03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

Resubmissions

14-01-2025 09:10

250114-k48eaatncw 8

14-01-2025 08:58

250114-kxfqpavrdj 10

Analysis

max time kernel
226s
max time network
227s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-01-2025 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

libcrypto-3-x64.dll
Size

4.5MB
MD5

a9c1f7ca15c65c139bc9d4bf57df2e1e
SHA1

1b1377139a6b289d43a6b1161cd1089ffc817cf9
SHA256

03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116
SHA512

97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073
SSDEEP

98304:Ml+f+K26t8Te5zUeP4xA1CPwDvt3uFGCCQ:4Ctt8Te5zUewxA1CPwDvt3uFGCC

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2340	Memz Clean.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
8	raw.githubusercontent.com
39	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 996827.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
576	msedge.exe
576	msedge.exe
4868	msedge.exe
4868	msedge.exe
2940	msedge.exe
2940	msedge.exe
872	identity_helper.exe
872	identity_helper.exe
3292	msedge.exe
3292	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4764	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4764	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe
576	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4740	MiniSearchHost.exe
2340	Memz Clean.exe
2340	Memz Clean.exe
2340	Memz Clean.exe
2340	Memz Clean.exe
2340	Memz Clean.exe
2340	Memz Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 3572	576	msedge.exe	83
PID 576 wrote to memory of 3572	576	msedge.exe	83
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4628	576	msedge.exe	84
PID 576 wrote to memory of 4868	576	msedge.exe	85
PID 576 wrote to memory of 4868	576	msedge.exe	85
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86
PID 576 wrote to memory of 3796	576	msedge.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcrypto-3-x64.dll,#1
1⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    PID:2580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x130,0x134,0x138,0x100,0x13c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:2472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:1772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:2352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x108,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:5644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:1532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:5640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:1112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:1724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:2720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd96783cb8,0x7ffd96783cc8,0x7ffd96783cd8
      4⤵
      PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3449633776176232862,8771888253732822200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:6084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15f7b9b7-af30-4984-aa87-0e047ce47cd9.tmp

Filesize
6KB

MD5
65b8eba2c84857e9d66f2ce9c1e75145

SHA1
5f7e35b6dd9e7d40da719c7e823aacc438237859

SHA256
c6e15d6674185b12c39aee9b9ba4d92f32be56eccaad181edd39f9d5c7f718da

SHA512
fea60e0dc221a6bb514311f5e7faa2d57a5b60a512aed1188d50beb7ed8f1a49da43d6c410082a9c728f8159cabf60e4466c276e2724815c12c3f5395229e665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9274c97ec4cba2e0_0

Filesize
417KB

MD5
04c1215def887af498699196b6b5bf3f

SHA1
f404f70d526706f774d8af3684d7beccb8895df8

SHA256
57ee1eccca62fa0079f2c8b226c288b0720907dd75a42e825258e6a25798eb7e

SHA512
1e56573aada7e0c790ccb4b5a7d1797e72d5925f5d8fd55efad3103d1e16b4ee1c7222053b21e0cdf1710fa82349cfaae6167add7d9e31b15d9fd629464978be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb0840898e90dec0_0

Filesize
19KB

MD5
ae5b9e9171ef5a6f3a484da71000f7cf

SHA1
4319f62707d2095ffbd9201b716b122b49510a5b

SHA256
5f407f730354b35539d297c1f2db6c58aa14757b6660835e5a14c50dd6239dc2

SHA512
d198d3f93ccf547fe74a9fd3a4a62abbcbdc0369e85767fd217ca0b41c33e463ef016305da7566ad2e702229724c85a3ab5590327074fceaba70dd81d4d98951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
5a30de14839484d68704579f1c5ea14a

SHA1
d3982f6b7e87535bde4435ac241f59e2084b4e23

SHA256
fcdbc3b612adb1bd12432fe70c24de9935f9d6da9aaaf4b6c7f937b0012babed

SHA512
8de2912778751146101f0daca96b51eeb3b907018212472973cdcb9cedc0981dd03454db65b94bef9917f6b6d376a5fd5b04cd496ebf03f167daecc36b622adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5e5d3e8a0e56bef5141b4f74b5b63636

SHA1
b1fdf793bfbc29d304872a3f56507352624180df

SHA256
36dac9f456a68aac53d0af394437e838d4f60a172daf053b7a0926a12fc2104a

SHA512
183b0f9861b09e3cd588faf416343dc61ecc80d11c93cd09223759aad649e3a6861ae1f2d8779fe1ebd9fe5b1c43cdc5c192a3c66360ce292de235667701e347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2cff597e3e0aec007c16bd0e54ef61d3

SHA1
f84ee252579f558c3aa4efe405495fbca1e9087f

SHA256
76dfed61b1c28ac3a0fa7c5895be1eb5cd0175de3fe9181616337e9d545d3f37

SHA512
ed027630293d2fb535f7f426bec6e756a8a321e78e6270b5455669451214d2c64b48108cb56bdcfe6d9b1759daae99da44f961304725eae5831317b282ed922a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b9786cb5edd23bb48cf922c721a99d1e

SHA1
9f4cdaee722740f02cda13b97005d63957fed743

SHA256
d069954c757f4ace4cf705fef7b91418b85044a6e73186e558b83d4a2bbe3a3e

SHA512
8a8280b1fedb1d3dd50ca410963d861ba4336b08b3d64e1e53e4363e98f957e8ace34d46d8b3688f4ae0af4f38b5b7408bde0f1653e330d939164808efd5e2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1da3a0c396f36c039b4680b105dd2592

SHA1
5bd5d691e2b96432fcd3a44d6fc45ca4fcca7d87

SHA256
4dab3b99f4cb354ad37e538a17d55a46305050040585bdde7dce9c80beb45d54

SHA512
0825d88dcf6ccfc010e53039f46268fffe9bc4d5969737370a6d3e049f3c37a1350c65d3ea8c1f160963f9f45bfd6757f4abee77f6a1fe1dfb4620352c4743fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
28748b7b56a981efee7cd217d631c682

SHA1
e2aeb1c0133ef86f2e2aa88b0de7c13e03f06132

SHA256
aa7aad5681bb9f9f27097fb47324226d17a97b555f5a72a5e54572135547f596

SHA512
b497209ac220b0fac744c7347a422df8d7c54fe6394450c94b62111ea581e5cd611dcefabb21a52e4b44f8fd3024f24037d939162bfb5d068f4c672765a332b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
77aa4ab2c390b36c9c5a844b8f5a6e89

SHA1
e0ab309e8c46b22667f39600083b208755b5fc81

SHA256
167b4a06a0681c74c572059c3e69f009b97e06cb6f6fdcda33c45e8c5341e131

SHA512
3e304f190f77400c3830cdfecc5a803d6d7acd90bd4ecde13f46a67b927551af31ef017cc7d42998b97ed50e059a3fe95b0e486b71c3bde00224fab11e228942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ae3ceaff9ffcfb0c82ee93b7f319934d

SHA1
8ff70508e6cb261ed83ad5da74f1c244b2bf8f8a

SHA256
591f7f4785d6276cf6bbb99032697ae6fb0e503a1c1477950420cc57db1d3ca7

SHA512
97b321881e0651b253e2a1cad655ad1a2e44489fc5539051e0deb48cb350c93ed4dfeac8f16b479bb01b08035cc42b8fa1e84090ea8e3ccd1887204dc15da7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
57faa02ff5fc793f885debb06ab8045b

SHA1
fac945529ed9e44a76a511f9ebe37ac9dff9da01

SHA256
520de1249cd4c46758d8641ab93e829c1a189546a4cfc33d4f55167b9b281c28

SHA512
aee517bdca8e75c9b4775ce7e85181e0c7028860df8eed708261488477045029222e55b59f1a841ffc845534d8010b491f2f3b1703f8601507ddca5d0aa9c282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7be3ce1bf08b3a5324691008251423c9

SHA1
b585342b6a0f136b0b4b41b51736e49e63891f8e

SHA256
7a79373796d15a980a627e1d269994b30213870a854e5f06cb7693dc264ba204

SHA512
b5830470130467ff141f8a5a8fec020f7bb9a0e260eac440fdfc62e50f726d10a131d220796672a9ce8d0e2272aada0b935a5d3d93e6a89df4c5f9c0abef83f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d68a822c7af5c3ae03e16cc2dd3c5932

SHA1
e3a6359866a4963ce6e496eb39a2ea0800d0f2c3

SHA256
ecb4bc7ee32615ac7f247b6306a9926470ba9bc660fb7a772308b2493d2d7174

SHA512
300138c5a2e2925a952686767c6cf685691d07475a26fc0fbccf25d7db439c9b244378a4498317c1994e9a15c28b4debed2ca85659aac285b7962509bfaa9440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3cd9276b05e77f1e2039bb6208f16019

SHA1
57bd04d90b6c1943bdfc4af9d066df9d76e1d46b

SHA256
284400e2e6080791783f8cac8738c3fd261275079ad41b223cc27956d1d2662c

SHA512
5f683cc9ad16f3a956f209e26029c670f859ec96975fd5405211577e35d8ca28634f74ead20204fcef53d9209c202dbda045c7c1d9def5f4033af0b235ce0666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
59205a1509aebb5d4242587db81ad534

SHA1
f491ba40e42fe673a5e65b586d9d71a80009a620

SHA256
443960516af16c978f012f407cf23618c34888ac23164b0f39e6f2daca35f612

SHA512
2e5fb2bd9e75441caae5aff8584b7b3fc1ae2f092bcd15ae098d0106fa7b4c853831227b03470f5f6db2ad3360a38d0eaadd0a10ac5825862850de9eefcb6d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1db80ff96efb8e816dc938a6069e8bd5

SHA1
e31369c93c8c5ded8e95265eb4371e26c658b4c4

SHA256
0fb0cad1eff3bb7d0027084857471650da19a9a7e56e84182d9a24134294093c

SHA512
b2f9743ddf3707d828ff7220b908b0e12acdea8fd4c7bbe389fd11be664756634d021af3070d4bd1d8fe130ea84b80f774f7e6798556a1640f468f364466d546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2a5650ea2ff1fd32807977d382bb101

SHA1
a76e98c6ac2c7a76728879707dab5ddc108ab716

SHA256
847ebc19bcb3ddbdac5d8bc98adf3cd40c06307c2e5bdff02629d44fa06d7045

SHA512
fdc39fe75ab150308fa114fece624f08844f2c3254ad9ceb24054cfd2835fc440d90ed7e7ce4ceac802c1a6361f2386320edc0236e6798039015c8d584a940aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4034378fa6af3431f927ea658db1b40

SHA1
cfeed495737c62a57639d1088a76ed4b277ea81d

SHA256
6d45b569ec37269b5b8d6ca258c168e857efe085a0f9725b43794e58efa8cd60

SHA512
9b2418bac7180c5f9a51bd4a07e0f456a8cc04fa0758ddfdc5c34594f5f4389dade01ac76b5d6eb7fc696648d7a9b36a92a839ce651eeb8cf4a756cdbd7cf82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07e5fda47356efce19554153f41f3cee

SHA1
ea028251ec014ab462e1c85309e68897e506a84b

SHA256
08ec1c1c21a029451629ab05814975263e91376a8cc1d50da0240c25518fa935

SHA512
80bbae17ce28c14ca93466f323ade09d3b9111c5bd428964b658d6516e676674de1d34f7eee4a901f3ff24a38db88d2a9cf15507713df48764e7b8c682dd2f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0825fb22c39a1d43ee30f211cbe90b26

SHA1
3c0e12a54ec293ad2353887dd455742e26ebdf67

SHA256
a1c3d0ec0062526bf690a774425de13f86b83efae1683c277abb17d6e8f9947f

SHA512
2fb85ac0caa8bc95971a03521ecbf41f583c9b40df2c29cbd0d4059eda375f1eff7d42fefa2d958b5323ccbac4c67e5b18e63fd13b5490c839e18ebf9dbb8704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7be66e11ea34ce4f8bdae6436460ee04

SHA1
2ffc49597df6729d4cb6f8cf04cc5e6e6748ac80

SHA256
c32158b1b45ebc70e8c514f52ff265928425e990d4ead321cabdd7aa622538c5

SHA512
8ba39a7b8a153a068d314e323cfdb521aadbba7a8087e6731ae1371dc72c29f26d2b5d60b305c4dc6d7413e516bfa1f4e8b5e63c4bbb40471060799ffd8cacac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c8c6d0b37e54e18e6bf7c31280cb99f2

SHA1
e84c409124db1b40789d1e165dbf8a404ea80fb2

SHA256
fd25eba2d5c2a5b91ac9c36818eb7aa0c8edffc95f0e6a102b3c497d64eb0411

SHA512
a80696ea871e6c24392ad311558dd37652283282b784c2bbb0b70c4f2b10892d60bba4656eb5bf54a258c1ff48d38bb04ffd2d507ae8347e9b80df8bfe96186a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5c7500b4b43f6805c5350335ece3a1e

SHA1
efbcdd56af8a4321a0f93b7e090d95facf9e01ac

SHA256
4f7397a85141878105d83b820feb947cebef80fbe5cd270a5ded03eedfd1e18a

SHA512
012ae4270064c69623804e38f67c1e341dfdc4077551fe0fcbdf983335c6c4eb0b4894ed891abf3c463e499afe647238d7a0cd634c1b5df98941ae03b12f5600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6c1cacff397658ef22e6fc123e623235

SHA1
27ccbf71e2728832ff29b4bb2335b22107c98564

SHA256
b73675248116b3984b04955e46ad98175cbe0af5137b8e491377f0f347299a31

SHA512
eafbccab6b53652a0634fce30097501122206c4ecfc455f7bd7bb3e143d33cb22a2d9d3f4260f012d734c96d1ff6ba97c278bfd5a0833396de302d4b053048a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9ca48d10ceb3f0d1fe7dcfeec82758e8

SHA1
bb5af2526f23b865f3fb0b6aa37cdc14f263215a

SHA256
84864efd6b5c502ac4f82302d5c89fbe6742d474a3ad81a5bda35719465a0f82

SHA512
85c82b0d1eaa39dce1a2317151f5a7f034307e66f79ef098f9856f0d3a5db0c9db2145d1b97e6777dc49aae2f56182000ae2b0790b32e05615b6cdb71fafa473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ef7d12281c8c0cfdd4ce388e3b4d3ec9

SHA1
f33dda36c75fd64bd135ce73053de63f2a46cef7

SHA256
2a8b436785fdf43912c5fd5c0043cd9bff2b396a849624aa79f648fbf5421e5d

SHA512
fb3fecb6735f0349131ad985ced7495206f8d895b60851d7e9bdb0ed54edbd44ba5756f1c2ad1f0ba400391a31c17e9ed6a569137780231694805c41cac69d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584522.TMP

Filesize
1KB

MD5
6cfbf74d3c6606d9f14e275e188af5d7

SHA1
7f3083fc33184a119f85b798476f01b49d5e41e2

SHA256
b7ff1aa8555c213b2e26153f8398ea7c77ac09282a7c94bfff7936395b84d247

SHA512
274d4e20da34d21d18dce8910fa38e3d65a5532f42ef6178dbf7c5d9b2dc9ce8e412d5f1dcc35d9dde7d8ac6f85ea677a1ebf02a10d821e8268a807d7a713e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b91d1a398c390463fca723a3196b6819

SHA1
ee121bf3f5dc2814445a1e0d43971c95a038288f

SHA256
2a44d143aa5f38e04020598ff93721cd0191ba17f7e5c0bc45aa6354cbc4f6ec

SHA512
b63cd6fecab4468005cbc6ef05086ba0d8376dac073a9693a5efbfd6b4abf4913e8facbf71024b4e731cd358d65c38bcfe9cab0fd75b935ca6aa7ea9ca2b7ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0b32a5ca91d19a24e93f958e5d88b49

SHA1
54d3ae9e1735e558f882f7b6f42f83513cd7a4ea

SHA256
145dee7d7932f2f74163c21e448fb68273e3dd9ac1ec354d69de8c0eed090abd

SHA512
13efe0531cb1e98ca5d69a1111b916946592deccded787ab43b3d0f4c7a55e5362619a310451e7058363ee1474becfa501d794967567090301dc53b7433c32f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
914b4ba5a3f813872393e4fd45149cce

SHA1
2691fd27bc995fb4f16f12baa729c31026758336

SHA256
cd69712c6705159b053f162c6a64a4e5b58a5ece3dacae15e120b9e10c5cb5f5

SHA512
72c7f12e4bf4a9c7741b304f74d2cd411cc9be12bf22ca5c1c52c67489f77b96ef3eef94d68c7ec73bcd9ca6d9394829a8f57c7a83ff7df1cbfea935c23583f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d8681d0e41f7ddf758f53abf5c1e27d

SHA1
5526bf8eea10fe2917e354ecc80f55162c2aece1

SHA256
e6656bf4af2c831a7afdcb89ad2fdd4f3871492242057a41e12a036aa8eeae95

SHA512
d175b801d7d27c87b7b40ac970c8a4d3044aaab434a68e5030133d855b621e07c17cc2ded882b4b4f33786e0662a674c5e7a608f538639c0c85ca52e71d43749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d034ee6bffb697d2dc1ca44221ace65e

SHA1
98804395f7bcfc6a88904798a88f153390355046

SHA256
d594d6e7151fdd48d6f42fb1f9d1a5493b889954a59fde274622e6b4adb327b5

SHA512
ac9f9b21d9af9eb85b30b6a6a7e61e9b6c0ffd57740d4abddcfc4ea1d6ef6291eff730a92a922bd05f034038dafe0175c77ec4919037c8c51cefda5797f7400a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48a542434ffbd1b721b729299b01f8fe

SHA1
2100dec2d2077f33bdca9acb8aa5c657c88515f2

SHA256
b940a0bc99f2d040be5afc5e875a2316d0f6b90314e996161a0cf1cbacc39121

SHA512
bb9b42b84f0b18a583849fcde68bde374d49f207e5c95892674945d0e1636b136f91921be38ef75785628e2363ec5962361a60774c8e5d03e9e70700879f41d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d57e24d71835276890e5a1e4136d5c4

SHA1
1177ff1b8fbaa24a4415763048bb03d744e0d006

SHA256
9d8639ff9d65dec8d20d7d35a7b865ad404af1851b723b8dc088cf354de07f97

SHA512
a01b6932168a8d065bf2433f69111aabf6f849dba7a814cd7a4501a66c3d9eba2272ebff2843355321a6034c1520e12403d319af06ffbdf4874a0c0937bfa711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
331deb6312f8741bf0f1c6f552738926

SHA1
2aaa407322e80b02f295f395610e4ece816af196

SHA256
e0e5c93164cba8b6f14044d3db8ff7957a20cb2e51a51fd0aed7d74de32c282a

SHA512
83fb3ba98bc6197d7d189657bf9f9e9efd45207947506b4375f54f6954419332d46114659d7cf813799f16536a62b7c822737cd8122c11eb4654732576fc87a0

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier

Filesize
209B

MD5
07b80f3e93fb7f262593fa89a38dd4c7

SHA1
87409c7172faaf877f479823a15522be9248d1cd

SHA256
8441b48244efde795f26767d8c53a0e4d6d2ebd6aae25242c12bd8f1d579b71e

SHA512
e19477fb517fe575c2ae8619e8fd7d013db64c2e6d7227e6a4ba9e8eed8e98a05cbda3e7701566144d3ea2421e78866b9cb86739cd633c949e45549b08c1ac3c

Download Submit