb8887ecf46de3d717b6dc2a68931aee4c01412968881337c2957a3a289b1d958ff502e43ffef66eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b41a5a9ad5f0f4becaeffc343b639c17

SHA1
226c8123d76d1f8c0b01816363ef777cf1986646

SHA256
627d4381da0e825010c60ed9e08a83df1b183f7ed0e4ffa9cc12831b988dcb7e

SHA512
b7602a6b413b8f93e5f1672f0dc0b24ee0415588b6c95b733536311cb79f759649f1d7c996f3533433bfe3a0787a29f6c61e07b1e9ebc89734c128dbae9bb684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9c83d0a08f4e5897a4338c704cf95141

SHA1
3ed532a80b5555f383052c5e264bccdc19cc388a

SHA256
56789e076524b27f7f5b59e73ee244dd9e2a8b1e232537856998881db441e209

SHA512
ad51b8d25e91762bb41637c2b3ae37269bf1b4eeaa1309ef0a7d3f409ab6a7e13c92f83eb36397d8e916e46c2581a13f1d746c1fe3e4312f342210f74b5b9f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe9e8c4cc8dd649b0e5c88944aad29a8

SHA1
1ddda54b70620d86ca08de61bd3b17fae4c1bf18

SHA256
b59714e925b40c2fb5e983f7cd075f7ba8c0f592657a19699387a9e77115b80f

SHA512
38480581bb817a97049e048f84e4de971726bb08985866e0583346a0e4de1687afa8236a6b9882c12b561d2155346c218ed330dc75cc6a9363d0aeec3d810354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
47b3e273c683b70b1e502e97b3c6f741

SHA1
60198b8d700b5b77352d35128d40eb24649a03f9

SHA256
026d63a228aa8bf0f08526136dbec8138110c2baff16c195d8ce8263d7efb199

SHA512
de9f5f155c30d98a864cfd2f2fe59fdff9327188b185a95beae41f3c4696f725f35174a51d9e60cccf01a2316089358a512d52a902c97c926c3f71b4d26a531b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8bcd779b51f8ab0e8ce5eed36b4e0a3e

SHA1
51b513d34807df13cad70f8038c16fe5a18e4846

SHA256
2b2902a32fe46109d3738f4a221d654ca271b8ace10ce0b3c09d7b88ba29dbe1

SHA512
d366b8bc7b57fa370c55576a4574ad957d766df2d2b2da4d747ab769c08350ee87578a510cb836a22c62a1c0761e1c67492c070f1b86c13aac96416407415b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
493ffbdabfd8d2a2d5afe9fd5f349696

SHA1
84cc4c680ab5b9a351709a55d0b55ff787308dab

SHA256
5f7cc05a84de901c4377e6d85d3a233b44b5087181cc55d768961d7dc271a02d

SHA512
57fde8b778f4eec64362112aa43247c58eb49fd18e81d10a1727d0e9656eb5b4b3b87822eaac449ce78624191dd04fdccf6062b54e5dd74ab4c6941062714b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7af1a56c4b0f446ec4970e20b4858913

SHA1
f4664fd2a616e439eddf131f1853f28668ce9e0a

SHA256
378dfd0d496e47f722f73c7306812e4cbf2eb9e7c6a0fe7b761f0f3a3d36e00a

SHA512
c237413db3f92feb026fbb6330896616949c3b247c2625046744e3b2f60faaa43e66afbf5310789de6926e27c521113dbab92be562796a8aea842366739cf0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
edfcfe74df5ea0743c20833e56700c83

SHA1
f16907e79129508393187f5fe83be2b64b2ad838

SHA256
029ad0878a794ab0f41076289a4ecd7231ef6e7114009966f478c04e4602084e

SHA512
9abf93514d8886c8310011d00179cbf3fadd164e481e083f8769fd116dcacfab024bc4b121859454a4907f1cab967ca48e83007adf43eccd30358861b98986f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3775bf3d55bf00fba106d25c0c38fa6c

SHA1
0ef632bb08628643b29837e7e00f9828bb5b9967

SHA256
1ee5a24bb720e703917fdc80c7a006bd335085d9233bc34a8dd795ac83101e94

SHA512
6e715b3026d4746689836f9afb6b0737326240e4866bf7bb6feb0e5b5ff3cde9f7ccffa61c1b0d4f706fdc189beade3b72e3676df13fd2f21fd913b725e7bce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
185b188cbdd9cd35b8bdbfb2370cce38

SHA1
23f17a0f095f0018e4699c2727b99d216be6c462

SHA256
84225f28423d473dae6ab3ed55f3334b99f5ac4f8cd5d5cbd25e53dac07eb434

SHA512
ef2eb891ffab3eacd67887d084dcbee790b5cba17a4ca911370794d538d09abe377b97a42245207cfb8097f52b1cb55b43b7cca9947f0b43e7aecbfb5a3e766c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
332e7a2042da50810392345f77fca6f7

SHA1
8699f0e96a743aa2ccde8f280f5e944621909846

SHA256
91514313d24c4553c014197c462061a009ab7cecb8a786038800a98018143931

SHA512
020d8fb41db3eb5969509d712ee883d6cd5ef6e34fece2de5e47062a5bcdf3c32abda98df00b717e06099cc82e77b61ed1d0bcc4279a1423b5e2dd2c4f2c00e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad72870bcb9f3eebdc6a9a55c1952445

SHA1
927128f6dc89780dd18e0300cb16fc8f85e02da5

SHA256
c5764c2d4c7f943d9d395a0d7b742c21a90cd6846f1ea5265fcaafe28d544c89

SHA512
206ec18b50f39056d6c86d91eb56b35c9529eb76a35682ab03530f394db806b76a3b4460ca50c7539a220f6299772ae4cd6ebcc58fbb2e76b69b040a9408f1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
85d96aded0828915a10bc66e5519bf4d

SHA1
c19423ad5a2290c34ea64502baa1460ff852aa09

SHA256
400108c3aeffdb29211b737927c3d66169f225e13c1b3a7d176c636218e6274a

SHA512
7e3b40a5af44fc2a63f854a19a2dcc5ec5c73b40a36d5223f63baf542455acdc1564e5e88edf9f65d622536198e3dca6e8a1629e037f1fd2d710df04de8e5d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
30bd9564a6180c58218822785f13a741

SHA1
0822408e3036ac94378ecc38e7dbdd97d812b528

SHA256
4779e5ad5e1804cf2029b679587c863f5db0361ed6b58f928bde0fbf45f02cf9

SHA512
6230309b28ae3461c9e44f26bddadd737216081d8bfd59fb905094b64b352a67fbf7a79625aaea353b365ebb635e7db00700f47d40a88aa434ca84e260353182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
54367a2448bc59827b97d3077ce88afb

SHA1
d33e42c37e5edeabbf844323d4510f08026accce

SHA256
014aebfe665d136c32f9e476e26e883b061ba28917c959d3bf6656c1abfac954

SHA512
ac13b36158373c298e22dbfc2d9b688c6200e8df597033d968bc1623ffab19169927416060b46be91d7605e5a241b2205298ad0ed5c4749aa97a95d3b980bd15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
41b2dd861bb6564f4b743fe62867137e

SHA1
48a20d2d8148f6b0688992c5b03bcc17daf35e73

SHA256
81368a8116c578d1f12529485f644ebe70bfd216443256ea2e08442b706340dd

SHA512
a42db8fe0558da41bbc3c9dc0586a950a7a993ab99b7298ed634abe62864b3d9e8e1eca6656da46f9a386ce2839d0f91a54adb6e7f4a8429043fbec524a91f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1c98a0ab8f52b0edad05740187877fdc

SHA1
c839e1ae0ad3b380bb730dce404bf68bd400fc46

SHA256
1f6091ab21f75bc5eb8a8a2c384cd7bc0c10bb7a57432d214f9e3ba22d168fed

SHA512
fb8ea5b00b7609f4776fa87cc3bcb272626ec71c416c8a5437a95a9f4d43113150a11f1628f5956aa71633a26d1847bec66fb9aacd06fdf99e81f3bc557f6313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0a7fa2254018f278085ec33f5f0bafbc

SHA1
f9e5e56a8cb9e1be4beec75b62c4a9e0f3fb1357

SHA256
2700f359e3a828aa5752120daf51fbd5ed1ec6af92505adff8a17ef0873ea31d

SHA512
f37b2f4a4e4f50592c59f0bfebafdea2836144b1d981dc0eda87b26ab6247fdad02805a22407b17772263c502cbae63d3f2cab29bb246d7905b1db88573d8bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59b3e84954614ec8e3305f423171daaf

SHA1
3a01a0618ccd331b34f3f2a38aaa9a8ee7e2c6d0

SHA256
bd62c24d15a5ac001c5310aa53225c516a41a4c400c0429e1e743bc2227abe5a

SHA512
cbe51b123dd6ab513cada4ff8b241c03f8faadfa7f878a1edd9355dd81af65307e3968d5ffaa53a47e0b67fbb16f75645027b0b66b326f7a6eb81db887c32101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fa32f391a93f280e803e9b6950005753

SHA1
d0d5d2f6ee56197461fdf814edf3c5721c4653f0

SHA256
f730a916294baf3c86806d797ffdaa1c6230fee5887d99f03fa1199528428ecd

SHA512
bfc87ad3e625a6f3813a4d1988151c71343bae9e94d530910c07f11207712d2838933c451f72f3ab4d5b648351ea607cb426ab9debbb413c3dd266ad02e359af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
84016ff1d6b13c7ce78f73e5df7b641b

SHA1
d388bca2e1b72136284b83e62628a164a856ec88

SHA256
c26355514e6e8384d00483cca64a4c35a2d9a1421cf6a8128c36d84b987a33ca

SHA512
9de9e68bf5beb4296534955eed9a0ced233a239094e6ea71678d6d077fe8f3e2c84d7e36a0cd50a3ef1be93a71b164419ffc91efc673ff2e89e49d72d371b0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f9091.TMP

Filesize
90B

MD5
326cd31ee9e6fcd0fa439791ae602848

SHA1
58cedac1d139223038e2fb94bb35d949e9e3d7f2

SHA256
0c353f13ad8c4aa27b2886224216fca9b70d05bae3f466d740755ed5ce7fa8e9

SHA512
be4e4ebfd0222fac58678622728d9e615a067c193dc8709087edfd6e0f7c73e3d9d3daf418bf9f90cfd6f89e7a23ba6f4853f20555c9ac0150fcfb84b898c128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
225bae85e463a144a36f56eb0237488c

SHA1
9a7558b4d23c5f547f312bfd1024f594eb33628f

SHA256
ab379b5d7c9ab92ed422f78c3a25e3e4ea40243233a272b1445e92b88d71db98

SHA512
5a4ff8b4d98e362bd3527cebefcb1fb54db819dea23e5bd1cc7b07a6c6a12c18bc727b4fd01a1ef55e9859d9853175043d21f0fc5909c2301db020d8a3c6a526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b706a.TMP

Filesize
48B

MD5
cbf51221ece8ba79ce4cf5f7099fb57c

SHA1
63f61d49fe04fcc711040b8b42d5b6f29f0377fb

SHA256
301bd434cb7333fe5401c3aa67b353eabfc62bbeb88d0bf38bdde3630ceadbec

SHA512
f1b55e75134c5a65385f329e4e03c179401b40daf081c12d905add7e198f267560d2ea3d55852a72834620aa4e2da496c8964a2a91fa36ccac44ebd4aa8a52fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
baae0e546cac3d6adb1a4bb294c8b711

SHA1
9e933183f5bd7a9fc187ea60635a3048c91fbe35

SHA256
58c03e27f970e4342895ac755d4e0ffafa5890997b88523554057580f68d0f0d

SHA512
14173ea6f8d7dfbd59414e84b4f96ab0b330481aaef890ffc8558f352472250475a83a0e506cf49181b35ea7272d44fe5a4062bfee341fa9db70b34f18036e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3bf0c0801a181a120490a7203abe0ceb

SHA1
08f995d8f2bdcf1ae8f190ac0962ff99f4dafded

SHA256
9c030136c7147bf65fd2093e36ed3ab4e2f26284764f0b224ac6704ce7da2901

SHA512
e598b9aa589446fc6f9c288b8ca13b9f1f55d8cc64f9fe43ecc9eb486185abc0b48c3aacd33e725da5c57ac959319a6dff2497921c847d1550f8377e91738299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
987c6f71bbd9111264a32b1c2e45f3a7

SHA1
b60b314bd06cccd3fef04b74c37db01c6c2f50b8

SHA256
bad7956f0135ea487bab2922082e48714627acf6bcba0f9e754693a92c230496

SHA512
66e3972f8dfcaf426b3e528e16afe8708f1633824ee7d1f7d5377866c06cbd9474818ede84fb8dead3cfbdeb728077382553f1af350e9f55c488a68b0e7a3e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f88968fa71d72b67349f836b53b31d96

SHA1
14b16a6460b146dfd79f678a41058342213b9565

SHA256
1e79769262cd08ae3914679c4f3f47413b094eea5376814d170ac88270f0c726

SHA512
56791499fd21b4d95060501646dd11d02a25fc426f272dad8cc5fff755a6e4d03dce16769168166057ef5f7f14a95bcd1206aee18eb5cf2f74fd58ea9cba4561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
34dc56150a3b411c40cadf99d30b0b69

SHA1
6a778fc50d316071847ee4b8002732100bf14663

SHA256
84d46f38fe80869d63be1897cdad1f383940fd8cec7451b01e555dfa25b95558

SHA512
743ef7dcdcb2d90d69d680542e87d96a1b6f6d68e3ef7e3a9c33fbda8de5a3d2de0c8420d9aeb2c9496d70bb3cf0f46f41c061ca681b0977a3b26be206ca4676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ea61c609fde163f87af7599d07cda078

SHA1
86df2cd306ec1634a1cdd67a5edf53ac4e1af47f

SHA256
57aad4a6a5cad0555b0f269cb5f7ac6276d40535dc6dacf2fe21361073c9d16e

SHA512
be61ca827df4a21b7744be484af074c619b1bdae17a2840076ed64f3821c3723a10deffd262aa65b8bb8334b5f864ee041479c54c1f6752483a7aacf8701e219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594675.TMP

Filesize
1KB

MD5
cb652de75038e3608e40bfc36729951c

SHA1
338e3343549f0ba4c40393abc822d25d7f23444c

SHA256
ab936eeb1b2a136d3fd6903eba55d8f9eb6a66f25083f490b5be69919477cd18

SHA512
1febfdca3eed84806a6c0ec09dfd3f49317ee296d5cf12b34e2af54437784b2ce142e3122023a563e18d5d404ef076391210395203bb3bb90ed4d9f56438455d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e07141e0-37ea-4579-b2bb-3a3f763cfaba.tmp

Filesize
1KB

MD5
0a7be5ebcb29e7ddb629d7a46eb43205

SHA1
a1b26cd3e6b75ad2aa1c2a8743b9627e023eb709

SHA256
115d55577b1e96d893e6e6f1ea7c1193b73382bb91921ca004a42940cd1d1ce0

SHA512
93550f51e288263569199e5fc120d5da470119df3468bd319481dcc05fe797687ef73e0720ea61eb5c3642c6f154709a90db9ed99831efb62f6fa9368650b3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65b158cce42509663771e372970922cb

SHA1
a172ad1f8db0198e090caefef2da3a44f796fe62

SHA256
139c430833ac74bed25bed7694e57c8da46f5c0b4bc543942549df5e2a29bb73

SHA512
990a18a0a8b4dab47f68710988137ebc6640bf9bc8006590aa2be2c6ee976c0c4fc9f24349bbe9c0ddca165b22097cadaab5c7da7df84e2951a0052da9840140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7065850b636a95265cbf5b462fc3ff5

SHA1
c3b87681f5b0f1e80027768e5a428af4b69adb5d

SHA256
2dae80798959b6b7509db5c0ab4e7f6eb4604fca3385cea2e8f2f699f79e2e1b

SHA512
67f30c5cf540e12bec795fdc767aa9c4b7504d4bab51ae72785055dcada9b55f6d45784245e35e009840658d79c655e8a2673b141331d787295d8556689885ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
923857815387cd98cd25e09cc64cdfad

SHA1
cdd62f463b88fc8c46cac634203ae90a09fcd3f0

SHA256
5a5e821c0ad099c0b922994c64564c5b83ca5b82849b31290d3e588c0f7a38e9

SHA512
23a225a9b74f0d4b6d37e2aacdaaf186c87b6381975344e1b66596af9231729c3a0e2452a369bcbab500e463c166f4c0dfbecfee446c1f4c6b7f702d99e0942d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c1a3810b3ddb1662a56974f1169e9c3

SHA1
06c6f3797c50e416f9d8cc3e1421698c0ecdcb95

SHA256
ab6c3f5ef4b47daf3b9f51b60c98769c7014d7688e37bdf78fe10b3198ca2e85

SHA512
e66439363e90a99955a53c5cdd6e9460901b9b9eb23189b564f05f486db89a3974070150c7b8ec72a9637fc0b4648f78d8aa3887492a5dfcf7f27eb4f368dcd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29faf6ec1a2a859e157e56ac4a6a28b4

SHA1
4c6da3951fe2e1a3e66ad745ef785f3aad8d4f92

SHA256
926706ee64fb3ae08ce21eb7787ded923b6f1b3171951a89c78d24350a7e9ad5

SHA512
ec8aa9bc22f90c674ab51d8b3bf7b0d9920300fea6e7b0d390ed94f4aaeb347915bc34adf8aeb3b72e91ee8856f5485e41f0be717a1fa3ee4796f5a2ffe3d9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb7f870241199883de7377db82e3bd38

SHA1
eb23e645830361b2fc1f8202a8641b3c603672e3

SHA256
9d49bba888ab7d58536a2429b41274902387fdb30bebbe3a18b759b00678ee80

SHA512
da42d025ae44021026fae775258a605e10e3e8a282af21ca9cebc51c924cbf3e896cf226416f27a18852078a1ada9457728724a0441676a799368d15f4053b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
161bff06f9674ad03c628b47557416e0

SHA1
bc31c2445c5f986b473e609ecfb0b8fe0246488a

SHA256
58bd59d9abf4bcac65ea1e81395a68b304395af20d63c48f1d29a8a6830bb61d

SHA512
aa0abd9d1611ac0cf10ddc575da18f09954e8bed164e4aad0b63c7bf131ffc2fb41d40e2bc86dc53cd5caa0f323ff79459f7017b97db1fc1fee472af156db21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b01a9f81d8a93268ae6dc20431286723

SHA1
b471f66d1e958acff7606e9dca6dd019ce5c5d79

SHA256
90e47335c9903112ac3c98086368fb3b6ad41b7b9f9004015be6abd6189c7903

SHA512
415d4fe17f508c50c1117ae1b5258f7cf3b935245ef9a7e97a5148a6cfea565a78004735cd3ff2abc693dc7c057cc13111e44b80ef464fc8dc0ee1ede49bea40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
661d160fa2144071bfa0fc621a095081

SHA1
48fd2fd5000f3ab8656b0ce987b3f6252524c07d

SHA256
e8550cbb18d999368145ddbfb5aefcec99148370239e9cbbfa09d04a845a2c2c

SHA512
6f8980c94cd5fc6640dc2f92713d20a724723961843a8e363d7a31f8113c992dec4e011d502321c86331edd22795f3a8afc71eec87ac8297ad0690febd0509ae

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit