2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13-02-2025 01:26

250213-btppra1pcz 10

17-01-2025 20:14

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

Analysis

max time kernel
900s
max time network
901s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2025 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Destructive.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

8^/10

bootkit discovery execution persistence

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
39	788	Process not Found

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
4932	MEMZ.exe
664	MEMZ.exe
5076	MEMZ.exe
2840	MEMZ.exe
708	MEMZ.exe
1948	MEMZ.exe
2784	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3936	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 43 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings	MEMZ.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2656314083-4170277356-267438488-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe

Runs regedit.exe 2 IoCs

pid	Process
1300	regedit.exe
7300	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5012	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5076	MEMZ.exe
5076	MEMZ.exe
664	MEMZ.exe
664	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
5076	MEMZ.exe
5076	MEMZ.exe
5076	MEMZ.exe
5076	MEMZ.exe
664	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
2840	MEMZ.exe
708	MEMZ.exe
708	MEMZ.exe
708	MEMZ.exe
708	MEMZ.exe
2840	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
664	MEMZ.exe
5076	MEMZ.exe
5076	MEMZ.exe
1948	MEMZ.exe
1948	MEMZ.exe
708	MEMZ.exe
1948	MEMZ.exe
708	MEMZ.exe
1948	MEMZ.exe
5076	MEMZ.exe
2840	MEMZ.exe
5076	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
5076	MEMZ.exe
5076	MEMZ.exe
1948	MEMZ.exe
1948	MEMZ.exe
708	MEMZ.exe
708	MEMZ.exe
1948	MEMZ.exe
708	MEMZ.exe
1948	MEMZ.exe
708	MEMZ.exe
5076	MEMZ.exe
5076	MEMZ.exe
664	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
2840	MEMZ.exe
2840	MEMZ.exe
664	MEMZ.exe
5076	MEMZ.exe
708	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
6052	mmc.exe
6220	Taskmgr.exe
2784	MEMZ.exe
8252	mmc.exe
1020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

pid	Process
8252	mmc.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: 33	5596	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5596	AUDIODG.EXE
Token: 33	6052	mmc.exe
Token: SeIncBasePriorityPrivilege	6052	mmc.exe
Token: 33	6052	mmc.exe
Token: SeIncBasePriorityPrivilege	6052	mmc.exe
Token: SeDebugPrivilege	6220	Taskmgr.exe
Token: SeSystemProfilePrivilege	6220	Taskmgr.exe
Token: SeCreateGlobalPrivilege	6220	Taskmgr.exe
Token: SeShutdownPrivilege	5012	explorer.exe
Token: SeCreatePagefilePrivilege	5012	explorer.exe
Token: 33	8252	mmc.exe
Token: SeIncBasePriorityPrivilege	8252	mmc.exe
Token: 33	8252	mmc.exe
Token: SeIncBasePriorityPrivilege	8252	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe
6220	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2784	MEMZ.exe
5732	wordpad.exe
5732	wordpad.exe
5732	wordpad.exe
5732	wordpad.exe
5732	wordpad.exe
5732	wordpad.exe
2460	mmc.exe
6052	mmc.exe
6052	mmc.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
3512	OpenWith.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2496	mmc.exe
8252	mmc.exe
8252	mmc.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
8816	mspaint.exe
8816	mspaint.exe
8816	mspaint.exe
8816	mspaint.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe
2784	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 1684	5084	cmd.exe	88
PID 5084 wrote to memory of 1684	5084	cmd.exe	88
PID 5084 wrote to memory of 4932	5084	cmd.exe	89
PID 5084 wrote to memory of 4932	5084	cmd.exe	89
PID 5084 wrote to memory of 4932	5084	cmd.exe	89
PID 4932 wrote to memory of 664	4932	MEMZ.exe	90
PID 4932 wrote to memory of 664	4932	MEMZ.exe	90
PID 4932 wrote to memory of 664	4932	MEMZ.exe	90
PID 4932 wrote to memory of 5076	4932	MEMZ.exe	91
PID 4932 wrote to memory of 5076	4932	MEMZ.exe	91
PID 4932 wrote to memory of 5076	4932	MEMZ.exe	91
PID 4932 wrote to memory of 2840	4932	MEMZ.exe	92
PID 4932 wrote to memory of 2840	4932	MEMZ.exe	92
PID 4932 wrote to memory of 2840	4932	MEMZ.exe	92
PID 4932 wrote to memory of 708	4932	MEMZ.exe	93
PID 4932 wrote to memory of 708	4932	MEMZ.exe	93
PID 4932 wrote to memory of 708	4932	MEMZ.exe	93
PID 4932 wrote to memory of 1948	4932	MEMZ.exe	94
PID 4932 wrote to memory of 1948	4932	MEMZ.exe	94
PID 4932 wrote to memory of 1948	4932	MEMZ.exe	94
PID 4932 wrote to memory of 2784	4932	MEMZ.exe	95
PID 4932 wrote to memory of 2784	4932	MEMZ.exe	95
PID 4932 wrote to memory of 2784	4932	MEMZ.exe	95
PID 2784 wrote to memory of 396	2784	MEMZ.exe	97
PID 2784 wrote to memory of 396	2784	MEMZ.exe	97
PID 2784 wrote to memory of 396	2784	MEMZ.exe	97
PID 2784 wrote to memory of 1020	2784	MEMZ.exe	105
PID 2784 wrote to memory of 1020	2784	MEMZ.exe	105
PID 1020 wrote to memory of 1872	1020	msedge.exe	106
PID 1020 wrote to memory of 1872	1020	msedge.exe	106
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107
PID 1020 wrote to memory of 1904	1020	msedge.exe	107

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:1684
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:664
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5076
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2840
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:708
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1948
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      Enumerates system info in registry
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:1872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:1904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
        5⤵
        
        PID:712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
        5⤵
        
        PID:3616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
        5⤵
        
        PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
        5⤵
        
        PID:4808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
        5⤵
        
        PID:2116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
        5⤵
        
        PID:4000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
        5⤵
        
        PID:3940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
        5⤵
        
        PID:1480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
        5⤵
        
        PID:1048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
        5⤵
        
        PID:2496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
        5⤵
        
        PID:512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
        5⤵
        
        PID:1744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
        5⤵
        
        PID:4212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
        5⤵
        
        PID:3280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
        5⤵
        
        PID:1540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
        5⤵
        
        PID:4320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
        5⤵
        
        PID:4372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
        5⤵
        
        PID:5376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
        5⤵
        
        PID:2488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6532 /prefetch:2
        5⤵
        
        PID:5772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
        5⤵
        
        PID:5940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
        5⤵
        
        PID:5756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
        5⤵
        
        PID:3816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
        5⤵
        
        PID:4212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
        5⤵
        
        PID:1932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
        5⤵
        
        PID:3772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
        5⤵
        
        PID:6104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
        5⤵
        
        PID:3016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
        5⤵
        
        PID:5240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
        5⤵
        
        PID:3008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
        5⤵
        
        PID:6048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
        5⤵
        
        PID:2672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
        5⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
        5⤵
        
        PID:4952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
        5⤵
        
        PID:1248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
        5⤵
        
        PID:5028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
        5⤵
        
        PID:3544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
        5⤵
        
        PID:1860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
        5⤵
        
        PID:1032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
        5⤵
        
        PID:5784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
        5⤵
        
        PID:2556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
        5⤵
        
        PID:6376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
        5⤵
        
        PID:6420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
        5⤵
        
        PID:6568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
        5⤵
        
        PID:6836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
        5⤵
        
        PID:6960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
        5⤵
        
        PID:6948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
        5⤵
        
        PID:4468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
        5⤵
        
        PID:6564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
        5⤵
        
        PID:4936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:1
        5⤵
        
        PID:6772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
        5⤵
        
        PID:6792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9532 /prefetch:1
        5⤵
        
        PID:6648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
        5⤵
        
        PID:1768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
        5⤵
        
        PID:2628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
        5⤵
        
        PID:2884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:1
        5⤵
        
        PID:6356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9408 /prefetch:1
        5⤵
        
        PID:2076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10380 /prefetch:1
        5⤵
        
        PID:6024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1
        5⤵
        
        PID:4192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9528 /prefetch:1
        5⤵
        
        PID:3260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10508 /prefetch:1
        5⤵
        
        PID:6660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10652 /prefetch:1
        5⤵
        
        PID:5072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
        5⤵
        
        PID:7280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10964 /prefetch:1
        5⤵
        
        PID:6824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10396 /prefetch:1
        5⤵
        
        PID:6860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9944 /prefetch:1
        5⤵
        
        PID:8136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
        5⤵
        
        PID:7584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
        5⤵
        
        PID:8088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11448 /prefetch:1
        5⤵
        
        PID:7480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10964 /prefetch:1
        5⤵
        
        PID:4132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1
        5⤵
        
        PID:8116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11644 /prefetch:1
        5⤵
        
        PID:7848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11480 /prefetch:1
        5⤵
        
        PID:7836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11744 /prefetch:1
        5⤵
        
        PID:3896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11956 /prefetch:1
        5⤵
        
        PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11096 /prefetch:1
        5⤵
        
        PID:7696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12076 /prefetch:1
        5⤵
        
        PID:3120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11992 /prefetch:1
        5⤵
        
        PID:8688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11476 /prefetch:1
        5⤵
        
        PID:8716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11492 /prefetch:1
        5⤵
        
        PID:9048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12192 /prefetch:1
        5⤵
        
        PID:7656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11660 /prefetch:1
        5⤵
        
        PID:8596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12944 /prefetch:1
        5⤵
        
        PID:9064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13060 /prefetch:1
        5⤵
        
        PID:7208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13244 /prefetch:1
        5⤵
        
        PID:8488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12084 /prefetch:1
        5⤵
        
        PID:8460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12440 /prefetch:1
        5⤵
        
        PID:8212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13024 /prefetch:1
        5⤵
        
        PID:9092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12140 /prefetch:1
        5⤵
        
        PID:9144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13348 /prefetch:1
        5⤵
        
        PID:8720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12212 /prefetch:1
        5⤵
        
        PID:8320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:1
        5⤵
        
        PID:9788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13472 /prefetch:1
        5⤵
        
        PID:9812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13224 /prefetch:1
        5⤵
        
        PID:9400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13652 /prefetch:1
        5⤵
        
        PID:6976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12936 /prefetch:1
        5⤵
        
        PID:10188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13208 /prefetch:1
        5⤵
        
        PID:2988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13808 /prefetch:1
        5⤵
        
        PID:8336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13944 /prefetch:1
        5⤵
        
        PID:9292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13920 /prefetch:1
        5⤵
        
        PID:8336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13692 /prefetch:1
        5⤵
        
        PID:8548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14296 /prefetch:1
        5⤵
        
        PID:9800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13980 /prefetch:1
        5⤵
        
        PID:10032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
        5⤵
        
        PID:9628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13660 /prefetch:1
        5⤵
        
        PID:10052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12320 /prefetch:1
        5⤵
        
        PID:9936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13624 /prefetch:1
        5⤵
        
        PID:8640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14244 /prefetch:1
        5⤵
        
        PID:9932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14288 /prefetch:1
        5⤵
        
        PID:10052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13424 /prefetch:1
        5⤵
        
        PID:4068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12749640888937821988,9470948456381910793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14088 /prefetch:1
        5⤵
        
        PID:9624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:3936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:4596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:4356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:5020
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5732
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:5892
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:6052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:3188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:5628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:1304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:4020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:5172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:1208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:1416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:5492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:5872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:5896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:3976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:4848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:3720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:3264
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:1300
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:5052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:1644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:6300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6316
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:6220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:6652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:6420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:4564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:6492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:6548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:2024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x98,0x9c,0x104,0x94,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:6900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:2348
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:3748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:5400
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:6368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:7892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:7408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:3736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:1572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:8140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:8612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8628
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:8252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:6568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8944
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:8816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:8540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:7692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:8332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:8556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:7416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:9720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:8364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:10068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:10104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8232
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:7300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:8912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:9672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:10012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:8620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:1060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:10020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:10216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:8580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:3872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:7120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:9724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:9392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:7536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:8712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:6768
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:10004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:8344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee3fc46f8,0x7ffee3fc4708,0x7ffee3fc4718
        5⤵
        
        PID:9532
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7588

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Njg1MTE1RTUtQTZFRC00OTU4LTg1MDQtOTVCNzMxNjQyODRCfSIgdXNlcmlkPSJ7RjNFNzBEOEMtMzRDNi00MjFCLTg3MUQtQ0MzRTFENEI5RjRCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Qzk2MzUyMzYtREZFMC00OTI4LTlCOTAtMjgxMDFCREVGMDI4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDk3MjUwMjkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:5012

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7d6d4a7c-4d75-4942-a968-705c62ad01b4.tmp

Filesize
11KB

MD5
072a66a408e96e455ee2e7db6120bc92

SHA1
3b1ddb272f6e9255b789c8e918e38c5cb356bbe8

SHA256
e13cee6ea1398f9bba04fa7bf688898d32ed60f3793e42f5ad4e34ae2c6bd64e

SHA512
60be9c077aba8e59b7dc266a165cc8917805715eaeedeff1e04a7bc6eb06af2dcb224cda3f3cb4366b40673a3ad38121e7615e04ffd1ec67234b6b1975be7764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1e280cf422534c1043e1aafe76fd2a4

SHA1
e9ef1c4c4d7ede09e9887f41776a5350dc8fcd48

SHA256
e4b0b0e8d8b8c5c687a7706a9fa65abee299f38b34a655cafc144f61acc68053

SHA512
54a3787e15b5bdf5267997febbadaeb0f30402dd56f2b766f94203026e13d0f391a991f580edf97d65e614339ce5a1cc52bd2744a43a96741681567358f9a138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
08b321b910201e33005982fd1f6a97ce

SHA1
cf3f6e897dfe0da5ad2a6fa540b6a369c3774631

SHA256
f09868d8c297c94344f0f89939b1f28988e2a99a56519936a5fa3edc8a6e2d2d

SHA512
7dd980ea4c2f9f53a0f11fc6c33476f20ccef5635228a0d8c8478a64604a4f7a4f838ee4ce7b8f185eaa3c4626a3a2f8def9c54cd5ba0e19ee6a27c556155857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
71KB

MD5
e56d62454dff11b61f910b0fadf7bc36

SHA1
3ea3a682f6f95d37d04d5c04fa46f1bb1de1166a

SHA256
4bfa7a058a1700fa91405421b62398d43e073dde6e36b8a92de0f59419c7d929

SHA512
83e641a35bbc9a97116d1c2be311a556abc55d0c385517c125c71232ba006c895c962469be5e9adc2dd98ca725d19894c665440ef479a63fab6b2048d76848a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
134KB

MD5
0dfb7c5968a58c30fac2805dffd78410

SHA1
52e74e741be2c0b4054dfff29baf1e5b03d905ab

SHA256
e565fffb10a4d9ad867dac3181f4ccae65f1a5aa6b990225df5d5ab3c532c7e6

SHA512
69ff608a12d898fde729aedbfa15b12bfe5b6ee7ab0498f5003cae58281595df5ec21a3932708ab58f94183318655052d53c37a148dc7ea75fae8ec0405d3f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
37KB

MD5
ae2b5e6fd36c38beb90ca24ed95ddb5d

SHA1
b447190bb67f2a881b718f6cc70a136d698fc5fd

SHA256
cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136

SHA512
5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
18KB

MD5
45f4d9e7d2e260e8288babc1c6509235

SHA1
00b2ff2b04aeae39c3a1acd010c8814bf9f775e9

SHA256
9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7

SHA512
f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
82KB

MD5
dc4441cd1401175d91ad2a6cad947dce

SHA1
ab718c887a7535576e34b4d53d47c952a8008be5

SHA256
049da6e65703684db771da2aa19f617327407cdbf0b31d2aaa2def61ca4a55b8

SHA512
288caf1116fb62f79364972bfa5ec85ec8dd437da2363694e6ec0d89c5434e70335d7b88c480a7f317c0984ce04fb35aa4c4506108ddf50e8f08543fc511b86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
47KB

MD5
5b611912157812382ae02bde399ff48f

SHA1
6089fbf66004233d7f64b590c883156200df8c54

SHA256
8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1

SHA512
357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
28KB

MD5
5b084ff129d94130db65e10c250eaeea

SHA1
341b0d4f03217eb3400882c5537018397e48c814

SHA256
68a513efd55f23752d27b2ae692be38e1faa42e9a0c44bf616687f3c2521181f

SHA512
a72c2928f88c9821504b5a038c4aeedbbf8e28a2ce0b04c7af443359d318e8c75767269fbd5165f145cc256058c3d8c391905ef8643a6634aa346aa91e521ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
128KB

MD5
da32aec4c579bc123a7ba6bba07bbaca

SHA1
de134ef89975962167b312751b9b9fd49ebcd237

SHA256
c97889ca2b8a74bc0dfa6ad3deed607c42fff1a3b4d6c7f02abf423597664dda

SHA512
d0ae07c1a8931be313f36836299ebf5272f06156d7727a5846eff14359f24c8fda675a487c2d2c476f4e00a4a075d5042741dd1e30cd72a115138f521b3b1ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
129KB

MD5
3ab3982799121b2ee563f196eda51570

SHA1
c6741db4421b265ec9caa4e503bcea0ddb8a4416

SHA256
2367bf9d0c8a73ecd5964ed9384c278960f8105eb648a880625a71c9396cc415

SHA512
157ff313bd65985f93895313dd03dc221c45e482220dcf1fc91b132b37127224c99669377bdbfdd820615d8b595b4671266d6f045bdbe85a561a5f076ade158b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
55KB

MD5
7825c01f292f82737ff97e24a75a6351

SHA1
4217b9705acf58c33fbdcf5fe5c4032892ceb184

SHA256
bf7ec2c67af9c378a35ec9f1b466cffc2084654e49cceb09793ec96c1bf8a5ce

SHA512
28741c5ca0c04783e316341f659b1a8a3bd0ae20dc0b3322b6ca116a2054e201d4b885864b4cd5de7150b5199b59a9ccbc0a13234cffafe6193d37d631d1c3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
46KB

MD5
baff94c63010c402a48da7cb2ef08bf8

SHA1
a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407

SHA256
517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf

SHA512
d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
46KB

MD5
50e7c652cf5d57d97906cc8c89cccec8

SHA1
b44c48b98c90686ac69762412e87099693cfe308

SHA256
17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0

SHA512
5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
32KB

MD5
4956a5a7644eeec3c23c11c34eb8d8cc

SHA1
a5a07b734e130facc24e0d45b3931d23c4858174

SHA256
0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5

SHA512
bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
59KB

MD5
c6b0f95171fa2aa59458f9c82f36fa41

SHA1
203e9f34c6b963cd318b7eaa65d35b036a88fb5a

SHA256
839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322

SHA512
da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
122KB

MD5
683faa80384ca46f3cba85b1fbf63df1

SHA1
b271598042473aed668a8453201fcd63bca852cf

SHA256
e563b4939f7f99e8e1d327f27a7c742dad05c1a772b6c9c665c6e17f99653227

SHA512
1e6ad861577a7a8138279d22fd5482409adcbeb2ce12305ac6c3904f2ea939307555c30fc4c8b098b36764bf3a3349a8835803e908af6fb08a3c44da60a80157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
135KB

MD5
5eef5da345f1f1c6d8c2d596ff63cfe4

SHA1
4d63c362f77f4f2b6ad8ec71475ac4c2b8b79fbe

SHA256
43a3c7e7e8e9072b23d9996ab01166e8c90925ea2d56da7482667aa50ef35162

SHA512
29e3ce496a5679a3f131bcd144749cc22265caa5cddbb253a26da007cf420481e78d3bcb4068543016e463dfebd48de7f52964eccaa16b061e1999f2c792bb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
20KB

MD5
50a5fb0f9130c7c5a14393abe8067463

SHA1
7b838e376e372bfaeae763d1dea6039a242e6e2c

SHA256
285ac034bc4497e8a87ddc798e19d11edb2eeac01f11698434bd82149b229b61

SHA512
6f97559254903982b3b1fdc17520ca64fef5bb617dbd65cfdc46c47f71dd732869dc5028a2c4ac6eca8a4401cd11e8fbf5beddbdde2411c8ee087fb82fc5f466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
16KB

MD5
68c477c4c76baab3a8d1ef6a55aa986f

SHA1
4af50379e13514558dd53d123db8ea101ec5e24c

SHA256
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

SHA512
92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
45KB

MD5
a569d4812f94e51f3cab5eed08c825b2

SHA1
71653b0684bdc6d3659bbf63c9a350aa5ebddf6a

SHA256
1248e3e5a89e50a0c3921c0196b747d4e1e617008ccfe21949dbda3c5cc050b6

SHA512
316ac6d7be2bde5be032ee45cb2035609f00e22670e3d63a185f0f8e5b1b6a1dc48cf1275b1965bb5796cfa705bc0b34e570baf63f49729d0546c42f1c07f323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
138KB

MD5
1ad156ae1d8662a99d551355f1cabc2c

SHA1
c8b0949d82ce2f33f953d5c09f1cdf91d8eb501f

SHA256
d7c890d541149fde0ec047ca91ff7d5f14f775694239781a687abd003adfae7c

SHA512
70f66b38703eac7966fceb25dd55a5dc88f696014737e98a75f31682eee2509b041f9f811d3cc92270f65d2d46852ef6b7ac92efac7d7924ab9c1868fa4ae75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
155KB

MD5
fb803d6299928ae6d04f9d2eee75e516

SHA1
626cf056bc7f0b13d7c4ce0303c14d63126571c7

SHA256
c372e4253c85ac5f138fdc38e0d0edc19e728c2fec641d009b3830b42c1b8fad

SHA512
1c1bf063e684adfe726b9ef4fffa2bf53e20f5a26d87e630374f43d3aa4b2ad03286b949b239783bc2447b86eaf7d8ab0e821920a696ce9d40cb89b36135fd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
129KB

MD5
9b4a365f5f48c17375a58354ed185b18

SHA1
42913019f679afd2c3e617634c3c8997815dd61e

SHA256
7fb49f623b4b148f07f43bba540acb5484de0e1b8f8b172f91a1719337a8bc30

SHA512
0a31d5d18df5748669b9b6bfe20e6148edfc50abddb78d55aac815e00d95ce20583372151cb67f5e50980feeb57c33c00288e3798db56965460f01db2adc258b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
65KB

MD5
d9de0cf282a4521618a7e3ea06ab3107

SHA1
cb7f93bd8ff5f39bdb3d6dd46d85874c50f62959

SHA256
9c2a3331aee4372b271d73625700916e451e0240f40bbe8c4580e090ae235b80

SHA512
bff7736039e6aa53cd91344a80e2456379993e4ea3144537bbe7c441018b969a0b9ecc1698e3a8e941df0234b942bdc7eadac18120693cf99beb9c54bdebc641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b355a8819db3058_0

Filesize
245KB

MD5
bec8ce51974a9c3e1129b12cdbb09c60

SHA1
2feffa7a3a63e857105a4739eec4dc6877704062

SHA256
2ee3ccf4f36bdb8206c733ed546d8b1315e680521824a9c305384549c5076236

SHA512
203a9e2e41b540f4aa2eddccc9bcea03cf75f40513b31db891ecebabb00cdc8a7f6e3da2b31690c6427a98bc43a3cbec07e762c980b893d1f170bb5af75c9f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e7a97cde513e39e2_0

Filesize
354B

MD5
ae0678277d0adec0f99561227f794ad6

SHA1
029d8a9ef45c7ed253229d47f03ba54d2af9e57e

SHA256
a8bca515df1e5202e0b7f64559be549cd32c5412a77001b7904993861c920def

SHA512
2605442c1e56451483f780f552346352f2a3121a889ab0b8fe66df196d25ccdfc9dac7bdbb00911e2096af783b24b6760fe0ddf60d32a8df033ed4a2130f1f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
cdda4a2ac3b53303a0b25792ac75a19e

SHA1
f855998f54f5b8e68d0b9d9f0a70ae90de3afb21

SHA256
d5be545db18b171f4673b25378aba363c2659bc02435aaa68b860ba2983633fa

SHA512
3191efeb5a7d711ead7c8e95f5b453f63eb61731690bb7d95e4295858b2deea30eed657d2403b3ec5da6d759934a5848fb7666929142e4a244a4e9317e318848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
647f6dc07d5a0b954d661dc0ca31f42a

SHA1
447450da31c89fe333373e7234541c19399b6d02

SHA256
a89aa9e7f2cea83c67820fc42c9f88b6bca838f04b93d8374f807d1e110ceaa4

SHA512
a567a87ad22ddc492769275b1848f96dcf8e4f117d3880b10904507fadc8466cb1b462b5f8f5acf7e28369e3f073b4b7d5d7ede443186b8f0eccdc2f5b579d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7f4f5411d097798e62cc3e5da2ca4d35

SHA1
086ca0de922d5e640467e003d0e662c945eb4cfc

SHA256
30b461d9cf053f04c0d03ef7f3a52f0ccd3db0480109066fb83ff6f39d2e6319

SHA512
dd42a90a215e9e2d63ab8c977c160932a92d39b206ff249ad226e53ea73add0a8fbac99d20a2b9d960ec6da8e13ce5345da78b45c1645037253f257d6d1e5b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8ede262bceb5fa521887ed19d60c1541

SHA1
36e6da70243d4ceb68f6fbf474ce3b5fbe1987ff

SHA256
73b0c1188a855e8b2a5e10ff5387f7946e223d1da7085fc3605264730b2eabdd

SHA512
e6bf539316ddad70964f2ccf38cb6b0f26d6136ae6daf0501fc26b34f06b1d292a5ec89ec0cd2b8acb6332e68b9dfff1ab7c0d622cd635bcec3787ef63bcd3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
569c61a041df91339a293a65a3bcd230

SHA1
b6f8713d6f0643a9dbce01367474fcbd0886821a

SHA256
dd283f540b52247446e4c34ccb46ec7f4428854d97a7404b2922447b1f7d45ba

SHA512
e25eac0d140aee4c3312e93efb582de5b432cfd59c334f4ba701847394b8b16713e8f1c547161252896dfa039ef94bf04df8d0c45306830d7a0c184ad4a22a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f5ddc5a420ccfbc3397ee69a4f24ee68

SHA1
cbad619413d814f1d702f60bb5feaed3f8ac0bed

SHA256
e7877d297d16657e18b9745d7eaf3ae49a0f96e065942508ccc6f5510cf2e1ee

SHA512
50c086492b6d2384d76ad492864804610a8277cb6b28fd637b2cc54748706cc2c3808cf74373439279270627fed55ff44bc696bcda102e96cee67a1bf2e26e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1ccdf7353b8d250a2b90f7334cb6647c

SHA1
3f27d03a7c3dcd32c7d9c26550340aade3da2bae

SHA256
790c8cb1287a6c54dae77f650e7800406a29805fefbc37292b39d955232ad0e8

SHA512
15b70fcd397e69841a51f96ab2892ab933cc223d9751d52ffc99e14d844594f27256ee9c975b6a8d2d5a6cc2eba028f160f29e17097a9c2edc242743c95bd4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e39249f8bedea2bca6fa063275b0f7a9

SHA1
dc9023c2630df8445fc6952c8644e1bdfc69814f

SHA256
93c84eda460465b1837d63192df32719fb7d2f1624ff784b0128d064394c847d

SHA512
76c12f505415eca98e85ea8826ed1170db0089c9937fb9674ece33e141eaafbd74163f3e66e43526b7714ec5ab518729449f1b7410cf7c97237973d23147e2c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ae6eee588aa840c82245ff8fa76f460c

SHA1
1d733f92cce67f3345d9196be1fc5b5983d13862

SHA256
1baea47b0c301598e4f142267d92fb1503b5d76ce748cfa1227d82c980b3acdf

SHA512
f0ebaf425467c01abd9db680b20f931ce9bb7d800f31b5166dc04f599da369ed276aa228017c85814468d3b3c9ad9c10cb1733102a7134a35dc4dfeea4947f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8350f3e2aa79dc133a90fca2f2a8eea7

SHA1
4085dbad879e8da9f5649fea70ae327ed57de610

SHA256
2c63a3d12139c272e742b7c3072908cab3179f48a0f7de9b1d733246af8c856c

SHA512
00e8fde39cd431c9a22f499b08f7ecba3d0ce1de9710b557482b56e195e5263f688beb5759c9ad9e2665110227f0c6cc073d7a2bf7d97b33d709b12b04d4ebc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
274f8e4b74b1f30855642777ece90ac7

SHA1
25856bf2a6c936762a4b5869184f1407ed3dddd9

SHA256
9a56ebf0cd29994ef292933a42bfb47ce886a879755a2df88371c0a3c7352055

SHA512
d37ea6f68479119bacd982f51ecfe9146fc08afe1336bdf82028e9b19fdb0a3c6fc7f57dfba71490742d3f647df5c361397f572544a13a0056532c93f1d5731c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bf587d9117d90e90da974f890dd7a023

SHA1
cfe84f29872eb077d47d4cb447ed26e08f023d6e

SHA256
dfc0f2f979ce5065463d70911befcb4c8acb85e84068b13b029850d449cb0665

SHA512
81146af5827834ec31420b7af9b298709695ffd5912dd8384b81a1aa5632830b0306af606c1c5dfcbe56b69f1122592cfb826715b3d68c321412a6c3a374d7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e4bbdcd1bdadb1ff6fcc511aba13d078

SHA1
f8c7c311ec36b0e3f2a22ebfd9912bc8ab416046

SHA256
5b0b50c230cf415ceae014feda4b316afcbf94ef0bcde33b3cf15c78598bf342

SHA512
dab18d647f777142c4715d4fbd82fba17b6f5a9ddad5f08b0421fdd1c16e604a0b3483d20fdc63aa5f231c452bd06f4869753d1987b71019ca128aa2ea138ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f56443788107e8ee1866c5c3b837603c

SHA1
5a0852a9f186c1dc74f161dfb252960f4a5d4ed5

SHA256
cc975707674538ddfec5cee74d2e6404f6eb6ebaa2ef73246a65534991ea2594

SHA512
57f9f7531dd70e5d022def3653da364dcecaa021581a0b128d6e693f2e37fd56e949931ca54d7c3203a117efbab241ee9338f87e5adfb495b4252f9422d1ca88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
59deb9c3bfed03b303114d227a2dfde3

SHA1
1c3ed2f84b2ffebcd124e9f54a747fb5672799cb

SHA256
95a15e1a5b336b703ff9e65d60836a9bf65791c237e0c0d0e944493c5ba0e4a1

SHA512
2b00e42d58414c0a6133aa39923353f67b23af1b41e4fe2236688705f1f20414530b50c8c6430cb052cc1890dc4e5b925e16a32ae6278c6b0845a04049982269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7bcc17c59d60b9678b2bef2f5cdf1a88

SHA1
abff1df864d07a6ff0d8b296e312c83ebff76662

SHA256
d8f1293d0b1b5e579bee55870f82f21349841c1cea2ebdcfb2b9b690b9fd53b0

SHA512
98aa16a1a5d588e183fa37d6340b9adff27fcd6c030ac947163d0038cfbbb22e1e06248cb66ab14de84079a8a5318777b7542f4e66a5df3e5b00a725d5ddee85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
9d1368426fa43f3675dbb7f8610065ac

SHA1
f055308c3fe0916f6987401226360d9d4d049c73

SHA256
7a997e038b70783f36318a0f5f7eca9db377375ca5f63a9648d35832100cdd55

SHA512
e7425141d4609512cffed9efac343aff8c878d95d9faabcb4b7cf33b51c1deff07220c4da3f2fa7e14fa2f9746d8adfa7a99c8251ca31ad3cea284a975b87e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
d8f686a63f004724c38c487faff3f2d3

SHA1
eb05b4d0a22a63738ccb5cbebfbf3d956ddde5f0

SHA256
5b69b85d441cf20290a9dc45959c32d5ba4c1bc2d3876f12c396f6db9951a5bf

SHA512
0d831626dcc4240197f73558ca56d087dedf995636f8a5f5a2856d61b234097617db385dc6af966eb8c07873897313ac6380a8fe7a8cd9a9eaad12d60b3a065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
84aea80fa28c7a6b720cd03c2bdd88f9

SHA1
f5e0247f916e33d5aaba5d91f53c33a4317f5d62

SHA256
cefdfafccce926d734bd5a6abee9003f1b2acb4690f885978e2eae35c1beb5ea

SHA512
97fb1cc3d5d6055e5ccbf2ff23d1538e5068687ef2d0f29fed53aa149b985e1cead8199139a76108eafef673665611d5f31a8146b0c8162b0f3aee4e0d292768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
76acdee309d6f7eb3ab491c98401e3dc

SHA1
407532ab84fcb1ca3aa8f25dc6ae86cb09d58d6a

SHA256
b66182c0c041b57cfa9b18be8b7b6d1101cef503cdbc51ffc0bbfd9f5d5c4d39

SHA512
9fd24d8fafe1daf2c92219e06f4476a338a5cf0e9d3c5509ac755a943caa63b8a166076356b6a0dc22130a7847c8479b9a82a7afc10b3934349f4fc011861d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a58741129796204356deb1531ad4813

SHA1
b2b28b2efdf1d74493bb5fcf9bfef6abbc683989

SHA256
389547b274bdcf729d37644ef7703f84f1e15f7a94b366d8d592e0574ee920c1

SHA512
34c8f7a24fcd99030f9f6d42677fdfa47a12c0649865491696d14b28b1be2d8e27ed389dac3a61583d08764fbba311d6e4c3fdc3db03cf44f0be090020b10da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9bea11d8cd9c2f6b5e62225499f1c3f

SHA1
bbdc9f97ef6dc7526689109154460084f705acc1

SHA256
4891971e443d93843df05866888af2d8d5d54e41067f5ceed51a16e5c36dc2b6

SHA512
5702aa6ad342df4429b926219d12a1140fe9ef88b4a75c07ac573545dfa2d95713e5e7c4d877bca2eac85e00e1148a5cd8df0260e88335d8bdd5097f5eeeb395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
803ba30234e2acd87661ac4d13f6e4a4

SHA1
f44691d0583c2d7ecb71b4ceb984fa3885ff4d8c

SHA256
59bf56e084451cc92e575d9471bb216d8265123c705eb76f0102c6e4f3d3d970

SHA512
6c43059bd15f3360399bcceb6c987fdc8b40206d745b00e6eced30905291644784e412cc39de79150a22e597f26ac718e071fd88a352e4d46832fd414afbdc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
127cd3abce4247f1da149f22c1cc6a08

SHA1
8236484f1245541595fa635a60551426635ba25d

SHA256
ced5d22408144b3a26aa630df64b73eafb1f100f5b77221d502479118f47567d

SHA512
cf9e6743eba2778590b669da0dd5fe9b0e96b36418910773dcf57e89137bc9a6f8be354b6fdb26a878be0b05045de3fa7a90b356a74cc8681d179c47df278e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e66dffe84cc212b5714f631fd335976e

SHA1
4fd53c2bd546cfb9d4c75260d0d93a7fcf795072

SHA256
be4bb7d09d3c3f2ee51a48b1846ddf28fae8961ff2f72e4b5421103c376f5437

SHA512
2a6b75f1768e6df2bc07dc59fc616e7ced3c6e5e7c972588de18d53e0dcde0b38f562898d97c9103f4fae8dffa5e4d7ce29af0e9ca2e20dc7c2fb164b4a826de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
06f3f705adf3043941d2825077a3e68d

SHA1
2ca292132dc6552cd33e640da5fe235a3a612d29

SHA256
fbdf1464f80925703e5f35fc9cebbe423f554be7c7b6cf58cee5a62d5a8ca29b

SHA512
c73f3818df66a679cd912e8a242e3b0d16ae45c124931ec8776bdc2bc52db0c77d0b2e45692e39523f5c65aad54b42247819da12491189df86080f38268cc3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
75814036c0b310d3047d8cc759c21793

SHA1
f1a4a112ebf9dba754bdfc60efb96a689716cc1b

SHA256
2ecfda6fd3dc69dfeecc28cfd427e61fc8a199232c7f1abcd4d8e4137bbbdb9c

SHA512
cb4a804d808f90a8584bb1c9bf798ad715b71562756513aa0f91af4f9c99a04fba0666d922e60b182a473c13744b5f2652342e6d5086e2cdc9d372df006eaa10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
639c6f942a687a22a8655ac5ac8db565

SHA1
a535f5476e86324dd566c9013083ed2c43a19f1a

SHA256
468ae6a5802a6381598baa10b4157c88f59c4fc838fce8ef6288fd2e44c2a042

SHA512
acafddc86bc16e069758be793e2270c2a73f24ef34c26522da252d90ed0cfc1c9cf2d7486fea387f947be018dfcadac49c794da8739e296e96ca58a17e56b3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bdcb92e03dca82f3a5000eace208ff26

SHA1
ce4189d21a0dce6ac8b2148acdbf81591076ee46

SHA256
9b4d29689bcfa9d20fe64be62aee14bc6d247393fe5dacf5a4e3c32d8cf0fe32

SHA512
060f4366a158e4037829f42eaa2085554afe8e1f8884966c16c275f28074492f28523796c14ee81c070b914262fab3b6f903ffa3a96ef86e958f0b99896b2b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d0aba01c44961b66eb2f9db0db487d44

SHA1
f23751bd3a686beca97116dc69cc2c5418078ff6

SHA256
3e30eb78768960bb6f1f36ed9951f293d81898c6265c7f68d90fc003471edf53

SHA512
9758ca0260a2ca8860887836184df51f17b87f9303309fb3c16f650dd29a852d7ff57ed20e497fff1f0f294f08bb9adac8a2be4ebe548b99b3b7f3de2052b2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a2cdda81512e5cca106ee8f9cc5b24d2

SHA1
9a428e915324274db67293d60642a85520a142d4

SHA256
1a83d80d2ea4c60cdc5bfb697a6ec1e1fe53bfcbddc4288401120ad6f5aff642

SHA512
244b1286ce393c9c1d174cd05253ab03c10877434d0e1c4ed4e379735f3e76293f841eee3088003ddc25f95d09b455fdb71fd11ad03988fb65d53ac5da491ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6bcfc075fb5bca80ae704c0d8e5fac1f

SHA1
ecb8ede7abef5e0f1fe4b018c93ca9c8913fc30a

SHA256
57d6b45b8b62ad5e936095e90e3b0c3f0b1d32585f0a3a57b377babdbde5f125

SHA512
c651db85c3f80e136dbab38990dfeb1e877d9c418b2e2041da355018f4abac2225ba8f919b8dce0723a9648b6319ed0da44ac220c632ce4610555fa986299adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
31474b3b5f72befbabeb1de9342542a8

SHA1
8de66ad439819bdbc06a9ffa8b133238051a1760

SHA256
05ed69b08a6e5c0d0c2b36e26d8497e20a1e823e8b52705a96d5dde78f7b3703

SHA512
399b3870e77bb19775cf40fa20302ef957191f997f645689ce5f13501c64cbc1dc3ffce149494c8b2889ffd66c0c0a2ab2062b23b5ee280558dbf03d845df80e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
99f497b70590ec24463ea4678a90e758

SHA1
81f88dfab0bce3e4cd62d6eb7a2de8d3f44e3869

SHA256
fdd876ed3cae32be693f08dfb873a90062a0bd077d3691dfd74aa7816b753391

SHA512
e909c2f4e7df203dc72b476fb4ce9eb31f242835d03c2647580e45a14e1b744dceb26a74a0cdada998ffeb0a76388855e3408745284b6ceb7670eda38e31ea9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e5d9d3d5af65410c3a2079bed8772916

SHA1
6faf30d7c1718172b4832f116b1cda03f8e88c97

SHA256
2d369f2c0bcc4f22968b9833768216ebec99cd693a443c23a263331106323473

SHA512
304bcc7ff5aaee8ba25a169fada11e362017a7d75b34eae06e7098bfe30892733abcb768105b0223791c1f86d4f0978744bd69f9d538e860a9554285a12ba2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fcba8b3a381981a66e0c1310ccf2a0da

SHA1
6aa801a155799085917c75d8bf44896b294087bc

SHA256
87fdcc4c64df5fe25581a24df1f327d8903a6f14cc2142197509f492be2975ea

SHA512
70be5b2458d2b0957dff55fbf3964896c287e7e6151f3effa8f8f8d4bb45b882978a06aec3bb0604ddc661427fde63c3e1b0c9de3b990403ed7c552f83c617e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
469baccbb506b25d089891418c098393

SHA1
b3e56dd1e8ec8d21077453db4102bf83f4ae5667

SHA256
1c52fef8d418f3f4f55962786f4d7a35cf57d7849ba94f9068781eeb004311a4

SHA512
47fef9d04c9ac271f2ceb65dd55f47846c6551a81d4354795d02b4558a9c31371c43016ac98d5e6d4e5a58ac2d2ae56810b6edb8b3e5989f0f26708198d00d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6c464906dd0667553720d498e308c284

SHA1
9401231a23d38a82af9dcaef8bbd269df2e519f1

SHA256
ea2a3ca1f3e4dd37d089fa920d88a4600a16e26d89d898a657b73e6105648cb8

SHA512
2d038d95c1973bca89a6ddd19180fb9c385a627f3b281e0e2c090ce28f8242b298064055b47a701d5d85ecf15aa649a585b7d5484ed320c6926b75330edc23ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ae60b833aa691502ec49b01384116264

SHA1
319265237fe0e93897d5b91cbae03330c6a2eafd

SHA256
82ae61e19aa91fa809ee510c112a875fa6e807df27ef7418de84c5907e13f25b

SHA512
e26d720d8dc1b3e6492711b34411cffd1aefda8fb5d684de5faf6900fc22196cf1bfc2ca9280427ee767fd83cf8801e0238b1b8830cfaa337aec723f3ebf6102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
041284f32d2400bb0d392ccaf171e068

SHA1
097d7cdd898c4370e2dc56c3e49be51568e47367

SHA256
ed9466d9b67bbff4e5c3636ffb44d2f87993d385460f38db7485af191d3a14b8

SHA512
3188792a8cea462375157fa782d539fc2f707737ce137194138b3015cbff5f9692b2780f5d252a6d8f4b7bf4bcdd126f41e64acd67e9d960bfe7cddca81a689d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
33885c0055ad2f0b8521d08e17ef385f

SHA1
0091cff12a861f44b470f735402d5be3b9439263

SHA256
4baa3099856b62ed4b82da750c24afa2faea30ae853ca4fc4260268d4b67a050

SHA512
a627072ce6cfa2c6f7869c114e75b1c18864edcc499288cf207f0dfce3900d38ce6b0aa3b5396f554e56bc9bf7b9aaa3f9684a22f2a5cbf7db03dd604945336a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
2f9ae83b40290c8c10cfa39697d35b50

SHA1
31c44770abdf104827e79257ecac17286bf558f7

SHA256
4de4214f534df3607a9211d70bcb757aa2268f45da477d82dde765568c194f9a

SHA512
0b17289b326f1765164460b389b5f11a5d7e5d86497a729b4ee8c53567327a7693dde7b2eabf831acdfc47119fb890841ed4f016c5c91bdbaa5b0322702b8b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
94f15ab5f1e1d7dca5427601dcb7a2f5

SHA1
3c7aba4d003dc2785383afb3a0ee56bb944cf30f

SHA256
2c93d3f8264a4cedad3346f088375fa183d8ff725f5673a8c9a997092aaeedf6

SHA512
90777d558ea845d19ad48d5032e044844b3d139db32cc8fb821bf98c3738e86cee0632d67c079f25c1ef344d7aa012154d5030ed31630d7cb5b146669ee0e54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
bcc54eaf1d1f4eef9726b32d16f25a80

SHA1
223c64469e6025b48f6acf79bebd157747c19086

SHA256
9aa17715ade688745502baf9a6a853a4a73752bf0250169af38e9ca4479021d5

SHA512
f93f4aa220cb766ed0c47f406ba8d8cf4bcb7d3766b6634c06416c3febc41c44fc468bf0c4bd0ebdbde1af01121474b08eb65694d5f77e8244e25586b0276547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8298d458a5ce86ddb2d728000d427db9

SHA1
9ffcfb050f2382dd9981f826b8f2284ab4f09109

SHA256
bf34731cf84e28971ca882b8d367e0089805f0f4baa896da819dcbce6298c2cb

SHA512
d836746ede1c57843c30d8af16976f035d5ff04f98b56d56f7370ecc72c4b1baca0d63cb870d9607c4a29819ccf2a8d5f5cd5d740e7b3f9c47f07f8e92d2789f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c4c4464fa14e6755eb9add10c636e178

SHA1
9426830baede6f6d1684b8e5a9ac775086a33fc8

SHA256
a0caf6d1942d3253aeebddec6033b24af354336abd5462ad5d07e971a4165794

SHA512
d8064490c77ee12c51770e2bc1791bf9245944bf6a4bbb6ee620239e3a603b9fc2e5e4d6bbacc424b7e346aa6f14eaaa970f6ff37c3afbddaeaae2fea799c111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c591f10e2bb6dc39319d8f8c8b0169b9

SHA1
16aac3c88fcca00735f59d71823c5eafe4544682

SHA256
64b54a523e484acf05515283056ea5ff042c6d38c8db9841a27d8ed16964a151

SHA512
93104886d58e073d64bb1c5c83a6fb0bdf68108aad1b65c27ca570cc42e389c4597e34c241b81f9a3b73c366cee0eb3ac1646d2a49d57a77cc9a3896c3966be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b131749309540c538ca67432e85c6fbd

SHA1
3b27119298b7ecfbb7cf50ed105ad320063d7c75

SHA256
3e4abbb88b52b295f8fd576dedb2b259e10939c1bb6b337b3c5b7b67661a9968

SHA512
c919a696ee1218a3e3e096fe9ea397a7f5b55fe7a2a615b96c79d61ce13af610417b16c007fcc67519e89ef3c7bd078416b4551ebedee97e17a15274be229d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e1e9ee3fceec8b9c28fbfdb3e5267f82

SHA1
9ffb496a7592dbe520a48a00096e833643f6a11a

SHA256
7c9c64578e2b102cd197760b4520cf29c8f26d212f284d91bf028ed6d29a4cc8

SHA512
b5d51b1db5cc8ca6f0fb56acd8b36a40b0004cc7b458730e57dce7f7035cfc701be70338cdf232828c07e00d27843d1659c4982db739fa5a4dc9f467725fa690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c9c31aa0f3b2d2f0743f1a645db723d5

SHA1
00889f1f5884ede8e1a12305506914013d0e8098

SHA256
bd9f2b00b5c36a0eb9822d25dbf924f6a098d218f1c9b742011124008a52abaf

SHA512
01daeaa8b4bd5e02b1fe4e0036cbd087b3956a222e0c0b522ea11f5499ea5073c5e4efa6ec1c3e83c35c359c95b30b51e25799b2cb18cf7b41222ef0f82ec262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
40a5754c06f983adfbc3a829021216d1

SHA1
fffce27dad5308f1801a1cdadc9d6b627061e1f5

SHA256
58ffbd49d66a76725ef5ec6b93ff403cd77a6f8bd36f253b9b8361a8b3616c67

SHA512
7d20065ad25cb4f249c8cb3e266f8fe71b72e571f6aea97caf8cfeed0ea006a7e7dcffbb688b66b96f193062213e0bf19c315ebff0ef5e3a391f942f57d76dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e6775e12cb3ee293e80dbfdf9d08204e

SHA1
e376159887f1a4158f66407b4f4bb9257c73901b

SHA256
ad4f2bbd59b1830c66f38f362d2fd06054461c696f6ca421396b87bd9afdb8cc

SHA512
d1387cf3065d0a238f4453ea07d3e585307d0a346c5054742346a0d10db53163972a42bb1b768f0c56b2d5ed4505485f519a26170e28f5c20fc9e889b070906f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7941e1acf6e8fd332a4bf3cdde4ca34e

SHA1
468815e6e360dd2ff2943d8e9134cec552af24a7

SHA256
1f2e012819ff68f1cbc577ee7bc6de13f7474552d7d52cc413d2e68b01466d72

SHA512
28353e7aaf4346f8d4f3414b25e11ec5cedd61387ed4e0ea52fd071ce61dba87659dd0e4f6385834500aa19f84d4c1d1ee4211e295ebe2e0beea9909463c93fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
214afd52d9d8e16be1c35100f8060af4

SHA1
4a66d7765bb5eac30d13db880d4f86fc7e0c54d9

SHA256
3ef798a0f8efe2cccd43c652e57302b5ee78e14910064dbfd2b8b975603d5359

SHA512
98779d6cd269e77e9f3b18163ce67a9dc478e43bf3d6ec1a722de18b8e11004d9973db581430c7413ba7f5af9568bd2f08c19b2555f05a3132597d27e4b2ca80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ba8cf04bf8d661ca493e375a6cbccc47

SHA1
31a58583be97d6ea9e9ed31259ef29cce3719292

SHA256
8c552a1f04fd127b5eaa0ba4da2436bd8e73df0edb28a482bad425ff23f951f9

SHA512
639ea4383ff0326fcd384be3a02a85f82382758f4fd5ae46eb6be8cb9ac4bf38998dd5364149eb31d8902df8f940031f48a24eda467d4aa036bf6afc33df5afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6d6c7367e24819f9ba894f70b3d2adf9

SHA1
8a0429cfc97edb82d9d66bce01d71670e1e68915

SHA256
ae5c4a02b9a17740da227b8cf07cfdbb955c98c7831f6490117a30b17ef51b93

SHA512
f0728eea7ae2f2839dfae230fc659bf36fe969760205328fc30462fe37561df988fbaccf215f4e34ed917cb00c3ab199500c199ee51c5b8ee5385b4705b81c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
085416f26c15e21f2ee3530568ccffc4

SHA1
3cd2e8aac4e648fe681946b64779d15329987369

SHA256
9573a911d670eb638c26e79f6f158a142eb873ae774bf0080540dadfd7370efc

SHA512
861278e86145972aaf7b074c536fb147e1c60db4307ad3a9585f1fc25882021db58e5044e0d4f81e9403c7be46608600d457d46119f241cf322cfefb5352c7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
dc1e6612fa4af5f4ccf9f473222849f8

SHA1
210e0d0e6f8ec32b76685c165a22b80a3ba31d25

SHA256
00dfc2c4f0381292898d91ebf12ce0d78ce224982253422926b49871624e96ec

SHA512
514b42464c9daf6ae62b1331b2a296cf6b00f62b2369494be226088ea1c33fe1a9f5195168d5dc1c9c5316993195c7134b7873ca5889b656ba7915507c48617b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d9e7b90dec3ac57ec4b7824dcdb80752

SHA1
1837d7cef0eef9c6b39d77df2906579367a7614e

SHA256
3acb243a44243142cbe6be3b350f24a47d72761b2a3e7c5b15518d3db4caf683

SHA512
51549d41dd169af7fdb121b8bc77d4fb1b1acd2dd71dc56cdd665ad24b208c75c3d5f5e5078fe777f352bcd85bdb7ae24704bc964eb9fd0b9df509d50fd42578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fc11271ae8a829743a963be5e4cdcfa5

SHA1
a461009428d1381b909ecc11041661072dea3290

SHA256
14e77e2edffdecd23149f3d26c8a5957b9c90b72cfa7ca1426c6b2ba4db348fd

SHA512
11e55c6d844bf24fd2b181ccb1577406e46fe0204b90fcbf35366fb16f8b66439af8aae17e0906889b5f058dc283788f34b50dffcfd62f1bccd0c6eba801cd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9d8c454e605882fc9853eaaa741f5766

SHA1
351e4004d642ee843f565c76f86a309bad98532b

SHA256
fada77464a904f399aaf93e25786c0a17da2b1cfa228b307958c1733cfb9c1d2

SHA512
785fcc80dba53739c3e497332c381e8d017015b188da191f9ed200514385a217fad296e94b420b8e747ddfa80272ab4c0908eabc1b6d18776e4b88fc7e3b1c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4fa803cea60d20ca14c59dc13de9e5aa

SHA1
b64b070b35a988b040dae0be685d7330de43ac41

SHA256
bcee3a2a60dfd1f5577c4df20a33d6ee2a358f7c28e4d0875772eb552622bbcb

SHA512
9f2322096692e8f194ef9c1d8ca43610847995c4b4a0d1261e1fd788f65d26778ce699824deddbcfd6aad8b7365f93f73e56ee966f55abef7229e44c8762767f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
75dce0b581e44643737e7bf0747fd0f0

SHA1
a23408c71ea8c5a7686f9beb2cdb88506bb3c9e8

SHA256
9c9a39875e1f2321118e377a7c10fcac89b31f3acbdff9313a4cfcaf29959a30

SHA512
51907d0880e8739501549f8893a5db39e2879f642a587e232f0ee9d5891463fafebf4d5cb27022a2d597b4fe077220ddbbf5956df053e7745bfe6e43e859cd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d54716bd19b1ec12f827b39284359e59

SHA1
d9074b53a00a76eb5d199b8ff875a3c897468e8d

SHA256
1b7eb5e10d09122f1747d6bf0194ae351b0225864be22312e5080a620b4caa1d

SHA512
df02fd9004920f6458d9111970d544d752fb757b7af56451826b33c38db5baf55f4bc3d8b5dbeeb63b751f520390101a2f900c3ee29693fc341f0b4bac7af36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8e479c6d3db920c4991a32a7ab43042f

SHA1
327b15e8426d7eec236ab4b543df0653c8758656

SHA256
6e376c7a7dc81e6f930c27e37a0495f09f327e39d494ce32be03be1fd672b45e

SHA512
2d06d5f49bca530259af91d86367849727e7a14b69527a738f5dba28e7b79f3f6bd3c3f90a62f92092ef19e5fa0f5db5f7cf8fbcf235f1699aaf1a9b84b252bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7ca76a46919af3653e7b605e91f6aaf3

SHA1
a8cf215025d22ebe370d90abaaca2f9135ec8665

SHA256
2231e85b188e5d8a5ece2b99ddc728cd984e9103d697b408105f5b157a358a14

SHA512
0a046e67e7de4f05648f9bb1d0abc9fab989d5487a7f4d3aca932d37c70f993af0457a7332249d8f83a6cf2193ff6d99b85152ec11997041444fac1da4518e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3adb747cf5f9e0922ccc5f4619af2bd0

SHA1
28042dbd0a5a338a1dad945231aceed76075386e

SHA256
3483cb5de656a7df5ebbc99476d6c72c6951d233583e8e729a179765483c8d24

SHA512
67794d2e5c31fd6cb2cf41562c9ef280cac99e237c0d460b5c59a550c9081448547dda412c3b0d107fafa170844c2efa0aa3e28fde71fbd95fafd97bfe53ac21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
5c91e3a85961a80a61829dc2632dfcb7

SHA1
9abd053c5bec4be7fcef0adbabd5e0e0cb1926b9

SHA256
51b4c4eb62647ade300ca552192da8ed76e204a4e483cff0380fdcb024031da5

SHA512
b38aec759f86ef896f122cef758e65eb57d0016cb2f9b61f5b3d165cd0a233377cd4977a30bfad64d9aacb68815ad25090f9b3e8abf6b26fcd43f914703c36e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
54b87d515cfb73e92bcf8b27db282654

SHA1
aab0a1de10786eea1e385d5084af27143aa008cb

SHA256
8f9a6ff2d5096e21f054b91f8e868de701eab154591127190827a873b2b9a900

SHA512
8a2709612376c652ef979e5623e25e9c9f30101e17751ca86f3e1dc1f20326a4b0f6e4522e86706f0c5dbc1108f1924019f42c69db5ebb995968e6cb2908351f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d3840a4878a32118969d6ed02e9edfc9

SHA1
0ff8d48cbfede008bf573b88d38933a8b821a277

SHA256
b37202503ad56a48e7953a96cea91b1a764704f941b21038983ed09c3645a29f

SHA512
2605fd8080086ead70e45bdaa08580ae6e3c366a0c408d2f74844b9814f59a6952b653ef890e0b614ed0c35479582323d381b1b2a49f6b94517af6b4c05b9072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a2934.TMP

Filesize
90B

MD5
5501e36999ef303606542bc1a71db9b6

SHA1
c59baea02fe119774ad48d9149559b676105a9bd

SHA256
3d2c384f380df6837975b5ecd2d73725677899a8721777b99caab4bfcb53cfb1

SHA512
d1119e47babcd7ec4f3892c6e533cc177425483ce750a65972d61be80549a480e0475595fc63c0ea0966e0a2bfc964886c373dc738a852ff2f5c68be3e46bb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
42814826678618d07a94a4fbd20d8e69

SHA1
c1100c6b137022d4f3d9eb70761711849f11c98f

SHA256
08dcc95151b92767a40c0fe728102845535c4d5f39134d8a830b4dd355b174ab

SHA512
487f17f85254af72d177ebe6eb2814664cf2f16413ee9e1e18abd00d31958ae65a4c8c0dc2aa999f96d0669c6b3fc8cb63ea971a23c5d7b9c6aab0e0d24ea253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe617e47.TMP

Filesize
48B

MD5
0f710f79b540239cf6ce45a830e8cda0

SHA1
d23fb439164a378d36d45dce38c020417626b665

SHA256
04ddbc5ca201a1de9fce7eced5b9be2d3897b90d30b61734a22241c370e0edab

SHA512
ffeca61a0ae10a457846d8524e58611c652768a94410f42dac06f4713dc38837767bd8d011c89865a9fdb0a75f966c8fc299658c8188e923f59c0c03dbf56b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96218471c928aa4ad00fd046933911ad

SHA1
e8b922b74dba738fcdf209c6e0c806bc36b5400f

SHA256
969fdd1ba45b43972176bee5f638c4f7e94cea3812c9d76f1e798dc8b7d5e166

SHA512
6e926b89ccb52d063a63ba08ef5afddcdfa75a124e8154c28a3c51bf473d82d23cc7143d009faccd9d09052c638612bacbdfc50bc0cef5d9966bc0463234e084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
59ec6cc2dfd3647370c7ed9651339d35

SHA1
61a2f8bc0318a94c19712152087fc29358c2e6f5

SHA256
94df9b572662a85ccd497a817b70287bbb5f39f545456d43322fdde3c77e7167

SHA512
49e49e1a85dfcf879852406432dda9cf8ad319f700166ef6bad349e50049c8957e7a122d4690281bcf05e6c1abca526a6b7123e0cda332b29531e369ce1b8ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e59f8de0f1fdb1529db7854fa7ebce6b

SHA1
45901cd9e1d8c0f46e201f7298b90106be85ef1a

SHA256
c577f30516672c675fe7d6bc72510daf7d5fcd073df642d9100a8f13387aae35

SHA512
f6c1659948c37798bbfebe979ca46eabe16041dd87543818315f8e4b9e399bd3b2982d1224f676eeafb30188d1027fcdd951d0151c1f34b2a3f1024b6a545c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c7152a087f4b772ae39c26a5f0bef34

SHA1
b08c7098409d99fc1b54d2af1e1a5f037dd9f889

SHA256
53f9fda4180c2a78878b854f32b2e46157a2d09259f0d4c953a5e13c1c76257e

SHA512
4f01f285cc1c667b3100a9202d528e61f8f2a0afea509d9a8feef86e5c215cf9a6e8d9924ee34010286458362c4a33af4b424fb87ed04a38dc7a1545fdf95ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c65f09e77c8819a9f334980c579ce4d

SHA1
9c664acad587ae82967add34cce60378f146e3ec

SHA256
76ef929a3506eeab1c4224000aecc0e923cc7b424b9a2b5f2877244b4091bd21

SHA512
996db1c21cc7393ff855ad214d41adc44fc870919fdf0afba0142e9cd70163ca4661f441ab26db9d693133c92b037709a1c14c058b284265f1f38b3e104e718e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ddf2b1e6d825362981076863768820d

SHA1
356857214922df09b01081d4ad36d63db95f0292

SHA256
a8f600e90d72b90156c4442f70c3126b253ddf94fd5907737bb3fb0ddc854da2

SHA512
8ccc0f344dc1d984dd8fe6d3ceda746a6eb721d37ead282810ede473369bac92da29bde750e83cbf598506ed7743d9d9c1d26661db6819753128138b96c0aa9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69cbfa7f3f953e2d6089087c6ad8e0a0

SHA1
88abaa32cad45b94ebbb5c8fcb6a8f7edbaf1618

SHA256
5f30bf74b945a51fc2dba74213292f745cad2f228364046a244f8301369b2b51

SHA512
e73a5040beaa101100f2e6280f520ef093ac0742816a0f3da7c6e60a76cb490a3cfc1c00ecbacbe107df7c16bd7f72ba7b117672c0a24254cebdde17f004f5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cbb057c3f255f1d4fbd3bc2b70ee4e5f

SHA1
8c7d2222cc4645100d091d7499b73cfb73b4a67f

SHA256
f9c9a7d3e270ac562c500816c535487fde9db3be2c7e893f741e6ca540661041

SHA512
b111064036292692f6d551762be11b34a08d00c4b14bb2a4ac830dee55b41aa6141b1f0093e8f4c075b41a3fc7dcad2d6956f7694538c72b102c853a4a9c82b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2f148e0f74524749c3732833c77e01a6

SHA1
1ead2675907696aa472ca94bb9ced43862a4fd94

SHA256
7fc7316d567bc500a66bdb0b5e8cdb266775d7ba79d1812e474eab2487ca1547

SHA512
68e78ecca68762923bd9ee186c346497234a1a22f26b9893d5cd89ed626e3d67b100a27ea431a6b3ddc90c68cd63455e5c016b4a1e0698edd1255ba66c03ac61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8a09787edaf4b1182aace8e5158d1354

SHA1
fe020edffe8daf7af55e5ccef9528b410e65db71

SHA256
41de346145f4341d47d7c7b87083065003a4329bed156d6f0b69e074953f9c46

SHA512
bb28ae8c130293feacbb15346a1597567e5242dd27053b1429a025e99266994ab3ed342873e2cca706bc6febfe04a30a25285d4904dba761b1169b44deee35ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2060522892bb4fbd2d08fe88b59cae06

SHA1
0187a3e4c82161d785b3862fbd3e0da6c453aee4

SHA256
74aeb0e49fb8f1d1e3f205551b631d8f7167e6f8dfc9298c495a168a177bc2a5

SHA512
ff1dacd9b9f8afcbac4829d5a0e1a1dd1d382618cf23f3b8703b8f3fb3b1add9a9616c6f50fcb93e4843a1fce1eec9422174b6dff197ea4a94bed65da7fc7133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4904068e9039fc5ed58ef78b9f58028

SHA1
919286e275b6e3bef6f560d7d3b5fe400d053814

SHA256
bedf249effe14c4f66776f78e085c44601a0edc23640c75c35927b722b6434b0

SHA512
ab0dbf16adbd574c62b75b6194c87b3aa29f0750fd8b559ef919794dd73afbb8d9e0168df5062c67f3af56d3bea070274b81fe6585111da244f574847176d814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f65ba62c4ea02d8dc7f5e3c4f6f5c51

SHA1
c4d350b7706312d1500304f1203c2925ef35d393

SHA256
c833b94e0c09d10169c460e6cfef7b8217ec513ed6281999a550d1b9e6660cfd

SHA512
b18d3e8c248566dc6b98f6e048228f2cf176378a989619da75439a136ef681c1e6efcb5fd0206765399badb59bbe51aa63e211e495787c6bddc2b48a6afc0006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
544eeb6fa4aa4926edf9980804d4653a

SHA1
db836b44c54857f83ca858761d67556b4446d028

SHA256
ca0ef9f57d51ea50a7fdc1d833b0f6af4c75d3cc5ed5384fd82ec629145f4afc

SHA512
23770fd78612f7fc1f1bdd0b2744e8307114a30964da97c24fde25793f6c7688fdbfa216b74e3e3bdca4495401741ea2d06544ea3551369f834abd48a96eb59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b69aeaa1508d8ac619b15b8a5d8095f4

SHA1
2e0cbb6c14d13f7a9ff101d679c0c34e2c285845

SHA256
de8069a175dd1ceff2f914ab8efb15be4cc60f13de6de0645dca2bff5db27d5c

SHA512
21c7f0eacfd800c42791d44e40fe91d88947fc5576acbbecd87d46a3a20e13b1d1bddd51409cf8e9a5a45c755b5c42b95c1b3fe874b3bef2e264597228e65c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
26da2b12ef9b5c48e36df79d2a86633a

SHA1
2fdffa72bd225d7f19199f7ae8025b2e2dd968c6

SHA256
e40b952ecb4f6e72b4575c67ef075367ad94f56b3f34c5cab95e8e3ceac8ff66

SHA512
c5f17955715f9a967d8c3da25696104a60d26fb222965a710d77a1dfa6bacb7b305f236ce422e40cda3cd0d213d0ddbfbe1f04c4d80a92594939f0bfc7b9e905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
28b90bb7248dc95837143672463a7762

SHA1
35eb932920f102e08800287796242486c19b1e11

SHA256
7cc6b3b00d0506326e1d56ea4d09d5b55aeb3a4a5250ef6bac4b7b390b453335

SHA512
f51e853704628d8ece9aa8691520de70e7487e991d4a4574c77c6ffd9931d26bb2f04b5289d5e78d6cdd2950f84fabeab06d3cab22996c683e8d7274248a17bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d6984a274867b7c927775a6c48ec7141

SHA1
268b3dce8dc6394a077778cc3ad3c8b7d2eea7df

SHA256
51a6c90351bdd0c573ad087d655bb48b4cf1e412324f395ae09d39535951a064

SHA512
271604d0a5d6a5e88b5bab10c7b8006f97805b91cc700b66c270bc9713a8048d69af01c126e06b58b87246b0c96eeb621cc8342cd225498579cf070f3606fe44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
02b8ef8beed549a135389017144daed5

SHA1
bd471288a346c3c397171cd0c7f4f8e42015aac6

SHA256
6ae2c36e8903be83b47605ce1dd46796551723f38744016ca24c26dc5cbbb9de

SHA512
7b02e6c71c65701e8b03b28da3cca1fd948506ce5d14bd3925f82f5a5b5b816a1af6fdf85820a15955ffd100b76a80accc74d8129526d83820590b5cf2212bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4e68f926e2a99271d3bce4125aebaa5

SHA1
96b0d874017fd0c75b16b40020e3102c87de3d17

SHA256
cd266201c94e07d574b5d355dc9f531f4496e9c84b75d052d7b170d851c5c48f

SHA512
3c2bed353e561a0aef24cc8a4163f02edc1dbd28e7cb5a8a3d6bdc6f5eb9e121a76941cc153fe48097e08ec1ea5104ed2730684f3ce43abb82f27c433e411898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
43d155299380f12cdd74166d51794e5d

SHA1
144393c06da641f51e8b5ab7ff528ff4922622dc

SHA256
de752baa4e8d64f82ca0a5d59cc91c80ce03899e76128eaeec64929bd6d19363

SHA512
1bb07796f56d7e13fb4669ab27ce2e7801984261e9e4bca3059440af51d35eb8ee92626091fc423b97aec8966ca684bbfbd1657767e8c5e0c3ba04f61bea7155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
906aa97ac5484417370319b10fae4676

SHA1
744c5b869e35a174717b4c5b9dc6eea7f8bdcb8b

SHA256
7a1a309855e486794b54e30dbc0cef9d3b9db002e71647f3003c0d408c55e0c5

SHA512
f6a6f28571a39d27dcf1ab48fd6127755cb0d31e9d36b7140413f7cb20b2df2c338f42f773a0740156bafef2b41aeb027a730b1eaa9ecc0ed8b8e33de1b9447d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
73c94700ef25df198a724bd2de5408bb

SHA1
a48cb5c9bbab47b87c876ab9633f483861acac98

SHA256
71ec7b3627560ea6bd34e20d3d17bc52a35566f2773c58f099fd9a54da01899e

SHA512
5a1f333754e498bc5e4bb9300634e70d4272aa3689c04a741adade9d5c7e13506ffe3338c631a3870f9818b0a515e43feddf1eaf7d61afcb25c68866198fa6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cf479b0b6a744f9faf9a1696d6604b94

SHA1
5ea11988e5ba25f52f1172aa1eebc8705105940e

SHA256
b491e695807980682df947de3dd0c60a137ba2df50fe54c5fa4f23417ccac2cb

SHA512
9f539e2408fb5cea4cbc3a6712e78386bce244e669b316efef9697f46ec38ec32f65aa1de276c9aa29c31a9e33839955eead3060d2e004a11efcf9c6de1b151d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d038b2a9fa6a7634fcfc21608a47548e

SHA1
8672bf0303f18191701d92fa7179557b91753939

SHA256
5d2961219b7021cfd67594c90d92c6235282b226663738707c9fb3600cb8b543

SHA512
45165f86c3be5cc3bc4cd3828b66f64ce0cfb27ec6eb2b02fbbd2474ad9e80854e4833e41c5bd2d8207d65ce09a94e9af5e2c18c75b040fe4b4f38a5f4213407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d7a16c22becbcb420bbc817f6a6e1423

SHA1
f10a34da63ccd82e8698d0034392cf8c96227857

SHA256
594321b15d05cd81ecb930cc1abb390845467b40797007f3ec736abd293a2ab2

SHA512
9b7a581896aa746de3f5f9f372e3bce3a48efba6fb1e10986ce15a312e79959dd8585bfd760e3ff9bc8680ab91848e46656ce96ccb8ec449bd9c9681152412bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f488ed7116b2429c67c871143d0d4579

SHA1
d0fae0c81851f980057992b834d6b3a562f7046c

SHA256
344a8a1fd913173c75d195e22e52a43169aa754926a2edb3f41f8c7d35d6957a

SHA512
290f483241c912323f7d4afe88a2a93de82643db0d3757bdfe4939affe37ba4823fc5faa38965af2b353505c3232bf44b0a22802219c90acf90a55bfd3832917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f86d300d0d760f15ec35ec9d13b17ca1

SHA1
030727132618895eee981b53806acf70d59ea5fa

SHA256
299577dc5167ccb4d607245f609dfdef696e9c8e22141fa1acc95c14f3ad9ee1

SHA512
348d92ae9a3538e9b44b3b54b1e0f16f5d9727f68f0dd9d6d126437e98f4b2035437839c70fca1636013df6ca554ee7297849e1fbd138e36dd37a721e48a9ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af206bc50d67b80948ce666c575b1b49

SHA1
021ad9bdb40810af25e31d8babc3bf7586aa6b65

SHA256
8e75ca2577c3b41947326784316024b8757d79bd283b14f28372b50c6fd1864e

SHA512
b3f5e19c4c454e09a88f4226c17878c4394df5c61d21c309872fbaa343d9b6d7c36f75f301882a36da3ddd0364d5430f732ebd3fea9a13e9ba77ef9fdb116369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597bae.TMP

Filesize
204B

MD5
aa4a953f8173d5113b1ece98755d9089

SHA1
bbd6df072320c94896130dceab15f11786f593f5

SHA256
8b3f026d0090faef045b543d443d1ca55331d58ed471699d90d7a88c40a81f3e

SHA512
1d2695f549130899d8e2242d8edeec29655b5cdbb57f26b01095f4f3d156e27f498a2fe3456c2d5e74783cde137d6b26a78c6b7815cf99ec79b5f13b29998363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4a3465c-375c-4425-91ae-101ae778db47.tmp

Filesize
2KB

MD5
02b546a364ccd88c46d48e75a53598cf

SHA1
507dcba9a5b7eb4fe220d33f1668cefb71f74c75

SHA256
84354d605b31c26ad8175ca75e3539b07159b6e9895dc7d487f69b5e83449e50

SHA512
d40d11863f9239b3ced5201e3d74f7f76d8665117e171243ec56b18937cfd00088f4499d4454cd8510a47c9737a3c9f1e4782653fdd17fd217d3e599f557176f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f1d64d27dd0fc2e8f04dbdeb13402b74

SHA1
a6df1f9b3c7b4c9d4a1558338d398853e715803a

SHA256
08664a9a3768772da5297f7f9883c28a2c591371b96fb00489fbc573dd0f19c9

SHA512
446cdb79a39d23d36096111b2505eb3d60951f812ac3bdf39142cebc847748c2ae6921a98dd1922987d1f2821d0d08f4aff17fcd36fd6dc5f62d8c10b9364724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5e96fdfb1ee068dbeee133f76d84d546

SHA1
8c2c40e5f8182d9deb8308104eb2891166a7c3d1

SHA256
c79fbf957fd35ba751b049d188ca11e06c9d752323423c504d9b98f32b19734f

SHA512
9c7b239e5e854ca1b36a3958e4b373bc2cc934c0e2103d244c34675d4110c29a952e931c1344331c60a12f0f29bef83fb04b6471ceee0fda046462e3f8424fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1a7f11cb66796780ade87a991592cda6

SHA1
1c349ea0a5983e80fd481f3f0367fc101559aca7

SHA256
34299515132babe32c4f4687c41c26c085567fbf6bc8a132cd2382df870b56f0

SHA512
81fbdeb55667b1a7739a25b38909444dc945070e91cd84546149ce24ffc4eec92259d54d634680c4f2406c9a868a537470ffd3bf64068cac3c611ebfa0095944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3a8df8f04eff73e6a27a80f303f98386

SHA1
8214e7109f339fd48f61ee039369af7baac17c66

SHA256
fd468c7427589d7f79cbe3827980563ede8592cc9313d6c2c1b47a40fd143c15

SHA512
8b09f598b3d64b660fd031d6079300b8022aecfef05ee0df26ddac77f3c15fc8f256e1d0931730cad01e350430d3fbb06f00edde746fb7ebb11c165b39311456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8154ee9628c1e341f511c2082d07426a

SHA1
22c7968615cb28d80b8b8820e07faada772eb2d2

SHA256
779860de7dea08cfd5d002c126f80a03e2fb5d5cfe81fd52052c308694306e60

SHA512
1b768f1e59b035ad5ae5bd9455a249b7eca915fe75a73495c9a6a4aeac0d77c248a74e89ecc888ac3633592214268ea951771f8f27f615e6d93d820feffb16b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ef28a4e04b4dbc86dad8076ec357f8be

SHA1
7224d565cc4e4ad86f2c56bd97170efa53151f85

SHA256
98be64bb7b075e41546c29201d79bb5d7fa3617f22685c8279985c6f4bb42402

SHA512
c2205c5d865139264b31438df0859ae2753c6948b38b01979084e178dfb53630a4b6325a3b6b3aa605e211454bd109ea0bbf63f599c1b5fea1628b6ede070fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ad4d5e26f3214bfcdea1e6109099d251

SHA1
e6ee31a92938ca37a21c4114c2854ebdb90d1bbb

SHA256
8fa3b6333b37123d70b9fc718a9346a5b23aef465d4e1af122d7e705fefbd5a9

SHA512
f08b65c754defffc1e378e0d3e6872b7a359fbe70cef259768f2a3667a577be1acad686a24adbf6ae9e7cae2d0a70d246198fe4413e702bea8fb8cf77c98f8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
106a7a5f6ead05061f742a4c677029d5

SHA1
91f59fee2e26d4365922a31a210c5abbeb9fb007

SHA256
6ba94e011c1ae4840f795b29de2a5cc4148d850be37e8223191b9c96ba42133a

SHA512
7d18993c19fc6da3326748e0e402123d7ad5ff7a548e4769930db5b6eedaffaa84b4f736857a745579985575e4f3f841b2d571f8085b5c4940de6eb1619fb59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
68f9d51eecf0fd4582bfca76fbf2fd15

SHA1
d77d9963c51e89651839fdbdf80876103a788d74

SHA256
b6c1592cbfe2c642280d35569343242bc187a7ec81bb985a08a8c398de80a4b5

SHA512
ad6ceb6095803a0e8de947ca2e4509dbd623984fa3c886876ecc189f6821119ac4f9a19f919426422e616eb6917b4cd845dd24e30731cb3911a5f342217a8e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
56596fab80622efbef0eb536e40a1c04

SHA1
8051c39aeae20ebc473750c230068a8c09c95735

SHA256
67a773dccb84ac3c39f4e08849a025f27bcdfe9519ef8d77894d1db90317f507

SHA512
948dfc37f6dd49379ed18dfba4224b0c2a259c6150f1328431c9dd378476f3eece1bf457471eb8ecae1dc17c937a3837d2c6bdae11491c310b74f421041c5917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
69b767f5a012fb1a9bd0d44ce13de296

SHA1
b62e1718fafff25415166990a5aadfd51dea91d9

SHA256
781155f93418888e23396f6cd8e6424334c15ef75fe841bc644c85a65d18c1ce

SHA512
1c69865d81917213c4f8fad6796c4df3c41139f78f231cdaea91420fb8d5e30f796355b0bce5e44e1d413207efa6a091a27c57db9e06505b535a65d623a2da10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
222cfbc857688d28d7175e5ad0011120

SHA1
ce7860b528773a8f33591ac5f6bdb0aa24a46827

SHA256
482aa39590dcdfa878821eb577a53a5addb26f4595298abc22f55900e6ee4494

SHA512
1087686d2a259527b185840375dff0fcf8949e9f8dc82191db36c7bac2c0a1a37144e2fbf494c11b1c4c196396e61dc4801f2c4634cc55923cb19bf0d998e10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1e1e1efcb37150964746a4cf03e157e9

SHA1
c22acd8b2fea0b2c18298404bbd77ffb6534a78e

SHA256
1c100f7be5cd7973c7fdbcc8fd0e189bce17ce2e370b9e70428497188ac06839

SHA512
04c54441a3ce5cd99af91fd63bda67f93579d6cbe2173460fad2374711d78d0aed7d8928dcbe4f15fd996b2ea01ce63c0bda8bc11f53a6b78c9aedb8e05ff7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4b6a16c767e8468ae539a4aa0c4c7f53

SHA1
503f51ab26077b98aa1d4dd2e07ded905c4996e9

SHA256
0a6dc869221ad7c49d77c93cd0929ac24a4f2f25e7b1fd05f4a776d1a6a8ac2c

SHA512
332c4408811e7d32f0e225178089a9d0d3ab14770f79047ded6d3acdbfab5858bc84b9482d97f165666f75321dfad3d0ae1239c0ae86ed1e7434c806100c45c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a9f49470b6149c8f4965bb6794158496

SHA1
9c29f6eb5b99686f3d4f912081a64bf2a6aa1333

SHA256
68ecfed0aba84198e75d47721c74ad82966baa8bdb0075cf0f28d211482b1fc1

SHA512
3f18b8edf5e38e95755715596f966e4951b6c9d9bb64980749b29e8041fff85dd941384db21b19de097e21a5c8ffccb9d346eca5e19628bb0ee5829ce73f630a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ffd3deae3ce083741298005d464f5181

SHA1
f5a2c56bfcfcb863cf63d932cb6492b90cbb89d9

SHA256
c511cc0368fbd0af667f6b0f67f937d474def3d00368464b84c0c9ca912409c7

SHA512
c6a82099b627ab1c3fee5d82d3a6deb6f1dea2ecc0a8692b81f88c29d8d75afe10fe801011d8519d30140ba753f42d08653513be24a5c9075d3c1244aac5f736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6cfc960b01e7d79cf54464639c508fb2

SHA1
9b9acd8a2a78ca2a6f3e42af6a944aecceb66ce4

SHA256
2459e94e560917165676b0556ef337c3bf090b8101570d561bf721621fc7afb7

SHA512
e3972eda8d357da5b02ee6e7a8db7c574890ffd6529b1ad66179353c36ceb91d72e32b72df8f431db346441daf99ecb67bac37787c616420e44ce2fd1810bbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ec5da01969eef815776572579ea98c2b

SHA1
11ae12e3ab190e2e363a3fe0ec25e209a5d0e826

SHA256
a258e67b0ae82667259477a19703ae31c3086b32889722e6f114d304cc0584be

SHA512
c82e3cee7ccb69f077a396fa66823e8a1d94df3643736a4975fa8df45838b16ef2183363d12740d741d38b5e6f7b8e1087234826b990cd853826282d15df22bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
272ec337ef0974b0f01d4d687a6f9740

SHA1
5c7fe1b974095970efc5c7594aa276046ba69d30

SHA256
19d7601ae1259026cc3f446a84145081ed34664356e725a0de3b77aac70e3d19

SHA512
ac8d51f9709209dde5adc55fcc185fc361253168b5b4dd5c9477bd70da5eeeab5629ffd40a357416a5336181d04d511280c7515312b965be661ec7927256c531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
82fcf892d86a550694105a721add117a

SHA1
e2791bbac64d99946eac6f7fd52817fa79b09c29

SHA256
9734f6a924ef8bfe591ecc9e11b781a9fb1d2eb50c31f182ad2614683bbecede

SHA512
70a39d52a8b97c88b3d666ad493b87f3519fea6c547ee151c6a84e2928986bf6e120bc0b9a7f36122ee4dccecf7ff207305a0cf43b8dd029e430acee9a3b007a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e0a65b1feace56ec9918f0930432405a

SHA1
96a1bbeed4ff9be063d9a800cecc13df7247300e

SHA256
3ea4a46d4b30bc748c47c546ccc0e991ff7ba9f044680ef2a6d35dddfe60497a

SHA512
1abbd8c22794dd9f6997ab427c8ae12562a49c1bfd6a5a546a2e82ea8e8b881d33b902e26228b33ed560eb9db7be1cafe91f83a3c21beb0a2db830dbb5e04cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1f8a549643ba1ed8062dbe541ea339b5

SHA1
24e521e009d7496614ac1f2bd412d2be65413741

SHA256
136107f6a1557f5ea81e87c72fb920521230536e90bf2701cfc6beb2074de8dd

SHA512
259fa61453d1dce1af42845427252427c0f8b2e3b02354423699a438412aef292673d1513cd68460afdc277dacf3c2034d3807e24d5c95a1d1df68a461d58d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
22cc9189bf1470b545e1f3149d09e588

SHA1
ceed1b63da0a942fee9c4bde1efd0976845877db

SHA256
bb1643104481ea7a10fef934f4643692bf0a08b4b20398be04224c6e4c9538d3

SHA512
aa4454ec715fcb2b44b69ec186bda6a16fe687bd4f9ad279ede29ca3990cf0a2a573e0fbc39fff345b46516c27938860274e449a74e944e050e31c2fbd203cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
26c8911d3f248ae60c04306a58eebf91

SHA1
a458c64612500f7016e98aa455e927838cc3da60

SHA256
08f07682dc68e794dcbef014c6a136c4743dc929c9e806af6973c73e02bbf028

SHA512
a9289ce5961c7eaf01756969cdccf06b2c77f180448ce4b22bde32cf2e4b9ad0febdd84e32472801eeb2a92809baf67114e5c7c10c07c6e0a417907180628234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9c91afec825d249712d89b1f8d306e8d

SHA1
e8d8db239dba4a41509080efeed13663e13c0a11

SHA256
ee104884e700d611b9c5b28343bb539a876d06ca87b73fd565caa5971aa9a35c

SHA512
b6cf286ccc4408d2131116cb03104e8a75e1850f0c200f4e157bb12c45b12bc87f599c23cbda22b87e128c8d48cbe9d20b4fea557cfe57f967307c6a05934572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5312665f1f835f627963e945f7bac5bb

SHA1
1e7a6b0d61800b7a129d3325ee2b9d8783678dd3

SHA256
e0b70079894475c25e08bfe06a46fa6a5cb575ced34c62740464012f1390e9b4

SHA512
6e3480750d119c46b26ffa696b547c8fe1ce783e5d53febd1770e270408e62484f0ab9869f2e729493c45543b4f46320d09b2fdafb0f9e8d67f59ec2850653f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4bf0a01a023cdbe22d97aba18ef20bbd

SHA1
e9ef39a4cc40fadfbd5ee3483354d72974fee035

SHA256
a2331badb66b527f1f0e31843ba80923a0600630e7b146421a06e81ba2868b33

SHA512
e8c91deb8b1710e2a027893383d1faf36a5a3f895fb332676574b01dbd350d831de5b73b03e70f85013bded80826d062fe55cb967ca80451a3e64c75510ffb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
05ec34fb146a9894a91035f2cce3e71f

SHA1
def076c8dccef0d09554e7a903d7ec2b7d8b280f

SHA256
54a4881ba2dfe184d77529a262fbc1fac2bd204f0db1e799e511818d8f48c58e

SHA512
fb9fcde7fc0202455c3b6c4474d3fb9b58cdcfcf180809aa86500defd76e9b2fce1d5e2fa8b7366345d3807b2467196fd8f3b28e4645aefe288865482b2f2b71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/6220-1263-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1259-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1254-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1265-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1264-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1260-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1255-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1261-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1253-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/6220-1262-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download