Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Malware-1-...30.exe
windows7-x64
10Malware-1-...30.exe
windows10-2004-x64
10Malware-1-...40.exe
windows7-x64
10Malware-1-...40.exe
windows10-2004-x64
8Malware-1-...32.exe
windows7-x64
10Malware-1-...32.exe
windows10-2004-x64
10Malware-1-.../5.exe
windows7-x64
10Malware-1-.../5.exe
windows10-2004-x64
10Malware-1-...91.exe
windows7-x64
5Malware-1-...91.exe
windows10-2004-x64
10Malware-1-...ey.exe
windows7-x64
7Malware-1-...ey.exe
windows10-2004-x64
8Malware-1-...ad.exe
windows7-x64
6Malware-1-...ad.exe
windows10-2004-x64
8Malware-1-...ti.exe
windows7-x64
5Malware-1-...ti.exe
windows10-2004-x64
8Malware-1-...an.bat
windows7-x64
7Malware-1-...an.bat
windows10-2004-x64
8Malware-1-...an.exe
windows7-x64
3Malware-1-...an.exe
windows10-2004-x64
8Malware-1-...ve.bat
windows7-x64
7Malware-1-...ve.bat
windows10-2004-x64
8Malware-1-...ve.exe
windows7-x64
6Malware-1-...ve.exe
windows10-2004-x64
8Malware-1-...ya.exe
windows7-x64
6Malware-1-...ya.exe
windows10-2004-x64
Malware-1-...re.exe
windows7-x64
10Malware-1-...re.exe
windows10-2004-x64
10Malware-1-...ry.exe
windows7-x64
10Malware-1-...ry.exe
windows10-2004-x64
10Malware-1-...ck.exe
windows7-x64
3Malware-1-...ck.exe
windows10-2004-x64
8Resubmissions
13/02/2025, 01:26
250213-btppra1pcz 1017/01/2025, 20:14
250117-yz7h3s1qfw 1017/01/2025, 20:12
250117-yy9l2sslcr 1017/01/2025, 17:25
250117-vy9p9sxpez 1017/01/2025, 17:21
250117-vw8eesyjfp 1017/01/2025, 14:16
250117-rk9ass1rhk 1017/01/2025, 14:12
250117-rhv1ds1lds 1016/01/2025, 12:52
250116-p4et7a1mez 10Analysis
-
max time kernel
900s -
max time network
903s -
platform
windows10-2004_x64 -
resource
win10v2004-20250211-en -
resource tags
arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2025, 01:26
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Malware-1-master/2530.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral3
Sample
Malware-1-master/2887140.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Malware-1-master/2887140.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral5
Sample
Malware-1-master/32.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Malware-1-master/32.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral7
Sample
Malware-1-master/5.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Malware-1-master/5.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral9
Sample
Malware-1-master/96591.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Malware-1-master/96591.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral11
Sample
Malware-1-master/Amadey.exe
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
Malware-1-master/Amadey.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral13
Sample
Malware-1-master/Download.exe
Resource
win7-20250207-en
Behavioral task
behavioral14
Sample
Malware-1-master/Download.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral15
Sample
Malware-1-master/Illuminati.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Malware-1-master/Illuminati.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral17
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win10v2004-20250211-en
Behavioral task
behavioral19
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral21
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win10v2004-20250211-en
Behavioral task
behavioral23
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win7-20250207-en
Behavioral task
behavioral24
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral25
Sample
Malware-1-master/Petya.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Malware-1-master/Petya.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral27
Sample
Malware-1-master/Software.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
Malware-1-master/Software.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral29
Sample
Malware-1-master/WannaCry.exe
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
Malware-1-master/WannaCry.exe
Resource
win10v2004-20250211-en
Behavioral task
behavioral31
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win10v2004-20250211-en
General
-
Target
Malware-1-master/MEMZ-Clean.exe
-
Size
12KB
-
MD5
9c642c5b111ee85a6bccffc7af896a51
-
SHA1
eca8571b994fd40e2018f48c214fab6472a98bab
-
SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
-
SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
-
SSDEEP
192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" setup.exe -
Downloads MZ/PE file 2 IoCs
flow pid Process 53 4428 Process not Found 365 4428 Process not Found -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\Control Panel\International\Geo\Nation MEMZ-Clean.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 10 IoCs
pid Process 7232 setup.exe 2704 setup.exe 8036 setup.exe 7996 setup.exe 7732 setup.exe 7756 setup.exe 7768 setup.exe 6536 setup.exe 9840 setup.exe 9860 setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\msedge_installer.log setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\TransparentAdvertisers setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\identity_proxy\win11\identity_helper.Sparse.Canary.msix setup.exe File opened for modification C:\Program Files\msedge_installer.log setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Dev.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoCanary.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ne.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\cs.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msvcp140_codecvt_ids.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\sr-Latn-RS.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Canary.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EBWebView\x86\EmbeddedBrowserWebView.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\fil.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\7756_13383884315906847_7756.pma setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\tr.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\identity_proxy\win11\identity_helper.Sparse.Dev.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Advertising setup.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\new_pwahelper.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\microsoft_shell_integration.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\fa.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\WidevineCdm\manifest.json setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\vk_swiftshader_icd.json setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sq.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_helper.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\AdSelectionAttestationsPreloaded\ad-selection-attestations.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\notification_helper.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedgewebview2.exe.sig setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-CN.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe MicrosoftEdge_X64_133.0.3065.59.exe File created C:\Program Files (x86)\Microsoft\Edge\Temp\source7232_1753303474\MSEDGE.7z setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Cryptomining setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\edge_feedback\mf_trace.wprp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge_wer.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\en-US.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\or.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-CN.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\MEIPreload\manifest.json setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Edge.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\am.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msvcp140.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vccorlib140.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Other setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\EdgeWebView.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Dev.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\LogoCanary.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Entities setup.exe File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\nn.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Trust Protection Lists\Sigma\Advertising setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\internal.identity_helper.exe.manifest setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sq.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\lb.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\nn.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ga.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ja.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\resources.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\pt-PT.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Beta.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\edge_feedback\camera_mf_trace.wprp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\d3dcompiler_47.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Content setup.exe -
Drops file in Windows directory 59 IoCs
description ioc Process File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 17 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ-Clean.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 4920 MicrosoftEdgeUpdate.exe -
Checks SCSI registry key(s) 3 TTPs 23 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" setup.exe Key created \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute setup.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge setup.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" setup.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open\command setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\AppUserModelId = "MSEdge" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\MSEdgeHTM setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.svg setup.exe Key created \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings control.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.webp setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.htm setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\Application setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\elevation_service.exe" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\DefaultIcon setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationCompany = "Microsoft Corporation" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\notification_click_helper.exe\"" setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationDescription = "Browse the web" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.xhtml setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\notification_helper.exe\"" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E} setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}\ = "ie_to_edge_bho" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\DefaultIcon setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationDescription = "Browse the web" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\ProgrammaticAccessOnly setup.exe Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Interface setup.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4196 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3816 msedge.exe 3816 msedge.exe 1844 msedge.exe 1844 msedge.exe 3300 msedge.exe 3300 msedge.exe 3728 identity_helper.exe 3728 identity_helper.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 748 mspaint.exe 748 mspaint.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
pid Process 2364 mmc.exe 3324 mmc.exe 2080 Taskmgr.exe 3896 MEMZ-Clean.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe -
Suspicious behavior: SetClipboardViewer 3 IoCs
pid Process 3324 mmc.exe 5760 mmc.exe 9988 mmc.exe -
Suspicious use of AdjustPrivilegeToken 31 IoCs
description pid Process Token: 33 2364 mmc.exe Token: SeIncBasePriorityPrivilege 2364 mmc.exe Token: 33 2364 mmc.exe Token: SeIncBasePriorityPrivilege 2364 mmc.exe Token: 33 2364 mmc.exe Token: SeIncBasePriorityPrivilege 2364 mmc.exe Token: 33 3324 mmc.exe Token: SeIncBasePriorityPrivilege 3324 mmc.exe Token: 33 3324 mmc.exe Token: SeIncBasePriorityPrivilege 3324 mmc.exe Token: SeDebugPrivilege 2080 Taskmgr.exe Token: SeSystemProfilePrivilege 2080 Taskmgr.exe Token: SeCreateGlobalPrivilege 2080 Taskmgr.exe Token: 33 5760 mmc.exe Token: SeIncBasePriorityPrivilege 5760 mmc.exe Token: 33 5760 mmc.exe Token: SeIncBasePriorityPrivilege 5760 mmc.exe Token: 33 5760 mmc.exe Token: SeIncBasePriorityPrivilege 5760 mmc.exe Token: 33 7232 setup.exe Token: SeIncBasePriorityPrivilege 7232 setup.exe Token: SeShutdownPrivilege 4196 explorer.exe Token: SeCreatePagefilePrivilege 4196 explorer.exe Token: 33 9988 mmc.exe Token: SeIncBasePriorityPrivilege 9988 mmc.exe Token: 33 9988 mmc.exe Token: SeIncBasePriorityPrivilege 9988 mmc.exe Token: 33 9988 mmc.exe Token: SeIncBasePriorityPrivilege 9988 mmc.exe Token: 33 9840 setup.exe Token: SeIncBasePriorityPrivilege 9840 setup.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 3300 msedge.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe 2080 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 30 IoCs
pid Process 4560 mmc.exe 2364 mmc.exe 2364 mmc.exe 1460 mmc.exe 3324 mmc.exe 3324 mmc.exe 748 mspaint.exe 748 mspaint.exe 748 mspaint.exe 748 mspaint.exe 4284 wordpad.exe 4284 wordpad.exe 4284 wordpad.exe 4284 wordpad.exe 4284 wordpad.exe 5324 mmc.exe 5760 mmc.exe 5760 mmc.exe 7264 mspaint.exe 7264 mspaint.exe 7264 mspaint.exe 7264 mspaint.exe 3000 wordpad.exe 3000 wordpad.exe 3000 wordpad.exe 3000 wordpad.exe 3000 wordpad.exe 9968 mmc.exe 9988 mmc.exe 9988 mmc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3896 wrote to memory of 3816 3896 MEMZ-Clean.exe 100 PID 3896 wrote to memory of 3816 3896 MEMZ-Clean.exe 100 PID 3816 wrote to memory of 1392 3816 msedge.exe 101 PID 3816 wrote to memory of 1392 3816 msedge.exe 101 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 4744 3816 msedge.exe 102 PID 3816 wrote to memory of 3700 3816 msedge.exe 103 PID 3816 wrote to memory of 3700 3816 msedge.exe 103 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 PID 3816 wrote to memory of 1300 3816 msedge.exe 104 -
System policy modification 1 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:3896 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20162⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3258019226003168487,2392825872277693425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:23⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3258019226003168487,2392825872277693425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3258019226003168487,2392825872277693425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:83⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258019226003168487,2392825872277693425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:13⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258019226003168487,2392825872277693425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:13⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258019226003168487,2392825872277693425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:13⤵PID:5096
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:83⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:13⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:13⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:13⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:83⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:13⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:13⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:13⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:13⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:13⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:13⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:13⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:13⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:13⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:13⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:13⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:13⤵PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:13⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:13⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:13⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:13⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:13⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:13⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:13⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:13⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:13⤵PID:5612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:13⤵PID:5692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:13⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:13⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:13⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:13⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:13⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:13⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:13⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:13⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:13⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:13⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:13⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:13⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:13⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:13⤵PID:6184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:13⤵PID:6516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:13⤵PID:6592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:13⤵PID:6912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:13⤵PID:7008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:13⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:13⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:13⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:13⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:13⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:13⤵PID:5380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:13⤵PID:7144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:13⤵PID:6192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:13⤵PID:6452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9848 /prefetch:13⤵PID:472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:13⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:13⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:13⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:13⤵PID:5436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:13⤵PID:5456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:13⤵PID:6648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:13⤵PID:7124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:13⤵PID:6684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:13⤵PID:6756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:13⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10560 /prefetch:13⤵PID:7580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10452 /prefetch:13⤵PID:7652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:13⤵PID:7900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11108 /prefetch:13⤵PID:7916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10820 /prefetch:13⤵PID:6716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10868 /prefetch:13⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:13⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11468 /prefetch:13⤵PID:8000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11672 /prefetch:13⤵PID:8468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10880 /prefetch:13⤵PID:8548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:13⤵PID:8836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:13⤵PID:8884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11492 /prefetch:13⤵PID:7576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12028 /prefetch:13⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12016 /prefetch:13⤵PID:9004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12036 /prefetch:13⤵PID:8572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12184 /prefetch:13⤵PID:8168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:13⤵PID:7728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11720 /prefetch:13⤵PID:7672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12352 /prefetch:13⤵PID:8248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12564 /prefetch:13⤵PID:8324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12128 /prefetch:13⤵PID:8252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10516 /prefetch:13⤵PID:8708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12408 /prefetch:13⤵PID:8476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11572 /prefetch:13⤵PID:8004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13136 /prefetch:13⤵PID:7320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13232 /prefetch:13⤵PID:7560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12328 /prefetch:13⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13492 /prefetch:13⤵PID:8556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13580 /prefetch:13⤵PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13916 /prefetch:13⤵PID:9600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12788 /prefetch:13⤵PID:9692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12388 /prefetch:13⤵PID:10168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14056 /prefetch:13⤵PID:8404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14200 /prefetch:13⤵PID:9128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12696 /prefetch:13⤵PID:9492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13400 /prefetch:13⤵PID:9708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10897212935868747799,15375173436052939896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12748 /prefetch:13⤵PID:8304
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4560 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2364
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz2⤵PID:416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:4792
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20162⤵PID:2256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:1616
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real2⤵PID:1752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:1452
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real2⤵PID:2744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:4724
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend2⤵PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:4532
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1460 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3324
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real2⤵PID:2156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:2812
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system322⤵PID:2432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:2980
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"2⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser2⤵PID:3772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0xec,0x40,0xe0,0xb4,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:744
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton2⤵PID:5536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5548
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/2⤵PID:5948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5964
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt2⤵PID:5932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5916
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed2⤵PID:3268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:1044
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free2⤵PID:3824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:1484
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4284 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122883⤵PID:1816
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b452⤵PID:5124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:4920
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus2⤵PID:2556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6064
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp2⤵PID:6444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6456
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend2⤵PID:6844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6860
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser2⤵PID:5768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5776
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz2⤵PID:6772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6788
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5324 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"3⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5760
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/2⤵PID:5812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:536
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20162⤵PID:5744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5772
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp2⤵PID:6768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xe0,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6780
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself2⤵PID:7108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5508
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe2⤵PID:6220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5384
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp2⤵PID:5392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5504
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt2⤵PID:6944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6192
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"2⤵
- System Location Discovery: System Language Discovery
PID:6756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz2⤵PID:5312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:5308
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic2⤵PID:7504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:7520
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton2⤵PID:7824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:7836
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic2⤵PID:7360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:7412
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"2⤵
- System Location Discovery: System Language Discovery
PID:7776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe2⤵PID:8176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0x9c,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:8008
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays2⤵PID:8392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:8408
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free2⤵PID:8756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:8776
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware2⤵PID:8200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:7508
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"2⤵
- System Location Discovery: System Language Discovery
PID:8636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz2⤵PID:5376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6348
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:9152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date2⤵PID:3328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:2512
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe2⤵PID:8956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:9016
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed2⤵PID:8144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:7200
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted2⤵PID:7752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:8680
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money2⤵PID:6836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:1924
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend2⤵PID:9180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6412
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz2⤵PID:7908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:7292
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"2⤵
- System Location Discovery: System Language Discovery
PID:9408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real2⤵PID:9528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:9544
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:9968 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"3⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:9988
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton2⤵PID:10096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:10108
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself2⤵PID:9352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:6304
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/2⤵PID:10056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:8988
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware2⤵PID:7664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:9420
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt2⤵PID:8000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:184
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend2⤵PID:9812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8aec46f8,0x7ffb8aec4708,0x7ffb8aec47183⤵PID:8032
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTJDNTZCNzAtRjFFNC00REE2LUJGNjAtRDU4QzcyQjExNkM4fSIgdXNlcmlkPSJ7QzY2NkYxRDMtRjUyMC00MjU4LTg5QTMtQkIyNkRFQ0NGMTVEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0ZBMEZEMzctQUVDNi00MzM5LUJFN0ItNTg1MzA5MERBRjA1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMzNzEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDE5Mjc1MzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTA3ODQxNjM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:808
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:2132
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:3212
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\MicrosoftEdge_X64_133.0.3065.59.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable1⤵
- Drops file in Program Files directory
PID:6420 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:7232 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff752876a68,0x7ff752876a74,0x7ff752876a803⤵
- Executes dropped EXE
PID:2704
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
PID:8036 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8007882D-41E5-40A3-9A55-CF34250803A0}\EDGEMITMP_2846E.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff752876a68,0x7ff752876a74,0x7ff752876a804⤵
- Executes dropped EXE
PID:7996
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level3⤵
- Executes dropped EXE
PID:7732 -
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff710686a68,0x7ff710686a74,0x7ff710686a804⤵
- Executes dropped EXE
PID:7768
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:7756 -
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff710686a68,0x7ff710686a74,0x7ff710686a804⤵
- Executes dropped EXE
PID:6536
-
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:4196
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:7668
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level1⤵PID:9780
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\EDGEMITMP_76029.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\EDGEMITMP_76029.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --previous-version="132.0.2957.140" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:9840 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\EDGEMITMP_76029.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\EDGEMITMP_76029.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\EDGEMITMP_76029.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6bf5a6a68,0x7ff6bf5a6a74,0x7ff6bf5a6a803⤵
- Executes dropped EXE
PID:9860
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.8MB
MD51b3e9c59f9c7a134ec630ada1eb76a39
SHA1a7e831d392e99f3d37847dcc561dd2e017065439
SHA256ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae
SHA512c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4FB9B72F-B69C-493B-9705-F12EE97EAB9F}\EDGEMITMP_76029.tmp\SETUP.EX_
Filesize2.7MB
MD51a59a8af3c58b30ff0fe71db2196b24b
SHA16b0e5ba36f4fc5328ec494272054a50cafa13e68
SHA256ba25974b29a25cb7bc1f58a0990a8ce758354aa6ec5b8b8af210f2c1466ba49d
SHA512f173fe15db8d7aeef4f6fa62a41246550ccee207e6388095a5f87036362d4c95da646e1a7c68764054556e024da80b749646425076e9bfac42fb77be8f2c0355
-
Filesize
152B
MD5e0c03545498a3d7417343213f896e7a1
SHA15cc7b541ff6a703b2f1db8770437b4bf9113b31f
SHA256de9d218a83ca58cf9114eb9ffe47ed14e73fb9191434b40ffa6c4bcf1764a640
SHA512f41d82902a4fedd7e2999442f75f7a40f7ffcb7648dafa679bcbc289e0431af42b644522bddc2f5bc8a6a1f33fcf95a96ba597956d17fa644f8ef4fa972f39b6
-
Filesize
152B
MD5ce00af76009b350ae2081934ef341906
SHA192c24460135713586e24cb055b709e87cf90b7b2
SHA256a76a3ad241afd1bedd74a18f5035b03adff47638f26223e57fed319342e502f6
SHA512b1ad213ca045a8d4c2d24760d6b0309247bfa8dea94f9176bde0b15123ed1c582e6e0008a552bb7307b75117b1a93f47191c97338bad2b6858c89844c097ff21
-
Filesize
152B
MD508edd5c04b02f0b7175bcda703fd0f38
SHA1d4f1968dd481ea01a4023b1ad333e16115cb0e18
SHA256afbae8fd296e93092ced684ac3683e56b28a3e809fe952fab4c9116995dfec09
SHA512474dbd8d089b549cb68585a2657486f35b8aff0b644bceca10714077c4149b84e5d910d4fda400beca016ac83620d8627d2b0ce7cac292fda7c45f3abaea1379
-
Filesize
152B
MD519a7f42782b4e728bb12731ff9a460f6
SHA1495d51f1a8fa8b55063f307f919f3bc6d67af241
SHA256126eee474c67271293ded1ff06e56bab87c21c0884d22a419fb40e4bc87cacba
SHA51250f21223f1b013c727b26327976f74faa11ec830f6d540eee02d728d9d7b9b617e0b48b63c7b9ebf248d818e5c65bd6e4007e2352f9f59e182c4625a28b28f0f
-
Filesize
44KB
MD5576dea178f146fe73b2eb3726bbc555a
SHA101be4b609252d43ddebe6f395a58b14caa5df8e1
SHA25642e9a16c1dd3d0a3864c4f1af656addce7b02aa8beef8f15de7dccc7d7f4905a
SHA5129d187d8d241aefa0e0ef2e0b086b06bb132724a95511fff589c00390e7926fbb12a3fe9edf93181840ff4c97633050dc96c4c2ef01cc3969e6ff3cce67e1a0fa
-
Filesize
264KB
MD5864807b2b2239552fe202a7694d7fd7d
SHA1268d85c0854f600384eec4d4318d90b4778f8508
SHA2563336b053f12cd91c293b022fd8426915924a203bdb3dd7e6038a8a1dcf1cda52
SHA512f8ec03fcabc63056f51642584fb2fb71050f66ede7a86e3592f12e5b9ba3e2458a31ce6b33cb9f6c9df647c0700b093a5992c4fa2dda04236727d5e5fcd6ebf1
-
Filesize
1.0MB
MD5a63bc169ba47bfaa1936bdab6042470d
SHA1ae892279a50638a874c7b2847f43472e27ad0d3a
SHA2567bbb758d99a63d3bc73d40946e38ab867cb0ab049435a6e2bf734141b8e71c45
SHA512be6de60d2683e8d7b3b5a20c744a6359aa769fce23d6c1b6ec21794679c7dde9a9ab8a78c986ca84d912327cb4b3f06b65ef2f31c654e345e3b31370a9e568f0
-
Filesize
4.0MB
MD5e52a04d581844be394ec70657d75c3db
SHA1551ea0ea66b8f4b5b8101eae1b283d4e398d882c
SHA256b364e967b1082938045ccb04ec4101dff545234516b811a9eb4add63fad5c61f
SHA5127e0e9dce61bea60837b2e2b5925a980d5d42113b19d4056ca607f96a34b99d59c03333b350f082e337830f9d2891df68845f6b8830c9b009760d98d8e2ee3f43
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
71KB
MD5e56d62454dff11b61f910b0fadf7bc36
SHA13ea3a682f6f95d37d04d5c04fa46f1bb1de1166a
SHA2564bfa7a058a1700fa91405421b62398d43e073dde6e36b8a92de0f59419c7d929
SHA51283e641a35bbc9a97116d1c2be311a556abc55d0c385517c125c71232ba006c895c962469be5e9adc2dd98ca725d19894c665440ef479a63fab6b2048d76848a0
-
Filesize
245KB
MD524b03d5db44c8ca7e164711217f3047a
SHA162f6eb5ab14622e135861b9f851a2f86bfb90d82
SHA256b613954d94b55925ad705479d4acb4bcf5c469ad94e24fbe8f8e1878aeb0cae2
SHA5129ba065bc2e80d229e9dbabbde8396e4a6a924994713dc99fe3ada5ed34dd28421e086548475310c0645681f03d2de6cecb8662e3db21ce91a1f0e1d17e4b73b3
-
Filesize
354B
MD58249f1dcfc530a8267a1de03286e2670
SHA194393c6d54a81e26b02bd6f1d743b24a96aa8560
SHA25686fb0d28ebeef37adecc4c43a05d11092f0b491e5b02ae9bb665a02118886560
SHA512f14d894e4dff8720fd6898e779a88e5ec324e8e1d02673539ac17089b03c42420549380608eaf4111dfbaad49f560d8cda8eaf3754b68d6ad468babd2e3b0327
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5332b799e8eded8f6919a40ae0f1a5008
SHA1314bc1c092c6b1559ce473115f8fcd22014a5b78
SHA25640c889fe05dcc2873af87556758650954280417d71f9c5d5bead917b84a41cb3
SHA5127c955bd28db50a8aa79da851a05b39e9ecf45d5f48ade5dbe1f6369fc5ab0237886a253f14e6740c7f2afa420e8d7a1958151a82babe030647da9cd55367a23c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5c674c220656b6a3c7af8954d6f312dd4
SHA1bbd2252cc03514f6d3c3fc1166e24ea93da7ce5c
SHA25621e56c10286cb3120f82c83adebad12f65b9d8b9dad5bc129e40eee103027664
SHA512d9172fda68c95943744fed88f9c999ee6c526bf00ed43c9a7c49d53f3d80db52617af27d9864e7e23754bb28229139d6b9c4105e3b95cbc4c88394b849adf1e4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5fab06be5d8229d8c43ed8e58e4a50028
SHA1a45f547d664af7e046b1b7838da1847404922b8f
SHA25678b5b1e8db59cd3d4e6b86d2db02d7c42c32d792296c34a9628bb8dd60b24241
SHA512d2f46f206df0dff12a9c38c275178ce1659990e12a6e2fdb8c9411fab8fdc3de3b047072f6a75d9dc418e0e5fe13aa7fd5548cc6bb5021890f85f300be9883ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5715ba608d36429e4fb9c9e474f99745d
SHA1af6a27ad12a34cbaa9429935b3ba46b81b4006c9
SHA25612309a03f316664ab294623f2e1ada5ca968303935033b1b2664e0b31ad1f57e
SHA5127e5d660dd6601a0d9f70de92bc214a705e328051d81b03b7b7117bed4ef6eaf0221eda6b73b5ae9c6c465d78b54e3ab0642c2d914a2696bf637444e1cd69e394
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD59b8ca13cbdb687912681122e05d4fda4
SHA121a6f550bde2adbbfc0a87212b43de7dfe477d71
SHA25620cbb019e81bf7f90d88d91ba04a9d54c135c6d265240aecb5520e49a99a4529
SHA51201709b1b402f9ef098c9a39d9c6374678d1572f2ae5ba12c789b554975a01c509bc17ae4ec6ef7d954ec935f980867de9407560295cc5c8705e6fa594dfa0db8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD53a738e961957904ad7ee8fb21a08a500
SHA10ce4b6f0156b58dc6774644f1c20ee6c780424d5
SHA256066e4eece3b15f1556c506860c16a8e05db51530c549fa43d0cde696923499ef
SHA512c72d4898ff1d77cec2d8dfc1a29f78db19ae9693eeba14754f5c3ae91912baa4a5d7245e94d228024bdb055c743cfb3f4e4b4bf75616a6e4b41fcd464e2df6d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD52bb298c609c8479ea78c7668ac735d2e
SHA11b23a8af971d12cd8c44bb0ea86d843889fdd7ef
SHA2566b0a9d7a8f8795d1cd245d6fb9d0687d96e903cb3dd5bf3d72fc47a1be9d6b68
SHA512ea509eb2298bcc4d2aea7c626a45e589151d8d81dc169857c3b6bd75a878aa0c213f6df4c9a41acc23aacc9e729bb3a5e83e23f28287e1ba300de3d2077a6a85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD54c34c1e94bbcb8c97493c86b88d526a0
SHA158e2cf8ee2d461e87b4157a079e6e6efca8106a2
SHA2560621560db8d2c6d34cde8684d0a97a3fd25a27e3c2340a8cb20ae896e529cf1e
SHA5129d13cc91b5c99f2cfe7dd25c5a37f07eba68463d82c60ebfafa5124745d1db5baa9f199bb535adac51556cf9bf450405c5a4f9f34ded55848e34e7b6d1da46c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD522b5e2d99febe3df1b375268126fac3b
SHA1acc83252304b5709a6762fa7e040d14c49c19d03
SHA256188ec517ffc2bf0e920d8b04cb9790c2a6c6c08e674fcc1bb7b8e1506fd17e96
SHA5123755b1f4b57095cb325438c4c35de726f726e403532625a1fe1d144151965d9486085c8c53906eadb6ee63b4accdbbe120f059070cbddbec2788150cc36ce2c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD594a5d22642f78344dd7e63945f282d21
SHA1b87f9a262b71a26b101100a5d0f4a82ed61de686
SHA2568e883b7faccd9688506e4ed4df48346d07d545119d02ddf2c33038ede1edd291
SHA512cd61545dd284810ce4bcc3aba678d841068770ebb220670d534dffa972f2484a4bc6099e8e6aac7d8ed18626b14adb7216e43e00dc8f7e76f399419d5b4cff95
-
Filesize
20KB
MD554f558927669037fbebdf073d5486ce0
SHA16197d751d90cd60ae8cd077c0f17d54db58d450b
SHA256b008c57b2de4bb9251fa3932ac9eaae49a3ebcd5e2d905e70b464c64b059bd46
SHA512fdf35c69c714f89326a2b3064c482863828886942d1ff05b7be8f945efaacd44b134e06037fa00f0c0df3824a959bbd48b8ea4d890b5a9c1d07e778c7c8ad8e8
-
Filesize
12KB
MD50dce94dc3630c8558618feb480ca7b1e
SHA199e0e94be93767a427142056937dd7c43219a100
SHA25671089bb1c57f7d9ed1f9ee8180d4a7eb34bbd810df98820c547440438f248f52
SHA512bd39231d3b77d5fb9301d0ce395265d880f08a2eec53db10c8f612d7db24d761d8db5888565e240acc8c8002a47f7c23d79b9ef226036c5fe586ec57316ddf65
-
Filesize
319B
MD58b66fc961e9d9377fec2efdf049a9bda
SHA1174501300fefce3bf8ec2351b4806c619b07289f
SHA256a6f5544345f19aa60029309c9ea5708bd8fcac0fdeeac483138ceffd9fdf2bb6
SHA512eb5fe80f4026f1d0e66868dc776cf1b9324d3d8455aad0aae5435ff7c3f5e05c1d9ff4008c7e35191e4cfdd15b1e071279c1c64e62d507c3c23c01eeeb8b2f92
-
Filesize
124KB
MD5b5c220b69fee1c70cd411ed18fbd31ba
SHA16135505043ce75b5f360216fb67398b76dede69c
SHA25675a8fffc3efcf7c07c2b39747b9f5b3d02ec24d53b1a36dfaf23bf1184ab657c
SHA512f1404087e7864c43c2db17cb01cfb4297001e7c31ce15bde2bb2e7d2f6bf757507eda6634bce3a2d9fec5dbcbd039d7ba7625c836596b7b6f48c4264b802ae13
-
Filesize
1KB
MD58c271a2b19c8a90621e5209e1570b030
SHA1e25ebaa4b31ec0184435615bfef07159745cbc81
SHA256149bb21ec843900e11a215a602127669a5a2db6caffe5b1923c14fbec504c7d3
SHA512858a706fe957f8ac8fa95694b0c9f952130d9e38d0d54ec82ff316aafe10d393210536ce3b803f9828597ef9e28d8d517b2369a739a810af8b256a8471d6b9d2
-
Filesize
28KB
MD557ba59e30fc1bb7030c1fa75467ea2a6
SHA1d9b69f1df1a11fc9bcf5c140f46953d8791b0078
SHA2563f346fe500c33ec7222b9e0887729850f25264f9c151fd9150592cadc2e28d4f
SHA512d888e1dfafb32f755c491333d93e653226eaedfeffbf6b3d8c669f4bde84acfe8da7d902ac716244c96b0d5e8ff7d4f142dc1d76fcf46e56e09cb7e211eadba1
-
Filesize
334B
MD5b2f06d71ecc68be3c7f09546dbb203d5
SHA1f51bf883d3263843a2dc8199009d9d277c203e87
SHA256be35893e6775805c8103585557f76741117c14f090e1269f934ebf09a80a2739
SHA5125232507c433d8d6d4d802a1aec36304ca28fc2b4f369fa9d0692850d2535e3c18a02bf1223702e712efc2f72e36d8defce28a3b086a71751a2045fcedd4ea206
-
Filesize
2KB
MD59783ebfb4d41c5ed402f99e93f5bdfcb
SHA113532c8509798ae9eed6d5b92ccfef3a6e600de4
SHA256a45070e56c057ad71707ef8fb8dc7bef8ba84f4da4bc4848e6f7de475427c131
SHA51246919e8209c0b69cbe3dfd02b8d8f853648619020a23e99ea7a15516d6dc0e060e04a064762491fc6e514621ddd4003e812c3eabfb90308776a6fa409e7139bc
-
Filesize
2KB
MD5537d7a57ae10530f8b4f2d954e3be39c
SHA1f7d04869313ad6b41b1634c9416370ac7e2dbcc2
SHA2569963acc3a126ea14ce7ef2c20fe414d9813c5850a32a35864f04e63fcfdcc060
SHA5125ebeac929cdb4126ee4565fe35847d202c82c766b5b987a9eb96af75bac65e932ddb2788fe92bd0c23109fca5aec82b78ea99b8dda1aa1fff26082ae48e2f03f
-
Filesize
988B
MD568afa64d0fc290e08c461832d4cdeafb
SHA1dc5b771a5c399a0af83576889d09cf06e4b3233e
SHA256d91fd28216cc1a9e197c455eea544573b35fb244beb6cd601780a868ed0f0c3f
SHA512127f0239b44ccc6ba7352c5c59ce07c2531ae8114a02f676272a5008d7a8df823b8738134818888d09300aff60f5acfb6403913b9fe46913b81a9c099959344a
-
Filesize
2KB
MD5ed1cbc0b0e247a80ccbfa3b94ce2bdc0
SHA1579cf75a44daf83e9b0e0e14ed5e1ebc16627661
SHA2560a08822fdb51418c207aa9b7c271e30c2a27a5926dcdd1073630c32535ec784c
SHA5126796451badeefe1b2e6237bd6a7da1e1b090f8dd798c13ddcfc79250ab5b781a993cac3fd743d44e64b8551e5dfb06e320fb6abcd0bc114eafdc699ce5895e09
-
Filesize
5KB
MD50488bde4dd9d7ca92471ff4c60ea2b54
SHA15d7984e15a7240388fa30c5050d0218401afbcbb
SHA256382bb8b746daf18dcc0fdb4d1825fac691cfeba6d5a7c7f755f03742e16ecc3e
SHA512a0acbac3828e8f0c3fa4c33bff50a52f26f5c53af7c8f915564fb215a48d704797eafdbd9420121b5075cee7b8c97e7ba902cf414cda77a1fd18b6096e0a1f01
-
Filesize
6KB
MD55083741b891512cc9c6265b08640ad7e
SHA121b2fe874cb98ee3c52fe9ea68ff179f9672af8e
SHA2560c2aaa7304d518bc66a0c75509a417ea5c5f4f995cb6f0d93a256229c02e755b
SHA5126cdedad15ac37cf2f3c0db36817d8738410375818b3cd282ec2e5eecb0290dd1eff242c0c0466e554010e0b04bfa365aeb3e297d4f73726a55ef28e8d875bc53
-
Filesize
8KB
MD55fa59bd6a732d7be9a0c728cc209e8fe
SHA160cf10d29fd4f28f759cb7af5fd6aef36111a4de
SHA25641ddc23ce82805f02c580fc5c4cfcaf2f3f9bf106115dad41189c6b90522298e
SHA5123a19dc8e926ad08277a6ac141f74351f5e293edef8e23ec2a00cd1ac9ce7ab6ff9329dab79bbc1d93ffac9c84018c43f0db952c50e60be68a1e1866c4e0e04d1
-
Filesize
7KB
MD5d1e85cd89276fbf49fbc55b32b75c107
SHA128e95aed21c9c13ac768cecec2c7caeb08ae4d74
SHA25638a37a5251ca1fbeff9beea7ca07754e27398b31719a9e8c7b971878c5508415
SHA5128cbabc9c4d5476d91197e0df5ab4a174b84f56744e064776c52bd6c495e5aaaf48898e8e7954dda6823dd7b341d292ad5a373217f3bdbbfe4e9eebac3d9b7d0c
-
Filesize
7KB
MD5c905795576e59756973d02bc83caea03
SHA1ddbdcc0008bba055676fafc412d01ac6fc91c665
SHA256a634455458caceffbc58d500b883ad19c96da6d1d55d20f28e8f1eaae2902934
SHA512f0360812ec853b7c3553b857cebbe8ff71fc720908049a267b66824146aa561b1058c8c96cb42f974fc92ea76bd92b344b0d8a6e05ce6f89a2f8a80c12695f53
-
Filesize
7KB
MD58d00bd4e5279f4293de2fb3fa295933c
SHA17897ab294c05ee75721bd0135ca106b3abcf0bac
SHA2568ca819de63fe50e9d4568c282f90c702da5ba276b2a196dde6346eb2236f9ef9
SHA51273478ea65eafc45300c18566991b18a4788695c5d4c81054109f0bd0435d881af20843b041a6da2103ad5c8e5db15e7afbf682edfaec6ed8ef8bd307500453ec
-
Filesize
7KB
MD58c814a735c9a8dbb98a4ba5148ef7d3a
SHA1eb65512ef6602def5a30e8b928cdf2e61efa7b25
SHA2565781b0d7b40717f1126f3a5b80cff23bd33c502e7f04d296eb14a7228f582966
SHA51208385b78fc8b3341eac3832c5e085c51b8ad522e468679384d05f347adf564be2f5a0ebd9ae97758ad1a0397e3ebfeeca6b65a84251c599f897318bf90d10719
-
Filesize
7KB
MD59c27bb5235a9260154854842b9cff908
SHA1677b4d7d8e5ab9e4d88da01f77c01da960221c9e
SHA25680e9270b1527c20d0c257ddfba86740fb47905147fe31889006c442cf57d287f
SHA512059c1daa2e0445101f94609985ededb87583dda87c7c7381a0eafbadbb9b0d5feb14183632ca59bb3ad4ee96fae85925a21329eca37491d5ee725437a42bf42e
-
Filesize
7KB
MD5fc76f3e1696117a09760bc3ee2f5f3cb
SHA163c352164d93f4df8b7371ca2339523bfedab6b9
SHA256584c9e18353f9bdc02fb8d7613ce69827a1983159657af73081ebd2b626e98b2
SHA512668554531a7dd084fa1e8ff79c0b932c2fc9fd2cb3beb7b381fe9e0d1908bc31eebb24b2e72a2786be33ba74fb6425c47e44af08c0a07c6ab8818e3ee2a6642a
-
Filesize
10KB
MD5a9a5ba7987098e3b203d9f8474d1af96
SHA1deaf699f4e29f9cc8fed5ee8fb2158794200b8cc
SHA2567a8cdc3bde07f44fff9c2bc9f4bc6e0367c97f98b5e505765e0cdb7f3f5bb1a4
SHA512f47f3c5fa7a73510de071faaaaace8b9c42c1d0dd777f32da4273a425be16ec11604303f77b1a1d3e4ea75c6bfe7accad44500e3ae6fb9c3cea5d97f8c5c94b9
-
Filesize
10KB
MD5c9d80a3ff4d9defbf50bcb99a6029eff
SHA17143489fdf791255cb9b0b1160548e4b8f8f4c5c
SHA2567d8d54868ccf64ea43ae7370cfb165b000e34975500e7968ec8f11e0430d0e50
SHA51275c6c1e2b259684206dba40a54adb2ea9db6d833c417bd7c11281af2730a417e2fa3336355b831845fbfb06ffc103c4bfd71b821a38cebfd7db72b439771858f
-
Filesize
7KB
MD57f29ba2f368928b4dbd8294e1b92cba9
SHA15b8800823ac55aebe702dfffeb94caff6e572feb
SHA2567b5f87b55d8cd186e6719bfe27ff13b2da018fdd6ba5ccb7aeb324ac741355f4
SHA512a7baff7c5690872a5d4ece9809507a6bc65def10bac8240a2d465d83a4cd80cc59845c48950510a7887d3a344c47161b6a3fa767a90d4fad6c905d0249402020
-
Filesize
7KB
MD5ce6cf9ed1a54a6ead9ef53db10d18020
SHA19f6cd39deabc1f476815bd3a1ffa1578af81927c
SHA2567addad7640520589ecf21d4b43b798de7d4f9042ab4e8d848c1a84ccfe780dd6
SHA51263120058f278826cf9d3401acef30fbce75f8ffe91c4f7fc33458f6c48cb30392a1dfc0c49bb950af9b52adb3a0c107702c4bd92c7fac2a65b3e19d55ea99cbe
-
Filesize
10KB
MD562bbf09e4e33e151432aab81e606c785
SHA1756a91821d30f8f5744fa8f4e498cb74ced56058
SHA256710ace74dea20de36f23a6fb9d35c5a1dabec718ca9f07988821daf690c3cd79
SHA51271e1ec69fb97b516591bda299eebdbfb1cc99914da6679431f0e978d47362d625f1456341d7f7d99f65e56d949a142e34133ae98e0f73bb4b0988f095bfc989c
-
Filesize
6KB
MD54bd5634e172151d89482d18d0d2f483f
SHA11ce6c566e670831250e081fc52b7505f512849d1
SHA256b7d1acfed7d3f5f39b1a455e169558579cc86b99c010fe5577ee541208814b42
SHA5127d83cbc50c375f7191141a912c86fb660f55ab051a53f97566898515a69ac8d5dd4c79c68afb39bc10d951d57e4174e31c3ad6082e3310b8afca701fff49468f
-
Filesize
6KB
MD5b0556d6894edfc0aad6026dce933a34c
SHA1d2238217ce7bf3382773a6e96999bab53c5d7785
SHA2565f362e95d26849d71ba2cb62bc1ced94f3a998b83644a60fd77f99f6bff82212
SHA512d231dfcc320db241eb2a4c4015858b4fad771b210bcb45741813e8aeab342ae94436190574cd3ba9bf600e25d43f14b77aad3b9c8cc47e32345811878be71aaf
-
Filesize
7KB
MD5bad0b3995a05e2a030a0447f34a0cd33
SHA160a38a006592d82aab5f1e23dd27cc5e17008263
SHA256baf9ab13da0dc7bd9d489eddf6e8230bcaf8f4e994f04c7ecd365bd7e51b7df0
SHA512356aa78142048db301723d0550e0cb8a172b8b8e65ed23d399629a48772a25f53c0682a37a0d02ca790bc39c5e285d69a161cd36998e582427510a7273db5178
-
Filesize
7KB
MD5796785bc44b2052862f3c0fc0f5a332c
SHA19453c18e5ccb68e0583d35505a6e07982d24f5d0
SHA25651f83bd61d408ec83e30ea883f045267ec1742ce49d21f0ca635646b4fdeda0e
SHA512d9d6ae42a11348c2a3dabaac653f90846fff6b70f69b0cf0146cfaab0f16b8571924b3b35d751eadce5f4b04f6d8bf3fdfe46a53c68b76856aa8a4e1497c2bff
-
Filesize
8KB
MD5da0afac7c7cf2a50749288e7da0c642d
SHA1996db4489f586bcd0bbe4efe67c3aa955a26feaf
SHA2563fb2486464ac7e04692a5cfa6daf9f9c35157c3559256bf336f579b266108612
SHA512d9c97bde096be17950992be422ad066eabadcff9ac033934371432f1eb932b07a456a4d500b7aaeb09060afa0212b3b6e7ca3bee9bdd7f490704fa0a80cafbeb
-
Filesize
8KB
MD50d380d922e8c58ddafe1ac5bf1204d23
SHA1c6e0264b036edd1896279fbfff5d756a7d2168a5
SHA25629416dcee6f57b3811df0f64b7af03211f9c8ceb0a5e47e41cd6b5cbec983426
SHA512abc15680a50dfdcc2dd1bbbc70e243c33b805fee1971042688643768f61e1570c2ce7f412dfea09ecf499699ef7f12411a30979501eb878c2b36f322741860b4
-
Filesize
8KB
MD509789af9b8258ba41013fd9716e832b7
SHA18e8d65d225446a26b2bd4faf49c14a5370a4cab8
SHA25686a008622b808c6b03a6a68785918743d2358ff4171366229e4baf5da73502e9
SHA512c2252153f453887ecb0bde9506fed0570358a4444e3e7889a3894199505c7e1e70ddf4e1600bdda2131b812240680c9b4576c111019ba3d215e8573880cf03b9
-
Filesize
8KB
MD5b0fe0b10dc0db3a5b6f53ee2124c8e4c
SHA1d09f1c81cbaa4727787f87260d0e9095ef415265
SHA2561b35d8cae8ae82785609b1042ee945670f19926a6f65a75b6ecc57cee1821828
SHA5127b1acecb649959b32387585baa83b63eb8d7436c865b15c5d118f9c827895354c9f68f5947ca5a7dccf1c66db19539da0087522ab35a82bb23381eb3cc02b37f
-
Filesize
8KB
MD510f8ca47608896825325a188a2ba6be9
SHA1143354bb858d2ef7b2d6c6ac0f6d0d43bad75246
SHA256225da620f4d68d567d87c5a5c21288748fde9e53daf61b59cef23b9e3ae31cb5
SHA512ff4bed23996b5c96901a58ac3fece8d1e190c56764fdb16e953791228f30588118bea20230d6f9f31b80ca4c4f49f228d72830076c914484b86b26c18f4559ef
-
Filesize
8KB
MD5c14a5738b683463fcae16868d98f9098
SHA176ef359019c4a7afd4979a93f693fc9b942d290a
SHA256c9d7af33d47da62805ad9a742ff3cd310ebe58d1924c82bfdd4f4ae61afd46a3
SHA512d72b54a28b4b5b9f125ba401f24d01603c0bdbfed642632491bedc3f573c1466af30df44b762b1c61450c4532df4d80bd034138c9e277437734fd53830b6c07a
-
Filesize
9KB
MD52f202f822a5d4aaddfbc96087c5b8117
SHA19c42ec91498c136a056b226e0f3cf504fd8e13ae
SHA256069770756268e34174d65d0697f380017fd332c3d77dc9e868974aac7fcf58b5
SHA5125e4373ae43239b3d6d2221415b08180fcbb729ac951d156ce7fe766277a53ca9d2ca8e09ae02292d849ab6eae77952233b7ae2bacfeaf41a93e12f84636129ff
-
Filesize
10KB
MD510ac86382aa8ede9a42e671324ede7d4
SHA1be5090de2e898f2b0dd0bc74f6e65ba08fc0e5aa
SHA2565cc8bfe3c12246b0b6e3de5bf41dfeed73f1aeb727ed5195b9c2e066140c165a
SHA512dc865bb7c4d6bb79c68f32dd7c57171628fac42834f582fa1dc8fe437b069b3258e3b424ede53ebe07f69689f0af2a35ccc2e64448e89e1830be7021a8e09322
-
Filesize
10KB
MD59929462be5d5c8df924b617a09126ebf
SHA13cd0a0ceb463f25c9abf14446454fe7592b1b923
SHA2567fc3ad08695b3add8b5defcc0fa8114393dd792f874526b62da4e70e8ed5ef8b
SHA512ece7ab5fa6af0bb2a8463f81c4540784883634cce109509dfb1836ca4e68039b0567e767a05bb5ee791057fb593f3c725f59de6863c5ab1b1f9d01e7cf3246d7
-
Filesize
10KB
MD50da982f80b46c76b11f9d35b78e866b4
SHA126f34fe37ac600a118ce3dec18ce88071d2f42bc
SHA2564ea90dbcabc773000c897979d375b0a311517fd0e7035bce9d327e28b2de4be6
SHA512acbb2bae32bf06b6300fcac4869127d024be632bc0ecc25681af206f5989927a1fc288f96b477b6b31bf4f7c566f43c278f8c228ffedfe84b53e0f76eb953b75
-
Filesize
10KB
MD5b0d496dbf8358da060b259cb9919a8d6
SHA1f424691dc92b401a756d1551e9a64aebe1856a5e
SHA2567c6286097af6bebdeb32e52d82530c7e06af797db6745cb222ce999f209aee71
SHA5120a23e84a02ffb48db5b12d6b43536468e92d85f6ca89355504ae98453c5bc93d9ce01f4b829fe001c97503de636208e96934039aa8cc8bd4a6ae17ab75f0e366
-
Filesize
6KB
MD595dba90b35c5524ef44ad10a9beb58b6
SHA1a49ea4e029e279b753fcdcfd2ea6f4dabef5a12b
SHA2565181eb044a2883574269ffd917c4db1e43f349525976c14330d40e5883c1f6cc
SHA5125ae99ec17afe534af59653632914c4b8a386a71592f22fc776fc27373e8794448f64270c3d72419ab73e685003f7c59fee39cf971c5c1098b4c85f2ed52168ba
-
Filesize
8KB
MD5cf9e02a22c26a366fb470fb0e05b9911
SHA18a740030284e374ae75858db28d4807684e2a2fe
SHA2566662fbe6b1a98cba59aab960b8f7125c0bee166cfbebb0f801689319c76dbec5
SHA51263753327df781b9eb824b005c6d957ef599750637bd37a0cbd871650fb0ed717c50d8708163c8673896ed591bab654f6d5a3efd20d2344668d181deb638558e4
-
Filesize
8KB
MD5cc638b096da0b898f1f166733874c598
SHA1d52e390e15fd65f01899489110fe7adfcc3afb8d
SHA256d3ebe8561fee1e431103d7b9ce98573ac188aed6f2e1c688cade456964869d0f
SHA5124dec4bb3341e2dc5d717ea84bf7c615ddb232dedb0089c75be60e9474bb6c2a40be2f97efabd79cf0f77ab42cc1f629efd5c07e7f8e595540547b57c60521616
-
Filesize
10KB
MD5aca26eb3361422b49b6536746750abda
SHA156ace5734db1696bd8b182d6381edfcc356d8021
SHA2566ff33b2a5ac4a3bfe1ac2d1ba150e1e4157f9b0f08095e8d7d157ad16a70bcd6
SHA512fcaf528fc015d4cafb45305b1a8aa6a60a75f91fb931fabeed6602be416c34fa70b82d90f0abd846b31858a327b8df0cc0a63102c7a7ad5f0bad789947b5e898
-
Filesize
10KB
MD5f037ff70bf15210af06be188a5a66227
SHA1fcdd3d4dbc081c88687eda577a7194db77f049b5
SHA256f96e0f6c49560bdd5e29611d8fe5bd9453efcf02d9d885f94818d935fc04b33d
SHA5129ae54ad5158e7b5776d0a94fec86c6c7cb43125d3b65d05d04040eb20d1be4871c6591a6e30f2981fec3a6c4e7345a151815ab3892b151fc85881ab4f26f36bd
-
Filesize
10KB
MD5f9851264ad8cad96bb10a5d9e1159780
SHA1e9bbe3c8ad3d9b9b873e69eb73f0ad45c782184b
SHA256acd4473aac237787e644bad4841ad3a6e352e70bf5beb7bdfa71d4463be5a5c6
SHA5128b2cd6a2298c7aa776894c42cd352bcd1fbf1dffe4de8777f922c02dabb55f6f7b3a3000d6da403e9b5ad026aace29dafbe8b9d72369ce245e1ff41301e54213
-
Filesize
10KB
MD57ba2b4ac6dccc23435b03c443e863f7e
SHA1c9f4b3d7c884655c81f5b16c583652a83ccec759
SHA2568ffe50fe1de2bd583f8f59b0825e7b40262226899068ede6f24c53449385e197
SHA512bd5c62b15cae42f490ec5f35dc15a8d69b241198dcfceaa218250f69cf3542299503f9ebac4826749520e0688d750f300d0325c4459bcb5fed25166dcf247bb5
-
Filesize
8KB
MD551e554da81340a93eca7964fa3a0fdec
SHA11c4a5097512b02966de53dc85d6c37c7b4a7a24f
SHA2561030a982773f78d3233af907b9ff3e7acbe89d90c9533241e30fad7debd48378
SHA5129514398dc45530946718fd85775ac36e6a57c1444f121c155ddb89d1c627bb9989fadbe70a13aa89c7003cb552aa8cd9533ac68a0ab06cf018f4d12d25f3683f
-
Filesize
8KB
MD5ceebf2a2b3878fbe2d19ab536e5db654
SHA1e5c45838e85944a140c3b4f2c8717529b4cbe359
SHA256630d12626acb6a0b0ee660c0117ff2f7719b79c58025664810d075409c23c963
SHA5126c0651100eb8d10921be578832a16b8f638c8b4db0eddc8deb5744a8dbf41c5ef8620adf01ba3ea9ce18b052c2b505797f6969e98ef14c359580a43cd2497b88
-
Filesize
10KB
MD5a6945468c53b82d92236f6b2ff39fac9
SHA139882db1c0a59b4df4a1343147c2538153c16484
SHA2567f0da65fea6fb796a8654cbd7355131c236775552529a81f2a0176a6bb782beb
SHA5126dc1c62cb1f68d696b5e47ed73419c3318f0cf6ce2d50487dac465d4e616e9af93394408103bc7a826d963a2e2dc2da58b7391129443c4ffc8e32765ba695ca5
-
Filesize
10KB
MD572692d5a76abe26fe3fe98f0c10995e0
SHA12775762fc0d891977ba854307844fcf99bf49447
SHA256ad371d1a70bf0a72736ae89eef2056cb106d9afc04d2b333ef4a3d2380397ae7
SHA5124e8fb79100ec4af7d91c4b66912eac50dc0258b00a1d55fa5e4d516f40e830958ddc9a8df2f460e9b42845df4366b81c45c5433838b794926a8959447fabba06
-
Filesize
8KB
MD5c62879d2de5828051f768802d5c4f6c6
SHA16d164c7d7d75441612f90e4390895121fc4f4569
SHA256363beb9b2ede34ce13b42f37177784fc09173397b87f94ca046616e062744d2c
SHA51286eea84d1492ec589db4de3369e2d1cfe09b6175a4eaa4bb0f4dbb0ee465c3140e8810e0543f2d836ff06841af665ffa25da408c968ce3586303ee1535e6dce0
-
Filesize
10KB
MD5259ec8ab38e2d48c40733bac9b630e83
SHA13a52e9570f9ce3518f7591cc4dc287e9c43210e4
SHA2563544cae14c149f6fba0f0571b1c36d52b147c0dc0e2e1d9e95d08b11a1a1f916
SHA512a77799a6e07c4f56d4f58201cb98ea2f0ebfd498610ac946546faeffc8fea45c344672d06da846b11c8d6f341f3ea2ced1b075faabd13ad3d7f2d73ce5c1dc06
-
Filesize
10KB
MD5ecb588fa49f40203f0511cd32fbbda4e
SHA160d7394d422177f166b25253bc73b5268649e2a4
SHA2568d937f2bdeea4c8295f9253536ed6b309965c9d821b4fcbe4edb4e11e6ee70ea
SHA512c0363ef9f0b998dbf1d3e921061dc1d3bd390017487d97e80b332fe2141412e8871328e000c67c64edfc18b9cff1f76ceb27dfe95b0d244843b9201b3010ae59
-
Filesize
10KB
MD5d402092d99a52c7a57a8c5f7fea7f63d
SHA143e4068817b72137c5c86fb15bc805cb3a9f9c39
SHA25693906d9d1f9d9d166bdb7a74a9f7ba181d99e50b448da460ea990cedc570b885
SHA5123918a4f878dc387c68a3c96a3c3595d1310d48c9efaa906689956d39cffd3c9488e1953a8aa8086bac4149ae006e73236c0757f9d6b40f8cb8ea6562a9c53eb6
-
Filesize
10KB
MD53208282b5064cc539ad4c1bb4e8727fe
SHA1739d0e9c2cef7f1d1c55152487c7548543760944
SHA25671c4917787ac063e13ac272c1f825788e501a7c1c474074e6f5f1de7a0bff556
SHA512d88dbcaf7690a490c064562a364f8732d861848c652ca8ca85ba727fe7739ed22a12bac73d738ae472d82d9a054685561a74a3893264d9a69a260da4841ef068
-
Filesize
7KB
MD50e3140a517fd37e3d0d6e7c83090e86c
SHA1e520939d0272ac96b03b41114b794f869aedb87b
SHA256201d830ffb14f757e0f482ff74b51e548dbe5bcc890a4c1df95235185edc009e
SHA5122aa328791deb2a1e76d189979a5308e037a4dbf4c27dc80058434718ed537e7a200829afb91eb4e26e2dd2f394b44b84797a7fc477bb998fd0e4b77492adb728
-
Filesize
10KB
MD58a2f4ede83c50c38e359e5b5fd9116d2
SHA142468e70d2cb4c781a69cb58e1c90312d6aceaa4
SHA2561e5c6a65452249be5be365efb916b0e6651fae447ee3dd3a8a095ed62669e3c1
SHA5124a755b09636caefb0437f5670f9b8073a52e9bb436e11f7cd2ce02034ddfe27fad355d65c56314c89743990936cfe9f4f7362599e577b153dac6cd8385233d8a
-
Filesize
10KB
MD5a151493897b4b3f2cade3e44f2e52610
SHA1175a1b5c2fe937cceab5d5cbb24aad8d6c165ab8
SHA2566ae7276987f36db5dedd014992f12acb989d5ab40eda993d2498940c742d13fd
SHA512ad3da00517af88b040dd7c2ddb33baab986de47c16842f2c8171931975025bb837bda519b6e70aac97d12c949933e4d26b3a47f4070d0ebd63a45a3f7163ca88
-
Filesize
10KB
MD5e71a8e8dec04db825d681acca29de728
SHA11093f4c34411f418a529736fc902ed692fc4f2e9
SHA256bd97c4838ddf9dda06b8261cd6eb5902c1305e96eb27f9422134534fb61d063e
SHA512bfcd4998789d2c03524539a9376af4cf809c28eb467a20827be51a897eb88ba197fe494c577afb9c72e1100e33800fabb138541ecd32bbdaeb0233005aaa83ff
-
Filesize
10KB
MD59cd0ad9d8ac3bf511fd52a2d4cbd16d2
SHA1514eb91c15d3da936284498e42c00eac35736aca
SHA25641c979006062c79b56091e3e6873bd07b2294f158b433f8bd8ea678d01b52e06
SHA5127790772e77f981d5d7d39d44c1d6a43cb6030536fd2098f5256ccc60f7d996123786e95de010442baeb11a96ce60fa20a14fb3d3a7b538b1ffe42daa35e41fad
-
Filesize
36KB
MD58e6103950857706216f0ad869736357d
SHA1fe60fa047cbdb8706b1532ef9628f4593eef099d
SHA25631587031044c4ca7696a5c85b441e67427b358bfe2bcd4432557b3cb35c87c8f
SHA51225ba7e299d8ee1c34b2967d95ca099d056017a5a062148be2d0722bf9991d93cf0e11ab6b0019cf8aef44b5e54a642387b69ffc79d52e2b4851a9eacab24d170
-
Filesize
20KB
MD576b13f92d4642afbfd6cfbe900821458
SHA1f7945c208abbfc12823b1690ac927da5232353d4
SHA2568f21efc09ba174f57e71ed9f49629c75b962a4b0b354cb11c24b7eb65dff397a
SHA512f0fa253013d5e2a66589bfdf88d9823d5947b7fc3868e87816a44651d8825bd81315c80ba0739668dc0c7acb2f5a351709e1a75c3e6874e1baf5af40c36f70bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD56173977f7c48b22776c09a63c0242c2c
SHA1de2e29d1cfee9d99d75370b82697026758b16cde
SHA256cd1b7652dc4abefb92dfa21b38b7573747a9ba24e1939e2f63defa3fbe8fe43a
SHA512a3c98acd0538c6aea92dfa068fdc55bcb94806b85edcf173caf778092fdbdd5c8c1dab6626550c6fc5f2329f18bfe4684efcc42a198a2f9bf2f8fa90d410bf60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e31ad.TMP
Filesize48B
MD5587fe96952f8c3c093feca51165fd9b1
SHA13ee1d01a30e3bac612f6e212b544fb3545d7ae9d
SHA2561c9c7a531100a73d3347cd8bbac014bc8caffaac6c9ae64ce6fb40287fef5e20
SHA512e5935bf9a23d13e6dfe737c28ddf8840f7d4a23a751b53ab347eec24a7b7bb85d3fac07a11592b0bc6d22386d1ad0b8f771496c00b0890197d63c17e0653c245
-
Filesize
540B
MD5ddc881458c95dadd4b6a792625b2502d
SHA15b63fa3890a11869e51f234e341f83b76a103a3b
SHA2560b3f368203dea87792d6c55f4f6dc3e4c50f11579723035d2b99d434c993c8e0
SHA512b30ff59803e3044177604219f5fece5a52673a716e92ce4f4723192b744b58de6a2b2b603fdfae4f4b1ed5880710c4e488615ad8d3a1d273d5682a1a3eca927b
-
Filesize
322B
MD5fc715d71824f1ad402fedc5ed511349b
SHA180bd4307a99d89b79603c8fbdd17788b4fa0dd60
SHA25624b8b11e5ee19fe68b8a9da03ac2b7dbde1846331b7f780b91694c9fe4ebbca8
SHA512aafb8b0084569f4f2f39178089a846114dede4b480f186fbf3299a334339f7fb9b323ca538e8303d9151c683c2ff752bb77f3f09540f0a0f0e8569f6af170ebb
-
Filesize
1KB
MD5d0e5d515a222a1eb585bdb1f11ff2272
SHA15047b4b24e7642467a80bb7c197560c463284249
SHA2569d492183065a4d2575250b7ecfb0ad309a091b2ae08089303118fb8bf52152f4
SHA512463ca738e005ae8975a775c952cdab3a3d77805a4993b9804c361b65c824741b49e278e6e8b8852467c62687126a671d6f87d90dfc4aeae0d652b79bc07c1a7e
-
Filesize
2KB
MD5962032f80cf8df597797ea174cd6aef5
SHA1e0adba32c277dd5de2f22d0adf9bccf339b34778
SHA256292a8e0ad8f484b75c895a00eb58db604667a8a92bde69ca66987747fed8f147
SHA5122a5f2b2014dd968a81feb08e6d7c750f60d73ad63f72cca80875fa1d098c37200552e4e8a0337158f5300d964cc042a77e73e59f99304cb23a2b9af56af70376
-
Filesize
347B
MD5b5a310948a4ddee65d209bbc00cbc04f
SHA1c061c5e5b7551c64b084176be70601b84c6f546b
SHA256c5cbfcb4a526156ebc7ef8dd7adcb22ffaa1a470707512579c821b95b778b994
SHA5129a1479b598425abfea176a5f8e3724381eeb48f47ccc75b1059732c4d6fb48ee21e5c6d9897bb4d2885a04a86906830f43ebd54e85e9d9ceea83691064fadd64
-
Filesize
323B
MD54638b1971a6a498c12b9c4919c54e38f
SHA1961dfe030e4b568722c61e5fb3bef1f236409b74
SHA2564675fa94e3fb106c9bf3cdb0f3938b17338d19d8e409d03750f855c1844a13b0
SHA5120ca43b3dddd74b4885d468b6306fc9c41af90a5bf63fd39379b0d1c91623742c57895bc1bcbf595e67ae761dd01482d92459d7f180e722418d38ab26095cee1f
-
Filesize
204B
MD54a99e0273eb35581ed0fe614a7f3db12
SHA1e1c22647b28deb2e708c08a5cdffcb03708be182
SHA256fe8cf87519c266643fd3e131ebf4dfd062d27730dac6bbe29b3ceac22a0981fc
SHA51249b0a86ff75ce06a48bba55f2b18bf0bdf8ae4416c41c6abbfa936d2307c7b62f45008d9313f4bf683a478f435a30646435f44708f6397ede97d4d2868e8934a
-
Filesize
204B
MD59926eb28039309e52cfc390de3f0ec56
SHA19811bcb53930118d01d72e4e639aaa64a8f6511f
SHA2560d970a4c1dcf8a72ce45a753218f9cb0b37735627f3ddbc567fc1e5bbdfe3d53
SHA51229df061393754a1ec5f75723226d11537dfc5133b33a61da93ddaa95a9ead484bbdef3288f41a3715064b9472e53dadb871011bd6d2bac239a7cf292843f156d
-
Filesize
204B
MD52476c6192dbf0bd3071fc2942bd0304c
SHA1efd183b05fcab023b5dec660ea7b972c5b63a03b
SHA256515a49a4c9de2bb6bf54f8f609e613754b4e8bd7723ad71779d6130b7f3c52ea
SHA512291a1848bd94cacb6d9f33d1b726757afe730ceaf9665a0022e4c713392f02c97137922bcd4ecb8662cdf8d2e48f2572878d67531b2311723d578969fb8d8281
-
Filesize
204B
MD54732ae251e6530811098eb00ddd71772
SHA10c9b2e4855ab573ab99467395c86af5b5c125dd0
SHA256c97b2bbb37740aee91573c59af968aea8735e9d517964e6cf3bf06dfabbea9eb
SHA512372fa6e61b2c9a1f779df028ea03d118c3eddf37a2824392f61e91cdaaf97d4aa403d59d9356698623cd4bac82c794b1aa87daf6753097a2038c02b89ad4a39f
-
Filesize
3KB
MD5d393166f011cc9e3ca62151f17f100c6
SHA1526699c242665013ffe50bd83cdff4a285ea428e
SHA256a165f653fd80942aa621c9ad8b689b23623289c706cee38a877d8ba0bb068e79
SHA5124e21cf8a84b2b6d1943e2f7323ca4708cc04f96d7a7281a81d78afde7533999d9b7087fe0752b6f31d49ec9d90549bac9deb35ce7e5c0dda875e9944ca476c8a
-
Filesize
204B
MD579314864bcb48c567db04c867f2d3d50
SHA1d712c88d59e3dff899f27a082eda9385187e21b3
SHA2567388053fa7355d2fa0b87d1491a87ff2f805dea79315152951b651431bb12356
SHA512a4473e64af037a34f9a437680c2eec1159a580476bd52add911a2b1e8ec27f71475b7e865afcaf6102eb64eb13859d367e96ede85e1e511cce8540751ee7f645
-
Filesize
204B
MD54ec008cce7c42eeac85affc30e4b1dce
SHA1694de8dd2121ff222e826a981f56fc61e1214e72
SHA25683869401ce3d3040cd877db32e2bb61d5a7cdaa62bd24b4456156609c1193b34
SHA512a7606f0178af5dfd40fa0debddb56c75717e168ed229fb2d7e788a6b2c33001c02e61a18b8b2a9b36e8c2943375791acf1c2757c0854a8137e80c1d2354a4265
-
Filesize
204B
MD5e4a2e7c326b8620b64ea1f0953adb2df
SHA183d8bab7f1d3ee977fde2b32f2260a187b5447c7
SHA256153dc647ff72b44f54ea14f23d0a6d9a61afcf0db9c1f30e1d3c4ad2b6a9ad23
SHA5127ec176a3e2bccd6ecb6334f0a4a786cb2806cc04b69b22a054a413de0b88aa4eff4b836d999d66d16255eeb20e03f479af0d566f69f26a5788bab6eb5089aa21
-
Filesize
204B
MD5d4ce696201e2001f59345b327b58b9fa
SHA1ab581afcae3a12d064968e308d4988e6944464e4
SHA25611177571cc976af2518bb5fccecc0cc53b7f26b1c15f802df5dce764a4250ca5
SHA5120dd29aae8c8e390e895ea7aff8248aaca535a1d322b4627cf89ab6569160548ba640777f0124c328a2ea452588c42f0254fbbc3992a0d0907e7b035dd18d62e6
-
Filesize
3KB
MD584dace32482d27d95be5573f6c9bf692
SHA1e4b880eac52558de17be95ffe639ce5fceebf685
SHA256e12c9a71739a17a216d0f9b485380311aadb7467dd8ba11902595fc858ae1a48
SHA512dd7075d2ee0a0ffb4640fb48a185a6cd5730b68b140568888a9148b55c69c4c589cd64e349f286d5fa90582fa7f84fc6068e06aaf71b8eced9c9658b0a62a37f
-
Filesize
1KB
MD5be3fcfdceceff42fcaea64b41771b748
SHA117bf99c9bef64ef0f8b4f36aa1bbecad30d4063d
SHA2564af2e85ef6f77778389214057ffe997b0bbb9c57a519147039624a566ba2cec1
SHA5125c2efc2d6328bcf8e1171ec30cfb3de26ec81236e6a1f15b286c4d88c18acb82d2664509fed3b98f584b46955da552108e6215f5f4fc86d181da452f82e7f0fa
-
Filesize
202B
MD556c1fcf3b425aede3fb8f5d25944aa67
SHA16fb7f83d25db8b9cd8a2a23908ce25bac44bcfc0
SHA256f3ea5d76582e82e9ce9e99bd8950ebcf1ad0d5492a0f87f512eff2db7e9ee72d
SHA5127b42a4ff3944ddc413675fbdd077894a2895b9749eb1b4f8cd5bdf4bb7ba147d974dfd6f7a7403033c0cc6dff3122875a3e6da9e600cf701d07f88bef788eea6
-
Filesize
204B
MD506906de003ddd07663c5055bff9c2b8e
SHA18f8c79ca74af8b46efaa13a95c38535aeb719f39
SHA256ac0e9ca56a7998fa5b4358754040b2f796d16c827cb3faf4477ee838815ae81f
SHA512042ce5fa19f6605bfed88edaa9ce1c476f8826b6dedc119e54a7bf2b92a11ec9353d3f1f8cf3a8030923efd33b2ed558388d40756bdd8717410e9a3e900a4c53
-
Filesize
1KB
MD57d1822c6566c6a0f6ddbe8292c030c70
SHA13c8c828c98158c88b1e6bb2cc38e9f403ed2439c
SHA2566094033190bb3b1c3a5fd39ada3ac73963a2db5497715df8c09ef269b6f0652b
SHA512d9eafae2c33bc5a02350c91cebd4389f64c0d63f8c36edc71034d92ad8741b6440185fe053c9295ad6022ade33f563b62eaf171b10ff50db8e81caac242d37e8
-
Filesize
3KB
MD59285fe4ab5ba8d1219ae9af0e18fe92f
SHA17967081de7a041f2e6a52e4ea7d56a3f70ba6731
SHA2562b830fdd67b9350f1f0b5812385dc41579a8a30a1ffb0948bafa445da577d7e5
SHA51242791eaf70344d8fefef19df659fe4635a6bec2c217176edb2ab4b7a8edbf4b2ff30f775003fe932b6ee8ff397d4bc4f8d3ab4a00c8accfeaf9492c00d28c69a
-
Filesize
3KB
MD5428bc746b1fe45e820830b6c1f460dc6
SHA1c92c94b4705428b26426947ae91dc8240da87d6e
SHA2565d143d901f10d7042dc6182cd0e3b8157fd7fc78128b24a5d777d21a9ccc0d16
SHA512b0eb64cea7be14b021f172d9a2cafa3bb6f632b9078dd170ea97c58c52cb5c1bb215c3eec22b2d0b40ca2db6ea0459c33b1e556bcbb0e7e6676514a918260244
-
Filesize
3KB
MD561330fbf3e354fa3ecaa149d0e77ef09
SHA12055f4945848fd13593e16fa1ca154e9f680bb70
SHA256ed4d86ad26c15ae52361f71b226a6214cf5db9754bf5016cd3268aa0508bce88
SHA512979e686f473af4b21f6ed381cb60575264cba0fb3436168a93e0e56306b84ba6904b7f017435ce9928af4d41dbea4369a91641c7e008f97aef1d394f0b5cb77b
-
Filesize
204B
MD5bfbccb9789829d0d65ab718580e66dad
SHA159f36abd9f17f381b09428d3490e2884088246ba
SHA256e9d412962aaaaf82c4c2284975f14c3f2dc4ac879306c77f5fb015b12e4992cc
SHA512834398f1565aa657986a5f840b906785a1c758db75cffdbe69443656f74583778473ff768b56fead2a08f910b630e0063979a40e1fd9d44414b68dd1fa71aac7
-
Filesize
1KB
MD51c7fcbcbafd2f710d98296b70fd92dc5
SHA1744ec4425239095d54c92b8a6284d57a1ca3f897
SHA256a23a0c151e860ade13ee5a4f4a3e60ff3ec060f70bd6f00678c9895361c6ae73
SHA512f7c01aa4d423f20067b060610f97f57215f165e6ccdb1b082ffac211d860e14a40043a63c48b073b4844b1ea90c6bc931074243ee4c5c69ed5caea04831678a9
-
Filesize
2KB
MD5903678879af66564b6834a154eb22e5c
SHA18e186e132a292f1bf4f5ccf8ab9d4576dbacc3a2
SHA2569922b495cfb3396e3e087699a2c07a52dd5db53350dd5cf76f39112bc9b1b96a
SHA512e90d07d0cb2256bec8978fa4892b92da148cc043112089637585f9d4ff40f5ae55cbe73a9feddae3e8c3a8df2a7f9a9994a8048fff0980ba7a1cb6ffdc667210
-
Filesize
2KB
MD5903594d403241531037dac2d8657bb06
SHA10a42e63b4b06110f1f52bb33e40c277fb5d3abe7
SHA2562eaa2548747e2f2fea15b440e6f3d55e6e7a96ba2efb3d628c2dd0549a3e8745
SHA512b1ffd1f50329d2720c81ec17017d0ee61b33982ea8677ca9010ed34fc315c9192a2cb7b306d8c157de5ffd5647d75a7040507ec8d05a0d21955031a171d004fd
-
Filesize
3KB
MD56248815923a011f0c0f08adf69ff4d76
SHA1886aa8959d52559768b668c01e8b296091d1446d
SHA256104363c24a1ff0b36c63997e295d176d4e4f785801804dd3ddf9be412f2c3a10
SHA5120e3c187fd421fc9564b92f5f6c5caf98fc58d7495f319c7d16cc6e38aa5a1bda79c5252c11f2ee554f585216b6aa8a547e0b11c4b9bafdd11d54dfb935b05307
-
Filesize
3KB
MD5b49321e1c8e932a8ba65b89314f0d8fb
SHA150609f9a2114b757fc347ebac9e3d185dcbf0513
SHA256beace30c08499df94be452b9c651a8dea641f237dd5a40b4a97e0b333607d1d8
SHA5129cd6a1787e421656c1c79374ab7910687af814442e666049a4e869997041cde9d9f2f4997dface29636f2b77db029b58aec0b660b09c7358b74145ebd47eef00
-
Filesize
1KB
MD5227b0f559719ce85f606701404a3f1e7
SHA1cdfa3d7ce5c562be9780cd6374409155d70eb93c
SHA2562179d7b8d6b052c0e22eddace738fbf73a7180e3940c7064247546103fcd484d
SHA512aa3f4f20de29161c5f0b92f3bc85f794afa1b1b2c03f79a995e5b9d9b142419d52b372eb271918da42fa6802c6daf6c9f524a1e525340ab86303a7ff4a6a4bcf
-
Filesize
2KB
MD5fa806b1243d2223a062b5c9be1ef1655
SHA1a61546a5b48d2ae89e3d9ec5b42afd13575ac9d4
SHA256137561189dadba682e8615a31f80a917b90a83b7689e323ecf4210629f48f274
SHA512eb9cbd6f069454307af4d40123aca6d520b421abb0a37ac027a2d8f33dee437d657623f4f9e923e463b17003c7a05f5b297223a4b35672b0f034177eb8b1093a
-
Filesize
3KB
MD5cfd41760b794537fc341e64d78522f6e
SHA1d5409ffcee905e42a2060403206e1f142484122a
SHA2569fadbbd0959f3656c11213b630db5f5f041483ae371410fa5be38428a5705477
SHA512d58b3084b0c5ebb03341f083ab59301b489dbd7cab57de9e36fb85eeb7c274101672babf8bf480d3f9ea2e78e83c53dc30cb1ee68eb0581a79bbcb0f78cd7e88
-
Filesize
3KB
MD58d568df7ba6ba478b441d5b1827eca5a
SHA1969433fe09d7ecc9e0e129d9af110276fb946f93
SHA2566e27d44c7a570bb28ad2d3fad022bc8d952f88f79ad7fab11a65b1f2d8856b77
SHA51291466689e57a69ab982f321f83e8bf8fd6b1b91104d8c7ea214ddb191ef8787e5487b7688e73d891ef287bd27f42307b54a78646359e16f5fafe69584b7a285b
-
Filesize
3KB
MD5d329a267c7fa80acffa2bddc39a8862a
SHA19650bb3387ed6831b7ecc9498735f23241452ec5
SHA256519e864b773e4054e0686236f92f1cfba5d02b17940fcc1f34f8c53cea0389a6
SHA512a015dbf1a65a2c5cd55a0a3a50ba95d0b9294fe9dee6042c8eaa738502a3e34ac6b359da1571b42c757803955897871ff6774eb0d9fcddbdce5d97a0eb9ff0b2
-
Filesize
3KB
MD5ab2144bae1280ea99a12e40226a1640b
SHA178208a233329d7850446d5b1b413e4132143b912
SHA2566109ca80c4780202669a6c0de2483441357b55a432787848fe5481e36c39b23c
SHA51291a00d6c2c9b0c4585b8f4b3e1a7c1e8d2bd928073c0be187fa120674d64e14855850213c2d0a1ac779c13c5d3194daed52124e57331d9e415fb6d1999c8f67e
-
Filesize
2KB
MD5ae0b8ec7789e050ffd2ed18b658c92c8
SHA129f03f6c01bffb7dff772e28791d53843f051993
SHA256956d7417a65e04db807bfe4fb17b73c78ca90910c2bff859baee6dcf85c7d607
SHA5126692f11938373cdadfb621d18797a2109325d779eb90f9d78c1e5095323d9e9d3ad7cfef6d8fe30595e66ac3cd63a4a50ba5924abd0a825f6ce5bfea8b0d8175
-
Filesize
3KB
MD5f3089577ee252f5e5e97399f8a188999
SHA1bd1198479bcc8d1d67a676e9eb10984a37b0adcd
SHA256717433d359d29e43aa60097f1c560d460b1b996a83f24c4e6a46edc60d2ffb28
SHA5123fc83b3e1f645cb60a9ab6ea817cddf4d64eac6ba000c6e8a9935576be419c0754ed438a6025dab32fcb71c4f1bc1dcc386358b68c4dac91bf84e0491f4113ec
-
Filesize
2KB
MD58d8eb1ac2bf430bd6ca26396d2474598
SHA1cda9f22a73709a487e2c544737cbb701e91c0018
SHA256cbdaf14225608eec18b06ab2e1daa0e41599cd3ada18e7e22d81b3b6017ec3e0
SHA512e1927986f05004963560266b71d4ab1eb5337b318dccc6c4f11d37f31f006ed9a4204701dbd312dd5042eeb4f091f1299f05ed1f935a9d5cacee9f303bb84c6c
-
Filesize
3KB
MD5cd10c935166c96d1878e73c940730eac
SHA1faa9d5aeffd9a936d3d7c6a028a712d8977df9e7
SHA25626a109995bc8b6ebecefe954d59172bdd2ad46f0c52a6c2072c4d47da452d4d3
SHA512c7c7e01e8bbc7e45ef570cd19a8ec146cadde81def55f579ceeb85b651e0bcb35d198aa78f8bfc7641177f51bf7d25237845d8f0149ee89c1492bbb1744c6979
-
Filesize
3KB
MD53d5ddcb48ed278369fc354d5497ec2b8
SHA122d1faf18fc9230d3438b8cb4772a8cbfb282de3
SHA25687fc63e2d8afc1dbf45fd4668ebb3e5929e706dc9bbb2ad1db25541f377ecbca
SHA512b362c64f2cfaa09eebceacaea172355f33bd7be7960b56af5daba086ccad69c3e4767ba213ea6e99766306e76097470c212e16e91144344233981f68301c2cf9
-
Filesize
2KB
MD535e87f7a4b186293be418e7489d4bdd5
SHA141b9ffdf00e152614ed576426ab8a8f4c04d8da4
SHA2562f5539a6bf5610b2f2c872c1e960581197c462fb64831a73a1244b813b0cb947
SHA512400709df540274a4119808b73b3b4125c3a176ea07160f2f5da76e8ee46a2a059555b44105a84a4108a26f90d938bb3fac6cdc83c74b05dc5ae80a6b3eeec277
-
Filesize
3KB
MD5f7f2bbf5876517657dec0c4f752e8be1
SHA132d2a27df7c66db258f3f1ca8c81ec1a26c64645
SHA2565c8627e4f6974b1af627c3d0fb5f3310992790e9671522af4189e7b7fcc9030c
SHA512aad630c53039fbe30602451a11ea10cc0e9d989aab384eccac0e0e7a0bb5c7d045268efdec4818d0b683d464dd1da6670bd62fa1fa70ccd39e9d73b39b8e758d
-
Filesize
3KB
MD5c5d0e5019acc4a3d87a5429fc88aacd1
SHA1890489802777a037dbc66541d2679005b4bac094
SHA2562248ea7af8b3adfb5b51b73d71817d06fa24d7e16dd32478a832f184fca90ff7
SHA512b7c6ec0eb56af9c8e144c82c188415d27257a9b1510d1a5cfa127325a8c30a578d501c8b3a5e1b086cebaf15f9ae22312a0b68324a5d8fa39a7165fec5390e9d
-
Filesize
3KB
MD599480a775a71a0b7b8c20cb40543896c
SHA194c4f225e9cf381b315be419f0c17701b0029748
SHA256bb86335d5222292a84e6d07f92d73d23ea4453045a5a546a6bbe80e185882c4d
SHA5127ac54df9761054e3e277e7b61baa98432653c1214888268d2fe201851300731331117f47a4361dab32e8e8442713810db40436863cc2869ff6fbcc3181d0e54f
-
Filesize
3KB
MD59969b80445b414b404614b756bab1916
SHA1047df6536b38dccd0d2b39cc76377d9dd6fce456
SHA256ef9b3d1fa36cf53c9087d707aeb3a9e5762edebc5dcd00a2f466c9c2cf3f8e79
SHA5129a66790a716e9de1549d96fe4d40e09ba67ac59765203deece07f80c235cfa660b381fa0016998d2ce45d8cd60604e2cfe28232f3f03ca3384ca8ebfbb61d36c
-
Filesize
3KB
MD5234f1bbd7a586fa3caa11bedf98c74cf
SHA1bcc5b24ebaf9a96643f1c60ab7e05a5c4fb09673
SHA256892c8398f5467f9a8b51eed253b7ac265551924ebdb0394ae861dc9f9d9cd9e9
SHA5122278b5d45f5a10596fda2a004c0b4bb156ac80ee53b9f36cb64f465f7be78fd8c2ddfbe18a765a0823044c5a6e514d5d5d4a7c6e9eac4d403b94038160e4a293
-
Filesize
128KB
MD5759cb1fe27cf0a17ca1b18315178af0e
SHA17cd231455d514d77d9df629d834f96876bad7d59
SHA2561cb15636ebabb53b6d60d638a2add1885bf86ed934099b1a58271ba65817a46c
SHA5123634d234c033b36d3a77c54a8da675cfb23d113dbcc9472d4aa6f24021f71ca8132d4a7952b9bc212b14df645c70d0a8e80d7a13612cd8e2c96cc7e88ffa336b
-
Filesize
10KB
MD590e73f9c1a18092afb14c2863430ce0e
SHA12433dbd0288abe7ac1c302187e298f31d2e906ec
SHA25652b9f1d70069850496fdfadfaeca04e2bbf408728e743d72cbe27b590efa6d5e
SHA51286ad216d6927abe55e3d0420d388e88c44cfe836d2ff3b01a0152fd7bbc98f5e41672f7750daebc64b63133cb0619e5f5606c27bdea2438426d837fd696a045f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6504ef8-6e2f-4649-8345-0d9e54e937f9.tmp
Filesize2KB
MD5b6ac029d69fd1ee9406c313cee3d6312
SHA15b827782515688ee63afd20eb916d96826ee594a
SHA2568338d81eb2e0450f3def92652b93d866ed3a7bf2d2a1b3c84656251b41a6440e
SHA512e44b4cc6576ee9235d2f03d685a3cd84bd8045cfdaba5cc4d56ae6017a2483fff256f9275dc50a71f5689d05640a620d162a1b2582ab78326b0d7316231ef15b
-
Filesize
44KB
MD52369022a0988f038caa6b78ee48b8b67
SHA1ef53384800c3bf839cf1b5a9a2e56d5dd95fe26c
SHA25632dde02d4dd0b5c26b5a1738967929d6f0cc14703cdef1be058805220ac0316f
SHA5122c32277be9697c060750e98a4ce3a533b65da7efebf5a65f5b9d9376c9f7cff4644db2bff739e82c3c61c6acedba87a531bb141af5ee7288650868be97d4aab1
-
Filesize
319B
MD5af5c856d0ab6b346f0c5858756625257
SHA12aa2111feef9a6822f544dd53507820012183017
SHA25696642f9ab99973eee6d99465ea20b99ab9127718cd3d3f500d9cc4b3fa954dcb
SHA512d066249e6a12d0e594a2bed48453159ae176e61ff823a9152b2e310685d25de9ab3a6fa6c449fff71c27d402e3a70cbfbb569cd5c90c9c5d875c8b676d93f653
-
Filesize
194B
MD5a48763b50473dbd0a0922258703d673e
SHA15a3572629bcdf5586d79823b6ddbf3d9736aa251
SHA2569bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd
SHA512536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1
-
Filesize
337B
MD5bdb308d90326aec258b10d862912d52e
SHA1a472f2f7ffe0639bff8541901e29e3c4fa8a4166
SHA25653cac97e5a2d8e488cbbd125ec39b1b025d277613702057d46af16748890d594
SHA512028ee6d2b16b48bc1162b2d62ecc40b8f06ee1d66a3b574555ca4aab2de2672805ed3500c9733f30efb3d526b1dfe11ed65d0daa801bc17b4085cf77a4404268
-
Filesize
44KB
MD593d6e5325168121ffde485d4da03f551
SHA1bf5d358bb9210862518b8087689f932d1a246b6c
SHA2561c7162ecccd907222f8764f113c8ceda67e7136cca30bcdab78cc3be8766e381
SHA51286e3cbc18e587b17b3651544ae80c556806ada34947070ea24f43fecfc2c7f03cdca32a32a44356d60164e15680897aa9ad3de3becaed1bc8916a34186cc9ffc
-
Filesize
264KB
MD5a47e9c89aae27315d3d2ba4e29435c0a
SHA1a5950cde26f9b371a1939fbf35bd7584e9788c95
SHA256df80dbd1d1d868ca4a7dc9505df3bf35a8a35c5655de4b23f78eb815dcd1f8ef
SHA512279f1ceb704b8eb9f9d38210c5a228c5e67bae2e6b294ea8d771608c7e762f5f2996a1b647fe1b7b4f14c69f5d4e55798d944cc4707ffd75ea0e6d0c72cab585
-
Filesize
4.0MB
MD502597c4a48f317ad0ce0a2b577db9ded
SHA1f17d0735753795cecec3e13406d6070731aa270c
SHA256e56ede40281ced56a18b6349c30511118b721a7578b2313f8a79172d7161db11
SHA512da01181007e9eee57da2b47638488797f830f2cfb78edc3c6313ad381facbe219abe527bce574f13d13343fbd050991bc61ad3fe119c074db7d7fc76214020fc
-
Filesize
17KB
MD56bc4851424575eaf03ebe2efee6073ab
SHA12d014fe2feb929d03a46322645a94556ca5c9e96
SHA256abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e
SHA512af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9
-
Filesize
17KB
MD5fc97b88a7ce0b008366cd0260b0321dc
SHA14eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA2566388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175
-
Filesize
16KB
MD5a33b3a3fdf5161be5bd861804961f557
SHA168a57897f1686a3e62ce9808165e18f31661d077
SHA256ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560
SHA512c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
11KB
MD594ec34b8ad4542813cb9865e37135d77
SHA129483f61662e6b6f26a81075a182d8fedafd835b
SHA256555c288c903b8c4cf9efb19b75bb110e877e7fe76c1da4ed13a00bfc27d18be9
SHA512d4425d8f78f1c576a22141f90a54b1d7b8212b0fbf62989e5935144f5c3edfa77d735d02e05e8f7c41a14ec3301f7970ecbca53ad530194b19781c1f47663716
-
Filesize
10KB
MD5f0331a1e2672980bb33254139da45b0e
SHA16d4c6ca4219f96a0ece9c706f14312919222c3dd
SHA256be784d9c6d57de10d1aab38bef763c652252de3d098294764e8ba52185652c3c
SHA512bd050fd89d6900971f0b4696c8673b856479d36fae079580fa0e6ce71b7c514c57ed15ae7b1c2409e347d5106536c2912adf07a18ab0af9ebd6485bede2c06a3
-
Filesize
10KB
MD5dac475fa3f820e53cd85d296ab9b81b9
SHA195732e8539b8074190ab9ca46bf845ba43c56736
SHA2569f448b151d1802692a820baeb0ba5129d7c1c66421faeab3459f73817670cfff
SHA51282f2319edb79e8424b4febc6656ff8dd4cdb85242c505d8d822a4ea86877f1236c8a7cbdb047f45be55ef546f8ec917e81cd7cda669597a2c3134ad22eb88979
-
Filesize
10KB
MD50bc3bb208b61e47861a449c0cc79d192
SHA12824997d06065207158e142e1cbfc31deae0c24d
SHA2566509515fdec653d9dd56956c06b89ff8a97b2aea3718d6542e72b0678923f4b5
SHA512bd870b81f54108893aebfdc5aa43f8f9098f7714418a13d371a46eb33b3163b7ff572719da8c6313931eb073abad014590a6a8d17ff4cb74f39ab07116b59b66
-
Filesize
11KB
MD5f1f9478f03ad64211f78ced71ab0226d
SHA1e7d694446f3135e9a8abfb0ef4f9b6042cb80fe6
SHA2566d1e57f0dc5dfb5014460c9f8295aa7d3b882a6b5a30d1c8a67bc569e4fdb3bd
SHA512090f9be614c67f7fb5fa0cffaacd4fa19fd6bc16a3b14c325076839a1b1cae269ffcd7df282e21b07950843da342c5b7e6daf4ee0c7837680ef3e99da8b996d7
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4B
MD5b4c70fa28632fe3bf4c24140e554294c
SHA1637c8e0101812665c50c4f5bd7798fdfc65b7f12
SHA2560063bed9a5c361a01081dce72450f5726d3df8d5dcf177769a765435a4f8d7bf
SHA51241c9614ebe5c55d215959554a4e1e174fd3b39c2cb4765c8b1dd704ca6b782eec26711372ac30b4d3a18d574c50cfee9843596a354fd1edfe2e68e1fb56fe97e
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD59f948dba8780317c57e542de5ff8b52a
SHA1ef4b7c0bf2fa2d86baa1599c4933f45721b98da8
SHA256dc1626692016c256db018d56700744a97e94f180b5a9c9bfc8086153ea644c23
SHA512c2cf84936711098c511fbea12a7f64f7585ceac243dd334ce2cf15cf7f62075c66aac16c2c6ce2396fef5647d0263c2757ba7f0484da72be301499129e076a72