2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
74	2860	Process not Found
105	2860	Process not Found

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 10 IoCs

pid	Process
3988	setup.exe
1064	setup.exe
392	setup.exe
5108	setup.exe
2104	setup.exe
5024	setup.exe
1312	setup.exe
4040	setup.exe
1432	setup.exe
5324	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\MicrosoftEdge_X64_133.0.3065.59.exe	MicrosoftEdge_X64_133.0.3065.59.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5024_13383883774009182_5024.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\EDGEMITMP_5473E.tmp\SETUP.EX_	MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\el.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\vk_swiftshader_icd.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\AdSelectionAttestationsPreloaded\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\km.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\pt-BR.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\fil.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\prefs_enclave_x64.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bg.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EdgeWebView.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Staging	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vk_swiftshader.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\ja.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\kok.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Trust Protection Lists\Sigma\Entities	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\hu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\es-419.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\dev.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\lo.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\en-GB.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\es.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\en-US.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\AdSelectionAttestationsPreloaded\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\am.pak	setup.exe
File opened for modification	C:\Program Files\msedge_installer.log	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bs.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\BHO\ie_to_edge_stub.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ja.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\lb.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\133.0.3065.59.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\de.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\msedge.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\ug.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\tt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\libGLESv2.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\bn-IN.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\lb.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\eu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EBWebView\x64\EmbeddedBrowserWebView.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\mk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\nb.pak	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\dxcompiler.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\oneauth.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Extensions\external_extensions.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\edge_feedback\camera_mf_trace.wprp	setup.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2868	MicrosoftEdgeUpdate.exe
5732	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 40 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\runas\ProgrammaticAccessOnly	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\MSEdgeHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\ProgrammaticAccessOnly	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\MSEdgeHTM	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\LocalService = "MicrosoftEdgeElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\ = "{C9C2B807-7731-4F34-81B7-44FF7779522B}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\PdfPreview\\PdfPreviewHandler.dll"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ = "IEToEdgeBHO Class"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.svg\OpenWithProgids	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"%1\""	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}\ = "ie_to_edge_bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\AppId = "{628ACE20-B77A-456F-A88D-547DB6CEEDD5}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf	setup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5184	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3400	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
1588	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
3400	MEMZ-Destructive.exe
1484	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
5028	MEMZ-Destructive.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4828	mmc.exe
408	MEMZ-Destructive.exe
1968	mmc.exe
2108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

pid	Process
1968	mmc.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: 33	3988	setup.exe
Token: SeIncBasePriorityPrivilege	3988	setup.exe
Token: 33	3120	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3120	AUDIODG.EXE
Token: 33	1432	setup.exe
Token: SeIncBasePriorityPrivilege	1432	setup.exe
Token: SeShutdownPrivilege	5184	explorer.exe
Token: SeCreatePagefilePrivilege	5184	explorer.exe
Token: 33	4828	mmc.exe
Token: SeIncBasePriorityPrivilege	4828	mmc.exe
Token: 33	4828	mmc.exe
Token: SeIncBasePriorityPrivilege	4828	mmc.exe
Token: 33	1968	mmc.exe
Token: SeIncBasePriorityPrivilege	1968	mmc.exe
Token: 33	1968	mmc.exe
Token: SeIncBasePriorityPrivilege	1968	mmc.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
5184	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
2552	mmc.exe
4828	mmc.exe
4828	mmc.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
5648	mmc.exe
1968	mmc.exe
1968	mmc.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
7128	wordpad.exe
7128	wordpad.exe
7128	wordpad.exe
7128	wordpad.exe
7128	wordpad.exe
7128	wordpad.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe
408	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 3400	4420	MEMZ-Destructive.exe	90
PID 4420 wrote to memory of 3400	4420	MEMZ-Destructive.exe	90
PID 4420 wrote to memory of 3400	4420	MEMZ-Destructive.exe	90
PID 4420 wrote to memory of 1484	4420	MEMZ-Destructive.exe	91
PID 4420 wrote to memory of 1484	4420	MEMZ-Destructive.exe	91
PID 4420 wrote to memory of 1484	4420	MEMZ-Destructive.exe	91
PID 4420 wrote to memory of 5028	4420	MEMZ-Destructive.exe	92
PID 4420 wrote to memory of 5028	4420	MEMZ-Destructive.exe	92
PID 4420 wrote to memory of 5028	4420	MEMZ-Destructive.exe	92
PID 4420 wrote to memory of 4060	4420	MEMZ-Destructive.exe	93
PID 4420 wrote to memory of 4060	4420	MEMZ-Destructive.exe	93
PID 4420 wrote to memory of 4060	4420	MEMZ-Destructive.exe	93
PID 4420 wrote to memory of 1588	4420	MEMZ-Destructive.exe	94
PID 4420 wrote to memory of 1588	4420	MEMZ-Destructive.exe	94
PID 4420 wrote to memory of 1588	4420	MEMZ-Destructive.exe	94
PID 4420 wrote to memory of 408	4420	MEMZ-Destructive.exe	95
PID 4420 wrote to memory of 408	4420	MEMZ-Destructive.exe	95
PID 4420 wrote to memory of 408	4420	MEMZ-Destructive.exe	95
PID 408 wrote to memory of 800	408	MEMZ-Destructive.exe	97
PID 408 wrote to memory of 800	408	MEMZ-Destructive.exe	97
PID 408 wrote to memory of 800	408	MEMZ-Destructive.exe	97
PID 408 wrote to memory of 2108	408	MEMZ-Destructive.exe	102
PID 408 wrote to memory of 2108	408	MEMZ-Destructive.exe	102
PID 2108 wrote to memory of 2932	2108	msedge.exe	103
PID 2108 wrote to memory of 2932	2108	msedge.exe	103
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104
PID 2108 wrote to memory of 2652	2108	msedge.exe	104

System policy modification 1 TTPs 4 IoCs

defense_evasion

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:408
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:2932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
      4⤵
      PID:2652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      PID:3664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
      4⤵
      PID:4340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      PID:4164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
      4⤵
      PID:3168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
      4⤵
      PID:1136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
      4⤵
      PID:3128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
      4⤵
      PID:1668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:4912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
      4⤵
      PID:2840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
      4⤵
      PID:2668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
      4⤵
      PID:4568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
      4⤵
      PID:3068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
      4⤵
      PID:5628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
      4⤵
      PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6264 /prefetch:2
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
      4⤵
      PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
      4⤵
      PID:3068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
      4⤵
      PID:5744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
      4⤵
      PID:5856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
      4⤵
      PID:876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
      4⤵
      PID:1108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
      4⤵
      PID:3000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
      4⤵
      PID:1892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
      4⤵
      PID:2160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
      4⤵
      PID:828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
      4⤵
      PID:3360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
      4⤵
      PID:6092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
      4⤵
      PID:5000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
      4⤵
      PID:4792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
      4⤵
      PID:5124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
      4⤵
      PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
      4⤵
      PID:3068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
      4⤵
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1
      4⤵
      PID:2452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
      4⤵
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
      4⤵
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
      4⤵
      PID:6616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
      4⤵
      PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
      4⤵
      PID:7072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
      4⤵
      PID:6856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
      4⤵
      PID:2464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
      4⤵
      PID:6784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
      4⤵
      PID:4884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
      4⤵
      PID:6892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
      4⤵
      PID:6576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1
      4⤵
      PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
      4⤵
      PID:6816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
      4⤵
      PID:6564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10252 /prefetch:1
      4⤵
      PID:6676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
      4⤵
      PID:5232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1
      4⤵
      PID:7724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:1
      4⤵
      PID:8028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10228 /prefetch:1
      4⤵
      PID:4404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10720 /prefetch:1
      4⤵
      PID:7196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1
      4⤵
      PID:7396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
      4⤵
      PID:7512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11628 /prefetch:1
      4⤵
      PID:7988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11792 /prefetch:1
      4⤵
      PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12068 /prefetch:1
      4⤵
      PID:7368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12016 /prefetch:1
      4⤵
      PID:7460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:1
      4⤵
      PID:7428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12212 /prefetch:1
      4⤵
      PID:7744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1
      4⤵
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10740 /prefetch:1
      4⤵
      PID:7972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12124 /prefetch:1
      4⤵
      PID:7508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12108 /prefetch:1
      4⤵
      PID:1040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12452 /prefetch:1
      4⤵
      PID:8396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11552 /prefetch:1
      4⤵
      PID:8208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11192 /prefetch:1
      4⤵
      PID:8388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12748 /prefetch:1
      4⤵
      PID:7180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12852 /prefetch:1
      4⤵
      PID:9140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12184 /prefetch:1
      4⤵
      PID:8736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12492 /prefetch:1
      4⤵
      PID:8828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12888 /prefetch:1
      4⤵
      PID:7332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12752 /prefetch:1
      4⤵
      PID:7732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12912 /prefetch:1
      4⤵
      PID:8924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11372 /prefetch:1
      4⤵
      PID:8196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
      4⤵
      PID:7824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13492 /prefetch:1
      4⤵
      PID:8580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13680 /prefetch:1
      4⤵
      PID:8196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11372 /prefetch:1
      4⤵
      PID:8768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11524 /prefetch:1
      4⤵
      PID:6652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13904 /prefetch:1
      4⤵
      PID:8980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13948 /prefetch:1
      4⤵
      PID:4580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14016 /prefetch:1
      4⤵
      PID:9328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1
      4⤵
      PID:9576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14028 /prefetch:1
      4⤵
      PID:9856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13724 /prefetch:1
      4⤵
      PID:9316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13904 /prefetch:1
      4⤵
      PID:9924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14132 /prefetch:1
      4⤵
      PID:9544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14256 /prefetch:1
      4⤵
      PID:9936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14020 /prefetch:1
      4⤵
      PID:10208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13840 /prefetch:1
      4⤵
      PID:9752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12028 /prefetch:1
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13924 /prefetch:1
      4⤵
      PID:9936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14228 /prefetch:1
      4⤵
      PID:10188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10996 /prefetch:1
      4⤵
      PID:9432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13548 /prefetch:1
      4⤵
      PID:6268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14552 /prefetch:1
      4⤵
      PID:9792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13928 /prefetch:1
      4⤵
      PID:9320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14296 /prefetch:1
      4⤵
      PID:10092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14484 /prefetch:1
      4⤵
      PID:8040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14112 /prefetch:1
      4⤵
      PID:9720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14420 /prefetch:1
      4⤵
      PID:9840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4123416716127706656,13376814664434544194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14740 /prefetch:1
      4⤵
      PID:9356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:3944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:3168
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:5548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:5440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:5424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:3052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:4356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:1488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:2072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:2628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:3856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:2840
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:6012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:3472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:2536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:2708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:1532
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2552
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:4004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:6552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:6568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:6812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:6808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:6764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:6768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:4816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:7032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:7072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:7048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:3612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:6476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:6548
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5648
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:7656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:7672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:7272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:7320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:7424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:7200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:8060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:6280
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:7128
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:7836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:6444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:2148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:6328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:3724
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:7576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:2060
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:7884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:9040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:6484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:2832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:8612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
    3⤵
    PID:8704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:8592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:8600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:8864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:9788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:8216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:9976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:9368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9444
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:9468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:10016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:10172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:5888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:8700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    PID:7996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:9492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:9452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:10212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8712
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:9948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf2eb46f8,0x7ffcf2eb4708,0x7ffcf2eb4718
      4⤵
      PID:8040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM2NjY5RTItQzVBNC00QzUxLUJDRDAtRkQxNUFCRDAwNjZCfSIgdXNlcmlkPSJ7MkZBODI4N0UtQUMyQy00NEVBLTlDRDktMUFDNTVBQjc5MTJBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OUM5M0E2QTAtOTM5OC00ODVELUEzODktODUyQjBFODZEMzgxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5ODUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODQ0NDQzNjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTUwMTIyOTIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2868

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
1⤵
- Drops file in Program Files directory
PID:4416
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Executes dropped EXE
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:3988
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff676556a68,0x7ff676556a74,0x7ff676556a80
    3⤵
    - Executes dropped EXE
    PID:1064
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:392
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF658AB0-15FA-41A1-BBD5-4DAA560BF5AD}\EDGEMITMP_0687A.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff676556a68,0x7ff676556a74,0x7ff676556a80
      4⤵
      Executes dropped EXE
      PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    PID:2104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff696e16a68,0x7ff696e16a74,0x7ff696e16a80
      4⤵
      Executes dropped EXE
      PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff696e16a68,0x7ff696e16a74,0x7ff696e16a80
      4⤵
      Executes dropped EXE
      PID:4040

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x4d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3120

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
1⤵
- Drops file in Program Files directory
PID:2976
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\EDGEMITMP_5473E.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\EDGEMITMP_5473E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --previous-version="132.0.2957.140" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1432
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\EDGEMITMP_5473E.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\EDGEMITMP_5473E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{655FBE2F-012D-4293-97D8-DE2D86D137D6}\EDGEMITMP_5473E.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6a9306a68,0x7ff6a9306a74,0x7ff6a9306a80
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5324

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM2NjY5RTItQzVBNC00QzUxLUJDRDAtRkQxNUFCRDAwNjZCfSIgdXNlcmlkPSJ7MkZBODI4N0UtQUMyQy00NEVBLTlDRDktMUFDNTVBQjc5MTJBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxMzk2RDI0OS00MDBGLTQ5MkYtOTFGRC1GNjZGQTg2NjQ5NEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS40MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGNvaG9ydD0icnJmQDAuNDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iNiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7RTgwOEM0QTYtRTg2RC00MTZFLUJGNDUtMTg1MjlDQTcxRDMyfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjEzMy4wLjMwNjUuNTkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iNSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzgzODgzNjc2Nzk4MTYwMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE3ODkzNDA4OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTc4OTM0MDg5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTA1NjIwNDI2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZmVkNTU4MDUtMmU4NS00MWQ4LWI0ZTMtNGVmNmI1ZWJmNjNhP1AxPTE3NDAwMTQ4ODQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bmhmdGJxZ3ZxWmVWQ1l5ck00MmJ0VWwxJTJiWncyT0RTZ1V4NklZOGQxOWxWNE10djFlYk5RN3lMaURnVTViWktGbHJ2WVhTZFdGaHVhWnFDOXhkdHYyUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MDU2NDA1OTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2ZlZDU1ODA1LTJlODUtNDFkOC1iNGUzLTRlZjZiNWViZjYzYT9QMT0xNzQwMDE0ODg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PW5oZnRicWd2cVplVkNZeXJNNDJidFVsMSUyYlp3Mk9EU2dVeDZJWThkMTlsVjRNdHYxZWJOUTd5TGlEZ1U1YlpLRmxydllYU2RXRmh1YVpxQzl4ZHR2MlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzg2MDQwODgiIHRvdGFsPSIxNzg2MDQwODgiIGRvd25sb2FkX3RpbWVfbXM9IjY2MzAzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MDU2NTE4NDEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTkxOTkxNTQwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjYwMzQ1ODYwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM0MCIgZG93bmxvYWRfdGltZV9tcz0iNzI2NzIiIGRvd25sb2FkZWQ9IjE3ODYwNDA4OCIgdG90YWw9IjE3ODYwNDA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjgzNTUiLz48cGluZyBhY3RpdmU9IjEiIGE9IjYiIHI9IjYiIGFkPSI2NjEyIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins4MkYzNkIwRS02N0IzLTQwNTktQTk1Ni1CMDY0QUU2RDAyMjl9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS41OSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGluc3RhbGxkYXRlPSI2NjA4IiBjb2hvcnQ9InJyZkAwLjE1Ij48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTc4OTM0MDg5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2MDM1MTE5OTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5MDQxNjc2ODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hNDcyZWNlYy1hZTY5LTQ0OWUtYjdhMi00ZTg2ZGZlZTU4YTk_UDE9MTc0MDAxNDg4NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1iejRMTE5QVURGZ0dtN09ZJTJmZEpNQUdmTzFMeUx5QktmWFh3SyUyZjVDRDVRbmtwU2tKS3pRTWtnODFTMk95RnVzM2RkOTB4M3N2ZSUyYmE5cHZOeGdkZ0c2dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5MDQxNjc2ODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2E0NzJlY2VjLWFlNjktNDQ5ZS1iN2EyLTRlODZkZmVlNThhOT9QMT0xNzQwMDE0ODg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJ6NExMTlBVREZnR203T1klMmZkSk1BR2ZPMUx5THlCS2ZYWHdLJTJmNUNENVFua3BTa0pLelFNa2c4MVMyT3lGdXMzZGQ5MHgzc3ZlJTJiYTlwdk54Z2RnRzZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iNTg0OTgxMjgiIHRvdGFsPSI1ODQ5ODEyOCIgZG93bmxvYWRfdGltZV9tcz0iMjg0NTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjkwNDI3MjU4OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTEyMjc4MDEzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDQ1NzU1NzQ5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzQwIiBkb3dubG9hZF90aW1lX21zPSIzMDA3MiIgZG93bmxvYWRlZD0iNTg0OTgxMjgiIHRvdGFsPSI1ODQ5ODEyOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTMzNDciLz48cGluZyByPSI2IiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins1MTk2ODc5NS0wNjNFLTRDRkQtODEwRC00QzIwMzc4QTA0OTV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5732

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5184

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:8164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery