Malware Analysis Report

2025-08-11 06:04

Sample ID 240222-wwqeaade8y
Target https://loot-link.com/s?o8TT
Tags
discovery evasion persistence trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://loot-link.com/s?o8TT was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence trojan

Sets file execution options in registry

Downloads MZ/PE file

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Registers COM server for autorun

Loads dropped DLL

Enumerates connected drives

Checks installed software on the system

Checks whether UAC is enabled

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Suspicious use of SendNotifyMessage

NTFS ADS

Enumerates system info in registry

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 18:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 18:16

Reported

2024-02-22 18:24

Platform

win10v2004-20240221-en

Max time kernel

244s

Max time network

461s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://loot-link.com/s?o8TT

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\MicrosoftEdge_X64_121.0.2277.128.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\EZFN Launcher\EZFN Launcher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\EZFN Launcher\EZFN Launcher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\EZFN Launcher\EZFN Launcher.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files\EZFN Launcher\EZFN Launcher.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\ms.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\identity_proxy\win11\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\identity_proxy\win11\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\EdgeUpdate.dat C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_gd.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\121.0.2277.128.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Mu\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_nn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\d3dcompiler_47.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\tt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Mu\TransparentAdvertisers C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_da.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_az.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\fil.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Mu\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\EBWebView\x64\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\webview2_integration.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\he.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\dual_engine_adapter_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\microsoft_shell_integration.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_hi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_te.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\edge_feedback\mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\sk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files\EZFN Launcher\_up_\public\fortnite-windows-ezfn-patch-hybrid.enc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\BHO\ie_to_edge_stub.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\sr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\ug.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\identity_proxy\win10\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\onramp.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e59167c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{BB810243-77BA-4FA3-BD35-C1FA04A2F94A}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59167c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{BB810243-77BA-4FA3-BD35-C1FA04A2F94A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI18AE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{BB810243-77BA-4FA3-BD35-C1FA04A2F94A}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59167e.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cda06db2add47fbb0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cda06db20000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cda06db2000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcda06db2000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cda06db200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\LocalService = "edgeupdatem" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BA747D4-0E17-4C7B-A5DD-6B81BB4A26D1}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\148EDAE345EAC3E54B1170CBD502D298 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8BA747D4-0E17-4C7B-A5DD-6B81BB4A26D1}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\342018BBAB773AF4DB531CAF402A9FA4\Version = "16777222" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 407616.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files\EZFN Launcher\EZFN Launcher.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2548 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2548 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://loot-link.com/s?o8TT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe778146f8,0x7ffe77814708,0x7ffe77814718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EZFN_Launcher_1.0.6_x64_en-US.msi"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EZFN_Launcher_1.0.6_x64_en-US.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EZFN_Launcher_1.0.6_x64_en-US.msi"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9927B5423B3D8FABF0608492C5597192 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7909773940604034920,6856183589942677558,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4120 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezEwRERGM0UwLTU2RTEtNDM0OC04MTFBLTg3QUMxQzlCRkFGOH0iIHVzZXJpZD0ie0UyOUM1ODdGLTkzMDgtNEEzMi1BRkJCLTVCQ0IyM0QyNEQ4RX0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7M0I2NEI3M0ItMkIxNC00MjdBLUEzNjEtMzVDMjBBMTE1N0E5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIG9zX3JlZ2lvbl9uYW1lPSJVUyIgb3NfcmVnaW9uX25hdGlvbj0iMjQ0IiBvc19yZWdpb25fZG1hPSIwIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4My4yOSIgbmV4dHZlcnNpb249IjEuMy4xODEuNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk0NjE5NDEyMCIgaW5zdGFsbF90aW1lX21zPSIxNDg4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{10DDF3E0-56E1-4348-811A-87AC1C9BFAF8}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezEwRERGM0UwLTU2RTEtNDM0OC04MTFBLTg3QUMxQzlCRkFGOH0iIHVzZXJpZD0ie0UyOUM1ODdGLTkzMDgtNEEzMi1BRkJCLTVCQ0IyM0QyNEQ4RX0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7RUQzQzBEMUEtMzYyMy00NkRDLTk5NTctRkUwOEQ1N0RDMDAzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIG9zX3JlZ2lvbl9uYW1lPSJVUyIgb3NfcmVnaW9uX25hdGlvbj0iMjQ0IiBvc19yZWdpb25fZG1hPSIwIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5NjE4OTMxMTYiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\MicrosoftEdge_X64_121.0.2277.128.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\MicrosoftEdge_X64_121.0.2277.128.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\MicrosoftEdge_X64_121.0.2277.128.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.184 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{723634BC-9C0D-4D3C-BCDB-F1A6EB854CCF}\EDGEMITMP_E0AE7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.128 --initial-client-data=0x20c,0x204,0x230,0x208,0x234,0x7ff780f81d88,0x7ff780f81d94,0x7ff780f81da0

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezEwRERGM0UwLTU2RTEtNDM0OC04MTFBLTg3QUMxQzlCRkFGOH0iIHVzZXJpZD0ie0UyOUM1ODdGLTkzMDgtNEEzMi1BRkJCLTVCQ0IyM0QyNEQ4RX0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7QzdCRDhGNzUtQUIwOC00QzQzLTlFNzQtRTVBMDRCQTA5MzJBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIG9zX3JlZ2lvbl9uYW1lPSJVUyIgb3NfcmVnaW9uX25hdGlvbj0iMjQ0IiBvc19yZWdpb25fZG1hPSIwIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIxLjAuMjI3Ny4xMjgiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5ODI3MjY5ODgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTgyODgzNTYzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjMwMDA4NDQ1MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZDQ1YTUyZTktNTZkMS00Y2M2LTliZDAtMjhkMjQ2ODM5MDk1P1AxPTE3MDkyMzA3MjgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RGRCcURvZkFsWXhtYUI1TnN0dDBNUSUyYjF3UnFPTzY5blJMZVBNbThaJTJiQ3hoSVgyVDhmVzhNRk45OFY3QkJuWnpVNzdPZmtEWG5SdHVZcjFKb1lTUjVRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc0OTYwNjk2IiB0b3RhbD0iMTc0OTYwNjk2IiBkb3dubG9hZF90aW1lX21zPSIxOTk2MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzMDA4NzIzMTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzI0OTkxNzMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDY2MTkxNDgyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTI5OSIgZG93bmxvYWRfdGltZV9tcz0iMzE3MjQiIGRvd25sb2FkZWQ9IjE3NDk2MDY5NiIgdG90YWw9IjE3NDk2MDY5NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNzQxMTkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\EZFN Launcher\EZFN Launcher.exe

"C:\Program Files\EZFN Launcher\EZFN Launcher.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=792.2236.15171859192855222541

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\org.ezfn\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.184 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=121.0.2277.128 --initial-client-data=0x15c,0x160,0x164,0x138,0x198,0x7ffe6378bf98,0x7ffe6378bfa4,0x7ffe6378bfb0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1996 --field-trial-handle=2088,i,8076767340930981715,3693211362601247409,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2596 --field-trial-handle=2088,i,8076767340930981715,3693211362601247409,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2116 --field-trial-handle=2088,i,8076767340930981715,3693211362601247409,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3284 --field-trial-handle=2088,i,8076767340930981715,3693211362601247409,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=4532 --field-trial-handle=2088,i,8076767340930981715,3693211362601247409,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\org.ezfn\EBWebView" --webview-exe-name="EZFN Launcher.exe" --webview-exe-version=1.0.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4728 --field-trial-handle=2088,i,8076767340930981715,3693211362601247409,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 loot-link.com udp
US 104.21.25.219:443 loot-link.com tcp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 104.16.125.175:443 unpkg.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 219.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 175.125.16.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 ddzswov1e84sp.cloudfront.net udp
DE 18.155.152.135:443 ddzswov1e84sp.cloudfront.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.16.125.175:443 unpkg.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 onasider.top udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 135.152.155.18.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 172.67.213.174:443 onasider.top tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 172.67.213.174:443 onasider.top tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 d1wzdj81h1hubn.cloudfront.net udp
DE 54.230.182.94:443 d1wzdj81h1hubn.cloudfront.net tcp
DE 54.230.182.94:443 d1wzdj81h1hubn.cloudfront.net tcp
US 8.8.8.8:53 174.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.182.230.54.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 0.edonorprog.biz udp
US 104.21.30.10:443 0.edonorprog.biz tcp
US 104.21.30.10:443 0.edonorprog.biz tcp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 ukworlowedonh.com udp
GB 13.224.245.59:443 ukworlowedonh.com tcp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.128:443 assets.msn.com tcp
GB 95.101.143.128:443 assets.msn.com tcp
GB 95.101.143.128:443 assets.msn.com tcp
GB 95.101.143.128:443 assets.msn.com tcp
GB 95.101.143.128:443 assets.msn.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 88.221.134.122:443 img-s-msn-com.akamaized.net tcp
GB 92.123.128.179:443 th.bing.com tcp
US 8.8.8.8:53 c.bing.com udp
DE 52.85.92.116:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 c.msn.com udp
IE 68.219.88.97:443 c.msn.com tcp
US 204.79.197.200:443 c.bing.com tcp
GB 92.123.128.136:443 www.bing.com tcp
US 8.8.8.8:53 10.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 59.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 128.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 116.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 179.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 122.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 136.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.12:443 browser.events.data.msn.com tcp
US 20.189.173.12:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 104.91.71.141:443 deff.nelreports.net tcp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 141.71.91.104.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 104.91.71.140:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 89.58.114.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.146:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 146.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 desktop.ezfn.app udp
US 172.67.182.252:443 desktop.ezfn.app tcp
US 172.67.182.252:443 desktop.ezfn.app tcp
US 8.8.8.8:53 configurations.ezfn.dev udp
US 8.8.8.8:53 configurations.ezfn.dev udp
US 104.26.7.31:443 configurations.ezfn.dev udp
US 104.26.7.31:443 configurations.ezfn.dev tcp
US 8.8.8.8:53 31.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 252.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 d1r9f6frybgiqo.cloudfront.net udp
US 8.8.8.8:53 d1r9f6frybgiqo.cloudfront.net udp
DE 18.155.139.15:443 d1r9f6frybgiqo.cloudfront.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 15.139.155.18.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 104.16.122.175:443 unpkg.com tcp
US 8.8.8.8:53 175.122.16.104.in-addr.arpa udp
US 104.21.23.212:443 onasider.top udp
US 104.21.23.212:443 onasider.top tcp
US 8.8.8.8:53 212.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 d1wzdj81h1hubn.cloudfront.net udp
US 8.8.8.8:53 d1wzdj81h1hubn.cloudfront.net udp
DE 54.230.182.216:443 d1wzdj81h1hubn.cloudfront.net tcp
US 8.8.8.8:53 216.182.230.54.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 104.21.30.10:443 0.edonorprog.biz tcp
GB 18.165.227.55:443 tcp
US 8.8.8.8:53 55.227.165.18.in-addr.arpa udp
US 104.21.30.10:443 0.edonorprog.biz udp
US 104.21.30.10:443 0.edonorprog.biz tcp
US 104.21.23.212:443 onasider.top udp
GB 95.101.143.144:443 assets.msn.com tcp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 144.143.101.95.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ccf8b7b618672b2da2775b890d06c7af
SHA1 83717bc0ff28b8775a1360ef02882be22e4a5263
SHA256 ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420
SHA512 eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

\??\pipe\LOCAL\crashpad_2548_AYICYNPMUYSJKDFH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 91746379e314b064719e43e3422d0388
SHA1 65f1a2b5a93922d589142a6edf99b5b35d986dba
SHA256 0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7
SHA512 a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 535bab4d7d492aad80cf17fd43d384ee
SHA1 6dceebd16b16e8917b641caa03aba120c12ec2e1
SHA256 34d6bcc329851a528a008fddefa7b0a3a2d7eb837e183a25daa485077e763203
SHA512 8c1b44fd756ac6ab2e88731106b93e35f4db5d2f2ff4754485ad5c1e02def490145c0db3a2e2ccfafafa67190a32bbedb88e4ece8866f37eba95dc65597b623b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27cf9a79285cb4b578316f07752988ef
SHA1 c2b9b23c9f8668b12bdfa7015abc85df131575dd
SHA256 aa334e1d0002bba3ff0783e84ffdba0c252f52f02c6ce6008f19fcb2768eb42e
SHA512 671562ca268228a57022c2e68aa1571c76690140990d06750226d07f0544896e6185a7008dda219e579a282a37fd88b5538198282b6f48a13c8ae7ee72cf4e5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13e76953c5fe01df6856b1c5ca8c2490
SHA1 6c724d1acf7c6fcf244730ff4b1194dce0efaa3e
SHA256 74c0b3ca045e3933d4f575e4e4dfde6feb74703c2c8ed790b262b8de3d4bd2b0
SHA512 b9ffa60e3f924830becd8d7747f0b1859acc7843f23ae664b067e948437f7186cf0039835ff7b97e2726665defa44acb69a78a441d7aec76d132fb00b3452d2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a690692627bf232dca2b25acfc9f0d7
SHA1 aeeec241f75cc13ea2e2e333d0088aa760f099c7
SHA256 5104c0363d8bd858c15601528362c53a897961bd820eccc8a906fa5c989dd4b2
SHA512 314bcba86c47879545a458eae966e46686e4e2b31f368083a27974247372ce13eb319098aeada5926ba6e01c2d57eea87402ed32ca46e3378cc115584866c66a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ccc4ab9f6c728b9bfcabd4009abe8de7
SHA1 57c3a4d560bc655ac2accbd5cae9b7725e5a20eb
SHA256 76ef7de68f99f6d3cc352110f841a2c2c80d6fc332070d09ca4e54a79c3a920e
SHA512 5b7e238a44e19b4e4e29436146cfab298491beb413e3bdd006ee4b817cb68413f07b66cecbc52f6eee3441799981543875a48d39944cbe34cd32ba755a93c555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5ca.TMP

MD5 2d9bb5c898ed46dd5e2fdb20df38b6df
SHA1 1fdb6b8fdf9d87fbbd304ffa83caaf760530606f
SHA256 bd935511c5cdb33b31a810f010645e09ece71d0a7d33ffb8864cb4f39fc20d34
SHA512 e21f39d20fb95745f2f614f6aa6ae522a89b593a244e1cec159dbd375ffb17b8ebce7b6e16c177e66c1b2b5bdb579e401cc4cd5d03d580f6f5e3b85f41f0e8dd

C:\Users\Admin\Downloads\Unconfirmed 407616.crdownload

MD5 153ef3729227cdb158363a16c5da9d0f
SHA1 1acd6282d1c3fb6df914c3062a0f3d6f3853d7c3
SHA256 f1b09b47e725f385e9942817ce06aac48bace898655ad15e2133239f3555c3c5
SHA512 3499a15e3cda1685fe719ab7f959feb4c0b21ab0b16e74f4354b0659514b912f935a41441bcfdd72131b7ddfee26118ad1c19c6a76bbf25fc50601a8618fbb95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e17995921f13c92e373b6a59e92cf7b5
SHA1 8317129b4600df6e06b46bea081436798d5a9db4
SHA256 4b84dc48544626b35a6b5f0098b6a13a55246b705451a5d0a888997af8b36ef2
SHA512 8a12144d3b943be79ceab741e285ceb54cc6af795509386026d2d6b413fb942856cf43275e95a52ede7fbdfc50524aea076ccc3913ccba49af5a642f1cbe4758

C:\Users\Admin\Downloads\EZFN_Launcher_1.0.6_x64_en-US.msi

MD5 f36bf2f918e491c3053a5560019fd491
SHA1 0b792000171b0273b312a372857ecbb4f3cb69d3
SHA256 fd93d1e00247fbd1fe1bba43d635f03bb56b59549bc8e86e6c9714a43e659c3d
SHA512 0e62a0905972533647da8b080b6089700cc1ff76dab86ad64ce4fc06e46dc3a676e254cf16f0b03cae446405f2f06b4e0d8840d025605b74e469fc98de93eab9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 408d6f3bc5ca96586edd9438ed977f6b
SHA1 8911aef6c686d10aa204bccd82c1ce445457f1dc
SHA256 96f1b28a74488b06dc31279da074dad1272b6588f447cbb0969bff999aecd6f2
SHA512 399236073f5c910bb5605cc141d5f629de44e119b8bb6425e21b2650e4d86f938f529b45c2fc04ea854da28b32ef0c10e6fb06718e83c3457aa3c916d6d7b401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6b7cb429e10a40f9b3687073de3bdbe
SHA1 11f9fb0b99eaf00ee5827ae69b558b26c7daa59b
SHA256 61811ea0aa39ae4080a94f4f86c06f32917ae0f1bdd671050bb64c0f4e4fceb3
SHA512 79c0ec5b873350990f3e6f2ed7aef174caa211bcaa2b1189130f8968175bd508d7f092d5dbc12f9b56edc8e8994c1446b8990da7203297f92be67ddb767254c8

C:\Users\Admin\AppData\Local\Temp\MSI6F9D.tmp

MD5 4fdd16752561cf585fed1506914d73e0
SHA1 f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424
SHA256 aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7
SHA512 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 60a22d85404f096716d00d5c594dd448
SHA1 de9f5dc46c9122eb47131579b499c6eb758c96f8
SHA256 52474306cae7a7766e3a90d48d313c1ba7d5ace41780b3411db50ca6f606fa41
SHA512 8119858738e9c8cf559fb14bb8b3f31f0b768ff4aa023995f63e9dff18ebc77430dd16546af6772cb560c37f8320fe2a52bab9cb76adc8fbc5dc5cdc9adeb27b

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZFN Launcher\EZFN Launcher.lnk~RFe591bfa.TMP

MD5 df948bcb869943fe8fe3c2f44ab73b05
SHA1 b58d953542f9a18464c1252fdf1cb3ef4c1f7eda
SHA256 34d5d676c1f2a2d1190cd1c59380fe86be39f722a4a628b7d1bb7cca8234816c
SHA512 f13e399d6515123e2c66e891faf1a731895060f615b7aff52f6a2a3ce20e2d68c0d450b63b963cb3319de1ed1e273961dbf97f7b3c345cc5aaeb4a70607cbfe4

C:\Program Files\EZFN Launcher\EZFN Launcher.exe

MD5 b1c3df4cf3fd9174a91f5c7289bba639
SHA1 ff1db697883a3e75d88a118dfeb1fd8b6197a586
SHA256 36e35562646c56c72e766bf266e9673a6196ecdfcc49fb9a5fed3de6b6efb612
SHA512 2b31902685e7361de1dd57c005c0bba1c1a6fb6fb1371d380cf6661720eaefef011bb6f87fd8b6ad5624e965422c45e5685cd445fbe6917b27457ddcba2e8be7

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZFN Launcher\EZFN Launcher.lnk

MD5 b1431ca36720e09d6fb4da7162d5d298
SHA1 fdc6809e8e066de3fc87018f0a144881b1340136
SHA256 194fb4ad25ad0d5ba023f5600c7f65af17eac5a36444c705dddb4643b025a2ea
SHA512 20f06fa063688f10058a49f162bbd3393247468104671525c89e8fa650ac96d7310d4a55cbbcf790ee64d37f136385bae305d4bbd9a8e8d7f6a3f8ae7bb4b924

memory/2444-294-0x000001432BD70000-0x000001432BD92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_j2aitvqg.bij.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2444-295-0x00007FFE645E0000-0x00007FFE650A1000-memory.dmp

memory/2444-296-0x000001432BDF0000-0x000001432BE00000-memory.dmp

memory/2444-297-0x000001432BDF0000-0x000001432BE00000-memory.dmp

\??\Volume{b26da0cd-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b004a8f2-efef-4daa-817b-94b7955ff245}_OnDiskSnapshotProp

MD5 a192ddbbb8c8c16b8dd46516878dae0a
SHA1 2ba363ebe7e2b97b3bc4fcaa11b991130403d00c
SHA256 f4324bda8689ad6bb3e88c40d1df40d6d5b3d4321b9b1415cdfd0f545d3c9db6
SHA512 c6d6a94263a774808f456118e559a743f64fd9679aad1d0d859b10a4c2f81c058f7c67d7d322049acfc6112e24116b3e4fb6754dad61078fafe5342e2faab475

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 5f2387113ba2c0c94b170daefe486b81
SHA1 c373ae022d785f7cfc488524a93e781ceb170dee
SHA256 7ab13eb08528fb77e68a4f2d2dccb716c8ba55ed53a1817b0f3cd1d00024f867
SHA512 4d9778163dc087a70106fe319279f1f27454a070c61b5fa706f60979712df65b38fe8fe859b06cacf2404a16a67befa3c2fe988da044b4c1318fdcc303019f41

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 2fbe10e4233824fbea08ddf085d7df96
SHA1 17068c55b3c15e1213436ba232bbd79d90985b31
SHA256 5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e
SHA512 4c4d256d67b6aadea45b1677ab2f0b66bef385fa09127c4681389bdde214b35351b38121d651bf47734147afd4af063e2eb2e6ebf15436ad42f1533c42278fa4

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdate.exe

MD5 11fe091ace9d03b9ada6d5a22d12c0d0
SHA1 5379ebe84500d425586904e7f9ac0393ab2a9d24
SHA256 50f4ed60a507ce9dd1f3f4e7d53053d923cb71594374a25251746a9b2271e4ee
SHA512 0f39af99697332c697ca62e2708e0a9200552a55f2d3057b64e9b18df2fe2828be750b14b5336ac9518b4c1282e82cd170b64587cf56b45b840ca231108b7fdf

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdate.dll

MD5 0bec55833f356f89b8d9d63727ddc43e
SHA1 8dcfd2b8292ab7a585a8a4e40d61b81c96b63f5c
SHA256 b360afadecb2334ba103d515c506e792cb9aeea5925a6cf85dbfd786a225ffc3
SHA512 6592f21800f91474d2ade6102a0d0d36097e5552278e5aa390e52dccc838b323f9a4b89b6c879c56621d0de84a9ef054f695a6fdc267c9142a3d234bf3a2460c

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_en.dll

MD5 5d365ca4dcb28432aae57e60dfae29f7
SHA1 76150d3ae3070e10f378df87e433b1324f5f008e
SHA256 990051016c4d565d20167c62be48e92ecd840231bd0ff21838d105cbea750ed3
SHA512 f46fb26ef0ce04eb0655cd4ed769b5af055ccec0a15cacc25c9bdd6e3c3a4ca501164e5093eb7381d00ea28a3be59e69762ade995a421c7ce8b1944fd2446465

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 9540ad83a08605ba1f52196424ce3067
SHA1 a533eb61319bce1720b55d8921691323a4178c3d
SHA256 b0b5d9eb6f4b176bdfbe4da0a060ad1b76c813186fae3d9a6e1b1dd9ee0d01d1
SHA512 bb00ee12c353c9deeb8105399b2a956343e4a1c13dd1198d0f481c4f699099a34ede80f15bb4efa9a1f68c2c12ff75da163b48bfdf30353d5ef5d4bb7c174493

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_ar.dll

MD5 07b160c1fabcf30a0e3e907f1b12177a
SHA1 c5435df1d9bc93ac87870c5d8894de8481456de9
SHA256 a78619b34f4566ff3fa834111d6f02fdeb5e82ceae2167f51a85aa902f4ad2dd
SHA512 cbf2df29701b0dda648f2e208596c691e1caf97d2e3314749b6a3ad899cc057f66cedbbed4d6362b987173a925e73ea266d238c9d985d03b7ffd5c32b0d0b3c8

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_bn-IN.dll

MD5 c4457c581afbf9e1903fb309d8d08bf7
SHA1 fc52fd6cc2de7405ac69674f74cbef43c92c5295
SHA256 f409b1cce73799d3ed0fbaab72c3331cc597787680e2fc9dcd9e2803f62e006e
SHA512 b8bc722dc801a9c50a972dc9ef5ebb31b43bcbc7d12cb84d0b3e64749781818963573f0bafe646160ed9edac5db5b72d7968d3e5ff908da256079e8dff4ec2d0

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_cy.dll

MD5 1532acae4f743656a6c892b833774f30
SHA1 697bd52267dd49e44f85684b60f7eb75cfd4a2b4
SHA256 7b2c230123832f88a9e343b657ca51ec4daac3804ad40e99294d97841fa98b69
SHA512 22b36809de33bc3ce475c0d5e7cb59f3dc85ff5d8c281398f36f56b78e0c04a1732a5cce6c1a28aa13bad9dfa4c98f2085ea40c6d61fcba4e7c825cc6fe273e9

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_hi.dll

MD5 1b10182ad3f07c112f26fbd9f7a43848
SHA1 b9b9b4bc37a9dc1f9a9cb11df44583594d72f6e1
SHA256 381cbc579d5200ed6725a0dc149dd04703d157ae793d39be130d68eff7109c02
SHA512 1575d4f0f756aa5bee99c0b1f60ebca946abfcba08b180b13eb9fd966b05c44cff94ee2db6b5fa7025b5f0247f06d5bcec3c790a20c1086a59933aa7e5cf7097

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_gl.dll

MD5 e2bc2cb179b0758f9deda1fde5f60ae2
SHA1 71367f007ab0daf92d954b7e86eae037ec2fa8f4
SHA256 6a2342b270f775433bc77f9d48ab8f71b221c3cd60d84e893314bebff19c4801
SHA512 ff3a3afdf1780d6351306c0e00fedb59c020de68499005726e57487e9c5045636e59baffa487ffbcecc95f9bace000f66d1c3bf3b107e309e3cb522d45dc7b7d

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_gd.dll

MD5 03cf202f9262f42dff2b35987eed7c95
SHA1 2ccf4e4b8f55d61032048101c18a4b6cc7b6a087
SHA256 6f033953fdb5ad272ddf29299577a4bb8d9a53bda4b3d8ffffd8d56c542c2c56
SHA512 c1d65b8457fa2b0998aa6500b585c14e177154ae5cbf08cbb0ff0fd7a1d82e31520f4bee4ad20badeb91784501057b1a968c7d7d8415a2f7683f1a434bbca30d

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_ga.dll

MD5 912713dbc1bf81366497d2c10ba3783b
SHA1 cd42a85838ef70f72c2faa5a149bc6a904f81585
SHA256 f4b3c90ab375d5f465e2abc2bdff37fc41e4a1ed44ebf8370cd9eba7408fb586
SHA512 11b2b1b726b314a725d24fa3c8b85f9c05a1643ae768adcad4b7006870b728db8688cf708f355ed8ffe2cbc24fb874dce2dbad86231c045b454dbcddfde35225

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_fr-CA.dll

MD5 e22edad44e45a6e1da46e0afbb318052
SHA1 d35c28b112fc386c6f4c52e4faa2ed8a56a4f6eb
SHA256 a7a163fbcbeffbfd4655e41d162817a56b8da8b679b139a04961e830ea5ad05a
SHA512 e750271aa41b402a5682f6863e95756c91afcbd5a994453280c7dac3973da3ecaf0fa0689b962cadab492ce90d510a436bd773c995b93ff6b40007371cdd2713

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_fr.dll

MD5 86e02140bd5ea5090460ab7ac5c5cf08
SHA1 3cc00afb1b108b2247cc38211b64bb360c1419b4
SHA256 4edd7b2ec1438f6a5d56eb0b7fcd7a42f2110eaf57439283afe85f527f9c1574
SHA512 a0e6177a3791e59aebcc960cdc2861e10b6a20e0169940f219c92cccbd4827afc47bbd94a5629d25a9f2d547e8e2094a3c96aa55a1bc3fe9b744c07436359e95

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_fil.dll

MD5 4bfe23c9930f814f7c9d977525cf2046
SHA1 3a6147006bd805a33d7caa647e8088a257061781
SHA256 a9a40611ddccf179b8cd342c07d947af951f85072b598b5332ca772a5ce7729a
SHA512 a235eef64580b8922e5f507f9bb2080800dcb4ea6b156150d2266748ebf38c2eb1e39342b01856ebd9e63b6e89c2104b434e444277dfe03e549293c928cb89bd

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_fi.dll

MD5 5ce5cf921d0e522b8a05efa79031cfde
SHA1 a081d73ab637ad63831b0e05d0122e8e9036a41b
SHA256 6d049ab238bffbfaa0408460f3d76bc23bfd62ccf57659beaa81346e2dd69e98
SHA512 6ef468f6f6b6186fee208b3101c089a168bfc286fd7a84c220a72be085744c70b30a299cbce1bb0c25689da1f348552322a6451277be604f211017ce6d16f989

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_fa.dll

MD5 96e70c3aced49e26c5938bf5ec7e7a7f
SHA1 5fe35ee220c39cf8cad8d434b49ec31fa3f729ba
SHA256 5f8d8a9d207108426a3f4776786c4a7b5d70db237ded870b9a7ab191602fd83e
SHA512 af6f420164c2504a6c0fb3b62c89790dc3e08ae0b847e0a888c2c793aa6198134a8c18914fa0a5f3153dcad51698cb7125d2c90ae68de221042cbb97b7f8b78a

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_eu.dll

MD5 a5824f125e7c5a363618e10eb166cfa2
SHA1 b9265cee687f031f52eb6cfd6ffacd728f7c9c71
SHA256 3fe2d705da261a98a8cb375d59ff98b0552b61e7c57132d46126fe4646b2cdd7
SHA512 4b2c4fc806097320a56c2547d2962f21e99e6e17a211cfd9aab1a7845dce78d958ab6a03481cb2a827ab233afb2cbcd059bc6e211f8951c1a2e3b7ac51825b8a

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_et.dll

MD5 e4a76fbf2d73c51f37bb96ef5b76ceaa
SHA1 5bc9a30d11fae80286f0a73db5900e9b2a94fc30
SHA256 a1c067279ba80bacdd975117ae5e6aad9923b3138340d25d08742163107d7313
SHA512 0b4751d5a7914daecc8f0f620dff0228bfe1853af901c6ec277656f3c568d916bc1e1d22bc737ee3f54107fca6ded731c73e80147e34ce3b81c276f8b6d2b2e0

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_es-419.dll

MD5 22b0343d2498e2a0b9d4168d480bd6b8
SHA1 d4dd3b497b262905788c7abdc791af1cdd80c6a8
SHA256 094dd4e1d9cf8114145c254372b0ac20f6593f16f7b53e02953bd21bbe26a4f0
SHA512 970fd6cb5fa68e2e12a6288b00250a3c400939963298bfe7610edced53036990c51edef7f5054c371b12eb992ce8e05b1eb7af4d9ba61e0af41096a9ed64957a

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_es.dll

MD5 17006114f71cb462041e1ec50a952047
SHA1 3062f6d33dfa215b18492a3e0a2d0fdf41a08429
SHA256 bd195bbeb179e478cd1dc4bab518568edd65603e3d33b11b3298ccd1995b183f
SHA512 5d7fe67bc1d6e22c9e7c13df5a5b9dd039eb77d94b991908a6e23ae703295d2c857b38799c30b40cdb2f3bf503f951de54e11fd65e6f482bc184ffab54ff443f

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_en-GB.dll

MD5 8ff46334ccb442dbdce0b04e84cc6364
SHA1 52a7dfd39529c0669d8fe72416876bb2b241741e
SHA256 47c08c6be842b50d119c4921ff860bfc1739efdb017de42c1247bf0fb5c1e254
SHA512 b23b74b2c7f76abb613630c888eff8ec2fe6c28138522ebed478f6d55e21917e658f269ef0d6014e8778225b81e2839cb965a1ff243b5639766bdbcd52c28f47

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_el.dll

MD5 8b692911c2eef0d2e2fbc8ee84c39e03
SHA1 b5f558a2cbfee2dcf1cf5f7e5dd229309f5bca1e
SHA256 68ff5bb5a44f019c7c8a50cbf9ee0af264b4782e6516917b4760c0b05d247161
SHA512 6a4118eb9d1bdcb4031db82682ee919f62d575dc765ca0a65028bd31c8bdc061155bc2139318916b3be3572b6a3656d194e3a925b5711241f436267a9af1109f

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_de.dll

MD5 9e0645c2970492f18a9c16d053ae47cb
SHA1 c91f0ee7dc0dc0213776728b152a5c3597b8e1c0
SHA256 7bef8830bdf0fbc8d84d85946a28cafe05fc47528741bc11998805982a3b421d
SHA512 c4277b7e7652bd342dbda6d2d22acbaeeb9ec1321cd91ad236575d0c8f504220736218711e91f0984e3d2f06652101f52aee123163d7bf3cd173c7ec2d1325cc

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_da.dll

MD5 8355353da56dd6ba036eeedbb10ffa68
SHA1 3e20c8f35cabebd04e7162b9567fd3905174127d
SHA256 678888dd82f5cb04b5727c56699c70d442b35ac65338bbe9ac45ed8d2a32acb9
SHA512 000d0a8648ca4e8433568efc422f3caeed7c53e764878aca11f8b7405850863f8a7bea4a97fbb0076db961d3f09646a00bb3eaa0e4e3b81d949ac2aa033b0827

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_cs.dll

MD5 14fcd6216e82727e0a757f0f6a04701a
SHA1 ceb886836ad9dc04b2758271d55cab0f6c6146aa
SHA256 777b0583744a3ee8e32586262d34a3d231482504f37d1b0679e1dbd1e10bb854
SHA512 e963ba587017d3e579f3839a0fa0fe5be659cb749629a5b98e7b02184e811a943ac18d66c927ab45c54869650289ec6e3a9661ec40532fc2ae578a5fb15606f9

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 5801a2b7df808227d967d2e0d147fa4b
SHA1 dbe2844fa8bcbebc227b9817bc0ea8dcd1634b13
SHA256 cc02b8e56ebe97d640eb3241d6dfdd76c36d8ad9dc6fd70c11ed6a165f87dbf0
SHA512 b6f77f1284a05aa4d9e69b2f459691f8bb79466242c13d1bf011d4edd6a43e742b4541ecfdd4d7aaf7b6e72b3540d41ebfd6074086ed1a4b56ef6b852d91ba0e

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_ca.dll

MD5 9cd4f750ad9c689151ca0a278c3774bf
SHA1 cbe0a7601db4ce0aded6e18c9647750a4e03a8c5
SHA256 3569e7eafe649d9b4e0fbea1db33d4a7e6c350e4031f9ac40506df4828892b0b
SHA512 38e723fbcc1ae59e50d8f8ffd53cf77fd32a64686f24a0670287c25dad7fbe4852ba968f223cc5936b2a1af453e5d2d5f3cc190e07ee0a78c55f88a0c3ecb940

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_bs.dll

MD5 139d647896af07432b0c810977139fdb
SHA1 27b2f2915acfb3a740c958282deb2f418df83d49
SHA256 0f3d5ea311f13f94b8c0f9bd6c8fe8351ca85a9e92d96b3ac3a54e87a2167833
SHA512 cda3135620409f12fc7ee77c53233af4e64ea4a7e3a7b2af3534b015b410221e500a1820cd5852236236ca8820521072eba4128efd6316e1bc7863360c07baf7

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_bn.dll

MD5 4ab2b866301da9ffd1a2d9e1d2828698
SHA1 bf49d684e192f14f96ab03dd0f8d9e5817a0f1b8
SHA256 cfffd594b203016e13fa74c5382c1c6b46f7d3f0817eb4d649feaf3350a401f0
SHA512 60874a1c999e646a11217b3d0c68af03b7b2e1210f65e8e922a2cd8741bcf1e687bf74b97ffa0082962df2f534fc4c2ca9c28c4822a7e2c50474810e42de9d24

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_bg.dll

MD5 4328bf6228c408cae033fb4acca65640
SHA1 011fd7ddb7c4551abe683cb005920d85cf3eb10b
SHA256 73a10a15a4be54f85e4103a994c8a628c34034d085c40627fb4f18b499379de8
SHA512 a50a74fd675ed3b791bfa5a93ca9f910c5a9052e9990de0132606779a333007d305f4fae1ac9f193335cd8207a17b00e2848a87aaa09e7900df189103fa0cd92

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_az.dll

MD5 ea96f65e817ac6899d6732cd880f744e
SHA1 0fde259d82e3c300ef2461e660208fdccc339e64
SHA256 06bfc34d181852321498c49fad36701a5f854ad6e5588af9e141a5cef838165f
SHA512 f79099fae7d98b9208aa5be96f28d9855c5e81cd9dcc5874ed2e41c8b720f32e54fcfdedd44e075892967768f42833f9fd99657096ee10af38d3b663d48bd603

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_as.dll

MD5 0e38b9e9fde2583f8dbb61f2522c1996
SHA1 9e6a952387380bcf54dcc9d040a2d9051a63a1f1
SHA256 ea9786491db2b6548e3c935cc4f8382fb1534b3b67dde1ed6b9aa003c9a7152f
SHA512 f17d95eff5b23d2d11f161a66ef67c61c34c0190ca7d11d8e30f4504f5ecfec87a02fd474a08061433e8a431d78ed92fa9cc087863f3f4caeb2b5616949bc11a

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_am.dll

MD5 27b4625745b0d9036faeef288dcdc71f
SHA1 79e2e6590a0f4b6af97796058595e8df77bc4b8a
SHA256 74fefc1ad1bca85ae3cdcb197396568e9ccdc3de9095cc3e787e6e28f9a04487
SHA512 2f4e0c4478a244c3b1632f282c7522efbe9b2f03d6a8bb600f0d833c61fd74d7bab32683b1c0e40e58b2d30640cbf6e9b28c03b179e168a6cb7bd3512bae3f2e

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\msedgeupdateres_af.dll

MD5 ca3b6944f47fb398e4656d7076e3d247
SHA1 592c966af88cb9fd39250d917fe4876bb213d36b
SHA256 d1d58d338db2f0f885d7e945613c2e6b98ce02534a2635c392cec04e8c8b5f71
SHA512 5be93716c178401e809aba922b05abfe4c6585ac8544ba6fde1ae16af87e571ef28d51f8d71946d5acde96370d39bef8d85349677de16b3e8009ba3f57802b46

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 7750d94e4719ba69f5f83213444c0015
SHA1 f2d49b2d5c3bb372a5c74513de0744f2a5f3fe5e
SHA256 1ab31694ff0b6283fbb6ec062d6eab9ffb26df9d6d1ba140cf60a8e7a4cb9fe5
SHA512 4aba2ff17870e6e20fbcfe8d31036d52d9b2ae9df1013e1140cdf321bb4da0a8f5cdbbabfbee758cd2f2bbe2a3b10f25351f9e29cc5f5d91baea6dce2c83e714

C:\Program Files (x86)\Microsoft\Temp\EU4ED2.tmp\MicrosoftEdgeUpdateCore.exe

MD5 3fa9ae698a600ff3422995504cd088c4
SHA1 bb0b798291c7e37c514d8fce11b8c777d13a6b2e
SHA256 a8e1533f87ac5273f908fbb67edb786f231fcae44b49dd5e6ceb3c777c1f01a9
SHA512 3dea12c2f30fdd5cc4125de40ad26c9f1a69abe8505c863b1469f47349d79f2b51ab037009e500291085366abf0ee2b24d16a3eb419b715894b924af656d2b04

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 c750589583f5f20bf387cc965c695965
SHA1 791c60dfcb0e0f8836042b01bfe92f140c8c6169
SHA256 3bce62c4ea3da0b0e246265e9c067664a9260730e0991d85cf3c0c12a43b2318
SHA512 e6a50bd555f4770c9abd8806aaf8f2dba62fe9a7e710b209e23fbd87163249f235f1f82f4734516088a2dbeded6de29cfd8c61bcd0d0a8bcd37ba20e864374d3

memory/2444-488-0x00007FFE645E0000-0x00007FFE650A1000-memory.dmp

memory/2444-489-0x000001432BDF0000-0x000001432BE00000-memory.dmp

memory/2444-490-0x000001432BDF0000-0x000001432BE00000-memory.dmp

memory/2444-501-0x000001432BDF0000-0x000001432BE00000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\121.0.2277.128\MicrosoftEdge_X64_121.0.2277.128.exe

MD5 30e5ff5363bd0e1f96faa7dfd3867326
SHA1 52008c925659ee2f3c30208e707faa9bd255ae75
SHA256 64ba08459ce763bed578a91c790d6b1acdfb87e246e717cde7cb122ab06320c2
SHA512 6d430d0f0af65c5477d6d07c5634a721726a2902146a5d0cc4d0bcb974e99839bad39b97caa4d675aef13292208d18c85e5a8be3b16f66bd4324caeeadf8fcb5

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 0412e3429b2c2b5f4c2f110bce5754e8
SHA1 5319f914859de33e0e7db84ca441975986bbcee1
SHA256 4b2f49f0dcfe4f1c31dd23dbd7d664649094e5d05af81d5317b742d60fc4ea04
SHA512 40cbebd286510af67c37fec5a8fb0ef47c640b13caf933415226998333a7eddf031bf7016b5486844dec773ab005849023e5c3a83e65cf11cb8f12295fdb529a

C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Installer\setup.exe

MD5 af31629343c1fe80f5e4f940089ed5b8
SHA1 d6bf2c2c096fad38f9aebc027c4c30ef83e20628
SHA256 97e8d516e7ccf078376acd2140f79970af5ba51ab98c9c4de30d4800af6a2022
SHA512 2154d43ade9f244fde2e23db8312867cc397fa7fd51b442cf045bf1bee820a9d7378a1f080a905d7d887b9fb3fa9ab25731820e9d73a68c7c5448f35263367f5

memory/2444-546-0x00007FFE645E0000-0x00007FFE650A1000-memory.dmp

C:\Config.Msi\e59167d.rbs

MD5 9b04f327e40bccf36982746b71b92d23
SHA1 110847e6b097fc5793fe1500c4a05e4039861388
SHA256 e45d04ff0200d2f874b4f5c30697c445c61d5f28f4b4e087493759413425ce97
SHA512 082c039dffc10c50b381edd6f271de7972cdc33318c336a22ee95d8781eea58b3be8e367dd5bdc5d63a5fd7ce2a7134964d6280e2eb95b08afbd8f6ecd428fd0

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Crashpad\settings.dat

MD5 dbb1b45df98566092c11667c764fc8c2
SHA1 1e2a360948e26c36f106246ad226e37d3b93c6fd
SHA256 1448908106f55118e8e2610e44dbee3630e5db21bfc13c267bfd60789bfd1022
SHA512 57b42d20a55745ee9d5b6ac276780e28db758792430598f6801e189db8cea46ed50ddd02d6888ecea75ea854c12d7a9236fca3e7d3e665840aa4abbed5e91bda

memory/4492-585-0x00007FFE855F0000-0x00007FFE855F1000-memory.dmp

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State

MD5 a5d4aa2389062c2087a4d648c2980bbe
SHA1 6b21ccdb13c15ebeed53aab562dcdd59c84fdf90
SHA256 1ff61283a2edd9a5cccbae163f998339e16cbf8b981095c1cb923fc1e1c8d31c
SHA512 03df6b6f41d6a82ca5b2f36b15921554f573006d8bc278daa04136fdee5e18b6848c11aa44e249355cd0b698ef5cdff8b9a78db864cffe4eb6e5afcc5d9f02d5

memory/3804-607-0x00007FFE855F0000-0x00007FFE855F1000-memory.dmp

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State

MD5 e75abfac551b006e5e8f042f0dd56a91
SHA1 fdd06f5302e60d45d3eed8b8e165d47bbc77c5f9
SHA256 e804570b4d1a9457144a3e98f487f860b5a65a0d6156cac7c87966e3dbb3b3df
SHA512 8761071a80c48286a1fe83f5974155f28e69171991a04acb313db2288b60cd140bd4c0350d127035a7afc635785ade89419ebb0eaafdcc3ca747cc0486775beb

memory/2380-608-0x00007FFE85A80000-0x00007FFE85A81000-memory.dmp

memory/2380-602-0x00007FFE84520000-0x00007FFE84521000-memory.dmp

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State~RFe5b3eda.TMP

MD5 4c676993c7b4f9870c786a00f3ff8d5c
SHA1 3f03809a2c6ee010acb3a731d95597307ede8f3e
SHA256 d25007f6bef01b3c229a94af712f2a0b95ea7e8ae41771a24c88b8e8e1c28794
SHA512 12b8835be15f9e0fd75ff45f4e73d9eadf831cf8057fef37126d077bfe6dd601815ecb104bcac13f91b3237b9129c2194cf23b005b2fdc5646fb0bd6ba882e12

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State

MD5 a4b75b48a6d6c31fa4711ef6de836a33
SHA1 36a29673b2ebdbd0fab42f43b0dcca59d0715434
SHA256 40aeefd77445297f8687668dcb5c1e6544a8ae61dd52394cbd88802eb25ba1c7
SHA512 829e0d4e93175ca92b782db1c10805859ae35d6325dfc6f1e68b5577f4a3541092b6afcab73dff2d7a96e0ea580a9753118f1bd4043557fcfe5ea60891c49698

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 d3aac1ae9ec5878dde56e14f9bdc6c1a
SHA1 16980002d33e6c45e58f50381974a74c3d7b8d3b
SHA256 20db07102d63e5a93637cbe8b9d10e62a28ccf4c3f3fabdbb75b8d288db7919a
SHA512 7a5eb6c8a8d819b682cc3d06768e0a134f42c39303e00fc323789c18ade26ac04501e6b05af613ed5380864007159c11a43af4980561f22c5019cd52b6f93a49

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 7afc0f687937756e64cab9369ee78795
SHA1 ffbca82ffe841cecd7bc9a3e7adb1f2ba246581b
SHA256 5bc56c8ef6998cc548af84afed597e0762abeeb3c1b8d8696367a5371894d4d4
SHA512 6ebb80cf0aff45b258d1caba8e7254b3a16fafdcb61e4c991571319d3696ff09f7aedd85cd17a0ed2aed5ebdf34ff658ab27370160df7740bb9bfd8cdb1d58ec

memory/3804-809-0x000002053BF60000-0x000002053BFCB000-memory.dmp

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\TransportSecurity

MD5 4c9d63a6c4db8be401fd7c747cd88d80
SHA1 d62b0d2ed31543e89519e710c2fc66116efe5fa0
SHA256 4caaa7f9159b20a8d40a684585fe1a8e825041c8e3c245db2d114bf4fc1b0fa0
SHA512 63a2a3fdbcd2fd4b93acffe835cbdcf4b7a7636486fd5ed836edcabf0aeb0e4f31bffaa04246da5e3aa4fcd1caf9af7d76138d6879ad46256bc437ed6392000f

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\TransportSecurity~RFe5bcc45.TMP

MD5 17c2306bbe5d617780123ebb9b213835
SHA1 f896e4c73200555e4eb09fe97cc1533bbbe033e8
SHA256 9f43ea03e763afdf7ce6c311d4aaba3d0d4a97caddd52d194516f0d7fd195050
SHA512 4c3b207cef53544f695a71c2420276a59c219bc9245ecf34bc6c32be26fd52b45e90056dcfc45b9e882cb88b019d15e4ed770fdda6f064c3e4cd109df74e5f3a

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Preferences~RFe5bef6d.TMP

MD5 2d41cc42d94c9b66c09a40d83cb33deb
SHA1 cc7be15ec631268d9971a30afbd25781965c9a47
SHA256 05bfe5ffa5f38a06eced81a8b8e9de9db5e56389d893fc11ac2aaba0ebe8ee42
SHA512 4fd22af8ca1dd7378a15fdf3d561dedac12950656cc0f409e41eb3d912974b13ca5bf18806f41be5275374ccccd047413afe61d71a365916527c67eff011fb51

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\3c9fd432-57a5-4397-ac41-178820af3c71.tmp

MD5 9b8eee94d350e3ca558deb482b46840a
SHA1 e88b6496d35f9f8254402841690ee6222d745f0f
SHA256 8ebd7cec3ed76b727943286f5ce44c6c92c5ab9e27476ed070d51bd7dff87090
SHA512 c4fae0ad32383f04c239208530f77b0259ed9687dec4bbd93cc0a6f4f95e33637498cd2bda0cfee4bf18ffd41ef8c73a1b84e7377232ffaccdce3c021d27a8c9

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\Network Persistent State

MD5 30c3067d39a63cb3b178409dc953c2ef
SHA1 46f3dbec7acd4de1738207b556afde398fdd8702
SHA256 91d04cebf9751137a4b2ae458a533c659d8378a6923d6a35abdeaf413a952f78
SHA512 4fc3eac1c97126ae203f87d1f5d8d3388f5ecf76921374a32b1e021861fc15d9e97b9dcaff695b209c1b88c99165716b9d00ba4ebca446471b5971746596b0d3

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\Network Persistent State~RFe5c305e.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State

MD5 fb64893a629ad69174aaf7728774a413
SHA1 0a48fe7ae03f3ac36fb3e12aea13a90ce218a3b8
SHA256 3a695009bba3963b2d16142aec4903f0ac195a4410a60d7f9da888c3c5954218
SHA512 a0abf9fd6352b4cca9cb8abd05bf8c8f715fbeabdc381fb7d545fa930f2239c77f86e2a4a818a1333969aa193abe526004794f4d9eefbe0fe0921639c1faec24

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Preferences

MD5 95ac741f8f7fab9a5692a38b31175c42
SHA1 6515ae3ce6daceb6a8a0388130ee268e64f7d5df
SHA256 842e7b516f8dded6b52b4eca3a8bb5912ed03b49006c5a50bcdf2636678109f9
SHA512 400ca48de954cce7a65532aad1439754f953809547d449c9ba8dd088b33f2fd560e38791a6db18a2b6937e9a49726d3b55c448613c2c5c58a698a70f60e98f73

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\TransportSecurity

MD5 d77f54b2089899a6da0ec3215c1dfb7b
SHA1 dd4e059f5de5a3ad788e9734e1a5f7f2bdf77dda
SHA256 b850b9fca98efe055289e14bd2041cadf8f18ff65ab3add23aac3e2a7800a6f6
SHA512 2f457b02c7a99d4c4657adfaf7aa00c5e9e395274fa45ae867d7393e89ff66e28172b8a6dc0bac1ee11ef8425f849dfda0781952378a7f6cb745c5c497a62953

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\Network Persistent State

MD5 41d70f427b123934bab25be62a9c1f7b
SHA1 249715701ac860f3c56e13b3aeacb2340c59050b
SHA256 06e01d72d71d49a2c947165d3f7f00753e89a98b73fcea1bf4371347d380ca71
SHA512 4b5d312a5a21c5060e4579c51b59499cb2a8ade9312eeb096c3f39c0092b762e5238d96296ba138348dbf731062adb6431e8aedd0416ea86919d449b6ac6d20e

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State

MD5 b3df82f4ff69aa646f6f539435149a67
SHA1 3fd9ddfc73ae824190e78d16abb16be110ba454e
SHA256 76b50dad40112d0c8c5328d0d0256eb58452631d25eca017b67bef87462fb80b
SHA512 7ecc6f7e6a94736f82be0c4786617c28211e5cb83ce2c997c67e28c1cd2795e6c892707ad47d07bb0d04d8430294294031044d71f2e2aefd4de3781c9437c796

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Preferences

MD5 74fa10f589780de31b103091daa89e4d
SHA1 97ab0b92919c079e836eebe61ba81166e31f9575
SHA256 0da5a03ef9f972fb24f8f1b2a2d4648a6206e51228315d5aa5cfbdf6ef15d700
SHA512 b258daa7bf3e41e7f3a3188993c913ab4d8e653cedf87ab0680094915639b7e42bd8bac4d5c90f38ef705ab8e7722f2fd0359b824add3a985af3f9bf44659c5f

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\Network Persistent State

MD5 4abff15c99cf2c91364ff6e61d439b56
SHA1 ba67dd20b4fa98b765fd2a24886bdcffa072cb5a
SHA256 0f465e48aa88663a9d08bb94dfc54592da46aeda96cebfe26cefe89b5ceda46f
SHA512 41ac4198948433905cb1bdaf3b83994496029a8bea1ade03cbc6e07e00e8337565dabc2ef48af935630b9e5ed388640ec4d71b7728c5a87554a2681e41c7979b

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Local State

MD5 16da6dc7a7728e101af0a6cc7196d173
SHA1 d5b2ab41cd848611acbee7e3ec7daea421ea5337
SHA256 4e542be306a198b1635e233e935507953ad847c974320278509ad94918335056
SHA512 a2406a88c80212237ab129f436bac764d97999bb622effd01bc2381a31b10d3b060f8ff348e9b6a0204857b6d59855448cd838f698646dcda23a3a4ceea5bed1

memory/2464-935-0x0000019684E90000-0x0000019684E91000-memory.dmp

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\fa88f733-5a2f-42c1-aa98-af1dc280977b.tmp

MD5 ada470617b0bab464b40921a07d01ea0
SHA1 97bc761f23222899e53c8542284cf1884409f787
SHA256 eaf995c050b0742cef930d84c1d8563e81e0fd90fc5a4619fbb23aff2c17dde9
SHA512 28b931f5ae030a9738bf52efe6aeca26fd3d1c67f97da3c3f94e56f16f1e7393894ac58c90913103cc4403fa6aab4d6ccacdcda8ee4a570dc104e2df1bc5a414

memory/2464-955-0x0000019684E90000-0x0000019684E91000-memory.dmp

memory/2464-976-0x0000019684E90000-0x0000019684E91000-memory.dmp

memory/4304-975-0x0000021982D70000-0x0000021982DDB000-memory.dmp

C:\Users\Admin\AppData\Local\org.ezfn\EBWebView\Default\Network\TransportSecurity

MD5 629a400a2668b104bda9c222332a2618
SHA1 37b562668b9c3c3016acfeb8dcfd2966cb664308
SHA256 137843b5ebd28b04d2976a5a3ef24be421480f83c0511b18c3800048da25932f
SHA512 aec00fbddb47d35a4890af5f1814d8121446ba47c85f073de47835fb28999ed7fa244d15226036d099f0eb617b17001a7334891eba7b1197f52c5cc12c457e7c