orcus | d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

Resubmissions

22-02-2025 15:10

250222-skjwks1qa1 1

22-02-2025 15:10

250222-sj2p1askbk 1

22-02-2025 12:59

250222-p8d4fswnhv 10

22-02-2025 12:11

250222-pcs8hawnbq 10

Analysis

max time kernel
1421s
max time network
1421s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
21-02-2025 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

10^/10

orcus discovery rat spyware stealer

Malware Config

Extracted

Family

orcus

127.0.0.1:443

Attributes

autostart_method
TaskScheduler
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus
Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001900000002b12b-1477.dat	family_orcus

Orcurs Rat Executable 3 IoCs

resource	yara_rule
behavioral1/memory/5768-1204-0x00000000132B0000-0x000000001468C000-memory.dmp	orcus
behavioral1/memory/2448-1455-0x0000000000E10000-0x000000000110E000-memory.dmp	orcus
behavioral1/files/0x001900000002b12b-1477.dat	orcus

Executes dropped EXE 64 IoCs

pid	Process
5768	Orcus.Administration.exe
3264	Orcus.Server.exe
2448	client rat.exe
3360	WindowsInput.exe
3620	WindowsInput.exe
1408	Orcus.exe
2040	Orcus.exe
4252	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1420	client rat.exe
2612	Orcus.exe
1060	Orcus.exe
196	OrcusWatchdog.exe
1428	OrcusWatchdog.exe
3804	OrcusWatchdog.exe
3088	Orcus.exe
5856	Orcus.exe
17560	Orcus.Administration.exe
15476	client rat.exe
7196	Orcus.exe
17832	Orcus.Administration.exe
11276	Orcus.exe
10612	OrcusWatchdog.exe
11492	Orcus.exe
11704	Orcus.exe
8672	OrcusWatchdog.exe
10608	Orcus.exe
11676	OrcusWatchdog.exe
12336	Orcus.exe
12996	OrcusWatchdog.exe
12740	Orcus.exe
13204	OrcusWatchdog.exe
13252	Orcus.exe
12704	OrcusWatchdog.exe
12928	Orcus.exe
12524	OrcusWatchdog.exe
15852	Orcus.exe
15432	OrcusWatchdog.exe
15612	Orcus.exe
13124	OrcusWatchdog.exe
7880	Orcus.exe
16480	OrcusWatchdog.exe
11748	Orcus.exe
16688	OrcusWatchdog.exe
16732	Orcus.exe
16872	OrcusWatchdog.exe
17064	Orcus.exe
15592	OrcusWatchdog.exe
7512	Orcus.exe
17740	OrcusWatchdog.exe
10232	Orcus.exe
1588	OrcusWatchdog.exe
15388	Orcus.exe
15012	OrcusWatchdog.exe
14772	Orcus.exe
15972	OrcusWatchdog.exe
5136	Orcus.exe
13620	OrcusWatchdog.exe
14120	Orcus.exe
5812	OrcusWatchdog.exe
2224	Orcus.exe
8144	OrcusWatchdog.exe
5816	Orcus.exe
3548	OrcusWatchdog.exe

Loads dropped DLL 64 IoCs

pid	Process
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
3264	Orcus.Server.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe
17560	Orcus.Administration.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsInput.exe	client rat.exe
File created	C:\Windows\SysWOW64\WindowsInput.exe.config	client rat.exe
File created	C:\Windows\SysWOW64\WindowsInput.InstallState	WindowsInput.exe

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Orcus\Orcus.exe	client rat.exe
File opened for modification	C:\Program Files (x86)\Orcus\Orcus.exe.config	client rat.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File created	C:\Program Files (x86)\Orcus\Orcus.exe	client rat.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File created	C:\Program Files (x86)\Orcus\Orcus.exe	client rat.exe
File opened for modification	C:\Program Files (x86)\Orcus\Orcus.exe	client rat.exe
File created	C:\Program Files (x86)\Orcus\Orcus.exe.config	client rat.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
10944	3088	WerFault.exe	157

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.Server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client rat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.Administration.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.Administration.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OrcusWatchdog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Orcus.exe

Checks SCSI registry key(s) 3 TTPs 7 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Orcus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Orcus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Orcus.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Control Panel 1 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Control Panel\Desktop\PaintDesktopVersion = "1"	Orcus.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846377034534418"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\NodeSlot = "8"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 = 5600310000000000bb526e1b100052656c6561736500400009000400efbe555af796555af7962e000000ebaf020000001900000000000000000000000000000037333900520065006c006500610073006500000016000000	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1 = 7e00310000000000555a1b9711004465736b746f7000680009000400efbe515a50a7555a1c972e000000365702000000010000000000000000003e00000000001b1f00004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\MRUListEx = ffffffff	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = 0100000000000000ffffffff	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\0\NodeSlot = "6"	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\1	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	Orcus.Administration.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Orcus.Administration.exe
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Orcus.Administration.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Orcus.Administration.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Orcus.Administration.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Orcus-RAT-Compiled-main.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
6236	NOTEPAD.EXE
3572	NOTEPAD.EXE
5452	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5820	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1424	msedge.exe
1424	msedge.exe
3324	msedge.exe
3324	msedge.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
1408	Orcus.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
1408	Orcus.exe
484	OrcusWatchdog.exe
2612	Orcus.exe
2612	Orcus.exe
2612	Orcus.exe
2612	Orcus.exe
1428	OrcusWatchdog.exe
1428	OrcusWatchdog.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
5820	explorer.exe
5768	Orcus.Administration.exe
3088	Orcus.exe
5076	Taskmgr.exe
11276	Orcus.exe
1428	OrcusWatchdog.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
6116	7zG.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3264	Orcus.Server.exe
1408	Orcus.exe
2612	Orcus.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
3088	Orcus.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe
5076	Taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
5768	Orcus.Administration.exe
5820	explorer.exe
5820	explorer.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
1408	Orcus.exe
2612	Orcus.exe
3088	Orcus.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
5768	Orcus.Administration.exe
17832	Orcus.Administration.exe
11276	Orcus.exe
4712	Orcus.Administration.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6128 wrote to memory of 5452	6128	cmd.exe	82
PID 6128 wrote to memory of 5452	6128	cmd.exe	82
PID 1704 wrote to memory of 1432	1704	chrome.exe	87
PID 1704 wrote to memory of 1432	1704	chrome.exe	87
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 2468	1704	chrome.exe	88
PID 1704 wrote to memory of 5988	1704	chrome.exe	89
PID 1704 wrote to memory of 5988	1704	chrome.exe	89
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90
PID 1704 wrote to memory of 5748	1704	chrome.exe	90

System policy modification 1 TTPs 1 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\VerboseStatus = "1"	Orcus.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:6128
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91503cc40,0x7ff91503cc4c,0x7ff91503cc58
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1692,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1908 /prefetch:3
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1844,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3516,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5044,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5160
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7a2af4698,0x7ff7a2af46a4,0x7ff7a2af46b0
    3⤵
    - Drops file in Windows directory
    PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4352,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5604,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5564,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4600,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3152,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5896,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5928,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6060,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5064,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3728,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6248,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5264,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1172 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3096,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Drops file in Program Files directory
  PID:15652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3168,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3584 /prefetch:3
  2⤵
  - Drops file in Program Files directory
  PID:13064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4172,i,2398026982071579942,5658625790173547858,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:8060

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1656

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Orcus-RAT-Compiled-main\Orcus-RAT-Compiled-main\Orcus RAT\" -ad -an -ai#7zMap15960:176:7zEvent27489
1⤵
- Suspicious use of FindShellTrayWindow
PID:6116

C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lite.ip2location.com/sign-up
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
    3⤵
    PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:5476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,4459956035251340903,14140367147153459391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
    3⤵
    PID:648
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Desktop\Orcus.Server.exe"
  2⤵
  PID:428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5820
- C:\Users\Admin\Desktop\Orcus.Server.exe
  "C:\Users\Admin\Desktop\Orcus.Server.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SendNotifyMessage
  PID:3264

C:\Users\Admin\Desktop\client rat.exe
"C:\Users\Admin\Desktop\client rat.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2448
- C:\Windows\SysWOW64\WindowsInput.exe
  "C:\Windows\SysWOW64\WindowsInput.exe" --install
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3360
- C:\Program Files (x86)\Orcus\Orcus.exe
  "C:\Program Files (x86)\Orcus\Orcus.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1408
- - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
    "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchSelfAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1408 /protectFile
    3⤵
    - Executes dropped EXE
    PID:4252
  - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
      "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /watchProcess "C:\Program Files (x86)\Orcus\Orcus.exe" 1408 "/protectFile"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:484

C:\Windows\SysWOW64\WindowsInput.exe
"C:\Windows\SysWOW64\WindowsInput.exe"
1⤵
- Executes dropped EXE
PID:3620

C:\Program Files (x86)\Orcus\Orcus.exe
"C:\Program Files (x86)\Orcus\Orcus.exe"
1⤵
- Executes dropped EXE
PID:2040

C:\Users\Admin\Desktop\client rat.exe
"C:\Users\Admin\Desktop\client rat.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1420
- C:\Program Files (x86)\Orcus\Orcus.exe
  "C:\Program Files (x86)\Orcus\Orcus.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2612
- - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
    "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchSelfAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 2612 /protectFile
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:196
  - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
      "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /watchProcess "C:\Program Files (x86)\Orcus\Orcus.exe" 2612 "/protectFile"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      PID:1428
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3804
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:3088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:4648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:5004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        8⤵
        
        PID:112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
        8⤵
        
        PID:2460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
        8⤵
        
        PID:4288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
        8⤵
        
        PID:2876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
        8⤵
        
        PID:2160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
        8⤵
        
        PID:1036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
        8⤵
        
        PID:3936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,13687361657217662931,5028482364335723614,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 /prefetch:8
        8⤵
        
        PID:5884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:4956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2
        8⤵
        
        PID:5840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
        8⤵
        
        PID:4552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
        8⤵
        
        PID:5184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        8⤵
        
        PID:5124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        8⤵
        
        PID:3464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
        8⤵
        
        PID:6404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
        8⤵
        
        PID:6524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
        8⤵
        
        PID:6672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
        8⤵
        
        PID:6864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
        8⤵
        
        PID:7160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
        8⤵
        
        PID:6228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        8⤵
        
        PID:4020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
        8⤵
        
        PID:6948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
        8⤵
        
        PID:5388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
        8⤵
        
        PID:7104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
        8⤵
        
        PID:7204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
        8⤵
        
        PID:7284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
        8⤵
        
        PID:7356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
        8⤵
        
        PID:7428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
        8⤵
        
        PID:7504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
        8⤵
        
        PID:7592
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
        8⤵
        
        PID:7716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
        8⤵
        
        PID:7856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
        8⤵
        
        PID:7932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15261551604417144267,15716982943680788323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1
        8⤵
        
        PID:7948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:5484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:5684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12642441779167114977,2609859785023438131,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2
        8⤵
        
        PID:128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12642441779167114977,2609859785023438131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
        8⤵
        
        PID:6028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:5392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:5876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,18364471718925660705,15398580572172319839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 /prefetch:3
        8⤵
        
        PID:6388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:5920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:2324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1456,81868185118753584,13326842990779446805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 /prefetch:3
        8⤵
        
        PID:6848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:2072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:4924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:7836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:5960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,12430886477300800285,17862643046031938955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
        8⤵
        
        PID:6372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:4900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:8140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
        8⤵
        
        PID:1036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
        8⤵
        
        PID:6620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
        8⤵
        
        PID:8020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
        8⤵
        
        PID:5736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        8⤵
        
        PID:3128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
        8⤵
        
        PID:6380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
        8⤵
        
        PID:7320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
        8⤵
        
        PID:7668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
        8⤵
        
        PID:7572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
        8⤵
        
        PID:3204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
        8⤵
        
        PID:6896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
        8⤵
        
        PID:4964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
        8⤵
        
        PID:5916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
        8⤵
        
        PID:2276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
        8⤵
        
        PID:7060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
        8⤵
        
        PID:7096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
        8⤵
        
        PID:6340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
        8⤵
        
        PID:7220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
        8⤵
        
        PID:6136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
        8⤵
        
        PID:6544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
        8⤵
        
        PID:7520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
        8⤵
        
        PID:8260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
        8⤵
        
        PID:8328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
        8⤵
        
        PID:8496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
        8⤵
        
        PID:8644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
        8⤵
        
        PID:8664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
        8⤵
        
        PID:8860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
        8⤵
        
        PID:9004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
        8⤵
        
        PID:9080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
        8⤵
        
        PID:9208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1
        8⤵
        
        PID:8212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
        8⤵
        
        PID:9252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:1
        8⤵
        
        PID:9372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1
        8⤵
        
        PID:9432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1
        8⤵
        
        PID:9532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
        8⤵
        
        PID:9616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
        8⤵
        
        PID:9752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
        8⤵
        
        PID:9864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
        8⤵
        
        PID:9892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
        8⤵
        
        PID:10100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9876 /prefetch:1
        8⤵
        
        PID:10112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10512 /prefetch:1
        8⤵
        
        PID:9976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1
        8⤵
        
        PID:10244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
        8⤵
        
        PID:10404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1
        8⤵
        
        PID:10420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
        8⤵
        
        PID:10568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:1
        8⤵
        
        PID:10680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11384 /prefetch:1
        8⤵
        
        PID:10708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11576 /prefetch:1
        8⤵
        
        PID:10888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11596 /prefetch:1
        8⤵
        
        PID:10924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11736 /prefetch:1
        8⤵
        
        PID:11096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12072 /prefetch:1
        8⤵
        
        PID:11180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12204 /prefetch:1
        8⤵
        
        PID:11208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12336 /prefetch:1
        8⤵
        
        PID:10416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
        8⤵
        
        PID:11396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12644 /prefetch:1
        8⤵
        
        PID:11408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12800 /prefetch:1
        8⤵
        
        PID:11640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:1
        8⤵
        
        PID:11712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12932 /prefetch:1
        8⤵
        
        PID:11868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13248 /prefetch:1
        8⤵
        
        PID:11964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13392 /prefetch:1
        8⤵
        
        PID:11984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13128 /prefetch:1
        8⤵
        
        PID:12160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13720 /prefetch:1
        8⤵
        
        PID:12188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13684 /prefetch:1
        8⤵
        
        PID:12212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
        8⤵
        
        PID:12220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:1
        8⤵
        
        PID:7600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1
        8⤵
        
        PID:12408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11544 /prefetch:1
        8⤵
        
        PID:12428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14548 /prefetch:1
        8⤵
        
        PID:12564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14584 /prefetch:1
        8⤵
        
        PID:12700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
        8⤵
        
        PID:12820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14072 /prefetch:1
        8⤵
        
        PID:12832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
        8⤵
        
        PID:12872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15384 /prefetch:1
        8⤵
        
        PID:13100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,6601278333973350612,17526259323319985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15804 /prefetch:1
        8⤵
        
        PID:13120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:3140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,3182140787656237052,935205123726365671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:3
        8⤵
        
        PID:7304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:7576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:7744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,16475504762875561998,18266803811245990475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 /prefetch:3
        8⤵
        
        PID:7448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:8000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:4344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:7328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:7444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:5112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:1988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:7876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:7544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:6756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:3500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:3516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:6216
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:8224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:8304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:8512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:8524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:8656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:8740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:8956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:9088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:9052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:9380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:9664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:9884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:10092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:8736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:9856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:10412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0xe8,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:10560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:10688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:10724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:10912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:10936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:11196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:10396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:11572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:11600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:11672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:11756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:11972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:11996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:12180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe4,0xe8,0xdc,0xe0,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:12200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:12580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:12652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:12772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:12812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,11765613766119929360,15012018723793776888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
        8⤵
        
        PID:14960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1676,1466336651224240233,6956398597496936222,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
        8⤵
        
        PID:15940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,1466336651224240233,6956398597496936222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        8⤵
        
        PID:16000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,12984676985883312671,18100929925988927944,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
        8⤵
        
        PID:15772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,12984676985883312671,18100929925988927944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
        8⤵
        
        PID:15964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6470987492218940574,16751921061908580582,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        8⤵
        
        PID:15828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,6470987492218940574,16751921061908580582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1592 /prefetch:3
        8⤵
        
        PID:16184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,15288180542319154796,16734483098458311679,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
        8⤵
        
        PID:14340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,15288180542319154796,16734483098458311679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
        8⤵
        
        PID:14516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14505382081056227805,3227294900358336869,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
        8⤵
        
        PID:15380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,14505382081056227805,3227294900358336869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
        8⤵
        
        PID:15388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,17218393958177881737,6464500997204510878,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
        8⤵
        
        PID:15324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,17218393958177881737,6464500997204510878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
        8⤵
        
        PID:15880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,17133944045072454006,11842957963797560553,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
        8⤵
        
        PID:13028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,17133944045072454006,11842957963797560553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
        8⤵
        
        PID:13072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,6878265211110308089,7794206891742272137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 /prefetch:3
        8⤵
        
        PID:15420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:13904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:13956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16208273302043694495,3016278941586832701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2
        8⤵
        
        PID:14564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16208273302043694495,3016278941586832701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
        8⤵
        
        PID:14800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:14024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:14088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,12773967347914839644,15098926595193474888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
        8⤵
        
        PID:15760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:14140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:14168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,2741312008545671430,2040409121485427839,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
        8⤵
        
        PID:15956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,2741312008545671430,2040409121485427839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
        8⤵
        
        PID:15016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:14220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:14244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,17038723024196001556,7185253951599749438,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
        8⤵
        
        PID:14744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,17038723024196001556,7185253951599749438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
        8⤵
        
        PID:14752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        Enumerates system info in registry
        
        PID:14252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:14296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
        8⤵
        
        PID:6700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
        8⤵
        
        PID:7008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        8⤵
        
        PID:14372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
        8⤵
        
        PID:14536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
        8⤵
        
        PID:14624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
        8⤵
        
        PID:16288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
        8⤵
        
        PID:6772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
        8⤵
        
        PID:15292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
        8⤵
        
        PID:15140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
        8⤵
        
        PID:15304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
        8⤵
        
        PID:12776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
        8⤵
        
        PID:15348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
        8⤵
        
        PID:15024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
        8⤵
        
        PID:16256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
        8⤵
        
        PID:15192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
        8⤵
        
        PID:15136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
        8⤵
        
        PID:16432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
        8⤵
        
        PID:16504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
        8⤵
        
        PID:16584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
        8⤵
        
        PID:16800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
        8⤵
        
        PID:16828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
        8⤵
        
        PID:16900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
        8⤵
        
        PID:16968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
        8⤵
        
        PID:17036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
        8⤵
        
        PID:17104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
        8⤵
        
        PID:17172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
        8⤵
        
        PID:17240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
        8⤵
        
        PID:17308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
        8⤵
        
        PID:17376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
        8⤵
        
        PID:16468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,12440411222423455001,1491312265383528113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
        8⤵
        
        PID:16764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
        7⤵
        
        PID:11584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
        8⤵
        
        PID:9916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13632631775250310775,5542162574365188846,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        8⤵
        
        PID:15948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13632631775250310775,5542162574365188846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 /prefetch:3
        8⤵
        
        PID:14736
        
        C:\Windows\SysWOW64\notepad.exe
        
        "C:\Windows\System32\notepad.exe"
        7⤵
        
        PID:9756
        
        C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" "/keepAlive" "1428"
        7⤵
        Executes dropped EXE
        Modifies Control Panel
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        System policy modification
        
        PID:11276
        
        C:\Windows\SysWOW64\notepad.exe
        
        "C:\Windows\System32\notepad.exe"
        8⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 3776
        7⤵
        Program crash
        
        PID:10944
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:10612
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:11704
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:8672
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:10608
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:11676
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:12336
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:12996
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:12740
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:13204
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:13252
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:12704
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:12928
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:12524
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:15852
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:15432
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:15612
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:13124
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:7880
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:16480
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:11748
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:16688
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:16732
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:16872
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:17064
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:15592
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:7512
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:17740
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:10232
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:1588
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:15388
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:15012
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:14772
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:15972
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:5136
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:13620
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:14120
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:5812
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2224
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        
        PID:8144
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        Executes dropped EXE
        
        PID:5816
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3548
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:17432
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8752
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:9496
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11576
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:7212
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16412
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:14016
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:13116
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6584
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:17796
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13816
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:14368
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:7848
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:11108
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:5312
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:8032
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:1400
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:11912
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10848
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:11040
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11472
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:11700
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:12660
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:9008
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:8320
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:12908
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12556
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:15488
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13744
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15516
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16912
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17396
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16512
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17972
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:14756
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:8416
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:15460
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15128
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:14312
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16364
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16524
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16888
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9680
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:17104
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11272
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15728
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:14648
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10780
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:5980
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:13724
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:18140
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:1476
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:3588
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:4848
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:428
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:18156
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:13432
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:10028
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9708
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:2144
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:8088
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:5240
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:10076
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7604
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9460
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11952
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:644
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8184
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17380
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15396
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10488
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:9824
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:1980
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:8684
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10772
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:10984
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:11248
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:12728
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:12396
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:8288
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:9844
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17392
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1168
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:284
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:14892
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe
        
        "C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe" /launchClientAndExit "C:\Program Files (x86)\Orcus\Orcus.exe" 1428
        5⤵
        
        PID:7036
      - C:\Program Files (x86)\Orcus\Orcus.exe
        
        "C:\Program Files (x86)\Orcus\Orcus.exe" /keepAlive 1428
        6⤵
        
        PID:13136

C:\Program Files (x86)\Orcus\Orcus.exe
"C:\Program Files (x86)\Orcus\Orcus.exe"
1⤵
- Executes dropped EXE
PID:1060

C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5076

C:\Program Files (x86)\Orcus\Orcus.exe
"C:\Program Files (x86)\Orcus\Orcus.exe"
1⤵
- Executes dropped EXE
PID:5856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004CC
1⤵
PID:2640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:15516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:15992

C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:17560

C:\Users\Admin\Desktop\client rat.exe
"C:\Users\Admin\Desktop\client rat.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:15476

C:\Program Files (x86)\Orcus\Orcus.exe
"C:\Program Files (x86)\Orcus\Orcus.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7196

C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:17832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3088 -ip 3088
1⤵
PID:11248

C:\Program Files (x86)\Orcus\Orcus.exe
"C:\Program Files (x86)\Orcus\Orcus.exe"
1⤵
- Executes dropped EXE
PID:11492

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:12416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9259bcc40,0x7ff9259bcc4c,0x7ff9259bcc58
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1716,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:13924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:17540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:15948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:13368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:12560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:17512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3572,i,14471254320711071792,416486022411474353,262144 --variations-seed-version=20250221-050109.072000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5588

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
PID:8832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9126b3cb8,0x7ff9126b3cc8,0x7ff9126b3cd8
  2⤵
  PID:17908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,10296066499016690002,13113325521765453899,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:8500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,10296066499016690002,13113325521765453899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:8404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,10296066499016690002,13113325521765453899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10296066499016690002,13113325521765453899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:9628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10296066499016690002,13113325521765453899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:9608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,10296066499016690002,13113325521765453899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 /prefetch:8
  2⤵
  PID:10176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9320

C:\Users\Admin\Desktop\Orcus.Server.exe
"C:\Users\Admin\Desktop\Orcus.Server.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:17356

C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4712

C:\Program Files (x86)\Orcus\Orcus.exe
"C:\Program Files (x86)\Orcus\Orcus.exe"
1⤵
PID:13124

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lol.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6236

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications
1⤵
PID:16576

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lol.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3572

C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe"
1⤵
PID:12900

C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe
"C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe"
1⤵
PID:16832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Orcus\Orcus.exe

Filesize
3.0MB

MD5
b97b62d5d6139126de1d605e065506af

SHA1
ab8b0496692abfeb9187dbb1ef1b8ac9f5e95dc0

SHA256
190c696615b8225e6d16985412a5c92eec9348f15decc658bb36a5f1af266aef

SHA512
a513faadd8f4db63b2a6a2813bcfd759e0391247e501c6c0ea2c6c33306ea65f2dc242d373297f7e1ebbe67b944da516b19c5c5e4ce81966ed71ad765ab5de7c

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
45d48ea0d7ebf672190bc5c921dbd90d

SHA1
84fab5ee0d0756f112e01ddb95708f0b52988380

SHA256
a41b246ee5f7ce281bd2c0de298b863b31d6b8ac16e45b218e8ee20c60a30bc4

SHA512
1b0e472c859955c13822991765ec03c72a4697178033b6d9f1dc6f4e80fc37b1f0dee2893d40c7d2ce6a8b4ffc359781e151dbbef769eaa265fc8ccb43733b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2fc60399-25c8-4310-9109-f793a2d2fe19.tmp

Filesize
10KB

MD5
99f6193febdaa9fd3aaea751645395f0

SHA1
79f1bcd4cb7e9f180e910cc60de3dd5b6ff97711

SHA256
b8f00be4d092f4af43a6b7cebbfff47d3b05429fbdd1abd7cab21ef10be51d64

SHA512
bdfb784d994e17ab90ca75ebdcf88c0dc7e6928948c043404c92269d43ca651668698f1de02b2a1b128668b7fd9c18246335010d32816affa1b212f37600be74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8195fac8-7c4d-4260-94f7-35a908ce76e0.tmp

Filesize
9KB

MD5
736f58e3f0cdb737ce964554e4206011

SHA1
0f8aa36e66c9a86a28f42be193123f13461e682e

SHA256
c100e8f0e5db14848767abe2d78c28ee32e52a4f50fd7f58ab468449c6de945f

SHA512
922ba2e097b08f5e27520786e2717ed67b17915c5ef0a0c84dbe238dbe1c4628c2a297cad4c39b39490a5342b7aef12d776d00f4576620ff80fb0d3a4f1d2182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
21KB

MD5
54d2c504f0b710269a13bad34f552abb

SHA1
7c79631be828cd1fa04030b63cf9e23ed29571c5

SHA256
34acf086839092fa81d02de527db37c38c72806b7e53fdab9a50570cba953e47

SHA512
83ee68e560a33c5fa39527e1661a30820ba22b2c617a4ea40fd2f0ffdc44c167f1c91385e7aa3308e99cd2855e6c47cae2c9495dd386b3f8135fcad722f0b267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
d2610a5d8eb0910f15b4d0ba1db62ad1

SHA1
a48324d4034a4aede07736a1e1236edc09f82109

SHA256
30cfccf9517449b44740afc542d5ef80255071b5fbf4f36d767bd479dec3fdb6

SHA512
06c3abdb2ed0d6b9ab1f9b2172b1ac28862a8b27abbcc64250aa43302792cba76a201b2b1a180159a50658ba34657464335cee2f2cd8511e34133657bc1b60dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
16KB

MD5
58795165fd616e7533d2fee408040605

SHA1
577e9fb5de2152fec8f871064351a45c5333f10e

SHA256
e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e

SHA512
b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81740c30fc39552e3784976a75eeac73

SHA1
6bd326b7bee020dc1637f95b637e4b8e05acc44e

SHA256
aa570290b28dfbdd3f0bc82a426ae6df65c517644381a7c37d4fcb1ed8468f76

SHA512
5e062b616c56aa87b3a2d94a644ab7f403d584f1dbed6bc79445653ab97972174f03c4abdafee16de47e8bf818c18b7375dd34491db47376b6cd243d7e1ddb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b17e44bd7fe11ba048c091580ac2a1d7

SHA1
6ea90e5a557aafd73384d58ba0aaaf97ad0e35ac

SHA256
cd8494e9dd14f16a839019b1b3e6453690cd6568f5e9c9d216167275a4510197

SHA512
359e32987ed75207a402d51c44ddebe7900e7f3159e8f53de680a522a078694ffb5f6e22a0a423c64f5a08ac02ef23c0710d578414e55a67e8da426095474735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6acb586041da62777d486dfda89e2754

SHA1
b2a766690ad5c9d020a8f9b6f504f6fb93d375a7

SHA256
35c80eacc02184ee2a74bb5bc357ee517532e07c369bdf2cc25938ce41011aee

SHA512
f3980d3ffd760c85e2217c7dfb875c3a3a6aa565a722d1c99a213b77e9725302df738641eeb7da7a2ad6dd1d2f28fa809af5021c861eb654f19cf743a545f7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e4c6880425daf6604427f278780dcace

SHA1
7d61eedd5b1c849f36d14d559431cf3d782ebc8e

SHA256
546893e14834a26049b3bb967de263733ab20ac1803bfe5f84aa238dd7a7d150

SHA512
387f887c240b9f3c16dc2ca0bf21e14e9ecda3c72816905548bcdcc50013c04d6d9553d635892fc5e179631317b9c9e7516991241c63ca041370889295f75131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3187d5d884df8f31260bf885d92ee886

SHA1
3e1451c81afd460dbeecf299f567859eeb9df5b2

SHA256
7c43ad620ff25549c6fffdfcbad94965daa0c05eb2b1527c1ad4775672738822

SHA512
c137cf67c717d83ff4a1528ae8429dab15df2f8c739c6afff940aef02ca22087a20894c4432ea7b471d54cbface4ed5aa9ddc33022f9dd490cabea20e68afdfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79367a66852bafe3d4715c397c6789e8

SHA1
f05782a60241613efe7dd6e6dbb7f64855828332

SHA256
5c82d65c3ffaf300f6b25378f8cf295d09472283cddd6116dcd25f5592a4c27e

SHA512
4c773f98aa4a0d77574abe4e9b051a012f781dbbeb85e4eab4036c9435a524153b8ff072390d1652d1795c21cbaf45cef3917623b791479ab1e120fa958fc355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a2c34ed5b2c948372dfdbaf2605d3d5

SHA1
625e90a8e33a91c2d0a741718655bef5d807b797

SHA256
dd22fa5a08949422838359e3ef2fe1b690b6685b4f9211eaa976603132b83c77

SHA512
b5dc6ce5f875f0ee567ce69c30adb5d45be4699d2678c11537123b82fbde6ce2da4955a61f5c6520b3161b32916b2dd93f848e2b714ad79679a93a2ef432a56d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df3726b6d6dffc2700e87049123de0c1

SHA1
2806f0e6a5ddd81ee1a25df50599dea37757c92f

SHA256
cb15b3cb4f77b03a2d5952ae490e3cca43100c49b07a1e9a894fa0581789a5b0

SHA512
e256411ea3273bd5553c43a59608363611b3f7cf8cb5217b7cc6480c2177658a3aecdf01b7faca3b6fa6d21fe9ddbd0eef11e789ce5ae7ae126610c4d3da6c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
647408032beb812347eebb26304a4f1c

SHA1
db4a8474f7238b77dcd17a0f0bc691dc8bd7e327

SHA256
36ba75a7909ea66ba7744947ee2c13b5e3ea175d36f8045b07eacba18ba1d1bf

SHA512
b0c1244dbca2f85a598f2b7f16c9ddb44ca02421ddf08c8c92d45250ddf5a29e5b3f27e53188d0cffb270f09619f0bab6cc173ba64bf206ae7dfc2b86697af0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b9ff48841cd54310120ad8dc80b75b20

SHA1
5fe04391ae570d7ae1dc3bf73ce9d38f2046d04a

SHA256
c09c23085f0d61f1368a0b98c0602621cc67846b1a72dd3b8cff213126979268

SHA512
8974f1f651f31bf7e98f71cc9a321ce63bdf498fd6f8f533c98846e1c2b00625713e12a6669c6f50921d4572bdb471ff7f54e9b9349d94dd83c26cec3ba0b397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4127a38752ca6576750e5a406f8c31b3

SHA1
f28b446f34234d42155799972cd4fc20202d75fb

SHA256
14c0819cc2cb6ec5b135c77076252e3b28f0924df3ddaca08d91748bc9df72bf

SHA512
234d19b73c7941644bd8357470b9b1eaa3404c10a1fb162aff47041096073e581af6b27e5110095ad93939142b0c700454b4ab123b1c99c03a76a602e6500957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c138aac2dce628f463526ecec9939ae0

SHA1
a77fbd1565a23be0b4f5d8a057493672f193cde0

SHA256
0059be57fda9d4ad9aea2b01af398d7869e7c9b40e31a4c29eeb6649fe0efa2e

SHA512
a986fd25126019e9a379ee08fd4bf2dde1915d1d74121f93fc2f975f62bdeea9e6caaef64c97584eb697b22b2b5a9f5f335a0f093eb4500866ca7f92908846fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b16a6ae53dfdc7ae64fbbf61f1efd9a8

SHA1
8df945c0c8ef4c8618e3f23f12b0cc290045734a

SHA256
d0220d94fae4e388124cbdb1bc0dae21c7ade5496e96e14d694fbb9edd99688f

SHA512
ec48d42805d67cb781e16f539e0ced968afa6dbe1ce072ded9a7e49c07af02e3161258911da57200e17eaccb8bd29acb0761e889c071e8d2c271f4fc77a5b595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a26e52dd17cadd7f32730f80fd4c0b2

SHA1
2e1d62dc0a0dea3a53a1c55a1d3f7394d855a374

SHA256
afa4ba28e5d9364e014b3297f500e38d66d26d28adb50c2fc2af21c4f22c337c

SHA512
e3fe090d85edb91769165fc3c730eef12e0fa7b6a1ab2ecf2ab95042c40ca7fa5fdbcb5ae8efba7adf66d174d961bd6a1bfb6fd79fbbd4e2c2e013946eb669c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd8f90e224a233df858a1eb1143db968

SHA1
5fa48109dd4330b587ef06e0f56904c90c84761f

SHA256
eed1f7dd1ba3f87c40d21269ad32fd6447e876221eba7e47ad112758c3349364

SHA512
1714afe4acafcf1d6196eb149690b24a14b133f69ce4136b8c12f30cb937be01c1d891f284b3252a74661d333c1d56c8720740bf654cf17fcf1bf5a3b8a36cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6108e9dbb58866726081b0c07e55f5f4

SHA1
c6aa84eb2e2f21cd62726f978e58b5f63d0973f7

SHA256
ea3d1e40ebbc7c8460d5a4b205ed6247224eadbda65f346a68775d9a0c62bd0f

SHA512
8f63144b436a8a48fdf1125fcde38d4a1c4291fb8dfa3d40c1f2a1292e6e8e1b097f0df1ea55ed8b61113842ecb6a4f76d9c69895bb4d6412954c67487fb1659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a248a5042443dd50b686adc77a7e736e

SHA1
da23c3f619a46ea3fb2ec3f7be0cf007baf02e5d

SHA256
7fb18b882b1a7c63cea303a413631cf8e26846f6781f2664d5ea9a42ed0bf1ae

SHA512
f1e48e070066085fb419fa5346c1abc343d1d33b5580d40591cbafc162a7b5788904e6c0eefe8a2904d276c4c654781fde8f385eaba151a97921b029680ddb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
293febefe86793bb8cd5195dbce761cb

SHA1
c75ece2de1946d668460d7a3f2a04dd8440921b4

SHA256
2bc0c4163211edeb958892f544fc5c6ca3b69ea22b256188dbb653a8d3b009ae

SHA512
6f7d61bf7d5a55d31d3518ac5c2216b5fb7d1bc37ca1e9f112960bda402eb6a3a1ef78653efeb7942c853d4c0bbc7cb81627dd5ee406ce2d6129f41d1020ecbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
632f0ae5564fec563bc214d316d0b0c4

SHA1
01711d5b0b6fba32643b314a6af8a155be600a93

SHA256
cf6e41bb5f8ccbd9e2dfead8b0d708fd7255304b3ef103162bf3883ea0c47a38

SHA512
e9f6d736af1a8b6c8a74521dc44983b8073a8b7d5beb075237ce0a200b007af4f9dd44a35ff842e3c7ea326c2880b85cf85ceefefa635cda958b8e04b30eddee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16ed66314b9eaebf677b7e3485378da6

SHA1
5cdc1bbd3170cf0d5225e31b24751565915040b1

SHA256
880da248f0562ef8b3f08a54630f26c3da629abf232e8d1cb72aeaaadfec81e7

SHA512
74e25146fc3a519107a1ba36e4d5a073df204ab0c5db0c783915c7f805585195f6682482017c8e08da0ab1d282b3a3ccf2314e18a29c6157bf4d9e0eba6d376c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b72e459210a952f3d7c3b8c4a916a126

SHA1
4ff053e7a490467580867d0ab91b9a7b590fd47e

SHA256
c9deb75b42c151f6102fa1847fc4ee71253e4e5c615e1e0a77389d4c504c3ad7

SHA512
5773764c038fdd182117c9c387d9736f96e033cd80a0c727a58f1dcc0a4d86c0582abedcdfd341b3b89337a058dd9e850f1de8b71ac4e6d18c01cdb079a8ddb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a9e5191c1af0ff54b147b403d7a035f

SHA1
4298951c2d271ffe3e4f803cb330397e3bb378c7

SHA256
f415803ed636cf9eecfbf10c1fdaa42c1eda9caa0c31180c5202c8b24e1c053a

SHA512
17dfe3cdc1de75da6df9d66ce36b3ab9dc7be606462e958c16522d6a466739cb577e2820e58128f0e192031b2f4dbb0745ce33c33d1340651bb34d8a2a6619a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6177e1063c5f37e894405c07eb305c3

SHA1
d79a365eb87db8840b3f6e1e33101769cdf9fc23

SHA256
456934094535a581f8d0042e839b82b78dd7ad00b9ebba13896382963763eb3b

SHA512
bbbe898008a7ee6985c4004c3e5295d534fbf075441f2e8e2377aad9c57c7889d49150a2cca5ee13549217ae4f83c2c095fbb5b9bd874a058c43163fd112b450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b877c9e4ae9535d9ea9a048f5b60f67

SHA1
d5b5b7c634bd65dff8f4ce7d1db81863c4a9494a

SHA256
2e5546e3ea9ba84dd2ded7a26dc59694fa3b78db33dff9f1dcbce78fa185069a

SHA512
a673184440a176d5f77df21c59b46520f2a34f70438738512a95c55135d8cdb6f799e898a8dd82e92cb08dffa75f1b102411660b95406b82b10c98e241c76ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f531364af6172bb00e156f9ca8fb2a9

SHA1
365f1ce1c67174089595e040ac9e32d2f2498539

SHA256
8d964e023389a72c6fe2c7c492e773e30171078212cf4043026f785a215d588c

SHA512
4aab74db4c3606865137d838c82fe106409d710329a3ba3ad90b351cefcda011f17dec91dd655ec7b4605970eb8cea02361320c17d8c2023734e90122c7c52b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4513e5a9bf47152f951f8d74c8a70f10

SHA1
0da5a4ef18e6f1276ee4a42431e0c5fb2aadf7cf

SHA256
1256d9b3e682c6b5807f8f88dbae86e9478afa343740d3ed3fb2813b8ce49ad5

SHA512
17b01deda6ef205f2b900bc065cc6c56cc0569f34952b9d9cf70319b59efe8cc6a2cacb6fd2ea8715e8c5007704f35c1905149d3fe6a4bcafaa57d61d34102ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33aa5747f5f9fceea0cf11283adbde9f

SHA1
de3319e34af40b3979f586d7602e11ef1a889aa3

SHA256
d630b834cb41674a0c2023d523eb78d700e8fcc1d40e46e68c33c93575c95791

SHA512
fead0a6cee818b4189abdd8767c11b31344a025391b4c3f28b3dc10a21545a18cd5dab6ec3fd65f046881478f708426a1124dcea3aed524e14e0125ca0286689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36ffacc88f5cace49f08a58f7c891a96

SHA1
f0d7ff5ec0be09381e3562eb46b4dca14f26c774

SHA256
25f83448ce27271396d5941e0ad17cdf3068db56e54bda95c188f378f4d84737

SHA512
6b7f59024168cde20b6d5c07bf77105642d8cb2812fd7c56e8671f35762c9640f5cec311db53dc0f812fca91fa81dd12e64413ebaae4b0abf425beb15f75c2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7d8147246a747eaa405e7d95c101316

SHA1
a8a8bdb39ba0aa8c2e56c143113c68fbe194014d

SHA256
e584464ae17972984f0c909f2ffb1832deed32c5dc0fbaf558c16e110bcb662b

SHA512
d1f61668fdde5bb36add6947344acf5eb0b9b1bc25dcc0e15f857b3c324ff749961224f882d9ebe65c9bec1ccbeca1cec167547c939b67964084ee0c9fda5802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd38bca0bb4675b20e516523b8a425e0

SHA1
6262da647f654659eea3fba77233729d2724900d

SHA256
b4b70ab4611b683f165d0f2c19604871ceeee1e9c598a6f9ee6cb8c8499561a6

SHA512
5361289c5abdd6df617b710301e17bd12dde80553cce97c30b646323eddf49975e8567927708bcb85d898f44d5f460ba359e19f88fbb0cfeee6922353d247b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1276db81eadceb63f16a5c5a59361477

SHA1
6155c935080349b70b1524b1a123897a5cd44483

SHA256
4b78ab1c749b31e0f98b85edb2fc3fef42557ecc7b37136e78e3d858ae184335

SHA512
a7d49f81364ac77fcb50ec9f5bd1b01bba27939ed2b91361266d0287271b2001a8f97c4d76d48528cd4fafb15897d705cf11e1ac99680f2995765dd9b39cce5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a13f2d8de19c0348073c84eea29f8434

SHA1
8a74064ccbf509c61b009322a488433245784fd6

SHA256
824e16fa6fbc85b6d419fe020c546e823218b4bbb171abebe9bcf7fd9470e673

SHA512
65ebf607bf78f3927d74672d2dc3d9fa4b5e3b966403de3effe24c4c2c7c771699a5616b404d906e692bd80f37051620d44d0d61fa4718c0342f155047fb33cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da54f2ab7fa4afeffed57cf93075811b

SHA1
73c6579e1364b1074017db10bbf7f7d333a0b089

SHA256
d73e8e8a9fd062de2985dbee54f04062e5c23c28c31255b22f494ef403142b5a

SHA512
44ff2d89e5bce59372b922da704c268e45e99535a6fcae35c53a37406d49e70c1e52edc450228bcd4ee0e5a780263344db7a2243ad51ae2134c0d5a52ddc8f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72eadabe086ff0ff008812bb74b05a98

SHA1
a864395bbb319f9ceaf94673418e991c8601f6b6

SHA256
829b3a8ec9c6c34c50a07c81de5df89e962e29e7f70c568d9aae1d1afca208f5

SHA512
217bbd27a55723b5a55e604229d0c1915c9b03f9a8895a1c826671e8eee42988492fd292b664289bc86344fe0d6f922ca2dd22db456b31d01522d733d06b5ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a32d793644940471a9d8dbfce647b2f1

SHA1
2d4108262d40d4453c785a49a6cb341e0cf84254

SHA256
69abc7dd717f233f714287e5c5ce9dece57e9c375eb6bb155ca7c77b31a7f838

SHA512
f255444a8f1f320a1aea19f136289ceea8eabb16ff1eb5102e4a8217467925ec59f50f0c94e948a86d678d33fae1faea94b944e7e5a2d46abfa40d04b027983b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6dcae3b8d581ad6f33c13a7ea417754d

SHA1
df5a5ae7188192a8d0550d7efa4dd4c627dcda65

SHA256
8598d4727e1b175b7f61acd9258d334b5559a5fc2a87d114cc08d6f0391e0807

SHA512
667c5781cfdfcbe83d760c00657f45a84da077b10cac5a006976de65f97652a2ae6430832ac5f54b332323d58a73708c5b774dde9ada8ee975111d69c5556bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee74d4ebe07313b20cf62628c7f55bb5

SHA1
7bae4448d655a7efbbec4ea5874da94b6fb21810

SHA256
ec1675137c09f712117eb0246ae01ba204d7c8cdcb818822d9cb5392369efc94

SHA512
28a4ed41c872358f6072658856202864922efd150c9fa53ddd3f2c27e394bf3b8e8e0077b971d80bdfd4aa95868fad868037e82e816f7de67bfbae08bef90977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73d0a76a5a3280beca5cee3bbd036c3a

SHA1
be28a95bac52d8ed0055959c684f8aaedcd34cd0

SHA256
12b192febb6912da9cf3c983fdbf1a87eebdd8ea2eaec8061413023b94f7edce

SHA512
e73c3dc66bda458726b703f54f0e4d861f014ba417c4a92fefb01d35de0954538463dfa981fe2028bd03d3351ab026123551cb8750996d14216d4d52775aa1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
147a88cf6b64155f2c78ea66e7fe9b13

SHA1
e9f0d6d8fbd2799655448e209ccbafd428651335

SHA256
71fd597a9a002b1a81d21d78b21ae19b9977a093bda9e5afc099e69a77bfe132

SHA512
d6cf8af9eab7c078e743b5cafab12989f131e25ea61793d240cd1f688ce530a960decf00b7f4e5e0e500fc6088f0a28a39e12fcb96f6a6cc522644cf98f7a2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5b50ba5b5a04eb8aa17625953e24632

SHA1
c7750509c04d71fcef7f06cf0e1f42826f7bbd5d

SHA256
cabc87b120a38c68429f4d3a3a24747545d85686af4f222d6658cd050e371b7d

SHA512
ee08b87a2be8140182e55f8fc27ff441e35753b00a32ab8314295d8e8a81cd54c217828cda5ee34ccce23d967da9e59c545b1e8ba9c13d15f799a0b0849b98d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac67c9995a71b765e33cad5a77db2da2

SHA1
8a53ae9d592254036f0bb10950c6a1ec68cff24f

SHA256
4af5a65e47f7579889b611626ccd1b6f0eee6db0df3fef1bd3dae8236d774571

SHA512
a654c29526319fafec88bdc1fb3345fd12c3f43763e82ec4d49ff88cd79a8b2278faa257d11d2f5849ff74fd2c340fdabf58b9c236043f0c180aaca5e601e249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d53cb08a7a872b11e2579aa5a6c4c54

SHA1
508dd16e65833b48b34d7ac9a3af4f2606123170

SHA256
54f36fdc1806f170b3d88e01a882c2e545e30a6b2ae646021fea2fe2a24f82f7

SHA512
586df93d4aef553f20fb2d5e02bb019f28aa0723a6e4565dfe6bda4d3f7408d61ee8e267ce9c92bd5f201683d51991b745159ecf8da4eb269cc99fd9c7df620d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8606e35cae3b9df10398688aae945728

SHA1
4a6449c75b72a1454dc52a45141034fe0024a6cb

SHA256
9a1523a39fa33e730a2a39e0c7db57cf57b28e081de392499dc856bc05c5e2d8

SHA512
b00a3a1d2c6400e960c8cdaefe737e460afdd07f589dc4983b6a13f5ca2546aca967146a9cafb494703bed8fbf35284f0cbbcc1f2be56fdb737a0fb58baad753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
291e82548d8e8d4eb4a6229e79867cbf

SHA1
87d559f485ad997ba4f9a98e5d719d0fc49f8bcf

SHA256
cf556af9a988c562056b9a8b0b4180b91dab84752bdd40bc1ea30eaf8c21a1d3

SHA512
1c99fe1e64065def5ad06fe7f57708971c4b7c9a4e062736f828f8b735a168929b6829d65c04c4b7aab5f815c90beaad81829d3f07dc1a8ca974ea9f17d4baa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94edfef011863de2867d41378aa70f71

SHA1
df1192d32cd9b8c99da5fc48df14280319bccbe8

SHA256
6622da7ea0bf48d963734c132608bd40fa1958230040b643cba2467c5f9b4b7a

SHA512
58808309d7c3974ed884c5f4b07b8c8c02e8ef8f79c3c74ce6c1c893b8e09a15a8dd1d5389da9fcc711644baa9faf615fc83747fdc11fc2646bc196d941bc9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7880e484b7f1e199438c00f8db87b850

SHA1
583571962ea4871087c31bd237cde0d91df41b11

SHA256
951e5e40149ecffc7a846cc995284bbe0d31f4aa60dc4d390bd7ca2377922c31

SHA512
d35b66c8809f23d6e0f8210693bfb184356cadf7d086bdfce1e94013748fbf20f95c2c2d405f79835a2f29f0f21604b30771aa911d52d24f3a06db068624d4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43f1fd78c556308db9b6585535e19799

SHA1
3505fe1bb2ac35a8efd6433d93dee772d42fe099

SHA256
d4c1d3c210ad40a4667639cba8fff56d469080aed473c5c715b9ec18dbe8a6bd

SHA512
470cae2b314c749550ccc0f48e6397b5caf8da55b4f5ed3b407b3b15e308bbd3bee1d7f67524b3e451f4c2835c7ff47215f2df6c82f75b3a4f0f4218bbe57696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97fbcbe2f6792a5e30a7674a62bb6707

SHA1
a3705c8c581871168613b3f951461f9a228790d1

SHA256
e39d785a09e3d8d3b6f3c1333a3aad08574112d386f17cf4d0ffd6c0d075ef4a

SHA512
5813a2906ca868b4ae4d961be2f8abfac55027c60bbf9480596706c92d90f5cbfb0eb8cdfdb79889ae7c2865a65ee5521ac69fdcb94930cb71e997a0612d761d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cba97c3c34ac520cf538e9d6f4a942f

SHA1
cfce30bbff62a1012717a725f2ed666ce370ec43

SHA256
3972b78dc2421cc32d4b752d3ef36c6f3fca5852c1550efd27195f31d8a06199

SHA512
3b871aed1d26e1ee6597c0d378529f148c926e4db5424bd83e305b4a702bbc0fce49fb4f12967d4252c490eb1add63266cff0d15fe0ee9645e91061531fe668f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7337257a7a886fe3dffcd0c5a7132c02

SHA1
03cf04958955317bcaaca216a3a55119671fc5ca

SHA256
6f2b29d90c5614dfaae35aeebdaae9c892e134259ce95f07ae582c194e8b530c

SHA512
742be09be92418fe8bbc40eaa7ee469e000a8b7d72a3fbf6ed2efcc0a3d7fc1f7811817247384164808ec379edaace2e48d8eb5a4a77f86aa4b3dff5224312fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8463f3f3d3e4a0bca74767cd1af86670

SHA1
1902812b4d7d021bf2386d5cddc858b72d4be70e

SHA256
3ce6b6e9f04fbd50b2ce158daa5bd24a62145a1446ae6503c1976c03aa011155

SHA512
1db35f14ebdd0746915ed4d825a0d88ab6a9430c4967e44522a232b96cd4a89540508583f66aca316b9ae4355695ac76927ef483db07500663da0af6c52603a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d84df3b34c1a1abe43c07eafb6eead70

SHA1
c4e31b540bce81e73adb37bd803b1c93aba73483

SHA256
1eb4af57116f963edf29861436bcf9db2f7a42a06969cb9b3e65b0bc614923e1

SHA512
4e1bdf480cd43a67fdc3298281b8b224a74cfec5d1d229e09130b0b2f07e983064aed61a87b3ec26899b79ece71d5cde0a4614e664f5089fd6cf9cc9a00b8592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e46f7bab35918207d0127f681a85485

SHA1
a8bf13019a57e3370b14c675b851cbe74a63366a

SHA256
85c98f964202e03d832e7b14b029856c3ccafa539489986309e149909f204c25

SHA512
8f6fe739262116e1b721cdd1c26fd7d98398b8ca0dd54ddfcc8a71d8e7bd4bc7e3252588c3ff980ea62d893420345fe2b24c57e014b224cc7526e8b2164d0196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f36ebe845ecbebc7bcd1162e3ea1a05

SHA1
4af8320476f0c54ad028a522797c6c1029db30ba

SHA256
aa3f36e04708b8689d5e630f581c149b5fd4728e7c8d52e4e7d9cb9af17d00b4

SHA512
952afbee6a195fa26f0a68d47fc2fe00569a47eb51d757747d9a26155ebbee9c6b652c2f765d72c86c9bd254503dcd72d14e3a97999c5c23bcb7bd533b541ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9a946a319c77722dbb052962f429a44

SHA1
cdfa48d8e20f912ac5ad70f947ee63faa81ad1ff

SHA256
7dd1b7c62dad36efa3898216d2da9eca4a9714a0c8cdac5f94799e190d42a66a

SHA512
9f42ec1305aee070d11445f3aeef88471b2dc9a871b7a3a3e0fde4833c927f5a83094d2c43248effaaf3b7afc8981c28043708fcb160a1703293f97c9d39f087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fed175f406f9d2584d0b37ea0fa6862c

SHA1
5aabe1fdb9bd0605b4f713fecbfdb55b1f6c3268

SHA256
5f7e3691a2e44be9e6e05593ae00018cbfc2725502f2972f3a6c91eacc60bcc0

SHA512
2cecf086d9f1a67e96dde7b9c3ee1e3506df4f6a8b9db8e2a83e19db99fb9730a35e7c4ee47565a529f49e619de26100da48c20c71c41c804f1e43f5d1feb6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71e3fb0bb3754e3f3b7adc38fd4ebaaf

SHA1
d72f8eea3a1716b1f228695a64f6ef3147a319d3

SHA256
d69ebed79a4bb37e19ce4127da7517d16ede06cb2742b5efe5ad71bf84077794

SHA512
760fe0c34fc5c9bc5df62dcf4551e9cabacbbe61db7a523c7fc14e829a2646dd3fa293e2fafa5d3d806be677be612018ec048fe3e264a9238b71b9c48031b509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b55d8f5537a17c88dced4637aa4fb90f

SHA1
ae3108cbe3c326c3b70047a44c5726351cb1acdf

SHA256
7c26bda7bdbf5dfd76a142758ff90e1aa89a77bcbda5235230992d4d45aab5fa

SHA512
63e0f47bf2111e3030af1b26082a29a1d09d84a7ec47e2ed03a3e3b340380955276c6bf58d0d6b95e7420c232519566cf643b0046bb068fd238990d5d094fff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3582e0db20bbe565d3877d060c9bc749

SHA1
375b19bfa0f75b84d9e28a8e731abafe5c7d815b

SHA256
e9806b4d557938b42e492d3b2586b99fead3944d8f15c9446fc76ad1f1c67f8a

SHA512
f9b4bf0acef09c7c7f5051e9662af5cca25114000a1237882f340e497d4f64e17e6edebb1b75a1ea625e57c79d7a9d422dbbcf90de478e98511457f93d11dc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f11d1c2549b05b56f59c61b4bf3e584

SHA1
732d50e62961d11a588024eac3852502825565ed

SHA256
3733f497ab7b71b29777703cab7a8a5dd0d245bf924f137e0a612b7e4e085121

SHA512
c3354cb3ccdbf326b403e8c438f30d769afac3a65c53d7c3c27f31bb4f77cb3f6ed8cbc1055c3378299d42356ebfbba9853146abc96d38e59269f87af4476b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72bde9a4320169766ae767fb94fa780a

SHA1
e9021ffbd039e9e115fb55c80a34de3cf2a1b318

SHA256
b380dbbc83bff6e04f05addfba0f94a45c6c0d8847eb5f4b5da5dbc762c5a962

SHA512
44bbbf28f5014554c6f23edea490200d6db006a3935526bfd4fc6254627f9744c2b3367895d8131035f33f3f0324d7b08d36a5ac32e468d1c77620bf08ad7af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
002ef255ce9d02fa8c74d7cad28d5481

SHA1
a4f05186f6e6a3a73d0eebc717fc3fbc68ed4e79

SHA256
8c7e3c71c1929b4c7ce55f4a819f91e39d0dfcf7ddd900abcd4e1a17098f68b4

SHA512
0a58a0f4b5e0eff1b1e191266d1fb01677bbc54c092de29ecab5c752e9825e9a22f2887af002892a99794d74636a5307fbea5aee9dc59772c82bfdedd7140cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f0da1f191e760e8a0de8407051b55e16

SHA1
370ac65c622c1d31220efe76eb4d936f517e4a49

SHA256
6bcd71428e24060e3eff29de2a54e3f62e590668b530d0d6e124aea504aecff5

SHA512
c5fe33fc139dd58031f9fdf07dcd62246dea259253470ee7c952b7f85770a84fcbd8240c90f1c2bf3885a308b42c4571bf8e1f3d83f686f817693d3b15d91749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c95ff4535d9eda4135a05afbcb956749

SHA1
a2d0a845fb47410b85f8874a4e182d9c781b47cb

SHA256
b75f8da918d40e80eff4bca43bb88e3f50e17e56bf79d640f4bee72f3ee43ed2

SHA512
8c27b808f5c09b4d097be391a5026357cc580410b583451a39df573876d62b2e6d8072dfd4687319cd8ccde06ee0e3c5ce1f2461b0995cd10039bdc506949477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44d0afd81362115c21ed4413bfa086c0

SHA1
a581cebffbdf1b85bb12ad0ab9680123d0bbf4d9

SHA256
f47b4521a098d1c3e985d818d50a0b63a18602cc95a28d8f426f64868831741e

SHA512
34fbd7082a9fc24b984b2081e1ba4c74c1f5efb72559c38f879c7a8449d85983ffacc4440e10ffbd650a1968e72a9409ecdafec90c9710473f5d19c20c04298f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
129fd149b42e14aa1c8c9c02801fd128

SHA1
1e79a9d59a66ff449b77e53cc6e924bd182df407

SHA256
8308ada4d310b4e3be950fc47271bfb6c58c4e7b314ff1ba99dd2c7f497e28d5

SHA512
84cf89104d02b2cde5e8177e2c474f45aa5eb5f076b5870439b6ddf857c418f9cc7bd5e22ee4903fe74c0b775e5486fbe8673945581cad813f48fd4a8ed8c491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8cea0aa9833438700a1a3a13c107166b

SHA1
3a8a3df5f95426c8bfddd42750b86d9a81c135f8

SHA256
3325445d24090359a109d5fccd78bb8939211cc22f8e914aa747318db4d505b8

SHA512
c681cee20e0be272a901a566d63f2f2e492ae161fcf81f33b843b2ff62007d8c52ffde1256d242428d7edc76abe5ab2f21f2dda192ac120884c6ec2fe8cf2543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16970b7610d2ac60b57e8a27af50fe70

SHA1
fa1e58b72ade94ced48c9c59f8345306af481cbd

SHA256
84bbd6cb7d1b0716b74bcb97e2e37e87a1bb20aaadc5604419322fdc08770dbf

SHA512
f29fb15398fcbddf292729b6a5227ee41a134d9dd6066c700a8d1e1737143eea982e340d35832f314ad8d5794096963402657f90c23f39e9071152a0e72ffcd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6bcc0d38db1bab98bddf24351fe4b22

SHA1
ed3f3c3b17680f44e9d826d0bf91ccb1cec8b5dd

SHA256
38c1996d806446ef89855525c12c3dc4532eadaa6f0521354ebdc8089e5dbf86

SHA512
0321ac05e8dc23debfa9d4ff571924a85526b9d0ecf092d5f0463d9b766e9753cb8804d5b2e5f6cf7c3645272770f20b728c1dfb2bb42f26e7d6a0853a76efa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
494b4097e8828ae700ba058107af9a81

SHA1
c9c466c13fd5fa6c0edc2d77a94bd1f5a7ffe869

SHA256
81cec67b298c75e46b4cfcc4dab3defb054e4d8057b837d230648daca180f36d

SHA512
ebb9b34b069249e05056fd9d4d237f886c69c9d4ccddf8226b33e0d4faf26a163501bff107cd13baa00e78d0d5728c48233386f73cbf1be4cef3400518f62638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98a14165a235e23536b68ac170ebaee1

SHA1
8677fdeb9db64b8525c744f6c9770b46f39abde2

SHA256
99eaaadc090120c08433fa29f1fc161f843bb437985052407574660de03edefe

SHA512
47c90d15adf5bbed894b11e4d629e51e9641d5b19e853e044000b0f10ae67b809ea4d175764818ea872f55c5078e6d2b3d05e28aaebdb013e889ce84aaf3821f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57baf808e03f4bbd59b672517d99d41b

SHA1
6433c8d72b7fae2f8861408415da4e7769290048

SHA256
8bc9c39cbf5591b686cb6326bad67689b51bd0a69f75d5d89734793ac6fc3b28

SHA512
08d6f7bd885b328fb79f3a317503a251fe2ecf2e1c14aff99202d360fd85fd74da495e9070028db03ff3c612701f22d44e3accb75ac9f7ec3fff1faea41c3d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9edd0d51fd8c6f26b0563e48721c8e19

SHA1
b9e05a898307b49f6dead0af40fcc3a6b5c97063

SHA256
5389afda8c9bd600beacce3a14a8a38c2c1974db1545152cf950b91d5ea3ce2e

SHA512
1e4a84eac8ae206525a0bb43e3ce7724d2db77886bc90226dda11f83042f42548f6e15bb3283bf2d4c27adf887d5f29b862eda52dd865556e529862943391c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3895d1a18240a7771df230ea5e436c00

SHA1
a7b10c88b60da3143c26a03ef091c14437f90ad0

SHA256
6516e35ea8dafadc8bee59787c684874303b92fbd7334792c25ab9c4b73df77c

SHA512
52b721058bdb67add54f569c476e97ce742b26e5c9821e9c95e337bb788af1f626b7a9c4b97a51edc0f912de3f86599075d368b0b10d24d7315fbafb7c56e98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df13af06fdefb058eb61326df2b839b2

SHA1
2069ffc5d4cd1ade08c08e1df219fac148ce6f3b

SHA256
3459c7b7e632ab7f8e7e8db181f5ce49f85452a6b3fdf35fa99e4746c478c0d1

SHA512
9cab10d9e62eb6692d4d3affa4fe80675ddf24984063bb7a9b81d630c9a25257a04ccfcc5a7f7a5b59b12f6dd5ec0cb8e708a03d2e084efba6aa9dd3a9a111a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d99f38432ee63320f027ae5c0c230fa2

SHA1
97be0ad8af99d860faeb1921df0184f0ddd5d9d7

SHA256
af6b5d0be902a81f3d43c22f61bc411d0bbb4828c8986aff1b9b991830a9d091

SHA512
921d5f9788bc83532539819190250a198f7ecc6387368c9598e3714d8d214331c331366cbf5de6103999bb88090bff1e7ff30b02d861809025eb7639749c6aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
74d5045c1c12458d923ae75607efb6bf

SHA1
897a56b9d2380dd9dd19258df33776576a6e08eb

SHA256
f1f543b10c6e247f7b706b71fdd6d08632747265be84a3608c176a4d80cfe79d

SHA512
b8dddc41e24c35231c7e5eb1f6e8775d8ff4bd65adfdf51df8e130a8ee430436a29603aee997b69f93ea8e4727503c93fb4b7dc79f684017993a98ba81f77b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
dfaf6eb52a444fc9e1e5e48901aef5c6

SHA1
4ad4a30fe42a2954f57e127179dc869321b3926c

SHA256
5c23e2bdc37c7c688bbe6400c4b0c9fade8074206efc7d65d6075f99bb3cbdf2

SHA512
fe2f1d9c69a2e5264814ef48bacc149967f75cc3442f1e6886132696ec29fc750cd8c878eb37c9ce663179692389f0bdea1efad9ade571a00ce5a47959bcf6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
d888b108314fd63a4701f89e60b2dce7

SHA1
1cbdad3c3bfaba7b1f87acb315777831e565bbc3

SHA256
31860777b410cde69f38a460139a7bf3051cebba22d8387e80d9fcd2b8bd78cc

SHA512
431ae95edc4fbb1a690104cc87f80a008cac3934c8994fff67f090329626dc5b216272baeb25b8ed645cc852ba746e05499d0fcad6e5b7fcfc0312528b898229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
36e5c06ebc08fd4e3b766508671f7c46

SHA1
df3baff7c19e75151813059b94253596c59e0c30

SHA256
d81ffebf82634dfb7be6f95ed350f258db8073f73288555633735181d7b7a8e7

SHA512
27e8ed111409bfe9c3742616d63cb28ae6181da0450153fa1259adacb88afa1b698cdb8de41b9fd48952c6d6ca2da56436f27399f650b5f41fd716aeda0106d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
ac0b4a669e0f94763aae8cdf001e15a0

SHA1
6e9e2595a03966bb3b736ebf08416c078de37392

SHA256
83582493fdfd9e045d0d7f35715cbbd47d628641fb2960f08605a36d04a1af3a

SHA512
554099bbe699268deb6ba7a9a737c3baee4d4d5ed596604584303aa1f90ff3877c0b9dbfb9fe97489594f722bd53a56aa6a7930617bd2f0c6ca9c88047e7cd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
cf385105fd99294fe7efc4b821c74681

SHA1
51792e6c53c0cb6f2c313d87b54613d8b2ad69a9

SHA256
67977f44299c86522f0a11c80b0942e83f0cc1740cb62d4969cc9c05611b4e97

SHA512
a16ab62429142e623f098c3077d8a62947eb6d967b0f9b43d0383f63143766735ae718f4876b426cc4c40f5a8663a66d96313bfa69e1f16d38b9ddabc48df547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
cf7d85c0652ff736f4d827769848629e

SHA1
4850be17855caf914ba2599394a17af13e252ea9

SHA256
c2b6427dec950d8f918fabeea0f81a350fd1c483a3cdec1dd4eb360b8de56fad

SHA512
d96f3641bd7e9fb13f062bd272318cc230e369d87afb58a549059fe27f7a08d2e76648b0766ae66e5bcf64b19de948f9708bb442cb8c7ebb0ad7013ac0adcf29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\25011b64-35f6-4252-b4a1-d351463e16f3.tmp

Filesize
11KB

MD5
4f02b012d638b330d5dbf2fbae585ef9

SHA1
7c02689dc80652334bfdf2621db891965de3c02f

SHA256
ed46eefdec3dd716aa9ef8e15eecdf2fbffbc196eac103be0b2670a5b6d9c801

SHA512
b00abecdc988882b2079e15db797f8aa82ef604d93ddcc3039f88e5733fddcc58f87eaf9cb8f02d79b9d49e6058eacca882f100c448f7dd3103b35d89c449d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d28cb1e58a65db7fbb32817d2dc6c52c

SHA1
cef7333704fc688b240554a9d9c834b59d987ed5

SHA256
809c13a808071dc3fa98e0ec5f133b3ac4d0a4838828b2c639f14ebaf5fe2f82

SHA512
4b07b0f35e073056441e6c84ee2d3fcd20651f59a7c07953f3773359ad56cc14c5cff463c881f12ba092ed94cbee038c8d0ca8df9a339ec0630bddacb24b5fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f84860db0181f9f7520ac77eb2379c03

SHA1
4dec051c9ed7427758c0c6b6db699448747708a0

SHA256
0f34e9b980e1a705e6577907a67b544a959a362407e3b5f771391e7516ed7a42

SHA512
ea18f88bc471d34f5b78ec21832c04d022c562d941566c7a66f21fb270972dd3798d1526e2584c66b5b0ebc1aab6f77925c48fc0d576768737a83f61f79ebb72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2bc61cc0eb2cfe0756222c9aba3fce9a

SHA1
153f8f350ecbe42bfe44dcec6f0b51ac77ef32bc

SHA256
22f0988fd98957565dfe8f844bd25b15546e82202e0d62682fd9b2136d28260f

SHA512
5d0b12214c079c9710169a86368efdc68e04b8565d9b44d3d5df9efbce115a06cf34b753df938badaacf2a69c6919119003dfb915414473b16cee4cd6da83f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a07d48136c1228aed9f5407901299098

SHA1
d0c4c2b069e18ae9d1e3c1de9877028ca1649b9e

SHA256
2e7b8078e354121a47ff61c8f5a8492c86e0f40fe2e7af4ea3901031a826739b

SHA512
5c888e733e7bd07d7a07e3c59aa3455a9f3ad7f4c2b7d143f396906d6fd3b17cf6ddf230fbab61e217e421b03e4d7b3adf4bcc331769527a3b26085d1913706a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8034a46648039526c98e105bf4288d89

SHA1
bcfe58871da2600b840774d9bd331b7c1beaaf2e

SHA256
7454053154b4e061d721607231dd341f525141ff9ee888d9b413036570d96b69

SHA512
36f1c4ceda73b46e88ac17633fb44ed76b19c38416fbd2cbd961236396bba283f7ad06b445086e1aa03b83d7d1b68c92e133e058fc5fc29e9ff20cccc65094e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e45a14e89fdf82756edc65c97e606e63

SHA1
42ce594393a4ce3b4e1c79dbe424841bd3f434c8

SHA256
49af9d716c69fb93ebee18e708f4ceaab99abf505abcbad1bd46c60ace03da9f

SHA512
6af0cabb253026d7613065e7274f8be114fc2cbd0134e8d518a417bf4b2b94ffc8b9c05be4e47685ac6d7246e28c11a86852ee4b6e934bf6c6d56b6c97428425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
825fb95a70bf7b56cfcda1f118800f98

SHA1
15f1e212c1fb567c70ff4f716a4bba81f2857e0a

SHA256
2280c42f8ca4302a1d37d63532e3e981e33b596e3b2e930ce40b390dc0f09104

SHA512
987189b84f58e5d64b662f80f47ae797bcf46aeba86584cc17afabd2f25885a4cf48d80400154ba22eeee1131b84f882cd1998d1686ee12013218f52049bc6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\05de8440-6354-45de-8e22-74788a569df3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b413e5d8fbe0eb9d33704ad973fbb975

SHA1
850f358fe0b8c49e7f2bdb137677c9ae916bf039

SHA256
6e0a847d864839387f814a5f29e1a4c71110516d9a045245ee4852466da7f397

SHA512
3b441bfc872d0e138807e4c2476ad0e6b929360b2982d55dc5c13fe02b79c0e803c3b5543a517c77b3fb1766673edaa701f05128a4032089d01a4a2c9d59ff3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
61c0e27691e0c264a32da04dbf43e9f3

SHA1
502db135d9704a3bcce034ed327734ecef6c751e

SHA256
4bd81d6979f704a6f46ef82b77ca36029e49bfee76431bfe25c08c7fc1b3fc78

SHA512
66e49091f7faab6521812847d6038d56b4319f284a35cbecd2c0a01632273e6142711db16bcb2262cf714b1b88ce06c231c157b43411672180614dd79b3a524e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4d3c4c83eeaa86789429bdad1c9237b8

SHA1
9b8b11d25a04d52d6120466e5ae5f2142374f68f

SHA256
6990070891aeb4b69d759ba6afca71b4f2e9828f3dfafa9c9e68b5f6d7a6037b

SHA512
61d24433ecdcc8e7d474ea7dafe7b5c46f998aacaa1c6a62d51203807694e9da8b04f96bc4a882d1d8a5b64031588d139804d14e33cccc1658f6180f4343db33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2930e69119ee3ce0_0

Filesize
40KB

MD5
545b90179f1c8c8bb0232a8aa33024e8

SHA1
1430820d941b303d24720750429e75d58e88ed89

SHA256
6393a2396318d763deecbb6ea079e987d7893f668dea9e3b8fdd61137f193fb5

SHA512
17de2466fa9c65e5ab1d72e3f0763063874e48f6832d74bef659499e4a24b4d2246c7a00606f1ae93f45f75b02338bbeaab59f388455062ece5ba5eaafa9454d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
4715b9fa3c053058ee34216bee27734f

SHA1
2ffb1bd5cd4a2411c09cc1958deaf912038b1456

SHA256
4f5a6e86ec3de76fa659d3f748dd4dcc19b472eb8c540def4cd034532eab23e7

SHA512
0dc729a31e81f93930ee7244e336eb9502caa7f8f296f2552fc93a5075aeede07303684901b966b25d4413954134c9497b70f3c74c60d1143826f21cfc4d0dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
43c95b1ec13904f5659ecc1cf13bf2f3

SHA1
9070f6a43f23886df63a1b1fd1dc6584339fca47

SHA256
ce32d06aaf4ca7cb74b1820a8e189b8ac3343b0189c89ec38cb75ebe739a80d0

SHA512
cd2a1ef89474fad4c3be2995f8db7d31cf0ef62c0b63d3da8aeaaa1f9c1ba6e55b40a2453b59b7b1a78a5d4d86d8eab171b4de32ca99b7aebf515343109ab6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
becf0951e7513105dc26061ca86e1498

SHA1
239e7dba8614d6ad6f573cbdba70165a8d1424e3

SHA256
11b15a7dc5672e99b8e0792a576185d957ccaee9b34bcb93fb30da9037c892cc

SHA512
2246f9de3c673b0155226379145a4a2786e21406b83a7211397673977b6f9ea7e91dfc80b7e0c57c6d9e43dca81285d3526b786bb44c028a6a99244192894aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
29b731439cc76e3e95bdc3538bc62900

SHA1
2863d0c33e11e371c8517d70fe21731968eaca43

SHA256
14675a7a0198a77e3485588b96c8c3175b77d16a224ea8046020b0d0dc29046e

SHA512
1b80d580d17446d86e3dc1218c6681cfc5e184b4ca8d5cb8e93b747c7b36edb53387f02bd7eb0415d4f571b40b0d1265fb5bd410a4ed1c7caaceb39f23d1dc97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
2c9492240766be4f7397a6cc479ca9bf

SHA1
0e17fa28320b053b9ceb6bfcb668b6eb8f10ec30

SHA256
7fe60b0cd49098b4a65ae602a41ef7f12125599a7ba4059393ce2665a2837526

SHA512
1f9bd95789c33f517d3b30280a7a7affd9d2c762105efb20b60f52dc4c06ad1c60adf60200b65e7b8d11ae62d4a9441d8fb606dbfe7c7966854728f19c89acf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec6bbf6a14aaef5760f190b61be139f1

SHA1
159f8d69193c3aadf9ab3bfd458c78d0647cb7a9

SHA256
ef06552af4d78a96fe3e134e890571a671b4a3c58831101bb2af2842304e8278

SHA512
78f45241a8ce8238699844b6e759a04245b20a7490524d91161a6045a097fda83be5da0acedd66c49225928b534884665538097d0b034b045a86d770f7979c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cbbe8861f0a9f49f5c962ae8b8dfed25

SHA1
0cd67b05f2d0cec8126a93f78ceb34cf315bd6c0

SHA256
88cd082e04446677980d3c9a9bc4b21433e42718c0906b096ac2fdda65f6e53c

SHA512
b1e5a10bf43c6e9ad1441a3fd1f150d085cd2b38b2231179d636fde758a2034cab1c727387e6cf9e4a74cfdbdd8b9c182a61b7797c83fc2ac00a8bf5626920a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70d5e8109f62184dfa101e43dd66e7d2

SHA1
22f22f99bdf690648d99c87aaa6dcbbb08e32497

SHA256
3318ae5bbc3f3bbbfc045fa8d8ba009982c303800891eecf0b4e6ec3507db92d

SHA512
0c3294d461fc36eb38a1710226cbcc8446cbf0824d0580d591eff7ece6c8af727d1f8eef942a31e4ff0eaf0bb9ae00c786cdb17013cc9bc5591a87e12261634c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
844B

MD5
5fafb209b87f854d6c48ee80df24a4d9

SHA1
db35a38fca47c0c090c21161afc9fa39bb37e361

SHA256
c869b27a0a9aed606f5fe7ff3e9ae21104f2305a6e69b8e26322dab94eb04889

SHA512
13307fc7ce445de677a497cb53211b6fabf56258074141f77b4302ea9de2d33e25bcf7cfa451aba293ed791fcc918575ff2838076496e1af39380bbd9f6d7cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
794B

MD5
6d55dc7a35083ed3f6b419a71071c4e6

SHA1
0fa2c416c2c7fa881d19ea243ed8bcd6688bc0bb

SHA256
a9cc67fd0a2660fbd8cdea01ecb65da7ddc8cdd5940c24d793bfae6738eeb896

SHA512
6105e38c61fec8b3a902762015b633f5b38a11503ef0abbbbdb766c48e2e335b520548c506529ff9b85257b9ed9f9cd123e9a07b6dd2eb33980fed3c6bc23e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
844B

MD5
2617630b32147a19b40f35b7833a1489

SHA1
7dd8c63cb63b0e8c5a4c8b04174da99aec3155a9

SHA256
d73f10aa5cff4adcefc57582dd9806f5bb9c4358cc4dedd4fa1a3396a16f5951

SHA512
21ea310ee31c2543cdc73e00f87a746b581cfed36aa096191b71bf3b1f3aef28adc09fdc7581fae22a1f7cb488c0f802812c61cdc7cbb7e383551013f078a347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2cd56ac11790fbce76fdede2ca32c2b9

SHA1
b0558eadff95b6f51e53a902f193f3eab0433c74

SHA256
d8d0ce09194d7433aac1c5a137bfe2bb8fcf4a15027bd9813f1a753780886ffe

SHA512
a454aca400711e418f370938cdd3275c4a6479b038fed25a49ebbfc897aae368e31a13e6bdd3ff0bae96676166a0bc31a3406bb5054f35dafbdeaf276291537a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab625d0f82c7be01b29cceba84328988

SHA1
25014fa850a25bb63f1d9e130d419ec959d5a7c9

SHA256
39dfdb7a1890f361c7b390c63f428f23ff4beb83e4ab9f62ea7c9e02a10ee74e

SHA512
37bffc8158ce84934433189bb7a3867b86be473d98b4bd082779e8ca69ae237728a23fd0caf2dc7ad7f81bccc8c30905734c18755cb66991a4e4f1a296db0394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d2b04d6f5977f141f26dd577c6f439b1

SHA1
7c88a6fdde12ec076b2fb22b3ed09d8b925f5fc6

SHA256
0ac6d1b7fd6e039aa8eeee416c5b2c7f8ef058399b1c698735d2a2989a55224a

SHA512
5ee54ee502a593ccb1f32b560ecd45fc8fccfe38cde511feaee250053ba9be3ce5523919568253f29cfc98bbb07099caa59af57fc3dccd78cb8478bc34ecc2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b297f4c517eacc624c1f2e8f02ecfe1

SHA1
a2c2abc7cf76427b21fe042d92b7f13a9c9e498d

SHA256
d41e147c7c1a1160712e497c2604ac25dab8dd517766142d4506563f1d59038b

SHA512
5508f525edcaae61223ffacc0e84c9f6bbbc33b2424cb7c7241be3598b13aded00074d0b369f2fa47fd30362323e87d9d50f685982618c0870c6cbb870fc3c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b631e6644c29564e2064874960c3cc25

SHA1
3298f43fc060d0926f467e028047ea80502aeffb

SHA256
d493cea719790aa9f3f900c59dd054bafff3e85e1259ee1d94d4969660ad5c09

SHA512
ea5acc55c5570ad1cf8dbd09173bcc95f6df52a5d1d9dbc3129b7cce6f42507818c773e0697e792cef7a3c78cd425556977a9f82995bb76610dec82491e5ac7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
645679ed6c2f0245a8e871baee1b52bc

SHA1
8d7ff69eb34991fee40b8391f6f497cb990cca69

SHA256
487e9af44e28f7ebd1e1e8c3d9104b1abf9015ccbc5f9102da13e1115d33f82f

SHA512
73c73ab7ecb38175b0fef1dbeead8019f35dfb3c3d040e682b6ceb3935b762c8851ce0671161a1e8492d352faafc7d99afdb8eee5c0057d3712b0fb278cc5d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b173a1248b0340ab7a9e6fc8b27c93cc

SHA1
fad31ba8a8a91f2bdbb77b2b6696c91735dfd8ef

SHA256
71ce0affcec3c1ea0b12ea1aef611f3010becf99bf07636422c0e944d4eae9e1

SHA512
74f104bd00580c8bc6654d3e2d32938723c9d5997a0fdea601901c914a9cc352c71ebe525ebbd1423ae5e931e38e706920b1f2a85694210c648dd78ae674372f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
02722324b5976d84e2e2807ea66ba2c8

SHA1
abb567984e637cf98685bb6ebf56750d221551c8

SHA256
f9ef42adb3b1632d93673b19fc3d2530464c4e4e8520f4f97e85789cff3b3d3c

SHA512
b3942e48d1c86af37960275ea9a3ede97815badf0de51ade0c2dd1845cae9c9b47041552e3e67ff95482058f5f643bd001e86b934b4742c9c443ef2984f8c887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f44b9077d124f13010fa0c3a8dd18f0

SHA1
0a171d34d2bd531b93d166e11759cd001cb7092b

SHA256
4225860ddfe407f5a00f497d27301e0ff2ef0a642ce5383020635fff0aa2def6

SHA512
854ec0d728128d8e3d045f08eb0921d8a425595618ef9bd713b69d137893909718bfce14be4c2d3ea024dcc506ead79c208c7340ec532f03731bc08a200f7307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4e4443b63b373c51e2eee9efabfd9111

SHA1
1e8d8d8d24599961dd693a3ec8f2430ecd3609bc

SHA256
f06eb4ba82afd543c44ca60568c79508d31fe4501be859203ac52dba23194117

SHA512
2d0db264965b89d015e2673253ab4e5dac402f570b9bf5e8643001e0e96675be70e1340ba281c392b647ebc64dde2ae605d4a9d2325aabd9060e46c2cf61c874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9bda218812746381f4fb6af1b92f4eb

SHA1
00fee43c9f6d13a24aac5d8ab15063f156752d12

SHA256
4fde683c0f3175a389b68b1688b9bd6e279169b390a047ef3976c96e4b951583

SHA512
ff676668fd76bbcb4338b7823f22eb3f9a3b54e7026a7156a845ed2eb1e0a52942b3be116270213e4f216e11aaf6fca21687b58c119d74541a241eb9c7dfa06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a019f01c60bfda2b27b421d7221dd845

SHA1
352ec0c14ce4689c066540d6041989667fbf3d8b

SHA256
5070b6cf41bf037571bf187b9799b479c204941dcfc0830455d7bc1048da65e9

SHA512
ef34679e78b605f805dcb2a40ea15577e175851d8a7d3d10d5da8d8f90e1de9dc5893ea3d51e7b22c3a8baa05a864c303ef44c63234afcbdf23b71e7b0dd0e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
54b4e90b42d2af2a0641078ca49552bc

SHA1
eec43572c4ad084b796278541f81801a99889222

SHA256
2e7bc08bb6f11f899082bc8dbb07314a5f72229ba6858eb796e65ca038b38d82

SHA512
cf60dc381178841dabfd922eeab6793287a51906da8f5592cf82237db3e58e8fbcc0d59cc267dd9774a230e1074516fe1c27b91aeee3ab5d3c721ca81e4690e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6980d43e43b32c855a93302b488e1a51

SHA1
fc72521031a19f370065172f45ebb462a4ec1c46

SHA256
675a3daf1b8b9b36b8a873e3230c6c5fde50a9f37740b1061964bc39a9a66aa3

SHA512
d49eb96cbdec128a77ab3194404b587741286b12ba21e580f4606c9b591369df2f9601d82079e1a92fd1e8b981e1281da44ec1d6c3fbfbbcb4487b400c1b2337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
33b2c6824b3b736465fdb2070c6c7be7

SHA1
995c3cd36b8cd82040dc6f90fe2f1b1c842c03c5

SHA256
e72a667325631002dc11fef89cdd8741942bd58a90144b00c5bfa7eb081cbe2a

SHA512
e0021116f9fcd2b28fcfa476d10d50c0807eded15bbb400dfa9d02c10dca1ce50bac00906773177048cf60b51f3d6ab16ebfa350b88b055486f48cba74421df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f1873.TMP

Filesize
89B

MD5
060acfdc79406b7d51da282d7b80f469

SHA1
71bd649db9fd94385c41f7ab25710ba4a4d00c53

SHA256
0edffe5b6353f14ecf8e1f64ccd611f7fd1b2671c6f900e17f6c6cd936c1f6d4

SHA512
93f3fa6e5456a4b9b6f3f703ae301e46a9af20dbedd3d5b3f0d2c38b501c8c26913582d2f53ac5c51bd2e6e16b6df92acb4c75c5b68248a20d5897ce45d71ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8e467ea4dddf6a04aba3fd30f702cb6e

SHA1
006affa85faf8a8d3492b20c8948f54086ef20b6

SHA256
7db92f24a9f2a9a048c224f238bd2ed58cb54e12598cd95c38361cdeae76262b

SHA512
34aa1767d8a33abbb361a122eea0d46a9b9b095a7d35f766e56d513a4219aaa791cfb87577c400dfa97ac6f6f404b7a0faaaae807799a6a85d6f37b119da32c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
45055337f096544b6f8b3152a001f9dc

SHA1
0454c9b139e67739697da5579e5b7fc653da9acf

SHA256
b865f90457ec0a02b05d0d16b43d074dcb6fe8bba1ef455c7285cf1acebde4dd

SHA512
e999afa33bed56428040ced0640f993a9ff096720e98677271ff37c7840391f1908e9f3820fadbf24645ec2218b99a2f0a39e8b89f4bdc30ae51001aeb38841f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59455c.TMP

Filesize
48B

MD5
a40aedbc0e669a820c3047bb10fe683d

SHA1
73ebe43e0e156d207ebbfc05ca18fe8ce9707ca6

SHA256
db4ac9e3d91b581a815a67c98ebb25a92da9ff5c79f6dfdcaa6f7f432d44a124

SHA512
85cf6199ad22baa3015cfd4e320f4dcf82420e7811cddf39539f78c4be55b5c61911ec7b3b097d11197862b45913d17508a2f0886dd7881d36eff14cdcfb6816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13384638803401178

Filesize
44KB

MD5
082ce8e360f13b3ed8a0c5125bcba9a8

SHA1
edcd336421a722b1a6b0ff6747896715f41a64ac

SHA256
516aa8c6a00ff9bbff3b16cac03031f3b3e6a60c8d7f2029a585ce86f6dd23f3

SHA512
1f46d47c656e43fe130047d1286d61f1bc8ffe2f88cbbf1e158877378e178b4d5cb95d218d81687f3acf61882cc37eca7007bb57d07df4d4d8c5b530ad6cc016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70e36da8fef057ae250f97ae36174072

SHA1
83f0b22669db901853c99a61f13d5e2cb19dea17

SHA256
3b8781e2cdd9feb983acdd605169a82f7a40e9669d0047c8609822d4cd4d5f58

SHA512
61fe6e7cd34105d836253d3dfc1b2bf3897c4c403d256cbe67b25a90b72cc53b37ae4160f51520810da0cbb2a912efd8c9e74427991ab564b026798a52c49310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
b02de143bcdb515a7b0d0721694a2e29

SHA1
569d656aaefd2a154a8e72976f923248eba4e337

SHA256
231b3f7a155a5339d321b0179b2faef65049aa17df38d97dddd44c07ce0ef5a4

SHA512
8d476a8dc4702a34bdc4f68473139b836075c7e6e3b43118908195f8951baea43642291b323520271ea177f89900966f49a6282644464e5d97ebbfc51e58672d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c51b678659c0a9143dcfe44ef28d307f

SHA1
e581a26d17e3b489542f3facc4c172d4a136fecf

SHA256
a56e1fae432182752f630741f653511cdc11d9255c00798fb6309e2441635393

SHA512
900889677cef11447312be2d8b4015194486fac8c644b53a5ba900d0fb566ee362301a99f71198db0630a4f01d810a510ee4544c0da9e9c8251ed4c1cf26cf47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3a79991f605b6a65a948ade8218347c7

SHA1
ba38b7ac650ffabc614278d35713f6f9b37c56a1

SHA256
765f46c208fa4bfa747223b50f7e75486ffd9b98041e9542df1ce5dd137f170b

SHA512
21fa3f66e0003c93853c7747380839c160321bff8694c49ed90945b02e3a584ecc10c323cb00d96ebe192575075009aa827a5444e561a08fd47f6cfd21c7db15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
28e4a7c0b8dafddf14d75dd38eaa4baf

SHA1
47977be552dbd32fced2918b182362e7201d7a27

SHA256
9b975cf0e645354fdd56694472b9f08f29bff881fa8c5acc3bf7202ea70df03c

SHA512
4356cb31d6b03fdf8c0789b88596a0860eafd0ec28cb1991d58f231d209a507f60174bdb583f06beb800c1ae046f2c579cdb88c91519ed9432543a0bf4ed8041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
969f6863e5450c42fbefb3dc5a9da984

SHA1
c8a4c660a26ca8d464a58e1d237f1a5fe2f4d492

SHA256
be711d2574ed861ffd15ce3c152c904cbe4731d47b4ea8433faa2d4b93dceb44

SHA512
abe6f0c5f9f00bec0f55d2efcab15a39564cd120ca03bc4ae3328ae4b323db3318b6b1928ccecd1eb610e14e3540cecb250bd9e9613f728ba7c780fcd33b07b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d357cf70a4a52c626805a109e5ecc0c

SHA1
88b18afc4e07f4dcb87db3020a0413630207c82d

SHA256
e8938371e2918efd135542372c925ae5070edf96a071c2163dee6a92d8745e85

SHA512
75ede0e5aa6ca8add158cf7292644990f7aca4ee323d44d5a7dfa331e43e2a6559fca20241b18da218158c9ff00b41084dfdae52c5bc0394da4612bf022dee66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15233335edc58c788b64d661ef92e3b1

SHA1
3fe0f164ffa54ec624192c82acf87c98eea72ffe

SHA256
ee52931587cbd957f8c038e85d03a620d8c9d8329c3c7ffa3ecb2f856f6efdb9

SHA512
637741435c22a9d2640fb7081c131ed29c8edd31e0cdb3cf3cfbcc5d4e9bfd0820f2029e95e703457935e33fdd0a6defd203e1eb7a8905069667f4b8dcf45bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bba0a33d6a61c3ed23394a9422689121

SHA1
5906a0f66609d67cdbcf365a45e0e3357e45b50c

SHA256
6251ac0ef035c1d053fd09675bcf6a19545494a435320b33520155f9fb3fcacf

SHA512
019ee5f8fb6444e0d7cfc636b45587895bd669fa724cc7f91a96d0b50111ccbea014e40abe31872e247855f55c10a152d37473c6c62c881424186835fe800a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
534cbb0a66fcdc7e9d060c66d03f1e4c

SHA1
9dc25895a06c68140c94d7305a9c867c388348fc

SHA256
df5d26a54ab3d32836ffbd106bf043e2eacd91ea6582bc0073b2a3f3a1b69d3b

SHA512
390fea8f0ad8548660c8c5725d05c5a94fced7548427f7a93db954057824d0a68cb8871aefb34ff4e3292a6dc67333a32f68a4da55650313ff2f8ba00e824eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1aee8669e6f1d095d34a2c6f1c455abb

SHA1
df2ffb150ac040f9a9315ca6a93fbc0a2eb6434f

SHA256
d944bfb91e421edc4227785c636d0834ce3c38d8e7a6e4fb7ccc3a4015d5f1f3

SHA512
61495b24b9914eb7b1ab959dbec9267d2dbc7cda7ddadabc3badadf2256d0464b2b039ca2f39ee51f9300c086bac7fec8a9694a35a4034ee1b4eec4bc76b8f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e8b11cb72a2a760df28df716068d212

SHA1
df3676786f2cca913f55d9c7d695d88e63543558

SHA256
4576ad000fcc81295ac3135c1fdebd9cd3a2ded537a4af70d38a26d06233f28e

SHA512
253f1bc339fb931fc25562a9f2e2322f1f7e89711434109572ac6bb975d22eb0892946398ee710bc8ad2ab631b4a82a0a287b666c8d9ffd084dd38f47a286465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\WPF\a2hejvqk.zwz

Filesize
326B

MD5
825ab5e8c725411b8b9c319bdcc8ea4e

SHA1
00b0b5e4a75058a5c6255db4dd10e899c4556ff2

SHA256
2e3a2c34cc9728cb3c1915e1c778fd0d63d46ac8e238c90726c96e4a31042357

SHA512
604c8b18ad2d3f430885caebcf895d84100e0f67206475765173f1c924fe4cbaf5de83e8e645dc4300d30f2fc1eceb4410b5644660bce8ccf396b354a8e749e7

Download Submit
C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe

Filesize
9KB

MD5
7a195b6c9de2d5cab015f649da6931a1

SHA1
89f7372dd92a90a8e13b74ee512b464412e4cf9b

SHA256
30183935449a625c2a61f6342dc3b9907028194173f2e3d594eaa3126ee316bc

SHA512
3c2aeef85b51e7f955072fba042bcedf8dd0b66ad813def58c0134355665ba56a713d58005a322561c62be5777d0adea2803da214459f362f22fe2a0dba5a1c7

Download Submit
C:\Users\Admin\AppData\Roaming\OrcusWatchdog.exe.config

Filesize
349B

MD5
89817519e9e0b4e703f07e8c55247861

SHA1
4636de1f6c997a25c3190f73f46a3fd056238d78

SHA256
f40dfaa50dcbff93611d45607009158f798e9cd845170939b1d6088a7d10ee13

SHA512
b017cb7a522b9c6794f3691cb7266ec82f565a90d7d07cc9beb53b939d2e9bf34275bc25f6f32d9a9c7136a0aab2189d9556af7244450c610d11ed7a4f584ba3

Download Submit
C:\Users\Admin\AppData\Roaming\Orcus\lib_cbe8414cb2bd43639b62a9abbebdd3b9\CSCore.dll

Filesize
519KB

MD5
94a312a6fcec0e78808bcea3d8ff67f5

SHA1
fe760487d13f9a6f5f359036561105d4aca88a1f

SHA256
e835139171eb0d63b6b4e02b0997cac040c02d295648a275d4c8d28b234c8e94

SHA512
ecdedeee1ee4e35e4fbd2dea3a4dd8b0805166a9610a63affbfb673f2644588eacecba6b3a5a0052c202ab14c321800997512abc318d36a50b00cc86dc83ec1c

Download Submit
C:\Users\Admin\AppData\Roaming\Orcus\lib_cbe8414cb2bd43639b62a9abbebdd3b9\DirectoryInfoEx.dll

Filesize
224KB

MD5
c515dca85bd4f84875e91abaae1d25ca

SHA1
46a75f77a2c3f783d9288cfd5bb37abc653ae41d

SHA256
6078383ce879071a317f0e3658d3938a86874f574be28797ad1cc612588468cc

SHA512
3a7ad24e848e91a457fcf6147e817fee10512a19ad08eeb557ab66403e970f085890a97322f334545665e45a0bda0284a66c0223f0766268ce7549f8fa081b19

Download Submit
C:\Users\Admin\AppData\Roaming\Orcus\lib_cbe8414cb2bd43639b62a9abbebdd3b9\ICSharpCode.SharpZipLib.dll

Filesize
196KB

MD5
c8164876b6f66616d68387443621510c

SHA1
7a9df9c25d49690b6a3c451607d311a866b131f4

SHA256
40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d

SHA512
44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4

Download Submit
C:\Users\Admin\AppData\Roaming\Orcus\lib_cbe8414cb2bd43639b62a9abbebdd3b9\OpusWrapper.dll

Filesize
843KB

MD5
928d7fa264c96ad1140faeaf63dc01ee

SHA1
381cdcf0793886bb22b6f4afa39ce200a24dc0a6

SHA256
829ad0873c7c39899245202b81689c16ff50bf414876b8a99db8ba6c8e379807

SHA512
d347ac3fa6f950b1bf17e2c6bb2036cc4644fbd5702e5a73590d972d44403256f94bf83585745701a468751ed684eda59f9dadaeb5e75a2d60f4c9b1370b1cbd

Download Submit
C:\Users\Admin\AppData\Roaming\Orcus\lib_cbe8414cb2bd43639b62a9abbebdd3b9\ShellLibrary.dll

Filesize
64KB

MD5
5e174dd193799adfeafb9688c62fde07

SHA1
2667bd01dcafc3edc532375daa585c9f1f3a8a0a

SHA256
b77ee79499735288d16d5efd92ba13f87bcc3442e0141985ffc815b2c514630c

SHA512
d692c71bd74a3c743b0d85977796205ea7d0dddc2d1ea8463185b5cdda80e89c16f64fcba1945a64d28bb18f307b74c34ad764b4f232ff81a929deab6cdc8e1d

Download Submit
C:\Users\Admin\Desktop\AddCompress.odp

Filesize
493KB

MD5
6ec4a1fb9c76f6bdd470ae89a8166454

SHA1
7e3d6b2fbbead7c5c77af178d67c4f0fab3dd0bf

SHA256
8933e71d91bd33b368bea7b9a0ed1c718ed84a9db67253ca2a45d8bf6309c40f

SHA512
f1b657ad53957e1237a11fa24a860873a7ea307276772176403b725115d51e741bac1b67beaa1446efd84448ce0d51bbdac3cee6fb5ea01aba0f5e3c41e5f2db

Download Submit
C:\Users\Admin\Desktop\BlockCompare.docx

Filesize
16KB

MD5
c874ef73b68a57cbb42e0270423b5e09

SHA1
8cdf8403ae96fc93da8cd3a0bf1c5a9618fd94a1

SHA256
4b3495daa4fb5a7b2a85b4a8930c9a76c485fa9f9db1bbbfb30a78b34ac9bece

SHA512
ea8b3f1995d849eb4acfa652b693badb828e878b4fd2e24444c4e384d94aaeeff8d15dd5d0b7581fde9b6121693712afbb566c096d2e896ca419549f872cb12c

Download Submit
C:\Users\Admin\Desktop\CompareFormat.bmp

Filesize
568KB

MD5
a0673e710a47fdf6ad3ab4a8fa21c24c

SHA1
9deab341e89626d1094c37e72bddede93e745381

SHA256
39807fe63e2f78cd8ab0682e4fa1a2fcd4a91ba53573ddc09983592f405e7bd7

SHA512
9d4fa4fa782e3243a1761d8d3d471dcc2d89b1e282724c7ca231efa6f9df95d98eae22998528495dcc96f68f5f62e3697096b74b42cbac7d7b8089e301727de3

Download Submit
C:\Users\Admin\Desktop\CompleteConfirm.xlsx

Filesize
9KB

MD5
2034333ac408754f5e0f38286c0d2305

SHA1
e40df35f1d258ad43214ac0ca0377c68bd6611e1

SHA256
b0d0acbae1b3d62eb1ed16ea5fdc79101886ba2c4f2844be0ea745a77b6f7dcf

SHA512
4262ec0f3f68f1e6ee5f7fb2532f4886fbde9ab20d0be84f5ab26ff0ca741b3bbee3ad6a51ee0dfc0fe22088167718556ca6362717ba0a98c4744f3ca96056a2

Download Submit
C:\Users\Admin\Desktop\CompleteTest.docx

Filesize
14KB

MD5
59fd5f238e4874f3af5ca18ca359737d

SHA1
88ffc25dd15984d98ed1e20eb2c71b202d979600

SHA256
f05b6153baabee1ffbfcf9c1f73a08c799064c5006c85da6682aae58aa536fe0

SHA512
9a84f30524ed9f2065fdfe85da5f3d580b853975692ad4270fdc637946fb14565a816d576787db1b3fa0f4cb95afa53daa82c62bec806b5daf614ada7b2c7b1a

Download Submit
C:\Users\Admin\Desktop\ConvertStart.xlsx

Filesize
13KB

MD5
91aa6c6d3f12bd410eafc0856e4a5267

SHA1
02ba17b1dead3a2d2b71bfadbc220319446ba025

SHA256
688b3f3a51bfebc7379763d809097ab61f8d63d4ac7722e50717ff6c900c0e23

SHA512
509de916b8f54eed1e7be7691dbcf05b08b3e4bc67f8af97e0c0948ba19ffb7e30e2b2514399d7f95f52e4e70f4a5701eceb12af3f7fc2aa8cd1aad8a366fcda

Download Submit
C:\Users\Admin\Desktop\ConvertToMerge.asp

Filesize
771KB

MD5
89a355e2fbbbd853282c5bf758eac920

SHA1
cfbd92061ea469595e0f56b69b21426301a38e3a

SHA256
9cbed2bd81df702dcf316ee4c2765c7848b9b3fe5199b711d1f4b0c6bd123b95

SHA512
943be4c1baed4e904b25302522e87b39614dfd3cad088634a5a595a38c7c1f54334e81d063f60cb0d3018e266bbab13a5693534c453ff2aed773f3bf725848b9

Download Submit
C:\Users\Admin\Desktop\DebugUnregister.xlsx

Filesize
12KB

MD5
2d7d61b232ace471fea668025c7340f4

SHA1
9608df618dc6bb93d673cb871e20277ce1f545dc

SHA256
c2635c896ebb895abd141ec354d958fd815aba309a673dfc2f5626e6889c3e57

SHA512
e478f0605530be51e6dd26374763fd6194739cb0f566c203ec5203c4a2c452a75ad52a0451bba064733e4da0294ca56df80b01159c8c3d30fb15b939f6d51d6e

Download Submit
C:\Users\Admin\Desktop\DisconnectPublish.ini

Filesize
973KB

MD5
c4a33471efaf8639a4fc587fe8db025f

SHA1
e802f932ec184a5e1ef5b9c00f1f956479b628ae

SHA256
e789415832c3cc8f49cacb75c8512c758f86f1ab4204ffd69300af056c035e2b

SHA512
a175aa654c23896bf8c91a0aa6d763703a9d4f91a6a3a19a1522931d257564dfff8c901c39ce375700368b166e101be88c82547485a6e4e96d49a3383318da48

Download Submit
C:\Users\Admin\Desktop\EditConvertTo.ini

Filesize
619KB

MD5
abeaf3d782226a1b3ed59c1569a16b32

SHA1
59a9948201847a4531e4be4b4a1983099efa81af

SHA256
4f7950bd5782eb2e013751231af414e79117178a6a4a70115632da012985c157

SHA512
c8a1b862d5f11a2d958d4f1c32e6bb66cede7515df73271fcd21279ae5dfc85d8b4228a1e7e423b9d8482e73e1e6c7749fa357399db8e0f170cbe72cec2f9191

Download Submit
C:\Users\Admin\Desktop\EditStep.MTS

Filesize
670KB

MD5
d5ab2a8cd0ea7af107515b2967da2bcc

SHA1
d72153b12778af168ac07c68a5289cf77c98835a

SHA256
9a3f6f0f487105ce5d99ca06ca4981d46e468bea66c2f9cd4ba3c7af94a7622a

SHA512
c068d33293f8fce2863930d0aaae6f235d5186077947f1738fa16e6a87451eb4626a044329eaebdc657230909c95b0f6a7b20143eaca3bf41010e0b4218185ea

Download Submit
C:\Users\Admin\Desktop\ExpandUpdate.mp4

Filesize
1.3MB

MD5
66442a5a97d7ad67efd626ec8e400157

SHA1
ce2b83bc4354df269e049f716c24d1d23f186b44

SHA256
85067e8b12c40353fcbe0c5bab174a96ad20d32f6929e8d2182b436ac401dd78

SHA512
b834edbd3e6ecabec8aa0c358e0a3180f442184a9e7105e887815864a4d8d8962b65b47f15d924af5bb570993611272660e5e44c6e8eb2ba4160b861e37dc29d

Download Submit
C:\Users\Admin\Desktop\GrantBackup.mp2v

Filesize
518KB

MD5
cee719daed384f6195a57e81ccc4fcb3

SHA1
3e14156253125ebd4fd2df2ab816d60d9c329d04

SHA256
a7b6c0d10aa3cb6ef0341194198670ba001951b1db450416a2230bec273b616f

SHA512
19d91dbad3db1ef28e9cf6012d3c4760abcb956c804a82b6b71674f24fd6ce2ac617e0db444748d02332e92679c1e62ba8a7ff8c07c385941918a74155c5651b

Download Submit
C:\Users\Admin\Desktop\HideFind.mhtml

Filesize
543KB

MD5
45fd5337f3cf1be1631df95378f251c6

SHA1
a8ec34db4d62d8ae298815ceae323e76718c3146

SHA256
a714babaffd7565af89ccd429d04be93fb74185cef0abd25b5c15a4a44fdd222

SHA512
6e44291bf953d850170443deeed9eae4f90ef6047cc6e13ae716b89405f2d4ac9c4cfa38e7bebba5c536784ffe538d3151d6bf43c2096c9e43f544215dc44a13

Download Submit
C:\Users\Admin\Desktop\JoinConvert.tif

Filesize
467KB

MD5
094a8da9f604b31ba85c1d4da82c7978

SHA1
816618acb53ac6f761b8de8eca0296e0864f5ac5

SHA256
d2c13f45fd91ae20866d68d5353ab8f12a5f50d02017c830eec47b6cab9e134a

SHA512
490667a729208e8decd3a11863d21c50d9a01d6ea12c493afaa8ea7db02f54c75c3ad80105095663d921bdd42b36073fa8b90cf7884d110fa4175ba3d31a0d45

Download Submit
C:\Users\Admin\Desktop\MeasureWatch.dib

Filesize
872KB

MD5
b256aa9d5dd5c6f06b213e861c832324

SHA1
cb32ada935f41da64d0b56913602c5ff4f9ab55d

SHA256
f1cfdadb64e2ab872e0fe6dcd5c34a240e003bcb55f51c93a67ee8fb007d4d5c

SHA512
30689c0d96398aed81dc2444541f9f2d568ae04ca35c0ec1a82673a474757e3ab4faca088550038e2ad44ff33fb3e35054ceb9e346474284e96e148bbffd16e2

Download Submit
C:\Users\Admin\Desktop\MountOut.emf

Filesize
821KB

MD5
db02bdde2230fe2faece4404691a40c5

SHA1
5edd1217d4e4f6de8fa20d356b22cfc99d4039a1

SHA256
18df312107a94234d94e2a4a47d203489e2476dcad56802b6e8245d36255387c

SHA512
d2d419edac7b2618a12af361df41579cc523330a1f235c55abebafa910001ada0caea88a95e82bfc0e87b7635270616d404c01e9f5bf870f6405d11ca675d66a

Download Submit
C:\Users\Admin\Desktop\OpenSet.cab

Filesize
922KB

MD5
2c04ef8a6d1f159f6d2fd8400baae518

SHA1
c12b3243f2161cb133b69cd3f06fc40858028bfe

SHA256
e6d983c7a9909a0648b07c846de7f36c718900c9259876a827b2151817243f5e

SHA512
30485ddc6c135dd9ef6762cb6b1a5c7e41161991405b53e80b0e3ea523a7db27f8ad417a9556299b16c367ff2c6bd94943396729d3bc1578f6c132d1a82e79f5

Download Submit
C:\Users\Admin\Desktop\OptimizeSync.3gpp

Filesize
847KB

MD5
a62b90e2bc4cba5c5cf53a5d786cc7de

SHA1
d47a90f2c5632bdaa23f2525c331d169c53cf444

SHA256
50d6c502e041f53830d111e5f793bd1277bd9a626a318e7ae59e64eb5c9e5479

SHA512
dbd9dd954eec1b4078f85d4d6e0ea8f77a1827d46aed0cff8997a388724c3267b809cc887f52f550b681ea304ca87f08278082a1567bc7659da9b598b80d5d96

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\Exceptionless.Signed.dll

Filesize
734KB

MD5
4787a519cfd30d7a7687ee62de7d8a47

SHA1
9f9213692517aaa331ab0622e24b9458f483e95e

SHA256
57b7be985c0b4630b8ca581e978e88671ae5912d06807891edd1d10e552d3765

SHA512
c74f7f4396082ab6f245ac7fcc61161cbc5582464bc78b3cf42deb08f9e44304568f462753b5c25122bcac4f58e766594426f7ff044d14c7b17f24825d3109d0

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\MahApps.Metro.IconPacks.Material.dll

Filesize
1.1MB

MD5
d8e627aadfb6dfed292be0672faa9f15

SHA1
2a7f51711bffd75ecb2d7ff2f510c89eecd16366

SHA256
97f4ca8c89ee13b8c249ca6f929d067ba3e87be07b4afa372fdc0a7e9e6e78e1

SHA512
d5139830d367a29e76ca260d9b17955cff80f1779c157551642f7e13d9abd265335ba0bbda433e8898042d482f29d79c48683fede4b8af746b69a7dfcd02098c

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\MahApps.Metro.dll

Filesize
1020KB

MD5
63a79e31b7bc52bb9aec3a747cbb63fe

SHA1
dc62080001c75242dee8686b6d8078efcb37e2a7

SHA256
fb5fae42fcc19f3fe3ed2d9b1fdf0594a4c442148b58ac4d2a9dafdda847e673

SHA512
3af468554238df0807e25446fe028e9de381d3b0086edd8d9ff1aab52bb8986a9dddb5618d2a4f6d1aa6011187bcda4cd1858bf72d4a8bdf253c350bd0292b32

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe

Filesize
3.9MB

MD5
8bcfa3fc8b4dce8524d55aad0763c70a

SHA1
9812cfc3322f0ac7fd731c9af880739f35080953

SHA256
121bcd1c5ba0c44404247ca290c32ff52aa60e2a10a441bf5ebc45d4bd48a4c5

SHA512
b71fb55d538c386bde0e1c6279e8dee67eb6ec8a2b7c484eda111539c640679ff2306e675bf30222dc4ca25d3b7f3104934a1ef8931adae5f826581ba7ee1d99

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\Orcus.Administration.exe.config

Filesize
1KB

MD5
a0521d282f834242fbdeab978202bc82

SHA1
16a9488d62716d714da27f9dabeb3914f5149012

SHA256
43f7d22fb4ca6134e3aa776452941856b8cc1efb0bb8082de0f22447b6daf926

SHA512
849c6dd7d382e8a8957ae332c2e8567827adf610c7c457007047dd50f4bc160dd633d64f562f30653c1e3b803df241e0883b3da81e91ff98de4225ea9fe040c0

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\nUpdate.dll

Filesize
2.6MB

MD5
253ba7f0427e3f8e032b97496a019a24

SHA1
62793783943b04d8836746bb452145722cf63001

SHA256
814eb85113211fa90efe952f35d06e537f01bf38febca48e2c0cef02ebdb1877

SHA512
29f848f4293454a0103197cd3bb59e364df099b7a26f926673b30132ffe3d15b505fbfc3e0391482d9cd9ed53efd0f3193d0cdf83e0fb59ce3e27de878b83585

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\settings (1).json

Filesize
1021B

MD5
76689ccbbd740d6763471df4f9cb918c

SHA1
e7dcc698c8fad9c9b951a2f8b470dbde00258b22

SHA256
3b17cc24b4092dfa1520341d96ea63d0565830fa7c5cf0c0b51ccdcfeb056231

SHA512
652baf43fa221a7ad176f03b0d5ae663513130148352ad5fc0e24208b926702f2d130c47c7232df969283ec0635272048ce63658b05b2e6d871483ac5ab3e779

Download Submit
C:\Users\Admin\Desktop\Orcus RAT\Release\settings.json

Filesize
922B

MD5
d34226424eb721a6c34047d1416ac2c5

SHA1
cd0ae9a52377420458d3f7e35e450c6385fb2e1c

SHA256
e3711950adf568a762e13c79529bec2b4f5eeb23e78cc5b560ca2f6047e95707

SHA512
4d8135d2fed1f8f03cbbf90dec5a2740463c622797beff9eb2afb069cde58b7121a0360aa42f09f2e5e0a12bfa05ded51ce0626b74829dabca5494272d84890f

Download Submit
C:\Users\Admin\Desktop\PublishCompress.mpeg2

Filesize
442KB

MD5
4dbd72fa74ad274381a20f8f39d6b72d

SHA1
2d6f0188f62d4a72f2b79499fb845120e0a3ff5c

SHA256
f33f7ffabfd502aee8312bdae054f46e62274446b9e56d8757f9eaf575e18ed1

SHA512
8d09c8996204c3eca1985d1aa236cbe126f735b5dafc9d04ae13427961853e70f91c8de943859cfb9e4310a1cdffeb27fccccfcfedba9a2883232ae65f55ae4d

Download Submit
C:\Users\Admin\Desktop\ReadCompress.mpeg

Filesize
745KB

MD5
150d4135ee8e63af1be1f9d64b51db9a

SHA1
65b610855a336c47c019bb33ca845dd8ab16173b

SHA256
3152c78e973231fe6b85103966935e14db03b7c94f06a2778fd780904babde38

SHA512
20d8f6b06334b84eb793afd291876cd4c2a11e5f5bd77da64c25827c40870c14dad6b65b0b776c04be92b299dd9bc270343dafb5ec278c7f82400274cfa890dc

Download Submit
C:\Users\Admin\Desktop\ResizeWait.ttf

Filesize
417KB

MD5
e9d6b448d9b2c01f49f98a4e723e4148

SHA1
b7649b172cc6e6df63eb74f5e25f13ea7792c05a

SHA256
8c56a2373de4b05ab032cc463b36602423fe4472a192219cd1d98fbe52caf991

SHA512
ce8f504c2dbde497e59ad305991ebfd973848a08e0e0f9c1e6dc18ccfe422fc5cdc94a9c04abb99b9ffc8c89fe7b2d70dfadd9d5dacbafeba61281a8c5621d54

Download Submit
C:\Users\Admin\Desktop\ResolveResume.ppsm

Filesize
644KB

MD5
ff52f28ae05fafe4f7091894b408111a

SHA1
77793d83459121951f7db4af0051b4bf3f4268e5

SHA256
08164bcc7791c602b5ba6b333ed378f86ae8713f85f0f6fff5f8dc9a70461ea0

SHA512
598b022806683320aba8c5beebd56f18ce93873c1ed059bfc4cca5e85efea9b248ab7734b8e54add67f5b37089c8740bcf6c9249af76e4b9b2ee0167859c9fb1

Download Submit
C:\Users\Admin\Desktop\RestoreEdit.xlsb

Filesize
341KB

MD5
715cc70b5c77eb0e68ec4726e12cd3e5

SHA1
08a7488d295289a207558d71fe6ca4750b181799

SHA256
28206a4a193c1f7f4e9c34f18d91441c5a89022f34f9d2c6829bb2a97e880c9c

SHA512
3a888aab3519ca60c151caae6064672899bee612d0a040c3833b4523b3809d497b17306d6a08bed0dbcd65bfca5a9c47cd45984fa8a456f1cec5858f46aa6648

Download Submit
C:\Users\Admin\Desktop\RestoreExit.mp4

Filesize
720KB

MD5
e8a9523db7c550395c85d14dc0722d8f

SHA1
77a044eea5483adffb2287d9111db72bf7d98eed

SHA256
f47d5717b9b6befaeece15284d0ffab55d0491ce61fd040e4badcb650b363904

SHA512
26af05f5a2c986e50c5c6931f11366b3f81e54e160eeea4333bcf4b8548abfdd73935f4f3a0bd2b631e2e24abe03eec7033720b7613ea62aa5248c8ef18ca644

Download Submit
C:\Users\Admin\Desktop\ResumeSet.vst

Filesize
594KB

MD5
12a1c514f570eb03f9b41385ddb63365

SHA1
0cd474d0b85adff5bcbf9f3a6fe7e51c04ea94bb

SHA256
9e6bc6c3b43dfa9e49b5bb2b3808738c075a27b107dcf068d4e86a1d3bf8dc9d

SHA512
89ba3df4546640401469781b15bca9a201a1edafb48b8d464ddb361e2d8895ecddf5b6d68b46e23eba42549d0b62502a610195eaff5241c94c935e3955d236d2

Download Submit
C:\Users\Admin\Desktop\StepSet.xlsx

Filesize
10KB

MD5
1c85d6bd4932da87c731fae553e9a0d0

SHA1
3bcf833aef49d4ef603550ae8cd63006102f126c

SHA256
7c13f18a0daf21bcaea986bc76e4d3edaf50fb252f36d1a9699e58cbaf0207de

SHA512
a0d6ab5474de41e82adc3fa8b6d3ad48085e7e71d50862480a2529a2dd6ae3dd893671d5ad4c2909eee92775e3fb57a26daf94d9337845560e1b6089b84513ab

Download Submit
C:\Users\Admin\Desktop\SwitchGet.vsdm

Filesize
948KB

MD5
91ff40ade242666270b786e73c773176

SHA1
9fe43f334288a0bdc7bd0f950446c25933a965fd

SHA256
48024501509ffaaf0b07b33189fd8f5023acc7ba03488db358a85aaf216a8b1a

SHA512
3705df91761d340671fc529c99aee42b5efad428dd63835ce4481888ea148631a8172f144b684f25619fc9ebe04f4e085e7232c329774277e5c2ba22785ed5eb

Download Submit
C:\Users\Admin\Desktop\SyncRequest.tiff

Filesize
796KB

MD5
27a9b14b699536975025a3a05c885867

SHA1
a1fa4cd6aaee6d3a18d9fb3aaeb987ce523534b0

SHA256
38cdee5adfd6b40ff92fa0e0e9c652dca727f188e72614141293aea241b82739

SHA512
5d47320f3a4643213ca16e49dbbdef7e9e99fc4cb6e5b5f94f9dfc9a289bf7d728038d25a0c12664bfedf2e2daff4b223152cff2f190ae51c5942daf55b836a7

Download Submit
C:\Users\Admin\Desktop\TestReceive.otf

Filesize
366KB

MD5
f0124daa191fd26f58c8c18a0ffc36a0

SHA1
eb4197d92256177baf7a7f5d274c8d46544cf968

SHA256
c6f39e3fa09b08c1b9d92aead68e8305316e63fe03eba3c07a9d0bc7f9739afe

SHA512
263c6bd0a7b262cc9ce7474fc665eb7f10426a0ae0e1004417bbefeae12caff780c20686dd4c47aeb947bb1b492fd3f779c628035ef4a8fe3cf25ea54a2e5f43

Download Submit
C:\Users\Admin\Desktop\UninstallGet.xltx

Filesize
695KB

MD5
e283442d9aa86afeaebb7728e3fa8d26

SHA1
90958779e73c24651e6c26cc15daed3867d28741

SHA256
fb962eff7e6e37be681a3787dd722d14de743beb148d37dd44521485c21dbe81

SHA512
8551c6352d2243021ccd056547cea62b9a12c5c85b2874933eedfdff20e6c4f98ef6e2db78e2599e0fe436ed2920bc5fe056d884e618d48f1c3dc1471184a397

Download Submit
C:\Users\Admin\Desktop\UnpublishSelect.asp

Filesize
897KB

MD5
fffa6bb29046a6cdcd8db65f33a6ff5e

SHA1
d53bd3fddd64247902e2e695385bc20b6ce17403

SHA256
7a8e05fcf727b030426d42058d85975e61a1c2348bf9d42469e02470e90ca3b1

SHA512
f36c3f9d7d1a2b8b59b3618e78c5aa74936967b62787499fb0579f436f3722a8836e29f4eb575ad8a3d439c53cb36979f1038c12acbddc3744de46bc54c53283

Download Submit
C:\Users\Admin\Desktop\UpdateProtect.docx

Filesize
18KB

MD5
a06f4ff257dff11645c1db6c7bec2320

SHA1
6429fea5259e9d5ea399f5ea808027adcff601ff

SHA256
26d29deb9ffb2fff890b12518fcd94c00942d3e2beb12c04b85a574cbcd64ff2

SHA512
a8397a6d46b3c853e27e3402473f98dc7f87574e988579b52271309faafee810b164e5ae969a78d47977370e0bcefeb76f54be1191ac0f001fb973a64537770b

Download Submit
C:\Users\Admin\Desktop\WatchRestart.M2V

Filesize
391KB

MD5
256ab52f65983b49529483e1b0e85a5f

SHA1
4eeb5343b1af42f8c52f00fbb493398385267d8b

SHA256
0c8f9f1c6f1e293344c5eef9f3ac2daf9c2fae70ce25a2f26679bb9db94af9c9

SHA512
c10272681548a98b4963cf19b990151468aa1180a046b3235b5a255ab4042cac4fad5f2a349ee145da3fd76273ff9dacb4349da0b905b5eea8c33e8a3607bbfe

Download Submit
C:\Users\Admin\Desktop\certificate.pfx

Filesize
1KB

MD5
6b8a9f13da8abd2c65ddab9f464dda80

SHA1
9129eebf3b4691083f9c21dd2ae0e05c2c3acc54

SHA256
ef1182c7c85632413a7fcc2b457e560c9259c93aaf5a4b691b74fbd75ee72179

SHA512
6cee63c6f11feb5ed07e97177c3b5a6a10e2b238dd884146ebee1ecc35012089116d2ce52bfcf0ee22eeda077c31911503b93491bc7c07261438523fb32893ad

Download Submit
C:\Users\Admin\Downloads\Orcus-RAT-Compiled-main.zip.crdownload

Filesize
19.0MB

MD5
3359062e6894945bc691a1896afc1e2e

SHA1
8b6665a27bb80b7681fa18a32c832d47d551da69

SHA256
312b83aa829b09b90a59e4550cc696e7f2200ab4eb0b6a185b1577ccb0c5f6d6

SHA512
b591f316e85741a2b5838f52e469b054b6f1b1f884bf27b3072ce829f744a462c9345bb0b2d93813bd31ff5ee1cc638e8df00bc79151d7b4cb64112a5c6c793d

Download Submit
C:\Users\Admin\Downloads\Orcus-RAT-Compiled-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
03287b92056d1f9e8207933f2ca35812

SHA1
7cd74b27e0e43d0df5583043ac7d70d0f1fc155e

SHA256
453180258ddcaf11ac035e49a41d8f8ca1371a3f227fbeb7fd5e42ec79d86905

SHA512
da6f66c5566c30140decd9adc654597c4c14b576b39eb807e5a8d633fd5874ad18bd25b4bd5d1ac67f3c1d5dc242e84ef47f7be4ebaafaacc1fb243679f00769

Download Submit
C:\Windows\SysWOW64\WindowsInput.exe

Filesize
21KB

MD5
f6285edd247fa58161be33f8cf662d31

SHA1
e2b49bca43cd0bd6cc1eee582ba58f0ed6de1470

SHA256
bc16993d1a774793044ca37eb2ce84ecbdb5c578e3c710ed82879e07dcef2fec

SHA512
6f3e6073a1dafc679da1caa4a4c9cb7cc2da79c3f81034d7b7b7b1d855fd5421cbb517a7d3f9520f49d4d3b7f9577f4f8f92486994c8b78fabff5033b390a788

Download Submit
memory/1408-1499-0x0000000006AD0000-0x0000000006AE8000-memory.dmp

Filesize
96KB

Download
memory/1408-1515-0x0000000008450000-0x000000000848C000-memory.dmp

Filesize
240KB

Download
memory/1408-1514-0x00000000083F0000-0x0000000008402000-memory.dmp

Filesize
72KB

Download
memory/1408-1501-0x0000000006E50000-0x0000000006E60000-memory.dmp

Filesize
64KB

Download
memory/1408-1516-0x0000000008630000-0x000000000873A000-memory.dmp

Filesize
1.0MB

Download
memory/1408-1500-0x0000000006C90000-0x0000000006CA8000-memory.dmp

Filesize
96KB

Download
memory/1408-1498-0x0000000006490000-0x00000000064DE000-memory.dmp

Filesize
312KB

Download
memory/2448-1456-0x0000000005970000-0x000000000597E000-memory.dmp

Filesize
56KB

Download
memory/2448-1458-0x0000000006300000-0x0000000006322000-memory.dmp

Filesize
136KB

Download
memory/2448-1457-0x0000000005E10000-0x0000000005E22000-memory.dmp

Filesize
72KB

Download
memory/2448-1455-0x0000000000E10000-0x000000000110E000-memory.dmp

Filesize
3.0MB

Download
memory/3088-3656-0x0000000007040000-0x0000000007074000-memory.dmp

Filesize
208KB

Download
memory/3088-3576-0x00000000083E0000-0x0000000008430000-memory.dmp

Filesize
320KB

Download
memory/3088-3593-0x0000000009050000-0x00000000090FA000-memory.dmp

Filesize
680KB

Download
memory/3088-3646-0x0000000006FC0000-0x0000000006FFE000-memory.dmp

Filesize
248KB

Download
memory/3088-3651-0x0000000005CF0000-0x0000000005D06000-memory.dmp

Filesize
88KB

Download
memory/3088-3354-0x00000000017F0000-0x00000000017FC000-memory.dmp

Filesize
48KB

Download
memory/3088-3353-0x00000000017E0000-0x00000000017F6000-memory.dmp

Filesize
88KB

Download
memory/3088-3677-0x00000000091E0000-0x0000000009368000-memory.dmp

Filesize
1.5MB

Download
memory/3264-1221-0x0000000005B10000-0x0000000005BA8000-memory.dmp

Filesize
608KB

Download
memory/3264-1267-0x00000000094B0000-0x00000000094BC000-memory.dmp

Filesize
48KB

Download
memory/3264-1230-0x0000000006C10000-0x0000000006C6C000-memory.dmp

Filesize
368KB

Download
memory/3264-1226-0x0000000006C90000-0x0000000006D22000-memory.dmp

Filesize
584KB

Download
memory/3264-1232-0x00000000078E0000-0x0000000007910000-memory.dmp

Filesize
192KB

Download
memory/3264-1529-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1573-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1224-0x0000000006D30000-0x0000000007348000-memory.dmp

Filesize
6.1MB

Download
memory/3264-1233-0x0000000007940000-0x000000000798C000-memory.dmp

Filesize
304KB

Download
memory/3264-1234-0x0000000007D10000-0x0000000007D4C000-memory.dmp

Filesize
240KB

Download
memory/3264-3451-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1235-0x00000000079D0000-0x00000000079F1000-memory.dmp

Filesize
132KB

Download
memory/3264-1223-0x0000000005D30000-0x0000000005FC6000-memory.dmp

Filesize
2.6MB

Download
memory/3264-1231-0x0000000007A40000-0x0000000007C02000-memory.dmp

Filesize
1.8MB

Download
memory/3264-1220-0x00000000059D0000-0x0000000005A0C000-memory.dmp

Filesize
240KB

Download
memory/3264-1215-0x00000000009D0000-0x0000000000CA4000-memory.dmp

Filesize
2.8MB

Download
memory/3264-1264-0x00000000080A0000-0x00000000080AA000-memory.dmp

Filesize
40KB

Download
memory/3264-3429-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1265-0x0000000009490000-0x00000000094AE000-memory.dmp

Filesize
120KB

Download
memory/3264-1266-0x00000000094C0000-0x000000000953C000-memory.dmp

Filesize
496KB

Download
memory/3264-1300-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-3397-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1268-0x0000000009570000-0x000000000957A000-memory.dmp

Filesize
40KB

Download
memory/3264-1602-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1612-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3264-1294-0x0000000060900000-0x0000000060992000-memory.dmp

Filesize
584KB

Download
memory/3360-1470-0x00000000030E0000-0x00000000030F2000-memory.dmp

Filesize
72KB

Download
memory/3360-1469-0x0000000000EB0000-0x0000000000EBC000-memory.dmp

Filesize
48KB

Download
memory/3360-1471-0x0000000003140000-0x000000000317C000-memory.dmp

Filesize
240KB

Download
memory/3620-1475-0x000000001A8D0000-0x000000001A9DA000-memory.dmp

Filesize
1.0MB

Download
memory/4252-1512-0x0000000000640000-0x0000000000648000-memory.dmp

Filesize
32KB

Download
memory/4712-10203-0x0000000005CA0000-0x0000000005CA8000-memory.dmp

Filesize
32KB

Download
memory/5076-1580-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1576-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1586-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1581-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1582-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1583-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1584-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1585-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1574-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5076-1575-0x0000022127880000-0x0000022127881000-memory.dmp

Filesize
4KB

Download
memory/5768-1283-0x0000000007540000-0x0000000007550000-memory.dmp

Filesize
64KB

Download
memory/5768-886-0x0000000006770000-0x000000000689C000-memory.dmp

Filesize
1.2MB

Download
memory/5768-1527-0x000000000CC60000-0x000000000CD3A000-memory.dmp

Filesize
872KB

Download
memory/5768-902-0x00000000071E0000-0x0000000007246000-memory.dmp

Filesize
408KB

Download
memory/5768-872-0x0000000000DB0000-0x00000000011A6000-memory.dmp

Filesize
4.0MB

Download
memory/5768-1526-0x000000000C9C0000-0x000000000C9F2000-memory.dmp

Filesize
200KB

Download
memory/5768-3350-0x000000000D830000-0x000000000D8CC000-memory.dmp

Filesize
624KB

Download
memory/5768-3351-0x0000000005E70000-0x0000000005E78000-memory.dmp

Filesize
32KB

Download
memory/5768-1204-0x00000000132B0000-0x000000001468C000-memory.dmp

Filesize
19.9MB

Download
memory/5768-1301-0x0000000001A30000-0x0000000001A4A000-memory.dmp

Filesize
104KB

Download
memory/5768-1196-0x000000000EDF0000-0x000000000F31C000-memory.dmp

Filesize
5.2MB

Download
memory/5768-913-0x000000000C9B0000-0x000000000C9BC000-memory.dmp

Filesize
48KB

Download
memory/5768-909-0x000000000B760000-0x000000000B772000-memory.dmp

Filesize
72KB

Download
memory/5768-908-0x000000000B1D0000-0x000000000B1DE000-memory.dmp

Filesize
56KB

Download
memory/5768-907-0x000000000B410000-0x000000000B448000-memory.dmp

Filesize
224KB

Download
memory/5768-906-0x000000000ACA0000-0x000000000ACA8000-memory.dmp

Filesize
32KB

Download
memory/5768-1431-0x0000000001C40000-0x0000000001C60000-memory.dmp

Filesize
128KB

Download
memory/5768-905-0x0000000008390000-0x0000000008398000-memory.dmp

Filesize
32KB

Download
memory/5768-904-0x00000000076E0000-0x00000000076F8000-memory.dmp

Filesize
96KB

Download
memory/5768-1799-0x0000000005E40000-0x0000000005E66000-memory.dmp

Filesize
152KB

Download
memory/5768-1444-0x0000000005C00000-0x0000000005C1A000-memory.dmp

Filesize
104KB

Download
memory/5768-903-0x00000000078E0000-0x0000000007E86000-memory.dmp

Filesize
5.6MB

Download
memory/5768-1433-0x0000000005F40000-0x0000000005F88000-memory.dmp

Filesize
288KB

Download
memory/5768-1798-0x0000000005690000-0x0000000005698000-memory.dmp

Filesize
32KB

Download
memory/5768-876-0x0000000005C30000-0x0000000005CEE000-memory.dmp

Filesize
760KB

Download
memory/5768-901-0x0000000006D50000-0x0000000006D60000-memory.dmp

Filesize
64KB

Download
memory/5768-900-0x0000000007250000-0x000000000732C000-memory.dmp

Filesize
880KB

Download
memory/5768-1528-0x000000000CD40000-0x000000000CDC6000-memory.dmp

Filesize
536KB

Download
memory/5768-888-0x00000000068A0000-0x00000000069C6000-memory.dmp

Filesize
1.1MB

Download
memory/5768-880-0x0000000006290000-0x0000000006526000-memory.dmp

Filesize
2.6MB

Download
memory/5768-891-0x00000000066C0000-0x00000000066F2000-memory.dmp

Filesize
200KB

Download
memory/5768-899-0x0000000006E10000-0x0000000007167000-memory.dmp

Filesize
3.3MB

Download
memory/5768-898-0x0000000006CB0000-0x0000000006CD2000-memory.dmp

Filesize
136KB

Download
memory/5768-897-0x0000000006D60000-0x0000000006E10000-memory.dmp

Filesize
704KB

Download
memory/5768-895-0x0000000006A30000-0x0000000006A3E000-memory.dmp

Filesize
56KB

Download
memory/5768-896-0x0000000006C50000-0x0000000006CAC000-memory.dmp

Filesize
368KB

Download
memory/5768-894-0x0000000006A10000-0x0000000006A22000-memory.dmp

Filesize
72KB

Download
memory/5768-890-0x0000000006660000-0x000000000667C000-memory.dmp

Filesize
112KB

Download
memory/5768-892-0x0000000006A60000-0x0000000006AE6000-memory.dmp

Filesize
536KB

Download
memory/5768-893-0x0000000006280000-0x0000000006290000-memory.dmp

Filesize
64KB

Download
memory/5768-889-0x0000000006640000-0x0000000006654000-memory.dmp

Filesize
80KB

Download
memory/5768-887-0x0000000006230000-0x0000000006252000-memory.dmp

Filesize
136KB

Download
memory/5768-884-0x0000000006530000-0x0000000006636000-memory.dmp

Filesize
1.0MB

Download
memory/11276-3852-0x0000000006440000-0x000000000644C000-memory.dmp

Filesize
48KB

Download
memory/11276-3681-0x0000000004F80000-0x0000000004F92000-memory.dmp

Filesize
72KB

Download
memory/16576-10191-0x0000021994C40000-0x0000021994C6C000-memory.dmp

Filesize
176KB

Download
memory/16576-10192-0x0000021995190000-0x000002199519A000-memory.dmp

Filesize
40KB

Download
memory/16576-10193-0x00000219951C0000-0x00000219951C8000-memory.dmp

Filesize
32KB

Download
memory/16576-10195-0x00000219B0800000-0x00000219B08A8000-memory.dmp

Filesize
672KB

Download
memory/16576-10196-0x00000219AEF60000-0x00000219AEF82000-memory.dmp

Filesize
136KB

Download
memory/16576-10197-0x00000219AEF40000-0x00000219AEF54000-memory.dmp

Filesize
80KB

Download
memory/17832-3579-0x000000000E6F0000-0x000000000E78E000-memory.dmp

Filesize
632KB

Download
memory/17832-3566-0x00000000017D0000-0x00000000017F8000-memory.dmp

Filesize
160KB

Download