Malware Analysis Report

2025-01-18 21:15

Sample ID 240322-vhpedsgb9v
Target MicrosoftEdgeSetup.exe
SHA256 39e4555e23cba84c99419fa6dde808448bab40f058912a81d5da3205874c1646
Tags
discovery persistence adware evasion spyware stealer trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

39e4555e23cba84c99419fa6dde808448bab40f058912a81d5da3205874c1646

Threat Level: Shows suspicious behavior

The file MicrosoftEdgeSetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence adware evasion spyware stealer trojan

Reads user/profile data of web browsers

Installs/modifies Browser Helper Object

Downloads MZ/PE file

Checks whether UAC is enabled

Sets file execution options in registry

Adds Run key to start application

Modifies Installed Components in the registry

Checks computer location settings

Drops file in System32 directory

Loads dropped DLL

Drops file in Program Files directory

Checks system information in the registry

Registers COM server for autorun

Checks installed software on the system

Executes dropped EXE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System policy modification

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-22 16:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-22 16:59

Reported

2024-03-22 17:04

Platform

win7-20240221-en

Max time kernel

45s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeComRegisterShellARM64.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_de.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_sr-Cyrl-BA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_th.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_mk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\psmachine_64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fr-CA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ga.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_mi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_tt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_hr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_pa.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_sq.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ug.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\NOTICE.TXT C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_te.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_cy.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_am.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_id.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_sl.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_is.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_kok.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ka.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_nb.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bn-IN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_sr-Latn-RS.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ca.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdate.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_nn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_as.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_az.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_mt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\psuser_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_km.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_lb.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_et.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_gd.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\3a-31-e6-b0-02-01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-31-e6-b0-02-01\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-31-e6-b0-02-01\WpadDecisionTime = e0af85717a7cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-31-e6-b0-02-01\WpadDecisionReason = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\WpadDecisionTime = 80bd566b7a7cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\WpadDecisionTime = e0af85717a7cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-31-e6-b0-02-01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-31-e6-b0-02-01\WpadDetectedUrl C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-31-e6-b0-02-01\WpadDecisionTime = f0aaab5e7a7cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\WpadDecisionReason = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{2C57B559-8C32-4399-91FF-80093C13E1AC}\WpadDecisionTime = f0aaab5e7a7cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A5F4B64-7FCB-4C1B-8133-CD01DB52BE83}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A5F4B64-7FCB-4C1B-8133-CD01DB52BE83} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 2460 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2164 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2164 wrote to memory of 1704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 344 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 696 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1868 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1868 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en&brand=M100"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzkwMjA2RkMtRUYzOC00QTE5LTg4RDctMjBGMDUxRTk5Q0FBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezI1Q0I3RkMxLTA4RkQtNDdDMC1CRTM1LTdFRUU4MDkxNkFDOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yMSIgbGFuZz0iZW4iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjMwODE2ODAwMCIgaW5zdGFsbF90aW1lX21zPSIyNTc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en&brand=M100" /installsource taggedmi /sessionid "{790206FC-EF38-4A19-88D7-20F051E99CAA}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzkwMjA2RkMtRUYzOC00QTE5LTg4RDctMjBGMDUxRTk5Q0FBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Q0MxRjAyRDMtN0Y1Qy00OUYwLTlENDktMUVEREQxQTRCNEQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzAiIGluc3RhbGxkYXRldGltZT0iMTcwODUyODQ0MCIgb29iZV9pbnN0YWxsX3RpbWU9IjEyODkyMDIxMjk0NjY5Njc2OCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE3MTcxIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMzEyNjkyMDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7949758,0x7fef7949768,0x7fef7949778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2128 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2136 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3212 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3312 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3700 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3460 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1828 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1944 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\MicrosoftEdge_X64_109.0.1518.140.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\EDGEMITMP_2A05B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\EDGEMITMP_2A05B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\EDGEMITMP_2A05B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{02F515DC-DEE1-4830-867E-8C58F611898B}\EDGEMITMP_2A05B.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=0 --install-level=1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3584 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzkwMjA2RkMtRUYzOC00QTE5LTg4RDctMjBGMDUxRTk5Q0FBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezJGQUNEQzA5LTUzM0ItNDQzQS05RTc1LUE1QTQ5QUIwOUE0M30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9ImVuIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI4NjUyNDYwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyODY4MjQ2MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzI2OTM4NjAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MTE3MzE2NTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SDNGWGNsNlg2aUtWNHFJZ1ExV2IzeWVLWHZDR3RNaVBvYlJRa2FZd1pObWFSOVV6bnlEMkslMmJFSDNGRUMwakhpT2cwS3JRMSUyZmptanMlMmJ1SkhVRHhOU0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjI1Njc2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzI2OTkxNjAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjMyOTk4OTYwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDkiIHN5c3RlbV91cHRpbWVfdGlja3M9IjM4NjA1NjYwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMTI2OCIgZG93bmxvYWRfdGltZV9tcz0iNDAxNTkiIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTQyMzAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2668 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.165 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.140 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xe8,0x7fef44fffa8,0x7fef44fffb8,0x7fef44fffc8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1564 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2208 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2228 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4164 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1592 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2972 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2988 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3080 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4496 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4540 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3108 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3760 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4000 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4692 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4708 --field-trial-handle=1208,i,7356360929920850899,11120272423071344411,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3208 --field-trial-handle=1268,i,4177666847890412988,12293138297554121909,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe" --msedge --channel=stable --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU11BC.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU11BC.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzFEQTBEODMtRjQ1QS00NTVBLThBNkYtRUE4RTIyQTM3MDlEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNEYwMDcxQi1FNDFFLTQxNEMtQTY5RC01MzZCOUVFQjkwRDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMjEiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NTg5ODQ4MDAwIiBpbnN0YWxsX3RpbWVfbXM9Ijk3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{31DA0D83-F45A-455A-8A6F-EA8E22A3709D}" /silent

C:\Windows\SysWOW64\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "2548" "564"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C5DD21E-27F4-444B-AA2C-27BF2A91FFAD}\MicrosoftEdge_X64_109.0.1518.140.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C5DD21E-27F4-444B-AA2C-27BF2A91FFAD}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C5DD21E-27F4-444B-AA2C-27BF2A91FFAD}\EDGEMITMP_80066.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C5DD21E-27F4-444B-AA2C-27BF2A91FFAD}\EDGEMITMP_80066.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C5DD21E-27F4-444B-AA2C-27BF2A91FFAD}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzFEQTBEODMtRjQ1QS00NTVBLThBNkYtRUE4RTIyQTM3MDlEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RjVCQzgxMC1DRTA4LTQ2MjEtQkE5QS0zOEE4RDZCNEYyQTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NjU4NzA4MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDY1ODk4ODAwMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3MzUzODgwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzY0ODU4MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjEwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDY2NDY4MDAwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjA1NCIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzMDE1MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe" -app -isInstallerLaunch

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 roblox.com udp
FR 128.116.122.4:80 roblox.com tcp
FR 128.116.122.4:80 roblox.com tcp
FR 128.116.122.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 104.77.160.223:443 css.rbxcdn.com tcp
GB 104.77.160.223:443 css.rbxcdn.com tcp
GB 104.77.160.223:443 css.rbxcdn.com tcp
GB 104.77.160.223:443 css.rbxcdn.com tcp
GB 104.77.160.223:443 css.rbxcdn.com tcp
GB 104.77.160.223:443 css.rbxcdn.com tcp
US 205.234.175.102:443 static.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 104.77.160.223:443 css.rbxcdn.com tcp
US 205.234.175.102:443 static.rbxcdn.com tcp
US 205.234.175.102:443 static.rbxcdn.com tcp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 metrics.roblox.com udp
GB 104.77.160.223:443 css.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.4:443 metrics.roblox.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 104.77.160.204:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 104.77.160.212:443 images.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 172.217.23.202:443 content-autofill.googleapis.com tcp
NL 172.217.23.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.179.142:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r4---sn-aigl6nzk.gvt1.com udp
GB 74.125.175.105:443 r4---sn-aigl6nzk.gvt1.com udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.146:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
NL 172.217.23.202:443 content-autofill.googleapis.com udp
FR 128.116.122.4:443 assetgame.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 assetgame.roblox.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 104.77.160.206:443 static.rbxcdn.com tcp
GB 104.77.160.206:443 static.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 104.77.160.212:443 images.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 8.8.8.8:53 lms.roblox.com udp
FR 128.116.122.4:443 lms.roblox.com tcp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 sea1-128-116-115-3.roblox.com udp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 aws-us-east-2c-lms.rbx.com udp
US 8.8.8.8:53 aws-us-east-1b-lms.rbx.com udp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 8.8.8.8:53 nrt1-128-116-120-3.roblox.com udp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 aws-eu-west-2b-lms.rbx.com udp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
DE 128.116.123.3:443 pulsar.roblox.com tcp
US 18.189.4.18:443 aws-us-east-2c-lms.rbx.com tcp
US 34.236.199.72:443 aws-us-east-1b-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
GB 18.168.24.16:443 aws-eu-west-2b-lms.rbx.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
FR 128.116.122.4:443 trades.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.134:443 tr.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 presence.roblox.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.208.106:443 content-autofill.googleapis.com udp
FR 128.116.122.4:443 presence.roblox.com tcp
FR 128.116.122.4:443 presence.roblox.com tcp
FR 128.116.122.4:443 presence.roblox.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 104.77.160.206:443 static.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
GB 104.77.160.212:443 images.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
FR 128.116.122.4:443 presence.roblox.com tcp
US 34.236.199.72:443 aws-us-east-1b-lms.rbx.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
DE 128.116.123.3:443 pulsar.roblox.com tcp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 aws-ap-east-1b-lms.rbx.com udp
US 8.8.8.8:53 aws-us-west-2a-lms.rbx.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 aws-ap-east-1a-lms.rbx.com udp
US 8.8.8.8:53 aws-us-west-1c-lms.rbx.com udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
HK 43.198.131.65:443 aws-ap-east-1a-lms.rbx.com tcp
HK 43.199.18.162:443 aws-ap-east-1b-lms.rbx.com tcp
US 35.155.71.13:443 aws-us-west-2a-lms.rbx.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 54.215.132.188:443 aws-us-west-1c-lms.rbx.com tcp
US 35.155.71.13:443 aws-us-west-2a-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
HK 43.199.18.162:443 aws-ap-east-1b-lms.rbx.com tcp
HK 43.198.131.65:443 aws-ap-east-1a-lms.rbx.com tcp
US 54.215.132.188:443 aws-us-west-1c-lms.rbx.com tcp
US 8.8.8.8:53 followings.roblox.com udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 8.8.8.8:53 games.roblox.com udp
GB 104.77.160.212:443 images.rbxcdn.com tcp
FR 128.116.122.4:443 games.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 badges.roblox.com udp
GB 104.91.71.134:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 m.stripe.network udp
GB 13.224.132.58:443 m.stripe.network tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 m.stripe.com udp
US 34.212.3.31:443 m.stripe.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 204.79.197.203:443 ntp.msn.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 204.79.197.203:443 ntp.msn.com tcp
GB 88.221.134.122:443 setup.rbxcdn.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
US 8.8.4.4:443 dns.google udp
FR 128.116.122.4:443 auth.roblox.com tcp
US 204.79.197.239:443 tcp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 204.79.197.239:443 tcp
US 204.79.197.239:443 tcp
GB 104.84.73.17:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 88.221.134.122:443 setup.rbxcdn.com tcp
GB 88.221.134.122:443 setup.rbxcdn.com tcp
GB 88.221.134.122:443 setup.rbxcdn.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
FR 128.116.122.4:443 auth.roblox.com tcp
US 204.79.197.239:443 tcp
US 204.79.197.239:80 edge.microsoft.com tcp
US 204.79.197.239:80 tcp
FR 128.116.122.4:443 auth.roblox.com tcp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp

Files

\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdate.exe

MD5 31f9e08922765ba2913632f758bc7423
SHA1 b36b4bf74d6d4b6c8c0e38d9c6b65ec7da2fa9e7
SHA256 c2988c13f66ce033fef65f3af20a00faf555047e710dc6c282c124c848c1eb88
SHA512 13808d6b3cf8f8e645bd421eb3916b12cfcef46ab5f0ce1a0cbda91c4be374d03504ec09d1a5916ff2944cc24135cd46dc5be3e6c72fb599b30a58cf8aad7c57

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdate.dll

MD5 9cb2b82fbdde7133369f0d8618dba139
SHA1 4ac0771b6da4c435ed9ab270e4b87f5720fda0de
SHA256 0aa838b27da61c7bd94e073b35cb5cf1cf0762d74ccc0214d052f7327d52ae06
SHA512 002ffd9938e309693e2b4ffa3e2d3add2046f133e0f219cb5e8f898f55003815f326c98f529fddef9f7653a9a81e3ebb543f8ca034e786b25ae960c3cb2c730f

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_en.dll

MD5 90afa78198ebd61bb588145b28f6ae28
SHA1 56e954a7a9d086a30c49b3fadb39108ed41008fd
SHA256 900f4de13607028d1e4442d361e7e0b80670c9601cde0a634a12119b13ad1fb1
SHA512 d3d5a80e06f1cdf976cff20ac840eed31034e7e7eb37ce10d58bd7a99c2a3a6db711358e32d77e8248e8f7029aee2b87b37a8ae600810c4b454ee3c08ab723e1

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdateCore.exe

MD5 f5e9477194d0d7c18a7c3529a10f917c
SHA1 17b0f78f7c56a89ddcf2232242de8f13f0cdba18
SHA256 f5c45634efa29acb9dbd1f16880737797171630c3f81fe23aea26f4dfb094323
SHA512 227d890734313d4dbaed48501e6c4cd1f3d1bef403bbab1f65084ead6a32779381bd9d71eab03ca6eed332a7866030eb1fa01fcd1c28a8d7899705dde33446da

memory/344-113-0x00000000007F0000-0x00000000007F1000-memory.dmp

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 23a351591308d49bfe2625d302820715
SHA1 4787ceafc8492b09f85a1c8abb7e5d0c07f52e96
SHA256 7610b2c0bf22563e850e185864d9244eee94c853e6595cd18ac59b6d603af651
SHA512 cb266826f6ca3de75968dffebd2a3b480fd3348fa1c0b972851f1008540285cf93158555448446fb8b83f1fbff726221e05a3a18b11da0518ad65283d8eb8247

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 433681ca511d96f96479ac2cca102522
SHA1 321b86c79779e3685b022012a4ccae8b5f3aae19
SHA256 da5f97895efb9698657ea213e6d0cab53ffe6bee32933ca2341406faf64dfcbc
SHA512 7b90a0c624f9500a6aaf39c9244818d128cabc898f5e1e8a28f7a67fafb603b6906610834e172d2762703660dae2cc541d51a5b7478644faa5b6b820b6724188

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_af.dll

MD5 b02f36aca674edfd030906d8aa7d3e11
SHA1 638981c1e6713e1c2ce2f551bf7326a1d48ae3c7
SHA256 962a6ed3be729a924512528f6170fcec6a86bcdc37f89faf8df3e31fb2c9bf21
SHA512 2b5c087c5a1a12e87b6b3ad621b9d5e0380f0a962a727bd261ab1b0ed0a40aa9d7c2500648469758889df598b86e343cb2a3f2d034d07250243a7d1e99dbdfb5

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_am.dll

MD5 9a1b664570e9631e6cedf8c2d662421f
SHA1 d9efd018975d111a08e35fa92b1d8955dc31eb5f
SHA256 52d1f080f3c41c4579603c3cca47b6667472d6b4ed787a3dd7d345ed8b3ac747
SHA512 69d4b33cecc3280ba369dbdf60fae92481e8965d6640a1424ac4d72a2355f3d0c367469f638ea6296c1e508fc906f94a2987eddf9cff3ca13659113cd4c178ef

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ar.dll

MD5 ff770d70c8ba319bd01ca708e2644572
SHA1 6b8c84053f4ae62afdc7002cb3f2e849800dcbb9
SHA256 db673f6e96287e8827ffdea3ae880aebb5f1b2bc5d45bf26be6513629ed12f1b
SHA512 8bdd358dcff62a0e3927202e7bcb85d374a2cc351e940707ed4d2638f4f40b3666c7741345f6c0bcfa75b9b3204c1a821dbb44458fdda95a05b0b6a253890cd1

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_as.dll

MD5 009dce4ff4b372178c28397fce96a59f
SHA1 92277110bc332fe7863beb2ddd4e09fbc55bf81c
SHA256 d333edca46076709ce749e5c55efc888e49120e27c63ffecdf3e78222ea155e5
SHA512 4661f3262e7f002916530cb2c9c70d2de5297ba634ad451d4fb39870a26d1a829082995737b5c0b0911c32a20720862dd753330aeb30e993a882fb4fbb110c43

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_az.dll

MD5 ef2bdeeade769996349c0a0f4a7c5872
SHA1 8d3944bebeca2cc674b0459c637e125df0621967
SHA256 6d23e6e87ce3e847ed059781bf895c846e5e34e66083f92089cf08b403432a55
SHA512 260d001693a36c7a5db55739d1781bc41b7c76a182d6761229af2723ec223b426b4b4b568544bcd1c97b2415821f2a9514a49c5483f9038438349f7dc31993b8

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bg.dll

MD5 7efa4d227351f5deab462bce9149d40c
SHA1 85cfaed5408724398f9a3584f9737ac24f4993a4
SHA256 b36e0c8bb231ec5597b6a8e86379400d1c3dd2218ec8f401c53538ba7fdbc383
SHA512 88dbf96fbe3b1756799f6dd9f216e26449277f0b692fcedf099ee5b8563ec2b44de967cfaac0ea7baf072992b0e24166986070811c6a752923c6894961ab3f36

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bs.dll

MD5 78bbea4a67479fad54a247e877c213c3
SHA1 800c9ac56787b18fbc010cf0734b4a187d3f4a7f
SHA256 beb02561cdbe2694028c2106b603661d4b7649fb4add685e5314c7c1d27f6252
SHA512 8528525660df61bad32f3492659d412367ac42291be8f018ed1017d47baf205ae95b091616b0ac2b20859b1ccf504068dc4e317e176495e9021b109c97c72bc1

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bn-IN.dll

MD5 f7d821198825ff1e2cf321d15e7033b1
SHA1 fce91abf0300084e22521c81f8d194965f25f556
SHA256 3518a0aafab4518df873bfe4e1c9e71e3809e092870acdb12eaacfe52c01e25a
SHA512 85b196fe52121c49dddb552dfdaf3f986160b53a78523760dd94ca08cafc5ba75098a744dc5e605419c9914a111dd207d7d737afb91d73bee7ccf0cf83a8dbfb

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_bn.dll

MD5 a164b4c542d58d702e81e05024d95459
SHA1 e034353f3b1e2afff2ec5c36b36028a94bba9567
SHA256 f332fd86ea630afb90bc9d50925b25bd85037e18f186aa45c047fc179ccd77a4
SHA512 f7f22ae416d949a45887e0f0f6f67f6b9518d8f5a26578365dc1bbe979f731eaacca34a53c1d55947ba9cb99697df6ea628f005701f711afbd73fc356f848893

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ca.dll

MD5 7f21e0d781e6ca29c3912967eb920b33
SHA1 25f8be269cb3a1dd322de909b8d25e22919febcf
SHA256 aa499ed11eb86855c85426158f198b3efb6fcf67c3b484793f34240bb04f049e
SHA512 cdd78c9656aaee68306527e3a81bf6b2bb749b971342c1fe2b45230cc06d97a9ba6e6f6aa4ee50de0d5abf983b0f1d0cad3718162f046e623f2f6dda6ea87200

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 64223294845556ab103ce781a07db647
SHA1 988e53cba0f55e6405df02ac35f8013e79fa839f
SHA256 8ff65e8754d8f33260e75d43c40b8a4b25eb7d42b85ef73ed6d67ea603c513a1
SHA512 58af56f6212b055e350047b641bcf4fccc22012f70e12a4df24d5e2af0964f42ee25cce3d5c8cfb75071bb2e2f9cfde3d3142f2502a1a2cea20fad7e219e0de7

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_cs.dll

MD5 7f14c4c134a48cdba2c41ad653a5fda5
SHA1 a181b6f139b9e999efb74a11b3a966480c706e79
SHA256 6fe845b8e932d1422935eadb0fdbbbcaecdf567778f50f6a10eee72e6ac860e8
SHA512 4cfe470e0039f7452db7dacdd8512c5d873b597a583a35cf6132cef3080b3787f816022b14e067bf699bce2b142be2073dda65e9bbfb81457e8fcd8b1436e02c

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_cy.dll

MD5 b2d69e686d4d6401479b2cbeb5c62c77
SHA1 696ddb825bd7f812c11191bb53c2c00d548d4c00
SHA256 40810d25a6f9be67b000ad8228dc20e41e2b0d2223d0ae13878f265fa13bcfde
SHA512 b0d877c0ea2266087b8f464efee9fa54a504ec12215d2e7f3f463081075e7128e2d9437a550773e2b703227ca952e0283f940d3a6e1325aae2784e53fb3e6a29

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_da.dll

MD5 5666fafa9199b490d2b20cbf2f5395f6
SHA1 1f43b774ef9a8fc218279dd81e437ffeb40966d1
SHA256 e4bd6dc7a20b9053b9dfff7c2c6a8abded5914994d300fd1466c9b271a0bf42f
SHA512 660403a3abe9a4c9ed7a1e54e5e582816c57cf3cc9a69cf67b8794e98989933d90acdea4df9dce222d82dafb92145efacfd30bae93c09193be281dc5ec634502

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_de.dll

MD5 79c1cef8c38d0ad8e4eac06c84accebf
SHA1 4092a10acc777d560f255c85b1a1437dd53a7101
SHA256 5f50709f64eb3f03766e7aee5f446e8cadc1737d0f404db73f5dc447c1f77899
SHA512 13cd04233e8af9c194e44d1f322aa29d156fd399717278cde1fbcac8acb1efdc4a004e5e299ff19ce8b423b3cbcf35337c27bc435a777bd60e0bc4e8417aa9c6

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_el.dll

MD5 0dbe7ed570d8139edfb03b022abe1b03
SHA1 099e20aeaf984cfa025f017706c694a98f04e2e2
SHA256 77b34e4beb5b9b9110582cf55432dd1c75d1816d5744d56c26617d44b7ba37d0
SHA512 a0667ef377c52467f8c7da6627f9c06786c8134979929a60c8e248a08f44b0bbfbccbc79458db84d9c4e183446acac9e7e18a65ea4b5e8b60ee3a911d8c96a1d

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_en-GB.dll

MD5 38d1b69a1f1e07a99c9df5416b7fc639
SHA1 f46cca601d1cc38ddb8e93f393dbf9be909e49a8
SHA256 952c6fdbcd0d333319e80d415caa91757ce759fb4d8adcff3229b134c5257244
SHA512 9ce6849d6915352e746921b9e7c3222d8e99577c77405ac9d44d33d4b0d70df74bbf06d6ec750d38afa21f2824a081bb74dd271b79ee38015e4b23fdc5d840c7

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_es-419.dll

MD5 e393fa3d70aaa6dc5bef5dcd7df4ff9e
SHA1 292fa091659e5954b760e75da9ac9c3d2e4ef1c2
SHA256 f40ad5f9cde0853afd1834d3823bcb2a50cb358eee188b5d7a1d88b751237026
SHA512 b3c879009495975f1603380d10756281ddc5a004474fefbd0fc470741f7f5b59ca8c3603d87f9bed6709a31f8eb04a7d84ca8c10db2c9d4a43487604058a3163

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_es.dll

MD5 10bef36b121886cb7468bb209dcc6836
SHA1 8b98619e4d8ade70f1f9008f6183de785b6b4509
SHA256 515f0a0334db3271f84bbb288aac9b907d6c363dc1a9a6447117a7e7c967ad29
SHA512 3b3a06f02d5bf5734b99ee38a249c3232b61f2a5fac837405501bd9cc9c8cbcbbb38dbadf3734a7a6b986a79ef34c7ce63c8c8fdde7d10c8bd916a13eb8f662f

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_eu.dll

MD5 cc332ec84b9dc507745c1833284ad4d4
SHA1 acab1658ed5f20201ade23311f6436da6bc7ed73
SHA256 6533a3d4e7af844763e89e3a4bf2330dc37dd2dfd6176f98720140b1f22a7830
SHA512 5125af4cdefd131d79988296362e92dbed46c7ac70264a9592fbc633ea2527944745c7c3cd475b0117efb0729885b696fa7f90cbdacc04d699d6aed235482259

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_gl.dll

MD5 64e4a461716700e7f14e7014abe9816d
SHA1 cea6b0612f2dffb7e42d23629d41ffd73cbc63b8
SHA256 9674903cdc0e08f18c8f071ed9fccdb8aa20184c85d48d99e8e90de4f4e33a05
SHA512 f68f902cd1a3e1232401db23ab466e7a38ae09e3324bc91fd6066d19b9246dde068178b73ae5fa6cdecc420b0d3a818f183f46d280f53e8c311b063c029537f3

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_gd.dll

MD5 c98c2777d3e3f5b4cdaacfac7b92233e
SHA1 879cb8fb3f292c05aab59a2852daaa089b13cd00
SHA256 1afc654cdc779a78ac66c08f527da746ae99197d2b4a8d23f024afabbe98434e
SHA512 72ad4fd9e2f3b29f937ba0cefe6adeb85edcf26f913b5f4dcf8d7921a7cfd38fa1eef67db7c83e1ebc4714dffcc4adb9dd6ca909b2b7ebaf2827d2b2f90523c1

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ga.dll

MD5 baab875fbcead06d6bfe0eb3325f9d1c
SHA1 7c770a51d93b5651f14a290858fc25a8c5458378
SHA256 e2706880a1ed7cb34faef4ca0f3b2df7aa4e75d869dae74c86d750df8423c1f9
SHA512 994fa0d9f9d02b1320acc5ad336e30451931a52e6a8c48b3b5d9d5179b42c68feaa14fc76cd2ce99f682f1dfad5d8ce21b87a12321fabe504eb9c0844a49fd32

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fr-CA.dll

MD5 000135745b1756a8a8d3e73140e18ac1
SHA1 2399c903c91bb969794a41d1a5e693e8f33125d9
SHA256 92b4f9d8fb86a8aa24f929d27e76e680923717e29a88ede229abf357eec3a299
SHA512 c0b3484a02888fd6323b6754d76325cbd5b48cbeaaeea91dd2ad8c2a3e74ee51294e7edbbf4725e9b00c7c589750199548444484c5d8d15ed973bb63bc8f0773

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fr.dll

MD5 1e41bacb6e221e7db7772bf7a9b9b228
SHA1 5036f8c73029b74b51da93330e5bd6be78998953
SHA256 ecef2e77abe7a1e67ee7e2b1e281ff3f2b1e0cdc4ae1d96ca4e6d25730587efd
SHA512 81bc5de9bf1c392c886b9d83de8e3dd290399c31504ed998a746eb2b3cc2f7c43154854973146a29e9164b2fd6df8e6bae7a63c9288c4dcb7ac9313c18289c9d

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_gu.dll

MD5 2bc86512dd0753e4649fc66d72760498
SHA1 21d7a1ff5c5f54f9aec52b4d6dd6beb72c9988eb
SHA256 01df748e21237a03eb6e9d616cf0ab2cc63272a736c8e6fefb476a2b59be3302
SHA512 aa7cc40847eb65bd67c07261d48c18322d63cd7acd5d230cd93847ee7e94e879ef87e9fb96b4131af7aa45524b3c48a01c3a215bc515a2227223504045cfdc83

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fil.dll

MD5 e448e42312360c764f4eb091472aa469
SHA1 b8afcc1406fcd0041c50ce858883d1a629700537
SHA256 fb31e09bdf7fc834317bd9ddc3376bd1992c3eacde48ee71a133f969e20401f6
SHA512 8af85244d4b24292289feb560e79f69e65dbdbf16ace5cb12fae73371630b71e3bb122bb276debbc7842d8b53b0ea3a12eb89acb51b3c8f39fb45c8337304077

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fi.dll

MD5 3cdfa04a84ba151c6ef1e1711d90b243
SHA1 d306f97bd7a3a6f620994c5c98758034a8899727
SHA256 0a063456432fce42401c8362714e98ec157e9f9e5ed3eebc4d96f9b4a039167a
SHA512 e02ba732feab507c478df22aacf2b8399bdbed4f937cddcde9a3c0dd38cdab0a9c434dcfa8989c1d97fdf1e9efa67b64e9dec631663bc56df0356ca2036e2cd1

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_fa.dll

MD5 cf17425264c5d3e95ec3cc93e0cfd95b
SHA1 132652c83194a66e1820ba805b0cd1060ab7c66a
SHA256 0a394125c397e472932f7bcf40e2f54ca1050e0620d35ca322c6f48d80bdbf4c
SHA512 f7e2408ab5560717252c0536ab652cedbc2cd17a7e6d375d7dcfbd2cd8894b4dcd71f023d2bae35237250e1cbda08385a1484550a07f13901f39e6d75e9f87e7

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_et.dll

MD5 999504016169d3caedb132c230feacc2
SHA1 a0efc52f4104906ac51da46f24779358a319df8c
SHA256 ec804f7507269d52785b699b4fd18a2d1a3ca7e0956dc15bac034151596b75c6
SHA512 ae3b4b3c38ac6af5dc80238d0e3730ccdfd436dca6daee317b58f92cca22ea51ea2ef720e32f92693d23e8383fefccf9c46c10a148036687f0a7dd8bc844f274

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_hi.dll

MD5 3a60d0c9d26cd258b08f80daa33b0134
SHA1 ea55affe72494cb0f7145644277270627d68f99f
SHA256 f8647909bbfbe73c0c962eae21c45ca58717f97cfea7dad404fde52367f837b7
SHA512 8e1b6e53020652f391511c8b4e64b8c12bddf5c52f869c8069349c44576520a9529bf120d377c243e5b6dbee0c37a8d9b31a0e4eaf2126b553d485e840027370

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_hr.dll

MD5 cabeca48e04e6bcbe4fcd9231bb70ff1
SHA1 af016512f0bd3a51b38eb22c7aab8ce07a48e9f1
SHA256 fc73ca5d57213643d99432389eb371e13d0217c4718aadf551677667b5f9837b
SHA512 e3d1b7f9a5a4672da70090c2c63fbf1a87a27d127a538c940764b611d3e8952ffe7384bc5e103e7d5b90b216eaa595086a9bc070bc9700c7e450476be17a63e8

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_hu.dll

MD5 df6a438814eb75ad639cc572f123924f
SHA1 8aaaba665de347cadd55dce07133265e30d48510
SHA256 416d5ed542c2dc6bb7219d2a76b5729ae835db4b63015a9a998a0eaddeeda1a9
SHA512 02171d854bfc57845e6eb344a48c4aebd653d229ffd94d4ce1d3d76a623503c6a6b104f9323a7afd16bd0a2007a0d544d8e31f52a3e24a3ee0a4a6520f0933db

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_is.dll

MD5 333f733cabf382e901c99e1d3049f767
SHA1 8c858f0ad0f06f137fbc340f01831a7eccbbbaba
SHA256 15fb8bbde296a384f6c9bf3acf0d8f6860e30d7dbac2c60cb928300d8464d81a
SHA512 81abb4abcca78181956dab1bd8a3b9523cc38f30348675342198f2cf3394fe1366d12f8b61fba7775e8c572c45a23603eca96fe36e693ca2d5f5bee0300101c4

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_id.dll

MD5 ef49bfeb60ee4283650932e4e50de722
SHA1 e592965caf1dd2f894b24a09f2cd14294ece7d84
SHA256 c49adb300b05a792e3b2d0e91d200055886acbbd26b7eaef43722ab3f5c40752
SHA512 0a15abbb7f5e43425a561c91ce775ef6944044f3ea9e1dc60371189c79c4fe1cbe059ad38a7492f8b2342f1ecb5fa3a60e1643793bf9db90c21e64f1eeced079

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_it.dll

MD5 20af857014bdfa8f869145dc25fdb5e5
SHA1 0d876e9b0abf907b4cdc0767d120504cf2ecfab5
SHA256 13f6f81e6507f2304768922e81ccac99951bec4163cc576f2dc3f65b78cd08cc
SHA512 992443bfe3c101270e1fe5b39d8adaf1990b46e79ea2b285fe848e6632bea2ddc6e2a1523611359518c79b0ea4ad5a228f5d778bdf78872010b67e753866ae72

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ka.dll

MD5 6e590abdacf69c0a95371ac48ab92698
SHA1 f2a4a183010cafedb76c182a6149bbc313ed608e
SHA256 975cb32be3ee396f0a076483206fc6a9f8d3671c439ca5aa3649d7cafc1276db
SHA512 d2cabc0ae33c9ca75f6146d2c7ed3f37df03a2e6b82e7e6180a2a7bbbd32bff4fa157ec1c8d906c48445c79ad58105ac30e0217739ac21beccf13be369f0cdca

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ja.dll

MD5 7bee509a3cb93cb97a3c419ded29b379
SHA1 51b83ac0e624da9dd877894ddb229382c25d479b
SHA256 9c24aa6f46f6bb4127a27efb46279762582909dbbe491c2fa1a621a8d9da2408
SHA512 0f148229fa873878827437177717ca3be23630f62788886f53703484073d282e3204cb86aab49e493bbde2b2638bc1d6b7f05a7290b32e2b6115854774cf995b

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_iw.dll

MD5 f2b801a134d0e6016a500e7237f17fc6
SHA1 05135e4f7c5c2ffdf7989c761947c7f482e6f859
SHA256 556146c69e56b62901e3741d606e12e766324651793c26ed75861c172a34fbf0
SHA512 9fd5c3bdd6f6cf4c75869eb0c80f71f00207e3bd0a3cf1ada37ca0916018ad691d93c335faebb919de551ea7e0a0fb8c0ee4b406a573b48f6ce01a21558c555a

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_kk.dll

MD5 2b4883e2c8eb6a1cc0618972ab9022bf
SHA1 90db614ce4217fe3703b87ce8be687e7b244da58
SHA256 2815b85a065bab6aae4af23cf5c8ccb5c8f587b5ac57b9719b2fcc6343d573b8
SHA512 5e86c7028fa5520fee13b29c833d5949b28bf6e803752df71b6abbe9e1fa5b43c9948e6b4956e554cd5461a101824e051e20b6762cbb418f112f938563f05e20

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_km.dll

MD5 19305a2fae65010d305d658338cc4ea4
SHA1 70fd2048440da6d411fd0ab61f441cbb706b3b11
SHA256 27bb6d533b10539f18b9ac37c49d8340ad7bde91e5150981fdd317ef38bb7efb
SHA512 5fa9f71e2d5f2b588935be0c1a91faec745e20992584071052cb7624637b7232fb6e5d60aa79926cf2c3ccca47f95ce494769a679259bbf2d5c98374981c61c9

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_kn.dll

MD5 0b3764cd341edac4f859306f942d816f
SHA1 6728dcb1c38c7fbee72bf1a23084c806cb724499
SHA256 9a7de95fa49e02bc700acc2820cd4099a997988cb57663d2d1e4c2f3c4fe365f
SHA512 147380a455df8a314fc7c4173a8e9c2103b09206f0efebcaf8bea96b56ab72f9ee1f92c89146873adc73761d50103543cbe6dedd7717c7ead821157c1bd111ce

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ko.dll

MD5 fc2bf0ff5b72217e0b581be65464836f
SHA1 f3e63c61ee645d8ea1db82188ca9c0a74c2f5f9b
SHA256 d5b610c073a7e96e6ab38fb15218395a94e4526446a1087f8a45f90fc0b25ce6
SHA512 a0de9d8638e89d29dc9b6639ab7e2abeeb710093d6db3b67b0a7290184d0c2200e69ba750f94cec66a4e939687dda65344d6bb020f961fb095444f9c1608462f

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_kok.dll

MD5 b0993ff03e515e491a2b30344995f46b
SHA1 d4591561bf7ee245a6ee8ef3f10ce59479f46683
SHA256 7df3f55e10eb57e79a10a43c9c839ee4dadad6581b1cb696812636194ab3f97b
SHA512 244f15d811c519e46a1742502b7cd4c956231239a35f064289398d2b9b94807849f0c0243ebd8d7cb0545a212f23d7d0b621e0254987e2cce46879707ef1af04

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_lb.dll

MD5 6221c97091684fd9bbd8163c637d5090
SHA1 3aec34ea62e34ae3e16175ba2d08ebbd76291871
SHA256 25c2a63f3c30534cae9e8a966738927712056047dabe80317708a303b57b36e9
SHA512 3f5e895e13a0774dd985ef13a15bc02549c8b7588b451413414f4935a6378710cd2f55ad619d5ce298cbb545819df7bd7438518ea21e5b588a0df415cc15a1a7

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_lo.dll

MD5 f341581e529ee7cc558769c1cd23297a
SHA1 88c956c86045cce4a22fc5ecb16e6184b3ed4c59
SHA256 cb5c131a93dd2b77cb0ef5499acc8a0b8d9de15a7193a314452efde262054377
SHA512 196542376cd3ec6352a60c2e523ed240c4e1252a8ceb67d4b5ce27ff62c43e6bc5e7191f90afbd0ab910e325b6092a4c5e445fa021b8b02744bf494c62ed9317

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_lt.dll

MD5 bf5c6d4441d9495cd1b2a982004a026d
SHA1 9d92d96194cae48ede6296aff0244f55bd8ca363
SHA256 9ef68efd2a91caa4b41321215e4d6adda225311e48ac5c2bddc3e3afe379a595
SHA512 a93f651be188a27f90148009c2cc41e194799e3466b1d971f607ee80cda2ee75ce24003d14ae919ab7bfdd14907937aff31672421aed067f381f2480ef3a3a75

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_lv.dll

MD5 114b0fdf0183801f36202b4aa52a8c6d
SHA1 25de0a71c950117c332f3cddaa0f8bc4b1e6a90e
SHA256 a8efc8a3399a54ca234bd76247f217576fd8cdc891d1d487e86ba06fef676be0
SHA512 cd16f28783f1707215957c6e545cb8454e8d267a606fc91142c7feb1e8f83a020338d4ae3177779bf31b34324e6d8c35d648442345beb019112d402ffb7a0657

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_mi.dll

MD5 10cd5ec2455ae2eb80280aa5f3a00ad6
SHA1 fc0ac954970bb33f9e4f372efa3e99fdc9c32a2c
SHA256 9f1f89692559cb6428af5336f29577640015df9fba272dbdf8a44709c9c34496
SHA512 1f5209b4efc1d28e3ddde4e8087565861c31bb31e8535d1086601e0d56594ab5b163db0588c8913f6e710630cfa57c4aaf5f2c94717849cc5c73520bb1135738

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_mk.dll

MD5 699c8fb732043a02378ead6badb69cd1
SHA1 ea9c3bd2eed254ff56dec2cff952a8804ae52ade
SHA256 976be8789d91935bd083691afe245bea0230dc159dc2524c93cea2a78229d2e3
SHA512 9e8f0af3d5a3f2c602f6566d8ad323bc27d182b6ddb26756d7d2dfa9dc2756f3243c258f6de96f50b8525fdd31cb7230cb360d4098492d52fd7b8a0904ea1f11

C:\Program Files (x86)\Microsoft\Temp\EU8B2F.tmp\msedgeupdateres_ml.dll

MD5 821fc1cebcf23ef54a7179a966172724
SHA1 1cc6f74fd03f89b17aee368657326c7b61ac4971
SHA256 7795e21a9b66720c1771a90156f0beff5c7bd1318bfcda2309d8f0973f5a8272
SHA512 7ff2f81b6bd0751b6aacc7ece6c937895b09acc13453eae3fe9ac5c0d0c4c9eeb6751bf083d42f0ddf941fa4660832d358b22142ef3bdde697b67eb1da49c832

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 57fbd4c485c22ac4bfa740e11a4b28f5
SHA1 4f240ac7ab36b0bff8231abcf8c955c19c92e474
SHA256 375798f05f17a106e80fa7859451a193cb24baae79488986d850d5833fd579a4
SHA512 662d072b2e1ca05323f66a2979f88d7ce56732cbc44d8b8339e349a9cca2d7bbfa6acc7c699789b1e4666462e964a9dfd2a3ff1e55c86bf2ba67c285afa2fabe

memory/2216-187-0x0000000000140000-0x0000000000141000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\TarA220.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c826baed5997b86308fe60587f2ab5ba
SHA1 93638ac19b3189a507b56f548521fd15a1fd19e2
SHA256 f53e6d3cd504417a9c16c6e8b0a787160ed6fbe71772f165818d144425a2a618
SHA512 56ef29d0fea4643babdbf16ecb50be69d048b5e84cda376e3a50ff3749aea380380f4202f4c13858ca40b1a565a73e9dca2c0878c39df4e672b63bb3c18bb6af

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ae96db45d7d679362292b8e6c2a3cbc6
SHA1 5fea1ee03d142e85bca5516736b3b3e2ae388d6f
SHA256 4d73fe2109641773944d9b96d8e3ebfafa769f5d5d686f64b5a35bf079f92854
SHA512 c427e757932f4382b835ea6dd8184e6f37b47e41fc7124b58fe8c3901f9ad481ffb5a35391f266895bb507dd2d8d721488c2978a072be4b13cad823a41984f2b

memory/344-683-0x00000000007F0000-0x00000000007F1000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7d0848472e1a54331640b3fec5c6aa07
SHA1 fd891b56c51d110871189758fefc901d6ce20800
SHA256 e2270be40c97e627e1606de67a1962ab2ba3febee899c6ef89278903b8c94afe
SHA512 f537a32facd6c5a133781e71c837998cef0d6194a1f51fd50657d338da22edf5b048f88e251e59d1bf1fbcc5ffc846607e399c94b9255b5b579e8397328260b0

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7646a72ac2159c50a8d0a59977be4fb9
SHA1 481df68d90f15feb1a7f3d6cac591dc2a5e0359c
SHA256 27fff755b77d5d193b2f4ae1b4f56ea144996afd0151624202ee9981569268dd
SHA512 ddffb6738f9759b394931a409fd96e937abb158e2365d3b77119c6275c48372859c1e034114e85f91b02265ea5fae598c341fc3112382a9893c186055c8ec694

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e8e9846580f299d0cb09fc92ce8cfcf
SHA1 cc384dffc33001b095453c8f07889f3540c1867c
SHA256 2a7ce752710ed4ecf3ca6a328d9a8d93c3e7b4cd7c5b9f7326cbb545a64c113a
SHA512 a38f798253abf41af1cb9cc64e2cebc5bce1b3ed8ffa98ce7007413fec8d0955aa8e260d3c0bfcf97fa706ebe2004b290b64ee575f13a5fb96ca46c288858126

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6db58c26eff7aedfedf12a1d33ff6415
SHA1 d615d18e488f213301c0cb71691fb7e10fed291d
SHA256 d47dd3d2f7ee74f102747f7edb11300fdd9ecdc8a07b6ba905ff94c38d465859
SHA512 1330acb06ae89c729b192220860c2b25a77c63d322159e2f79aecb073dc06a26571f0540bd9f2b35ea495e26f1db791c896d2f36d8ececa4c5bc34e643175b4d

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e383a6418f78e83df4afd828e095d672
SHA1 2819bdeb3e77601749923e9002be7f4b69a35eee
SHA256 1067f14b2dbcad9b55facc40d73036951b5fad758d79683cb9e675f6895ef2dd
SHA512 51fc154bb54eb6a81ff79465fd343cafeeecb284535afda326e75a487af9dc2c8be11acc56042b94c80470a193ffec842a8a5e51831897b55a8b43db3d00a869

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c770a674acdf5dd8146c109ee3d998e2
SHA1 d7746082f8b8ce0131589263e923498f7473caaf
SHA256 d7f991382cac97681901667bb31f7613a68987eca930de542b054d2a17a2cec6
SHA512 c71522af67043578a0f3a27f725956cd9758471eb1aba46116600647fcdbd060c518c0c7f38e5a5f82ab1fccda9d5eb36b062bf561efb6bfe2d65ae7ddd5705a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03edef0d590be3a79d155a6f56105c65
SHA1 43b6750eb85fb6990ef2d15ad03f80c9a4f06eab
SHA256 6952c5bf75d5baff90a3ba8027ff0b038d4b00e7d5a3aa51c5c4b2b6681499f8
SHA512 696e178d92cc27f07eae7e55bd4f96733c48c223d52756a3eaaf25ec407ef9d5e02a758e089396006f23b0b739d731ce4ad5ac338a4340386b42c93cbdb4d0f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 601fd296f5be3504821bf8f330f9d564
SHA1 4d90ab10ccd1c851df5a1e99952b89abef888da7
SHA256 65d3dbc0a775790dc045dd4c95109c3768f3d8c47e1724ff9a3651e5cc3c7716
SHA512 d57524d199c699a93e18fb63ce432b6c246a9d36fbdf87da55c2a030cda7bb1853b9a59b2e42763cc92d799c04224e2534cf40e9406fed84d1f2c0d86978e4dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f13eb4937d3f20124f074fe88baad3f5
SHA1 f144fa3e7377ab97e9969ca39137449d8b4caa17
SHA256 939179a655c6e54431a2bb09797cd82d51d5f2d29fa6b54fb9848bf2c5a53c07
SHA512 b603651b6bc787649e4c668911733f2e1030495a324e543378666460b0de8d78c57223785bd72af012fb9d3695a289f444816725fde64d4ee318b4ebaa1d2f6b

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dae4dec34442c6914b3b4ecd855cf23e
SHA1 bbb1a46340198fc2091b292d972cc539d1bdd9ab
SHA256 780dd1850b1516ea10b63a3cd693ade267dc24eadfa6cc10668b72cf257ec4cb
SHA512 44f7b437940078f7f8079a1acfb4feb03ed6613df4a96413c7c9c9a3eb7ffa809a58df7851db42a521500b768c5a33ed7f4e3234af9f1e6483d6cce54c0fd57f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a343e4a4733a67156332120886c7dd2c
SHA1 9a7a6235b790c00373c171f84abc4e85e70e9385
SHA256 26ba9de27dbf04be921bd46f2a35106b24a57832b9a929e486d0e89022217884
SHA512 83aa590c2c142cfec5800980de05bfce3be4916acf8e3892496514c1ff56a59266d24cbd0ecb0a6f6a483366e30c530988c12b60083f307e3ae7940bf0260c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 326d121f83613c2be5a05623ec84ff20
SHA1 7460b50b0d3bc5600d994b17cf156bc8f7ea316e
SHA256 768c1cfbbdef2a93b6518526da3096dc241da640b876d440569e514168c323a9
SHA512 a644cda34abffa76724ba05e0d3443343647e223c960a28b57f482bd57e32f3458a4796a97ca772f7bb19f764da9f2a1b7c4f569be85443fba5dd0f13561d3de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06f1ddf57dc0fc8af78c22c88aa934ea
SHA1 0afa325de13299bf43eb63146c557a819eb04b64
SHA256 0467ddf2bfc95b2b49d8512aee705da23f77660c44125f6c68f31f64e1ead333
SHA512 6addd3501f2a0da9e7c302182261464f7d5414698e2f5477e666caa988f632be5cd26f2d2fb6a83a809dbef5ff30499d44634ba697f5d030524fafe10d962ad8

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d0f2606045933ae35f2f2b6eff4ae4d
SHA1 38d5455a49b495aefb23d1893d26935d49e9a763
SHA256 38b9cab529b6bd06d452cef5228628e81df8a1466acbc4d3a137a87437f73aee
SHA512 663b08068186c5b367882adbfe9f636b574c5e92911c0dd1046ffe327a7bd1fccd1d65cd8b1f79ad6ba854c9ec042f08cee18a75b8c1c73028d5577803c7743b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 68a833b829cb72dfe27086ccf06087a7
SHA1 3086aa6591da09ae8824d06228af0dc746a29f8b
SHA256 a965ff9737b376a46ead6f98cdaf5a7c3a39f56cf8580fa7237e40634b07331a
SHA512 0e2b322ac26b15de321ed701d94b5812163d72c4e375255323d656a756c3bea2b063196893aef585165e80d31f050dda0529667b68338d0af79e30d305a0756c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d31a6b67ef1df3271fe21ab37880ec5f
SHA1 7a2070bc338cbaf0cedeb776770b5ed6bbbce603
SHA256 9f81af146eba4ccb2d32e33c50a7e59c769091d05458ef9fdf8270c4569f10bd
SHA512 0cfffc1f69eeef717b9614084acd890ba1f8eacbb6bfc1eb2340fdfc5dd765306d3f96f54729d10ce3e6a9ba862b72c8d62eacce3312ffbf51db162874fd674c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84542d366359e6578ccac4f9fc57a72b
SHA1 f750f1fa729e16a35b74a260b93118b1e0206472
SHA256 03a69b85ff1a3e012f801997807103f639387559833ec7818ed1c94a582974de
SHA512 c39dd845a29608aff8d1960ecfbd1973074252160ac623de834ded812103f7f3664ebba1b5c2915bc76b87d663484b4a6b04ec1de719893c09c0fd9412baab0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60e3f842371d8089340fbc01924ba83f
SHA1 4aaaf91d96872e74ec542c34605c3ef454febc32
SHA256 3970888633ff8d0bf8e761a10bdd7bd370d716dc226b16f4a9c4a17438d8ffd1
SHA512 b15b3954102c483ba72e202c93f4cdd06cd8c203c2073d14fe5fe653ef9ee02ad46c2e4ce47daf886a2fcfd939e329fb7afe8ced1af8ab177e2a372624c5dbb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4760367b6801191c27578c262b493356
SHA1 9257d5382c7df520d69a0644ef13aa98ba0b6d5e
SHA256 887c74c5b642de4b2fb0812f9b0995643dd467642d1d0d1e5b49a703c450dc21
SHA512 9adf281ddd783b473db7705315fbb68363c91efe3757e2b9cbf206a2babe23f86835953942289669381f80e2f0206edd115dad0154076ee9572deefee94a701f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77dba3c5edb739ff88da401a03b85519
SHA1 33a9bb10e6488b150f0c476a2ece289232488e7e
SHA256 70806ad2acc4c30e0d535261fb2d3dc473fc3690c122ea20b33a58b0a72b7749
SHA512 4a254370eb95d69da2d11ca316743d4db5c68f48b168bf5007652038f927f87a1485916b2bc2779251ee573212c113d07c0351c5ef4c03f0985e78c7f5fb711f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf77c88d.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3f6ccc951246e76d76051a0ef0fc901
SHA1 25b6ac01fc48ad2616f6b10a5990bdf54cff0073
SHA256 35899df424ac95d61cfe110b020339f19444e5d4b9db2eb29f3792384f9f99c1
SHA512 320980f12dff80e59a51efe1d1c7f7c2ecc246cd85c6b9ccf97fa26a1bc9f0da46c9d5c13f136f48679fcbb68de28272e6282d4e9c4a9a6fdf23c5da02965856

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60c6e90f8bd89acf897cc6f772d6e672
SHA1 0440f0c3ff665359cfef11910e7b56eda8e68fdf
SHA256 01b2e0146a2b7250fc5bb764b1c4b1ae268cc03b410a84146713672b534cc5fa
SHA512 527df5f70405bcd589b7c1798aa9a2345fb47691ab35eec9f72aa680e2a7aa2b30b77606f8b0b97bc208d4a3d13ac72dcea8b9ca2ff1e7e30037acdb1d5711fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5ba60b4ce9b9a28e6a877a27696a83f8
SHA1 c64896b515ecef39d7d74f25e65e82f5aefda643
SHA256 f652a419143094ed6136150198b00c158834cbc9ee94ab7be94cce1e37b73d8d
SHA512 88f56a01c8e2916b0d0186ea749e0824fc6568712819bd583a72430b545c8a0281be4bc400aa3dd3a4f653a5210f0dc123c65b204b9a45726446956eb2f28bdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4ca378b68c2dd3bfd0a4d58c419f5d0
SHA1 a1413f9dd391fd4c1a29181a88dae9685926f641
SHA256 6facd89161f3a088129f0437182c97e1b8a6d3973ef699b36ccee45041501db3
SHA512 c83800c20623494b4712f6c3a5f5d3134e8233150a2aa00307b319175a879125e8f09faa462dbbfc048b84d355a6d731e84ed50f526c0fc4c9d59b958a1e45aa

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\109.0.1518.140\MicrosoftEdge_X64_109.0.1518.140.exe

MD5 8086e504417a0306d93055c5c18552f5
SHA1 2ad46f8dac6e378831086d8f22502564f4431c5c
SHA256 9b6ee5ae71795d09cf4c4432241c07c52beb7942c7687815a3ced970c0c68ec3
SHA512 6e77a03d32b0ddb7d465b7bdc2724a6dd33f2457ae39301740eaff5d5b259077c97e15e360252dfbcdedd5d2781e4647bb8efb634a82ead29fceca6e5cdcfbc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 176bd70feb21d2f099af4bdc05050bae
SHA1 502e778d72632d1dd193543818a923490ace8663
SHA256 98fa9d2a8fdc91b5102907fadcf1fcdc26d65ba3568c0c734329e929a97d0c40
SHA512 71dcd007f0799870c4d7df3aa67e94c046b89b8e7afc43883df62240c85f54722051ca34d083caa2a88df42fd1350cabddb66db715159d09ff9e42950ff17246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\31d20c3b-9578-460b-8ac5-cf8181a05702.tmp

MD5 c387e9fac8b5c45291cd444b337d205a
SHA1 70dd5d1a5a880c9163f753eb51b8a1598422e493
SHA256 500ae2511855c561ba01e3f3b59b373276a0bca9018d1d52d2e110c5938f0e30
SHA512 3805173d6cd7fd5fcabad9dda7171a800b61486d0b097a8c2b64b0a7ec5e22b82a7ddcac451cab539de0fd43d9c83f6f3ec966e9c3b890fcfb102ff21e67d6c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db2bde7460aa6bd9b79891bb10dafc13
SHA1 f3a2950f812ea0ab741e6488ef856e9c0fdff28b
SHA256 3a224be57d64f8baf7edb2a98138ec03fb6778d12a09088b6b547f1dcaf0e3bb
SHA512 2d6cef36c8286184b05eeed31184a4b8b57883f1b7bac03bd9ccba94c5fd83ee2dfa2777fc2135e9de706fe15049fc43738774901b90a5321a1fb0729d40d39e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55cc492cfccac18abd8eb727442797f8
SHA1 e77679044ad63457ecd3a6a4b01729a3c787a1f3
SHA256 3fb11c4bc1d970a0328a752ea4242fd3d36b9e0fc6d90937d62280d9562410a7
SHA512 567a99d46328c12d4421f3da531a76b6c59ef59cf85572b07e92b6d8a5e45f63b3691cb3d4f374885aceaed6236c9e5525b320c4c556c9a083a85b06cfdfc9d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55ff654563edb22e4b17d0d405d6231f
SHA1 44d7bbe1b9d4a881f119d6e86266e4cd58fedbf2
SHA256 747d6cfaaeae38582eac60c28eb73cb12a738f94c8d89ff7b61f05d066ffebb4
SHA512 a2beeb514bb390d3dcb642b4d5770cdc49f9ea86c7c822a7aade9a18d61186478aa255d93016bb9437ef40bb22bd38c6f0eae7786d653279ff678895ece34f3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd33117183dd31d71d353a55295e454a
SHA1 e859719457024b34b540f0709d8c0e0b2c4260c9
SHA256 140ec701042bb96736b9b786fccbb2b37c1de102056cb356469272a7eb10862f
SHA512 05e4bebed53a92f47240bc65d7880a9c4f9310e076a9c0f87087e4eed26e11ea273d89e125092597c6636a528bdeaea382c5698ecab69344276b826df04be7e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0027c8a980d503ac30f685b2f175e9b5
SHA1 f64c8d122bd260bba661b9c031a117cd5d89b9c4
SHA256 77d0ff267262612647e3d8ce5b0b8db1f44274de077759336d901f0c7ff17275
SHA512 ebbeb4874171bf4a970676f581c405bbc4ac0f8912aa2a8482b64133e5dc6ff176576769b5245fbbba64d5344d60e6c1a4f7ef18419ddba48acf09e5251abbd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 c76ad50957b45393cfcc7150fab1daf3
SHA1 cfa3f2ba0cd30e39734769701dad7b4e34e7979f
SHA256 18276aee31e7308ce83e95b2d9b47bc13beaeea23ce667a6df32be473c6386ae
SHA512 b2144f95b2244eccffe319e3f1ccc97266611958709596df811c6506913b1aa12d98d93ce42ee41cdad0ab7bd53a3a52da5f32dc49f9e3ba985fd71840830fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da2d78a7b1e7bc533d52fcf8078b5c7e
SHA1 578e9a3617a57dd411838fe5d8dacea43081f887
SHA256 7d113e83ff5163cc5dbd1dacee62048afe10a2b13d92a4ddb289b8da79e9b74f
SHA512 8886c446342af5703ff35756111318296c6ed4321a2adeda59c8f46f9bba0bb840ad9da91ae6bf6bf4173eb9d5031b101d9951b2119b6060f90432ec7786dc47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f291d0f596e7522fcd8835ed7517fa67
SHA1 6367970208b97c52e9c6a17b47c49c91ff1c4737
SHA256 179cbae2924c281f26e8e4c3a907b3bf44ed45a43c7847283e7b884cd6988cf5
SHA512 b16346bc1e49bc4992172e2cb58620f910df2c0433492ecf825c388fbf8f13c106591b3cf17a1ef4ffa403e480d4bc03571e869845f5a890bdb5f5166fc56c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14395ba4e4d5ac285e10749a36eedfe4
SHA1 b94a2105f403519e20b637c634810290fa35ab4d
SHA256 602786349b0e70a8e3400a1fa8b21a4d9f06c4050ae7bbed2e1c90e6c23d43ec
SHA512 fe33ff5c8228c7e8a6bdd07b6de30d9ab7a3a973bf5f7b87932acc3607228c062a8984f9a83eab20934584efeb18a2716f79a45ec335dadb6e639df075c883ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0857ff7e22b1e94400e07855cb5b79b0
SHA1 53fc69d0acd4aa96cf2f796761e849f1e9a334cd
SHA256 3196203417c1930e183bef2f1242dd39becba7499bcd47d42c0e839dc03205e5
SHA512 01ec0d10a11e82d17cf3054e691810366fe7c05a44e7f7dae582b67dc4b091e889e2bbecb0eafd968449d34e166ede4abb81b13a5a94c13e8655d7c199bc6e41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a205dc27-cd70-4bff-9225-548c9be217fb.tmp

MD5 5bce8aa7a81371e1dd215d248de262ba
SHA1 41904027b81f018e3d101aabe877eb6939e6e0f0
SHA256 926bf6baddbc845c514b7e326c70bbb2011f24f0412f80452713ca53700ee002
SHA512 078b9deca25915fa5015735d2deb3d21dc8412417b151167fc839259bfce10e66796525ff46f3aef5959abfe9dda35cfffe4736f7204c97deda439b51ad0b716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77b482b82198bfcb9950bfa6402dd592
SHA1 dd3c957410eb143dc698ac985fcef6cf6a148d31
SHA256 2b824db55914f911eaad1cb67be66fb741d6d896d67840c9bbc1993b4c6de9f0
SHA512 5f35869ace6ad3072212b73b0dd52b42c6c0c906cb54baa03ba6cc8cd11923d4a8209bf828d91faaaa906ff2d9f88a0a6dc97852a4ba5c3f1136bbc66b70ae82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 9026c1a039bfb1796b34eeb74a8a716a
SHA1 0fff9a37ca34aa4811e4e48f4022f1e3bb5f95d0
SHA256 4a3b444e966106bf9551108f259d543858a36d28acd8d2dd2f38e522ec922cca
SHA512 51704c92f1a4fdb55604faabae333157526fb93f3b669aeccdd04a9f728122cf81bc2c8ee0df2efa23661666a697e8f4daa491b25a64282aaf68a4420d341da8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 939164ff02012b1414c7172856c5af74
SHA1 994f2dd068f2234c01d6b810c8550584cf1f03c6
SHA256 738e9001462a2c9464a6daa279a6ec204596e60f5e5f22701960b18fab2d1dc4
SHA512 d1a8d3db41706e6e8da5a977aa538c012092e6dfa34c8197e77e95b44bf4b49f21d106f750a280dbfaf114fbef4a85b5cd1b7e1cf16ce8d44fceddf63d637f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 8b4e950062f07fa052e80e8bc398d751
SHA1 e45c9b6c4a6358522305dce527b7f15865ec96d3
SHA256 c8e0b3d44d5e095d96d3bbfbdf6550cb643c4555f15b4d8b82483c94b00c29ed
SHA512 a9d8c9752ec86e4f06b214c0de485e9d6fe3a5f5cf9cb2323675399a6a5743e17a1b7d5b230f09979c38aa175dbec63d3156e8d8f9596b41fdf0291f5fbf32cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 4581cfb5cfcbc0fbfbd9a1feffc585b5
SHA1 dcc4a7039fe6e7c949c02e4a3e0a5e9070a6e344
SHA256 b751f2f4e0cb2da5da6b56834b2f72615461c9cf9dd3c243adbaabacb3ac319a
SHA512 6f9c931800f843da5664040346c729a9ea2173cae487a7425de538f3c09ee421b5364806136cdfd90ac85061558ec5163deaf701b405102d9be73ed18d6a1842

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 7fd069146ea79b16633bc8b45f90482a
SHA1 98dfafac54f6f5db51e3baea698208833ed1b642
SHA256 a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7
SHA512 c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 d7fdbcb8d6503f298c868ecb58923ee5
SHA1 dbc83af0f2ac0a86bfe17ddd2b3be2ec632924de
SHA256 6c9b95456093a4e1239e7682a9cc561f752f65a5c1215f8ff40285fff6b10fa7
SHA512 edff41c1e7ea7e8b3662bebbc1e365d8176873db425815e0b152a7337bb64e0b004115e099d3ed94070da6424742148f96467243411deb6393cfc1681615075f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 d4a9bb7e8de8f088750f8da0db9ddee2
SHA1 d66ee47dab71c9574724661c929edc45bee2f21a
SHA256 0e10069fab6bb3083dba1b56b844c6682e9092ddd9d7932f78aeb902c14a712c
SHA512 d351afa877d7abb9152631d5aa897718b9ad10a87bbada7852891a814ff95a6acc961f81641640ee061f7207df0742b5e5ed3d833fea0a1ffb5e0aa219686c70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 30c8c377858046143a08d308366545a0
SHA1 2a6b5a3c088f30fac11c681690e92b1814b953fe
SHA256 89178bb7164978e49b4315c4dd593f6b7ec87f6d6a35802298b9107ee7772931
SHA512 b8d4db370e2f02b68b89fb110360ae15ae45e2209ea0ab65efb490427712ae5bac19b7e8643539353572f8cc3c556778d5378f83a69240afd36db72fff3804a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 15a2f0d9497bdefec193f1951b076696
SHA1 b673c0729fa90d589261edd38bcaa74439297cdf
SHA256 aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b
SHA512 36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 d7565a09f0e7f8e021a2c5edddcd4945
SHA1 c5a82be29a109dfbddac991339ea3dedcbaab2ba
SHA256 25663ebdb25e073b113f8827628dd576acfec11f9d834b7560e7e1e848338516
SHA512 b81c4a276f378999d70d91b2b646604daebcea4fb62f917d0e096c57e7a529ca72abe1a22c3b349ceaaebc86c2d1de23d77a5e634e7378d62ff0c88254c6b6a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 1904bd5ae318095a1e4868b08c152fef
SHA1 05cabdfa6820f2f87662dd90b60cadbc1087202a
SHA256 348f2eaa83b62b335932aefb859ef7a3f4e8a7c6cfa00a3087b146828af25077
SHA512 c6ff18b11c2c36471cb25e490ee8d2583d629878b449a08a75b282c83ed7c57ea801cab5d05bd2758bc0d7e0f4ea0612cdd87f2749d0763d5a0455f068647541

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 efd99f6b50b61e6bc88ab81db271f5dc
SHA1 13a91d8c6aae48306779d950cd3da773bac54a04
SHA256 3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9
SHA512 3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 6fd1421c547715cb7b78ca67104bfb78
SHA1 cc7f1d6761d9c7256745ef7586ad53e3183f0e2f
SHA256 57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d
SHA512 f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 29963aaea2da098051b50ba350b38de6
SHA1 328dd3c00ccc2038facf3c96aa311b1cb93d53cf
SHA256 4717d2736626a85d7596c764f5c6d2df2a0621813ca1e81c7eaa85c66be025e2
SHA512 9c25d4c67785059e3be741262f7476a6f512e37e7b4feea46227886cc18541573aabde3a2fd4f6b58ba7d223f12b0596fc8770ec952c29d278543a82a4944b2e

C:\Program Files (x86)\Microsoft\Edge\Temp\source2592_775212198\109.0.1518.140\Installer\setup.exe

MD5 97378d32aaaadf3e4ed6dd1201ea55c9
SHA1 1fbcd1801521f48902c1da667f35a1ac9bd8a112
SHA256 6ec48960d9e7ee94d15339b7403c052a73f0fb04937f995da76fbf517766b84f
SHA512 9d0a2631ea61bc2143fe3768d63a8874bacdddc74e828f1021084d80cc021d33493503e2ea2b9ca434936ad0b132a1c4bed420cdc165039e81d26c78f5c883a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 3e751b90a726640163f4a9364f5e39d3
SHA1 145612b9ebcd3a06374fcbd6d7764a6f21f3e5ad
SHA256 f191ef79c74cff0dbc9b1dd7fd1c2664834631b04787150f103da1bdfb7bd041
SHA512 8cd4005cb0c495bf6ad2935ef970313f3702575284d44241e6dd9cc0ae6405fe19af9b3cce5c413b357108e7593a4edb58f43815944e9a0dace21759ca2a1845

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 789683f532e250f403aed20154863513
SHA1 84ce38471933a7bafb2a6ca394e3ce4e177d51c2
SHA256 eba8cb27cc788a1c38385bdc13714f353a639e84dcb17ef481a48afa543a2637
SHA512 4271f9c24387b809826a1a95f1d92f6dd9321bdf7b100f6229f564be4448904ad741dad1714c6c15732a0c8cdc8f855d20f221f000da7fa136524a9a6eda625b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 ae5b193737141a7d6f2d60c9f16f708b
SHA1 dac04be2083cfccebbb21132c81064736a2bfb8c
SHA256 87499498423c165a546bb41a633b41bfcb2b507f2b6cf2caea70236eaeff91c6
SHA512 7a4d3e9b4398cd694ae5580cf974ef6c7778ee506c004c7a892abd5fec822ab38b2458dd89f0083daffcc4602f51ab82858454bd6ffb4fe4fcf4ac5c0403bcfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000012.log

MD5 efc901fb0facdca4b7b4983a3c4f3b22
SHA1 68ca1837e06186fb1c56f935acba481a0927c05e
SHA256 c9d82f431c31d1a5b967f620116c533d9b1fbd70ca2ed2db0287a49b88682851
SHA512 7f814fb483ffa80f4d9ebd7d6ae7821f9319c31b64af8182f925c72f45af732da9209da5b22eca7a6465e0d60e03b41e29730609379fc57f82e1065a47bd4e84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f110f47554b23e2c30fdae01a3cc38b
SHA1 142d0bb8831152f80d5d388ebf9659971a433ad2
SHA256 adb3c593c875b861f4861bcd4825e94aea312ea232b1a41948a28ce3ae210028
SHA512 06456cdbc0212835071bf93387914d5188a1da25d25dc76e9167e15a0eafd75122280ccc437d423c9fc079165572ad6c0183ce69a8017111e9e1280c06d351c5

C:\Program Files (x86)\Microsoft\Edge\Temp\source2592_775212198\109.0.1518.140\Installer\msedge_7z.data

MD5 bd70ed26e6e6f3193043ac09c58c6a1c
SHA1 d733a65e17f2851d5116598dd80533efc1656468
SHA256 7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448
SHA512 3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 c06cbcf98f9d3f2cbb966b04cb9cb1f9
SHA1 c8a62dac8381c26ccf544542f0b4d95081702846
SHA256 6b1036e5d412cdfebf8130e2f736368a30430df57bddb224a79de7757a642643
SHA512 7d77a97f5a1c650c76b71a2f968118426237064512ba6d84143f33271c3b927201203475f309bab46c8ff1804c57a5c30953029ca860e4a2d5bf4695694d015e

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\telclient.dll

MD5 5302ed4cb82bfcddbf6a1a0ca866c649
SHA1 55479d5eb1382010c27bcd1f2007a02220b218e0
SHA256 9cc602a91aec700e4ea01f2afa0caa4ca3a99a9e27751a1da203e2dc190dcb9a
SHA512 51bff0aaa1f243c8f291164c7cb9f0c8d250681e13cf62c26c513164c9399f7dba5b439ce26bcd35f35d1f7ea35ab1d3a4a5bc0b5d3549a0d9bfa10968e48e20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

MD5 bce8b3cb9b3069bebe1ff716d47624e9
SHA1 5d6063a9008d2d9dc96e8df9f90f6cff4a0d064c
SHA256 67c1290ed8c7a89d1106742b8249c04e2b4206c514dd60d1ea58efae2065517b
SHA512 30126a98548d45dfc859ea2f6bd5fef43ddc5697488f8f2b2ca849eba49570d54931c9ba861937d8e597e93d7c1470db59d21bf4dc9d70daabe024db0eeffc8e

memory/2216-4058-0x00000000001C0000-0x00000000001C2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b575302a893a3ad79f93990992ec14d2
SHA1 ede54454d879ce3bc0969521f5d5bff6d4b9f954
SHA256 89504629bcd02c0fe5721f7e26bd152b4949b6ed72bc55b800fc11b545f58277
SHA512 d31c6789644a8e38c722fec983bcac3b70496863d138bcc4b6d596f0183d4040eca337ed7129dc9f217017958a62b4cdf89202c736b3ae75db4ede0a0e3ab50d

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6906450aee868aa3cc9ba131e47073d4
SHA1 59da1dc4a7072f072095d567ae968404463c6099
SHA256 c35da8237008c71e1ec34aa5c699c09330cf1d385aaefe7bf2879dc6f5b2e180
SHA512 5edb0514ebb7af5c3d9e5c429fd9b507b9bf1be5d29fb4374542e86ca1ccb92580b06479129d75db67eb838f63f0eec3e0bbee2969a55184351217983ae5e6d2

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b278fe376a076a6e336ab316a65c4b16
SHA1 3a7e1e85b1e22b6b9dc316140d9e1f6c695e99d8
SHA256 375fb3a4dd03be2a9ba6dea4a6b5340b4eb9fe67371c5e0371497d4960d3fd28
SHA512 0853de129895e694468766de0f98d76fa8ea6f55e55fe2abf9fabafd582007d4a95376b4ec5bd89cecc77555aaceb609b5f553b21c59e9a78026bd3b947caad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\741144e4-f392-49fb-acb1-c67cc38e224b.tmp

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ecfda25d77054e32f7cc76705ae295a
SHA1 26079ebe06e3b2e274b079c93dd27efa1efb308d
SHA256 b30856b7460dae88acf7db16275132ca4785e1c84c6e26a79395658e53ad83c9
SHA512 e769598f8dd7aaf40b41b156ba66b78064cb02046ba5c22bad71467f818f2b447558ac1654a8fbfd70caeff7585d94f9fc5ce5cccb5c248b6b2d99e798b77b37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c57f8fed8da042bf4755630c16979b4d
SHA1 83b37b3c858055a6978d8278d3e95b6b367839ce
SHA256 8b8ce1b426618bd59536847f3f27c084705d5b183e352ef054ca892e59bcacab
SHA512 2305bbfa786149778599b9d643f6417037e71427064f30a1d68c3218b2b15400e12228a3620a162046b050e5e545c4dabc37859e8f239f1ca593857ad23f5037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2090887eaf1470e56ecb09300d916a
SHA1 9f67f3a18852c1a0e4791e7c0895e77fc86fd799
SHA256 c82fb1da6d6906a6b8d9ba2a3c67264c437af69a07118f7979977dcae28b6730
SHA512 ff192207b1ac6cef88551f06beb3c9f87bc2bb4054ce61fde4dae8609a21d4d63d0712e59e6fab7574ff198073a66f344de808eb469f5d4da1f25d0008e52de0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ce06ede13737db657e584ae20e80ed1
SHA1 08d9ffe364ee7fa86a45a2ed3873f2158c3047de
SHA256 a173897d3c2a44def24228d44c6af934514928c4a22d11b059525ad0f258bd7f
SHA512 e2a211eb0e50d773846f6210fb4d7d44798176702df00b260a28a63f75b6765b7b82c667c6275a4003d07d33471af2b5d9113f3da295c96be9a0c98943df00ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 4650f1b88241fc2041022a31102a7361
SHA1 e05d2c72c4c825f61fc30d4bb134b27ad09f6752
SHA256 6cac3b8fcc593d3b9d9c4b8fa2194f538cd19eb38a32ef096b8c89c95af6da44
SHA512 3f53d1b31dfdcad77d5aa8919b071ab761fd7bf0b6beda9cda7fa6f911660df15cf51fce2fa97b4febf6df2538a1a0b147f20ac77c605767a7dbdd2e0f08d6dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b3fe21b214fd8cf12e402fb5235c79a
SHA1 e2f18b9f03d7210f8429c8e7ad5d0ee887bf629c
SHA256 e91ae6513067aebb1fee2b8c9abe14f2784606099ff1360d986102c9d7521b32
SHA512 476535b12abe66eefa8eb37e25f4343818fd6bdfba7e2328b49df723b3b0e88b051f57be97e90ee337ef0178f8bbfacf470984f23bf261ccc658e7e1660455cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ab1e55a309a3fb4c351d12c95692922
SHA1 42c0e7a0fe0ba52a430e304ce1d9545f9bdb5e2e
SHA256 9873eb8b53eeb3be3bb564ad593dcd0859ba048d404d9e0e1f6b0becc6fcea97
SHA512 6e2b92fc0f2593e041bced51adb90cffbd3ab44b57766c7c18d42cb50d32c8a098a57d0797c9b5e77d726211d28e973c94f91de1d9e9773358e1f868b771b742

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 f68cd2a6c96827d36f0485f3c1f0ad20
SHA1 ec57d9859e1c3612a8a3ceee79243572d0517839
SHA256 86d66dfe46d4ba7f486d97cb15f843e44d29b22cfbc4dd139a8f8ff57e4ca6a1
SHA512 f2213c386cd42d6675f300011e1e3a78ff46d2a93e8c732a90c528f14b3920ca0213d14fc80a8f4a0e49151e178be92d654f722048d95c667f16ef7a6db2836b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3fc3bb6d7bebf8c31710e0a56b37412
SHA1 8c2e4ef5f72e40d29eb0d2dbcb6c083350424059
SHA256 6cde592b4cedf249152469d2b57a1a3996f5e711c8ea531e05b1ca159f09dcee
SHA512 43d4ab491706b668d277b5e34ec5f6f6597ed44496bb8efcb1708b38dc90747580fcd6a359d002ed3f00d2391cf32c75f748c2ed8de532489d293d0bcc1e9718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 aa7839f49ba56bd9adde688424cb1469
SHA1 00d85c2740bbc4027edbeb93b47e80ae06a37a12
SHA256 1aa8d2326e842a4d7ea9ad9147da5dda17ec7601a56db427ccb80a0a3d643726
SHA512 7828407819dda297127915d72e8ce23a1a6f7b29a82f1e05e24475557a5ee380e34553b8e3d025cca05129f0eebacbef5d6ea295cf51730fa76681a6d598fd61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16034dc2e0744f9edb5741ea556f72e8
SHA1 9aced488d9b811554e1f367496f5fed344a00ba5
SHA256 43147f5f335df2fa2299424249dcd6d5f0db138f74aae0b90bf547187fbe9d49
SHA512 a73fd3483aaf78b53fd9abb2f9ed139cc12e89f5dc6f1b8cf54d87c78718d57c18248ee9277261baee3579c7225d49e1f93e6db97d02acc22ada8aaffd5dbdc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 883e59f6958839444f4ffa2a15063379
SHA1 964cad2cd61471c1915169a4f69a30748a3fa10f
SHA256 f1cad84bcdbbf9701f25d1c4ee2d979882bb1270a2bd3edf93d8280a90d52a27
SHA512 5c5f88b2da186e9a87fba05d6874e671f7812d22ca987420d6f1385115ce2578eb9589d37a79ea8cc89256c7cf2752fe022197ed8beb49cf311f39a4680b89dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f487d5b98509bc49ff029d4786c0821e
SHA1 0a60e32dec63f1b02bb17f06f0068f3250b6b4c7
SHA256 697018dde04a4643d40471c72710b49d38051aaa94dc6cf1fcd176e6330d5c23
SHA512 bcb2c823793ff750e141d42c26c1768893a00920076c2cea7208748632f7211acc2294dbf79deeaae1107adc4f2c2ee50c5f2e36ceacaf71e41e13acd7238fdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\61815ca5-a021-4aa2-868a-8daa45cf9875.tmp

MD5 74b65e06b1ab5f4283685db76055aa80
SHA1 f7cdefc5dc8fb32db51422c630ffcde585706d92
SHA256 a757a9d578c0d2eb9bf2bc0b52c4fbb0fb0d5f368d5500bd5398d71d7e6ee462
SHA512 395d7007a7140e90430ba1519b0e4935f71626560d4c0b82d497674a14ffe1d32e46fd664a5e90c5225833eab4c70682889d2de91e199cda1b16f6e4625fc1f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d72eb8ecd85a94ab6ca21946362ad9c3
SHA1 b223e424e93dd463b5e41a41c0651e8257862c84
SHA256 fdc3815e115d4635eda2cf396f2c5142d427b68bccfbb757524b19f4e249e68d
SHA512 b705e0151b9408c50d6acf30193b25ce39ad62cb78cdd01600bfa1f38ce8692ac0ee3f02e538c60b9fc633e654ef3f33f542a8ed1a6a7da0dcc8f17848f988dd

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 fdeea706d43b7aafa91be4a50a609433
SHA1 51ccb961f8dc73345828a27b55f1faae816ae25b
SHA256 af45ffa3cbb18c930b1e6b51aec3096a3a1e6df50da861c4d1e4a154615bf548
SHA512 583acaf4ece04f370870134ec7e44a3c9339924352936a210684d4759d4db78fbfe739e721607076e2fac3fc02c86bc2344763226026b80c77398645a88f048a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e83c723abd0f3ba70f9301dd7578d7d4
SHA1 3a401c1c8a319c14821f278ce93d64b27c60de50
SHA256 bd4f7f817f0b3d3c9d1711f22912e12b4dab26e6701d66772c892fdd54d3695a
SHA512 96077e108c09e2f4383c0350cdc71fbabf5f42b08674e8597c625f2ec3ee9d7f7805f847d43f79f47b549894bb6c5f8a41bcc9e2c4c2689c9729d9ebff6d1361

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 562458476e6e1f63f8e67bb38baabbe6
SHA1 24fec54e22b39d13d4b5f4bd018573e92d390936
SHA256 258adcfc0ee57cef8fe4fa2f10aac13e19d39757105a91ef8e19af9d1d46d814
SHA512 6c9232228e95d410612187faf1fbf87371339734ed85ada0de900a36ca73fccb16d3e9560c388ffca2ec391b02e545106ea08811e42bb66f9ad6b2eeb0f7b27f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84eb2bb9a4b5c42eb795e6cddf20cfe1
SHA1 f3ea59eb804f70eb3595c75a716e416067b2e064
SHA256 5c5e229edf2277d91f44494573ed60f608d27c6f52795054d8a6ddf643ae6c07
SHA512 b127722fb147b8766756f6a44a8df4f0eed555a979cb9d6493bdabd8f2e94ac35288264d50bc0cc61f16799eec92b59c61eb4d3be6902ab1716395cc1db131e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b9d00b6952a3ec04498826cbd30ba5e
SHA1 6c2824b7cfe7688ff3b9c6e94172991fb3a9cd2e
SHA256 17e2f358112933b755f721b345dba0c2b7b02c596e3e4e5f0697bc89ddb65647
SHA512 f501082524101137750d5c749ed12abdf59684ca7a6b2766d4d5c36211350eb0eb9e8b722b421cc0b408b7468d2e53836d0449e787ab9442623d0a0920995588

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6f31949030977602d108ccbde537d019
SHA1 39c40a1358425cf76b1601cb20ba09362b38d817
SHA256 9f0b2aacfc742720c5c7deea9f11fa353ec16b4d6b7f3788de6ec1c050d9acd3
SHA512 1d7d49f3896e2de91035b95c01a8ca224b8054fd9acb46bd55000347559a7dd7ad690da0fccf6c8b38073ecf864cf51032125aa0f33f733cd32505a056d33391

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e6979b09646cd2e9295a4f85da1619a8
SHA1 57284731e42dd40d9537c344167ee86b511b1d46
SHA256 102a4c20a15f7b4b1172bdb3a95a894bedae04fe2cf62e68d80f07c8f198cebc
SHA512 4da810ef77b40faeeadf478b60141ef5a1a388f0675e45f07aecc179973d5430f21683a4ad5eebfa4e73e367a0b2d80286a85777af88e9487cdda4c898793483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3853e639-0800-4c72-9a43-ca0b9c8f4c36.tmp

MD5 366de6430c84559381d0ba56473b2d42
SHA1 d2df3ebf73d56e634bd05994793177e16d5daab2
SHA256 cd42ed2120157018cf5d181450ef345315d659f4909b465987da847cca8fa1e5
SHA512 2cb35b929c0311a4dcbd3a6755efb9afb8c1e8a94eeded4492b5e41cffaca1d7d1b2fd8aae7355ed70d9dffe126810fda9644727ddc92dfe67a9e82d076fb80c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61f780263253131be8806b89939aa010
SHA1 dd4a9d6f7a41c8797d64ba9015abcf3ec7ea406b
SHA256 916f8f5a51531543434e4e0a93ef9da83f79dc73b6e0b29127bac976ddd76761
SHA512 2df2cf0a4a33821f80fec89f7ab624f7c8beaf54bf453d40eb6ef71c95a56ae7511beeca209aef96da3a20ddc75e75c4ef5d2e21ade917ec23656ff43aa84b9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20cebf451327096132318c30458cd8df
SHA1 86956adbdadf4c2c12d07106b6bb3d2717022403
SHA256 6eab748aa759c5d7830e87bb9462c7cf9ee354bb50e413ba4f485f16cb401b30
SHA512 84b744bd3afbc5b37f9a1996b08b0d78d484b1c8d291e9d4827c5c9f725887334df9038d0bc44c0c57fcb8ba2b912f35d9d8470a8355658def9a66335f6c9f91

C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\713d3e39-b188-41cd-98d4-04208a53b0a8.tmp

MD5 e887b91c3504ec435382ea9cc1e7928d
SHA1 c977be810da32ca9c98c424e57ec7be6ca8e1028
SHA256 ff7e762ca6889894731e4c64745ffb2ca10aacefabdd709050a1d41954fe8d4e
SHA512 c06a88d4dfb93212bb7b9c1694eefa5f741e89b1687d180ec500c2688f2ce864b645cfdb43ac0b448e9811a7a5ab1e06e8bc9960bdad942ebe4b8b4434ae1a0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 565de31061bbcf22c350f771bc2cb796
SHA1 897645f79164f16ba7e45e93507c43b7612feade
SHA256 34e2d8645b49e4f6f25f8e9e78587427ff4a667c88df8b7f7091e92a2f4b9c51
SHA512 2c14d3c57861227b428c446b8bebafdce1e87048d2ee7d51fbc90aeeb6406b72982d443c2e11c0300d207363198d5aa6dc964b34d046972d96491ed3f1bc8ad9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 18b43df67d56315fd505338b0112a372
SHA1 efa4eaa30f58ac7fcb1122073ea96eb4857c1805
SHA256 0b0e26eb5ae7f760279ccec01138f8636c69fe4326cf87f4e92b614da3232b6a
SHA512 cf7a1ed7398b0defb92173ac37b5ed5d58b675598b5a7fc31da0153070372dd05675d0841942d361dc7cef3448141f014da172e722be3f2165cce47c4b6c277d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3021e61540765b8eb7cf64fe1c556690
SHA1 7b16f48b34396d4618b406686e78fef3c2fe7490
SHA256 f0be8849acbf2cf90391d3c51222f8872736b1a54a5359971d8829e8bdc78c87
SHA512 2e73bfa37433bd84f49f453b189efc522fe2efbbd06dccdeef71f90c0b3761984f1a02f747323e460c79c99f80def1ae1fab6d072d30b2b326b7f98c4899fa6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f7a1cb05eac23a4aef5e56d6e8001dfc
SHA1 88e914e6e3aa63d2b2295a3a85d6109bef79ef0a
SHA256 cb1cfcc4a5b317babd62b9f67f47ed97868c384f9bfe1d56f2b8da1da25d03a1
SHA512 2253a4d298f1d30c359da22643a3641e58be2c496f94949c56476c16320fbe8b4ce6cf0ff9bd8a88d952488383f193b46e7747f014d9455474dd4aa0dc93fe3b

memory/3980-5645-0x0000000000140000-0x0000000000141000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\69670c04-11a1-4980-8e51-ae7ef357975e.tmp

MD5 f73828abd54c9e01ecfd21e990a98f11
SHA1 c49ee71dcc4b83894d839e7cfc0553a33d6f4c42
SHA256 cb100222ec129952ced138ddd5fcf69bda147a8e68f3386c27d5abd8b40775fc
SHA512 23fa7d85562d765f6a73df51857704001ef3539744a1eeda37302d30fd1040d8cb2ac49a99c3864b1e30cd0ab1cb8a65562b1990c38cf3249d02c3113503823e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f3db1dcac8994ef82c07e5d3397daa7
SHA1 76b0812e93c98e553e6b36073111f384f5a70bba
SHA256 671411bb77845e0b2f72b2dbfb86578309f12ce3aa3ceb895cbf5fcdc0b6a3ba
SHA512 53498583fe97015b249ebd1ebad88aa285ff86ee43fd298583bac967b7db12fd67d0ba9a621077dab414ca4df0b90ebe4c6fef8f0c302742065b5ca29b684d3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 32ad46607ce2e0fa42056e22d696c4f8
SHA1 fc7dc1c1ad4e80d00a4af51fe475f9aae7b5a568
SHA256 fd86b589213ad5e17147cc7fb1b39de48a788cb2d24feaf405ac62cc87f82b87
SHA512 89b1ad615b56d26607f35d345dcaebb1285662b3ee371286f68f36749f47c548c6d092749bd9e3e04a343e5e23b71446f67dc7b8663b0b18cc80b253de2721e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C5DD21E-27F4-444B-AA2C-27BF2A91FFAD}\EDGEMITMP_80066.tmp\SETUP.EX_

MD5 d8fe1ad87b1addd7bf0283d04a5788c5
SHA1 764fbab3ee79df7cd02cf1b5add9f8a31f993d46
SHA256 f826917589f7f33f03b7c4d4bb4169c8da5ab853ba26f0f7626792ded87b5e0f
SHA512 46d055c5404d5796abcbe1a1c419645c20355fe2a7b94870749e93bd4dba5492c5236480d33fcc55e2d11b88d85bedfd3bd7b9199e72b55e49164b014cb34d52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 444ad8fd15c8ccc0a8114735c644f25f
SHA1 1d6c8ddb8333bca25711c35e2c514759f709cd38
SHA256 b285293d00aaf78bd0bbc69f0e546402393cfbcee77632b9eb15eba8ab97970b
SHA512 a382c02ee8b4900cc7ea2b43958f7ab8a32c6089a4ac0308383f976e48876a6a8c691023058c825e5f1f57792197e2dbcdb632a8908f14975a29ad5895ba4e8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 619a44f0ba80145154f281ecf5adcf5a
SHA1 49355d01d8c6cb00649f41ffd806ee745a832c6d
SHA256 f81b6a4c9496b77423f3478080ab3c8bc97786fbd69ec6ad66a75a79ee6289f1
SHA512 300b3f020d8eb5f8ed2ccb58562e5eea1e770679ed0727eaf6d4138b38d37f591af679b2480ae00a4d4b118b0e1fdc0a551f28c1c2fe75779063d1fa13221284

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5cf39c1b75bc462fc31bcb60145200f0
SHA1 11d232305d6cedaa2d9ac11ae2ffb5a61e4328b6
SHA256 91cd50499775148a11670b1b20ca879013dfda5c4a62d2958fe6b4dc69f7a719
SHA512 2f4d9b7a63279e75e4bc831a5c1b1032664254c7a51ce1f1174a1723c3d18360342526acd7fb5bc9e29994d129ef1c6dda7fc33d5dee988a0036f5345950f45f

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b5c8f6415aa802e4d5093b8dc4633f9
SHA1 443516782e54226003890e75ec85bfe3fe437dfb
SHA256 7391a3a0b8eed5dd34b1524e8bfdb538e318e99bf99e9f35499de8f72e54821e
SHA512 bb1eab168c922dddbc544db66e8a2c256a0baf29420318a19fe40686ec692534b2a5efd23085c1d2a447012d7aff6b29128555d074d3196152634ee00a5d6c0a

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d891e923206fc81c98b045a828ef645e
SHA1 1ffd0e1ee27672c08ec647c8bcc4cebb11d031f8
SHA256 e5008129436603ebd85fe019039d38ab1131b6b686104e84fdf27b3a044e1855
SHA512 ebebd33857cd6bfcb4e9828aed4a874cead4126e9d5f1fbb7efb253c916592e1b731cc6504d29eb439fb6c9335dc904b15951633962d23ed938ceca17f6a970e

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1186fe1d61567fc2d0e1471f52cdb7dd
SHA1 6046cd0dab97306fef125a0f21c65aa7446c8df6
SHA256 a8c9b689d78502517fd26a1d77b89b3aaa690eb8f83080da338850265166718e
SHA512 f6a97fff2c7afc7680a57e031ffae70f0cd989ba493b6a703e35ee048a2b65a1b22998f0d39d318dcd33170565eeb07ff55b665896bbda234fd16635fff3f455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d45874de32a4af60c410f4cd5b21921
SHA1 983c39a927001039f0a0dfe0c7c102a84acc6009
SHA256 275dc9a1f44451990b0e3fb32525c1cd67373de2d303ac57e54850e912c1547f
SHA512 80b8ad5006c4075537018d7ad62a0e0e5ce8613208e2eb7ab6f82957fe3e1ad2dc9e7f26c400db7121c9d1d74817aac697ff1f6228555dd099ff5090521943d5

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-22 16:59

Reported

2024-03-22 17:02

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Downloads MZ/PE file

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\dwritemin.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdate.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\122.0.2365.92.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\identity_proxy\win11\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\es.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\hi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\EdgeWebView.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\MEIPreload\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\bc89bee1-0686-49d8-913a-0b92a20874be.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\webview2_integration.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\ffmpeg.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240322170030790_860.pma C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_sr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\vk_swiftshader.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_bs.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\prefs_enclave_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\or.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Mu\CompatExceptions C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\onnxruntime.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\dwritemin.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Mu\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\ka.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\EdgeUpdate.dat C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\oneds.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\msedge_100_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\mi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_as.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\elevation_service.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Temp\source2036_635588122\msedge_7z.data C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\vcruntime140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\gd.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\pa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{0FB73704-F702-4B2D-9020-1D76DF20E57E} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\WOW6432Node\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationCompany = "Microsoft Corporation" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\ = "Microsoft Edge HTML Document" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe
PID 2844 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe
PID 2844 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1388 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1388 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1388 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1388 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1388 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3816 wrote to memory of 1884 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 1884 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 1884 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3816 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2340 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2340 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2340 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe
PID 2340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe
PID 3204 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 3204 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2036 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2036 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2036 wrote to memory of 2596 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2036 wrote to memory of 2596 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2596 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2596 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe
PID 2036 wrote to memory of 860 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe
PID 2036 wrote to memory of 860 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe
PID 860 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe
PID 860 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe
PID 2340 wrote to memory of 3512 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2340 wrote to memory of 3512 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2340 wrote to memory of 3512 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4628 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en&brand=M100"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTExMkJDRUYtMEMyMi00Rjg0LTkzNzAtQjZGM0U0OUQzMkFFfSIgdXNlcmlkPSJ7REQwNTI0NkItQ0M4Qi00NEU4LTgzRTktRDA3NjcwOUI1OTAwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezQ2MEZFQkU2LTk0NkUtNEFFQi1CMEFFLTcwRjM4MzBGMzhCQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4xNyIgbmV4dHZlcnNpb249IjEuMy4xODUuMjEiIGxhbmc9ImVuIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ1NTU3ODQ1ODgiIGluc3RhbGxfdGltZV9tcz0iNjcyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en&brand=M100" /installsource taggedmi /sessionid "{1112BCEF-0C22-4F84-9370-B6F3E49D32AE}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTExMkJDRUYtMEMyMi00Rjg0LTkzNzAtQjZGM0U0OUQzMkFFfSIgdXNlcmlkPSJ7REQwNTI0NkItQ0M4Qi00NEU4LTgzRTktRDA3NjcwOUI1OTAwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTQ3QjY1NkYtNjM5OC00MkVGLUIyQzEtMkUwRkJDRDYwRjAxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjUiIGluc3RhbGxkYXRldGltZT0iMTcwODk1NzMxNCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzUzNDU4NzI5MDAwMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE2OTE1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NTU5ODQ3MDI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\MicrosoftEdge_X64_122.0.2365.92.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff60e1a79a8,0x7ff60e1a79b4,0x7ff60e1a79c0

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9FDE969F-3743-41A5-A9AD-34910DDFCDB6}\EDGEMITMP_C9C03.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff60e1a79a8,0x7ff60e1a79b4,0x7ff60e1a79c0

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7515e79a8,0x7ff7515e79b4,0x7ff7515e79c0

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTExMkJDRUYtMEMyMi00Rjg0LTkzNzAtQjZGM0U0OUQzMkFFfSIgdXNlcmlkPSJ7REQwNTI0NkItQ0M4Qi00NEU4LTgzRTktRDA3NjcwOUI1OTAwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0MzQjQ4RjExLUY1NTAtNEZBNi05Njg5LTNDNUEyNzg0RTUyOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIyLjAuMjM2NS45MiIgbGFuZz0iZW4iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjI0IiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTM0MzI3ODUzNzE1NzIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ1Njg1OTY5ODMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NTY4NTk2OTgzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDgwMzI4NDcyNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNzRjMTU4YWQtZGE4Zi00ZTg2LTlhYzEtMGZkYjQ3M2E4NWFkP1AxPTE3MTE3MzE1OTMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VENEWTRwd20lMmZVc056cmxYdjRoQ2U5Q2xicHgzM1BnTWslMmZTJTJmMHhPTTNrQ0lRRXI0RHJtV25lZW1PVUZWUkJoSyUyYnpERmM0bkFiVXo0TUNHcVJXb3pPdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MTg0NjA4OCIgdG90YWw9IjE3MTg0NjA4OCIgZG93bmxvYWRfdGltZV9tcz0iMTY4NDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODAzMjg0NzI1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDgxNzE5MDk5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI3Mzc1MzM5NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM3NSIgZG93bmxvYWRfdGltZV9tcz0iMjM0NjkiIGRvd25sb2FkZWQ9IjE3MTg0NjA4OCIgdG90YWw9IjE3MTg0NjA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDU2MjUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x254,0x258,0x25c,0x250,0x264,0x7ffe0d8a5fd8,0x7ffe0d8a5fe4,0x7ffe0d8a5ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2236 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2432 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2624 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3364 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3380 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5208 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5208 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5332 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6200 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6852 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6620 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6456 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6392 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7064 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7036 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6068 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6340 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6344 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=2240,i,12339805006271949163,17047085353720034760,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.146:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 146.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 204.79.197.239:443 edge.microsoft.com tcp
NL 142.251.39.110:443 clients2.google.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
NL 142.251.39.110:443 clients2.google.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.153:443 assets.msn.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 95.101.143.153:443 assets.msn.com tcp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 152.199.21.175:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
GB 95.101.143.153:443 assets.msn.com tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
IE 68.219.88.97:443 c.msn.com tcp
GB 92.123.128.168:443 www.bing.com tcp
GB 92.123.128.139:443 th.bing.com tcp
GB 18.172.153.86:443 sb.scorecardresearch.com tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 193.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 153.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 168.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 86.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 139.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 80.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.2:443 browser.events.data.msn.com tcp
US 20.189.173.2:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 prod-streaming-video-msn-com.akamaized.net udp
US 8.8.8.8:53 prod-streaming-video-msn-com.akamaized.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
GB 88.221.135.98:443 prod-streaming-video-msn-com.akamaized.net tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
GB 88.221.135.98:443 prod-streaming-video-msn-com.akamaized.net tcp
GB 88.221.135.98:443 prod-streaming-video-msn-com.akamaized.net tcp
N/A 224.0.0.251:5353 udp
GB 92.123.128.169:443 www.bing.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 92.123.128.139:443 th.bing.com udp
US 8.8.8.8:53 98.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com udp
GB 92.123.128.168:443 r.bing.com udp
US 8.8.8.8:53 219.197.79.204.in-addr.arpa udp
GB 88.221.135.98:443 prod-streaming-video-msn-com.akamaized.net tcp
GB 88.221.134.80:443 img-s-msn-com.akamaized.net tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 23.44.233.157:443 ecn.dev.virtualearth.net tcp
GB 23.44.233.157:443 ecn.dev.virtualearth.net tcp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.142:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 104.91.71.141:443 deff.nelreports.net tcp
US 8.8.8.8:53 142.71.91.104.in-addr.arpa udp
GB 104.91.71.141:443 deff.nelreports.net tcp
US 8.8.8.8:53 141.71.91.104.in-addr.arpa udp
GB 92.123.128.169:443 r.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdate.exe

MD5 31f9e08922765ba2913632f758bc7423
SHA1 b36b4bf74d6d4b6c8c0e38d9c6b65ec7da2fa9e7
SHA256 c2988c13f66ce033fef65f3af20a00faf555047e710dc6c282c124c848c1eb88
SHA512 13808d6b3cf8f8e645bd421eb3916b12cfcef46ab5f0ce1a0cbda91c4be374d03504ec09d1a5916ff2944cc24135cd46dc5be3e6c72fb599b30a58cf8aad7c57

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdate.dll

MD5 9cb2b82fbdde7133369f0d8618dba139
SHA1 4ac0771b6da4c435ed9ab270e4b87f5720fda0de
SHA256 0aa838b27da61c7bd94e073b35cb5cf1cf0762d74ccc0214d052f7327d52ae06
SHA512 002ffd9938e309693e2b4ffa3e2d3add2046f133e0f219cb5e8f898f55003815f326c98f529fddef9f7653a9a81e3ebb543f8ca034e786b25ae960c3cb2c730f

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_en.dll

MD5 90afa78198ebd61bb588145b28f6ae28
SHA1 56e954a7a9d086a30c49b3fadb39108ed41008fd
SHA256 900f4de13607028d1e4442d361e7e0b80670c9601cde0a634a12119b13ad1fb1
SHA512 d3d5a80e06f1cdf976cff20ac840eed31034e7e7eb37ce10d58bd7a99c2a3a6db711358e32d77e8248e8f7029aee2b87b37a8ae600810c4b454ee3c08ab723e1

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdateCore.exe

MD5 f5e9477194d0d7c18a7c3529a10f917c
SHA1 17b0f78f7c56a89ddcf2232242de8f13f0cdba18
SHA256 f5c45634efa29acb9dbd1f16880737797171630c3f81fe23aea26f4dfb094323
SHA512 227d890734313d4dbaed48501e6c4cd1f3d1bef403bbab1f65084ead6a32779381bd9d71eab03ca6eed332a7866030eb1fa01fcd1c28a8d7899705dde33446da

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 433681ca511d96f96479ac2cca102522
SHA1 321b86c79779e3685b022012a4ccae8b5f3aae19
SHA256 da5f97895efb9698657ea213e6d0cab53ffe6bee32933ca2341406faf64dfcbc
SHA512 7b90a0c624f9500a6aaf39c9244818d128cabc898f5e1e8a28f7a67fafb603b6906610834e172d2762703660dae2cc541d51a5b7478644faa5b6b820b6724188

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 64223294845556ab103ce781a07db647
SHA1 988e53cba0f55e6405df02ac35f8013e79fa839f
SHA256 8ff65e8754d8f33260e75d43c40b8a4b25eb7d42b85ef73ed6d67ea603c513a1
SHA512 58af56f6212b055e350047b641bcf4fccc22012f70e12a4df24d5e2af0964f42ee25cce3d5c8cfb75071bb2e2f9cfde3d3142f2502a1a2cea20fad7e219e0de7

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_cs.dll

MD5 7f14c4c134a48cdba2c41ad653a5fda5
SHA1 a181b6f139b9e999efb74a11b3a966480c706e79
SHA256 6fe845b8e932d1422935eadb0fdbbbcaecdf567778f50f6a10eee72e6ac860e8
SHA512 4cfe470e0039f7452db7dacdd8512c5d873b597a583a35cf6132cef3080b3787f816022b14e067bf699bce2b142be2073dda65e9bbfb81457e8fcd8b1436e02c

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_es-419.dll

MD5 e393fa3d70aaa6dc5bef5dcd7df4ff9e
SHA1 292fa091659e5954b760e75da9ac9c3d2e4ef1c2
SHA256 f40ad5f9cde0853afd1834d3823bcb2a50cb358eee188b5d7a1d88b751237026
SHA512 b3c879009495975f1603380d10756281ddc5a004474fefbd0fc470741f7f5b59ca8c3603d87f9bed6709a31f8eb04a7d84ca8c10db2c9d4a43487604058a3163

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_gu.dll

MD5 2bc86512dd0753e4649fc66d72760498
SHA1 21d7a1ff5c5f54f9aec52b4d6dd6beb72c9988eb
SHA256 01df748e21237a03eb6e9d616cf0ab2cc63272a736c8e6fefb476a2b59be3302
SHA512 aa7cc40847eb65bd67c07261d48c18322d63cd7acd5d230cd93847ee7e94e879ef87e9fb96b4131af7aa45524b3c48a01c3a215bc515a2227223504045cfdc83

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_kok.dll

MD5 b0993ff03e515e491a2b30344995f46b
SHA1 d4591561bf7ee245a6ee8ef3f10ce59479f46683
SHA256 7df3f55e10eb57e79a10a43c9c839ee4dadad6581b1cb696812636194ab3f97b
SHA512 244f15d811c519e46a1742502b7cd4c956231239a35f064289398d2b9b94807849f0c0243ebd8d7cb0545a212f23d7d0b621e0254987e2cce46879707ef1af04

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_mt.dll

MD5 f14f8f20b0a851f6fc387d4871f3d078
SHA1 68111340e7d0b60177d9503c6cd683178e0e3b37
SHA256 c564ad9f8ac54c15cd8854992a3fd51e629aad344e295b7c27b1b8a2352b499c
SHA512 4d2c3f3098d4cf94f48ee6253279dad1e1bd88cbe56b5b1abe2ec99693bf47cea1ae07561e46a8ff75a23c156cf9c297e9ff2311eb204dfbcfbffbd67a583cb9

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ms.dll

MD5 bd908b4e55e0734e0c385b275969a8cf
SHA1 44d9bc7ce298105e02f127cbcb56348f2166aea2
SHA256 aeae3ab23602fe3a16a37542333e9e9fafbe9a9b5bd75a8160f6a6e6693051f5
SHA512 d0fd2f2c5a8e6fc46c820f9a9a7495621568372096a9eaad205e6819bc445803d678a9241f2365d77995e579d40eaa377e60915a11a1439683944ea490f8306c

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_mr.dll

MD5 c522b1f946733d1f98287e7cdfb7be85
SHA1 b73900227cf47832275183e4fe34cd323d60fa8c
SHA256 bc7d941dd7ea8641320b8219fc023e38cf21b2e0e8e90d7b2a0f230a62582dde
SHA512 53ad9ce365ab86e54dd769c6b33d157fc0380af228a972076b24738615799a1128ae19fde353beb46bc847b68bb528b83945ddf0d08c622877d37a98594b1fc0

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ml.dll

MD5 821fc1cebcf23ef54a7179a966172724
SHA1 1cc6f74fd03f89b17aee368657326c7b61ac4971
SHA256 7795e21a9b66720c1771a90156f0beff5c7bd1318bfcda2309d8f0973f5a8272
SHA512 7ff2f81b6bd0751b6aacc7ece6c937895b09acc13453eae3fe9ac5c0d0c4c9eeb6751bf083d42f0ddf941fa4660832d358b22142ef3bdde697b67eb1da49c832

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_mk.dll

MD5 699c8fb732043a02378ead6badb69cd1
SHA1 ea9c3bd2eed254ff56dec2cff952a8804ae52ade
SHA256 976be8789d91935bd083691afe245bea0230dc159dc2524c93cea2a78229d2e3
SHA512 9e8f0af3d5a3f2c602f6566d8ad323bc27d182b6ddb26756d7d2dfa9dc2756f3243c258f6de96f50b8525fdd31cb7230cb360d4098492d52fd7b8a0904ea1f11

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_mi.dll

MD5 10cd5ec2455ae2eb80280aa5f3a00ad6
SHA1 fc0ac954970bb33f9e4f372efa3e99fdc9c32a2c
SHA256 9f1f89692559cb6428af5336f29577640015df9fba272dbdf8a44709c9c34496
SHA512 1f5209b4efc1d28e3ddde4e8087565861c31bb31e8535d1086601e0d56594ab5b163db0588c8913f6e710630cfa57c4aaf5f2c94717849cc5c73520bb1135738

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_lv.dll

MD5 114b0fdf0183801f36202b4aa52a8c6d
SHA1 25de0a71c950117c332f3cddaa0f8bc4b1e6a90e
SHA256 a8efc8a3399a54ca234bd76247f217576fd8cdc891d1d487e86ba06fef676be0
SHA512 cd16f28783f1707215957c6e545cb8454e8d267a606fc91142c7feb1e8f83a020338d4ae3177779bf31b34324e6d8c35d648442345beb019112d402ffb7a0657

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_lt.dll

MD5 bf5c6d4441d9495cd1b2a982004a026d
SHA1 9d92d96194cae48ede6296aff0244f55bd8ca363
SHA256 9ef68efd2a91caa4b41321215e4d6adda225311e48ac5c2bddc3e3afe379a595
SHA512 a93f651be188a27f90148009c2cc41e194799e3466b1d971f607ee80cda2ee75ce24003d14ae919ab7bfdd14907937aff31672421aed067f381f2480ef3a3a75

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_lo.dll

MD5 f341581e529ee7cc558769c1cd23297a
SHA1 88c956c86045cce4a22fc5ecb16e6184b3ed4c59
SHA256 cb5c131a93dd2b77cb0ef5499acc8a0b8d9de15a7193a314452efde262054377
SHA512 196542376cd3ec6352a60c2e523ed240c4e1252a8ceb67d4b5ce27ff62c43e6bc5e7191f90afbd0ab910e325b6092a4c5e445fa021b8b02744bf494c62ed9317

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_lb.dll

MD5 ae1afaba80329dbf7a2d8c9ae899cb31
SHA1 59a3c94260512c89f4fa36605273d0a23ca39681
SHA256 c01f4e503aaf3b9ba81cdd79255cf3073671758f370bf07fbc59081dfbcd8e45
SHA512 7c043fae0aea39b5930e48b2f5eb5a7660da5dc69f288febbac54b3d9b129540c5aa3423fbb77e7c127c6a16bbacb0dfc31f6e3246812a33c1683aecef029acf

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ko.dll

MD5 fc2bf0ff5b72217e0b581be65464836f
SHA1 f3e63c61ee645d8ea1db82188ca9c0a74c2f5f9b
SHA256 d5b610c073a7e96e6ab38fb15218395a94e4526446a1087f8a45f90fc0b25ce6
SHA512 a0de9d8638e89d29dc9b6639ab7e2abeeb710093d6db3b67b0a7290184d0c2200e69ba750f94cec66a4e939687dda65344d6bb020f961fb095444f9c1608462f

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_kn.dll

MD5 0b3764cd341edac4f859306f942d816f
SHA1 6728dcb1c38c7fbee72bf1a23084c806cb724499
SHA256 9a7de95fa49e02bc700acc2820cd4099a997988cb57663d2d1e4c2f3c4fe365f
SHA512 147380a455df8a314fc7c4173a8e9c2103b09206f0efebcaf8bea96b56ab72f9ee1f92c89146873adc73761d50103543cbe6dedd7717c7ead821157c1bd111ce

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_km.dll

MD5 19305a2fae65010d305d658338cc4ea4
SHA1 70fd2048440da6d411fd0ab61f441cbb706b3b11
SHA256 27bb6d533b10539f18b9ac37c49d8340ad7bde91e5150981fdd317ef38bb7efb
SHA512 5fa9f71e2d5f2b588935be0c1a91faec745e20992584071052cb7624637b7232fb6e5d60aa79926cf2c3ccca47f95ce494769a679259bbf2d5c98374981c61c9

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_kk.dll

MD5 2b4883e2c8eb6a1cc0618972ab9022bf
SHA1 90db614ce4217fe3703b87ce8be687e7b244da58
SHA256 2815b85a065bab6aae4af23cf5c8ccb5c8f587b5ac57b9719b2fcc6343d573b8
SHA512 5e86c7028fa5520fee13b29c833d5949b28bf6e803752df71b6abbe9e1fa5b43c9948e6b4956e554cd5461a101824e051e20b6762cbb418f112f938563f05e20

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ka.dll

MD5 6e590abdacf69c0a95371ac48ab92698
SHA1 f2a4a183010cafedb76c182a6149bbc313ed608e
SHA256 975cb32be3ee396f0a076483206fc6a9f8d3671c439ca5aa3649d7cafc1276db
SHA512 d2cabc0ae33c9ca75f6146d2c7ed3f37df03a2e6b82e7e6180a2a7bbbd32bff4fa157ec1c8d906c48445c79ad58105ac30e0217739ac21beccf13be369f0cdca

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ja.dll

MD5 7bee509a3cb93cb97a3c419ded29b379
SHA1 51b83ac0e624da9dd877894ddb229382c25d479b
SHA256 9c24aa6f46f6bb4127a27efb46279762582909dbbe491c2fa1a621a8d9da2408
SHA512 0f148229fa873878827437177717ca3be23630f62788886f53703484073d282e3204cb86aab49e493bbde2b2638bc1d6b7f05a7290b32e2b6115854774cf995b

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_iw.dll

MD5 f2b801a134d0e6016a500e7237f17fc6
SHA1 05135e4f7c5c2ffdf7989c761947c7f482e6f859
SHA256 556146c69e56b62901e3741d606e12e766324651793c26ed75861c172a34fbf0
SHA512 9fd5c3bdd6f6cf4c75869eb0c80f71f00207e3bd0a3cf1ada37ca0916018ad691d93c335faebb919de551ea7e0a0fb8c0ee4b406a573b48f6ce01a21558c555a

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_it.dll

MD5 20af857014bdfa8f869145dc25fdb5e5
SHA1 0d876e9b0abf907b4cdc0767d120504cf2ecfab5
SHA256 13f6f81e6507f2304768922e81ccac99951bec4163cc576f2dc3f65b78cd08cc
SHA512 992443bfe3c101270e1fe5b39d8adaf1990b46e79ea2b285fe848e6632bea2ddc6e2a1523611359518c79b0ea4ad5a228f5d778bdf78872010b67e753866ae72

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_is.dll

MD5 333f733cabf382e901c99e1d3049f767
SHA1 8c858f0ad0f06f137fbc340f01831a7eccbbbaba
SHA256 15fb8bbde296a384f6c9bf3acf0d8f6860e30d7dbac2c60cb928300d8464d81a
SHA512 81abb4abcca78181956dab1bd8a3b9523cc38f30348675342198f2cf3394fe1366d12f8b61fba7775e8c572c45a23603eca96fe36e693ca2d5f5bee0300101c4

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_id.dll

MD5 ef49bfeb60ee4283650932e4e50de722
SHA1 e592965caf1dd2f894b24a09f2cd14294ece7d84
SHA256 c49adb300b05a792e3b2d0e91d200055886acbbd26b7eaef43722ab3f5c40752
SHA512 0a15abbb7f5e43425a561c91ce775ef6944044f3ea9e1dc60371189c79c4fe1cbe059ad38a7492f8b2342f1ecb5fa3a60e1643793bf9db90c21e64f1eeced079

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_hu.dll

MD5 df6a438814eb75ad639cc572f123924f
SHA1 8aaaba665de347cadd55dce07133265e30d48510
SHA256 416d5ed542c2dc6bb7219d2a76b5729ae835db4b63015a9a998a0eaddeeda1a9
SHA512 02171d854bfc57845e6eb344a48c4aebd653d229ffd94d4ce1d3d76a623503c6a6b104f9323a7afd16bd0a2007a0d544d8e31f52a3e24a3ee0a4a6520f0933db

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_hr.dll

MD5 cabeca48e04e6bcbe4fcd9231bb70ff1
SHA1 af016512f0bd3a51b38eb22c7aab8ce07a48e9f1
SHA256 fc73ca5d57213643d99432389eb371e13d0217c4718aadf551677667b5f9837b
SHA512 e3d1b7f9a5a4672da70090c2c63fbf1a87a27d127a538c940764b611d3e8952ffe7384bc5e103e7d5b90b216eaa595086a9bc070bc9700c7e450476be17a63e8

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_hi.dll

MD5 3a60d0c9d26cd258b08f80daa33b0134
SHA1 ea55affe72494cb0f7145644277270627d68f99f
SHA256 f8647909bbfbe73c0c962eae21c45ca58717f97cfea7dad404fde52367f837b7
SHA512 8e1b6e53020652f391511c8b4e64b8c12bddf5c52f869c8069349c44576520a9529bf120d377c243e5b6dbee0c37a8d9b31a0e4eaf2126b553d485e840027370

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_gl.dll

MD5 64e4a461716700e7f14e7014abe9816d
SHA1 cea6b0612f2dffb7e42d23629d41ffd73cbc63b8
SHA256 9674903cdc0e08f18c8f071ed9fccdb8aa20184c85d48d99e8e90de4f4e33a05
SHA512 f68f902cd1a3e1232401db23ab466e7a38ae09e3324bc91fd6066d19b9246dde068178b73ae5fa6cdecc420b0d3a818f183f46d280f53e8c311b063c029537f3

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_gd.dll

MD5 c98c2777d3e3f5b4cdaacfac7b92233e
SHA1 879cb8fb3f292c05aab59a2852daaa089b13cd00
SHA256 1afc654cdc779a78ac66c08f527da746ae99197d2b4a8d23f024afabbe98434e
SHA512 72ad4fd9e2f3b29f937ba0cefe6adeb85edcf26f913b5f4dcf8d7921a7cfd38fa1eef67db7c83e1ebc4714dffcc4adb9dd6ca909b2b7ebaf2827d2b2f90523c1

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ga.dll

MD5 baab875fbcead06d6bfe0eb3325f9d1c
SHA1 7c770a51d93b5651f14a290858fc25a8c5458378
SHA256 e2706880a1ed7cb34faef4ca0f3b2df7aa4e75d869dae74c86d750df8423c1f9
SHA512 994fa0d9f9d02b1320acc5ad336e30451931a52e6a8c48b3b5d9d5179b42c68feaa14fc76cd2ce99f682f1dfad5d8ce21b87a12321fabe504eb9c0844a49fd32

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_fr-CA.dll

MD5 000135745b1756a8a8d3e73140e18ac1
SHA1 2399c903c91bb969794a41d1a5e693e8f33125d9
SHA256 92b4f9d8fb86a8aa24f929d27e76e680923717e29a88ede229abf357eec3a299
SHA512 c0b3484a02888fd6323b6754d76325cbd5b48cbeaaeea91dd2ad8c2a3e74ee51294e7edbbf4725e9b00c7c589750199548444484c5d8d15ed973bb63bc8f0773

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_fr.dll

MD5 1e41bacb6e221e7db7772bf7a9b9b228
SHA1 5036f8c73029b74b51da93330e5bd6be78998953
SHA256 ecef2e77abe7a1e67ee7e2b1e281ff3f2b1e0cdc4ae1d96ca4e6d25730587efd
SHA512 81bc5de9bf1c392c886b9d83de8e3dd290399c31504ed998a746eb2b3cc2f7c43154854973146a29e9164b2fd6df8e6bae7a63c9288c4dcb7ac9313c18289c9d

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_fil.dll

MD5 e448e42312360c764f4eb091472aa469
SHA1 b8afcc1406fcd0041c50ce858883d1a629700537
SHA256 fb31e09bdf7fc834317bd9ddc3376bd1992c3eacde48ee71a133f969e20401f6
SHA512 8af85244d4b24292289feb560e79f69e65dbdbf16ace5cb12fae73371630b71e3bb122bb276debbc7842d8b53b0ea3a12eb89acb51b3c8f39fb45c8337304077

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_fi.dll

MD5 3cdfa04a84ba151c6ef1e1711d90b243
SHA1 d306f97bd7a3a6f620994c5c98758034a8899727
SHA256 0a063456432fce42401c8362714e98ec157e9f9e5ed3eebc4d96f9b4a039167a
SHA512 e02ba732feab507c478df22aacf2b8399bdbed4f937cddcde9a3c0dd38cdab0a9c434dcfa8989c1d97fdf1e9efa67b64e9dec631663bc56df0356ca2036e2cd1

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_fa.dll

MD5 cf17425264c5d3e95ec3cc93e0cfd95b
SHA1 132652c83194a66e1820ba805b0cd1060ab7c66a
SHA256 0a394125c397e472932f7bcf40e2f54ca1050e0620d35ca322c6f48d80bdbf4c
SHA512 f7e2408ab5560717252c0536ab652cedbc2cd17a7e6d375d7dcfbd2cd8894b4dcd71f023d2bae35237250e1cbda08385a1484550a07f13901f39e6d75e9f87e7

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_eu.dll

MD5 cc332ec84b9dc507745c1833284ad4d4
SHA1 acab1658ed5f20201ade23311f6436da6bc7ed73
SHA256 6533a3d4e7af844763e89e3a4bf2330dc37dd2dfd6176f98720140b1f22a7830
SHA512 5125af4cdefd131d79988296362e92dbed46c7ac70264a9592fbc633ea2527944745c7c3cd475b0117efb0729885b696fa7f90cbdacc04d699d6aed235482259

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_et.dll

MD5 999504016169d3caedb132c230feacc2
SHA1 a0efc52f4104906ac51da46f24779358a319df8c
SHA256 ec804f7507269d52785b699b4fd18a2d1a3ca7e0956dc15bac034151596b75c6
SHA512 ae3b4b3c38ac6af5dc80238d0e3730ccdfd436dca6daee317b58f92cca22ea51ea2ef720e32f92693d23e8383fefccf9c46c10a148036687f0a7dd8bc844f274

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_es.dll

MD5 10bef36b121886cb7468bb209dcc6836
SHA1 8b98619e4d8ade70f1f9008f6183de785b6b4509
SHA256 515f0a0334db3271f84bbb288aac9b907d6c363dc1a9a6447117a7e7c967ad29
SHA512 3b3a06f02d5bf5734b99ee38a249c3232b61f2a5fac837405501bd9cc9c8cbcbbb38dbadf3734a7a6b986a79ef34c7ce63c8c8fdde7d10c8bd916a13eb8f662f

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_en-GB.dll

MD5 38d1b69a1f1e07a99c9df5416b7fc639
SHA1 f46cca601d1cc38ddb8e93f393dbf9be909e49a8
SHA256 952c6fdbcd0d333319e80d415caa91757ce759fb4d8adcff3229b134c5257244
SHA512 9ce6849d6915352e746921b9e7c3222d8e99577c77405ac9d44d33d4b0d70df74bbf06d6ec750d38afa21f2824a081bb74dd271b79ee38015e4b23fdc5d840c7

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_el.dll

MD5 0dbe7ed570d8139edfb03b022abe1b03
SHA1 099e20aeaf984cfa025f017706c694a98f04e2e2
SHA256 77b34e4beb5b9b9110582cf55432dd1c75d1816d5744d56c26617d44b7ba37d0
SHA512 a0667ef377c52467f8c7da6627f9c06786c8134979929a60c8e248a08f44b0bbfbccbc79458db84d9c4e183446acac9e7e18a65ea4b5e8b60ee3a911d8c96a1d

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_de.dll

MD5 79c1cef8c38d0ad8e4eac06c84accebf
SHA1 4092a10acc777d560f255c85b1a1437dd53a7101
SHA256 5f50709f64eb3f03766e7aee5f446e8cadc1737d0f404db73f5dc447c1f77899
SHA512 13cd04233e8af9c194e44d1f322aa29d156fd399717278cde1fbcac8acb1efdc4a004e5e299ff19ce8b423b3cbcf35337c27bc435a777bd60e0bc4e8417aa9c6

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_da.dll

MD5 5666fafa9199b490d2b20cbf2f5395f6
SHA1 1f43b774ef9a8fc218279dd81e437ffeb40966d1
SHA256 e4bd6dc7a20b9053b9dfff7c2c6a8abded5914994d300fd1466c9b271a0bf42f
SHA512 660403a3abe9a4c9ed7a1e54e5e582816c57cf3cc9a69cf67b8794e98989933d90acdea4df9dce222d82dafb92145efacfd30bae93c09193be281dc5ec634502

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_cy.dll

MD5 b2d69e686d4d6401479b2cbeb5c62c77
SHA1 696ddb825bd7f812c11191bb53c2c00d548d4c00
SHA256 40810d25a6f9be67b000ad8228dc20e41e2b0d2223d0ae13878f265fa13bcfde
SHA512 b0d877c0ea2266087b8f464efee9fa54a504ec12215d2e7f3f463081075e7128e2d9437a550773e2b703227ca952e0283f940d3a6e1325aae2784e53fb3e6a29

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ca.dll

MD5 7f21e0d781e6ca29c3912967eb920b33
SHA1 25f8be269cb3a1dd322de909b8d25e22919febcf
SHA256 aa499ed11eb86855c85426158f198b3efb6fcf67c3b484793f34240bb04f049e
SHA512 cdd78c9656aaee68306527e3a81bf6b2bb749b971342c1fe2b45230cc06d97a9ba6e6f6aa4ee50de0d5abf983b0f1d0cad3718162f046e623f2f6dda6ea87200

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_bs.dll

MD5 78bbea4a67479fad54a247e877c213c3
SHA1 800c9ac56787b18fbc010cf0734b4a187d3f4a7f
SHA256 beb02561cdbe2694028c2106b603661d4b7649fb4add685e5314c7c1d27f6252
SHA512 8528525660df61bad32f3492659d412367ac42291be8f018ed1017d47baf205ae95b091616b0ac2b20859b1ccf504068dc4e317e176495e9021b109c97c72bc1

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_bn-IN.dll

MD5 f7d821198825ff1e2cf321d15e7033b1
SHA1 fce91abf0300084e22521c81f8d194965f25f556
SHA256 3518a0aafab4518df873bfe4e1c9e71e3809e092870acdb12eaacfe52c01e25a
SHA512 85b196fe52121c49dddb552dfdaf3f986160b53a78523760dd94ca08cafc5ba75098a744dc5e605419c9914a111dd207d7d737afb91d73bee7ccf0cf83a8dbfb

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_bn.dll

MD5 a164b4c542d58d702e81e05024d95459
SHA1 e034353f3b1e2afff2ec5c36b36028a94bba9567
SHA256 f332fd86ea630afb90bc9d50925b25bd85037e18f186aa45c047fc179ccd77a4
SHA512 f7f22ae416d949a45887e0f0f6f67f6b9518d8f5a26578365dc1bbe979f731eaacca34a53c1d55947ba9cb99697df6ea628f005701f711afbd73fc356f848893

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_bg.dll

MD5 7efa4d227351f5deab462bce9149d40c
SHA1 85cfaed5408724398f9a3584f9737ac24f4993a4
SHA256 b36e0c8bb231ec5597b6a8e86379400d1c3dd2218ec8f401c53538ba7fdbc383
SHA512 88dbf96fbe3b1756799f6dd9f216e26449277f0b692fcedf099ee5b8563ec2b44de967cfaac0ea7baf072992b0e24166986070811c6a752923c6894961ab3f36

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_az.dll

MD5 ef2bdeeade769996349c0a0f4a7c5872
SHA1 8d3944bebeca2cc674b0459c637e125df0621967
SHA256 6d23e6e87ce3e847ed059781bf895c846e5e34e66083f92089cf08b403432a55
SHA512 260d001693a36c7a5db55739d1781bc41b7c76a182d6761229af2723ec223b426b4b4b568544bcd1c97b2415821f2a9514a49c5483f9038438349f7dc31993b8

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_as.dll

MD5 009dce4ff4b372178c28397fce96a59f
SHA1 92277110bc332fe7863beb2ddd4e09fbc55bf81c
SHA256 d333edca46076709ce749e5c55efc888e49120e27c63ffecdf3e78222ea155e5
SHA512 4661f3262e7f002916530cb2c9c70d2de5297ba634ad451d4fb39870a26d1a829082995737b5c0b0911c32a20720862dd753330aeb30e993a882fb4fbb110c43

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_ar.dll

MD5 ff770d70c8ba319bd01ca708e2644572
SHA1 6b8c84053f4ae62afdc7002cb3f2e849800dcbb9
SHA256 db673f6e96287e8827ffdea3ae880aebb5f1b2bc5d45bf26be6513629ed12f1b
SHA512 8bdd358dcff62a0e3927202e7bcb85d374a2cc351e940707ed4d2638f4f40b3666c7741345f6c0bcfa75b9b3204c1a821dbb44458fdda95a05b0b6a253890cd1

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_am.dll

MD5 9a1b664570e9631e6cedf8c2d662421f
SHA1 d9efd018975d111a08e35fa92b1d8955dc31eb5f
SHA256 52d1f080f3c41c4579603c3cca47b6667472d6b4ed787a3dd7d345ed8b3ac747
SHA512 69d4b33cecc3280ba369dbdf60fae92481e8965d6640a1424ac4d72a2355f3d0c367469f638ea6296c1e508fc906f94a2987eddf9cff3ca13659113cd4c178ef

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\msedgeupdateres_af.dll

MD5 b02f36aca674edfd030906d8aa7d3e11
SHA1 638981c1e6713e1c2ce2f551bf7326a1d48ae3c7
SHA256 962a6ed3be729a924512528f6170fcec6a86bcdc37f89faf8df3e31fb2c9bf21
SHA512 2b5c087c5a1a12e87b6b3ad621b9d5e0380f0a962a727bd261ab1b0ed0a40aa9d7c2500648469758889df598b86e343cb2a3f2d034d07250243a7d1e99dbdfb5

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU3E03.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 23a351591308d49bfe2625d302820715
SHA1 4787ceafc8492b09f85a1c8abb7e5d0c07f52e96
SHA256 7610b2c0bf22563e850e185864d9244eee94c853e6595cd18ac59b6d603af651
SHA512 cb266826f6ca3de75968dffebd2a3b480fd3348fa1c0b972851f1008540285cf93158555448446fb8b83f1fbff726221e05a3a18b11da0518ad65283d8eb8247

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 ac0c3ce5c9c6017d85d063255d311d73
SHA1 ac86a5b6e1b7d6ddb4d356528be625e7233768fd
SHA256 38417b7f6bd1543ec96241fd6aed6976d3f69bf24360474acd13e6345ad1d004
SHA512 dacfd1f94edf1d80c1dcea22d20f1ce142be02da3043cf484599958e2857ba6c4c4f210ff7b94fa8688a9b1da855bb2f60af769202c92c187228f8062ac3f827

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\122.0.2365.92\MicrosoftEdge_X64_122.0.2365.92.exe

MD5 8160c90cae55f2e055b69bca9c804c3b
SHA1 a138017286fa473d24d89e1c35bbbed0eaa61fb8
SHA256 9a7ee9528d4bd6d459d25c869755e199be11528e93345306d867a913f2a94dc9
SHA512 006cb68f51d955c1dfd78fdfbef5ce67c66e59ae356ee01e85f6102472b041b1ae398b0e9db2b5378f2613dd406da621bf59383ee9bb9f560532d3b876b8ef67

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 5e2531297ff9cdbdaa6cfd3ff5a1e194
SHA1 4e0fa7d277a356cf8d7efb955c2ba91119b2edf6
SHA256 fbf08146e719695d80c9f4bb6589111069066b925d1266f54d4af8ba22a6c5e1
SHA512 7f60082c51e46ef3d890f606096aaf0c8201d877e109a081630d1d7e1254e7f3957d3a841127556f5df86157fc286fb634622e496f320d998d206f4a18676adb

C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Installer\setup.exe

MD5 e57d4e600d42e4c112b8a5f43297c37e
SHA1 0981c5251048f46cb425313d9c20f21cd51c4fd3
SHA256 ca273139b833de79d48b91263b81f3b37e164706e4dedbd1990c0e0d09ba3161
SHA512 c7a831349e02c5ca30b4b3c708828a595b05f54e51f7e4eedb316ab0d855fb6a78a39d97887fcaac55547bb229983c119f75feb53992e6f30c46c52035767b62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ffd9b38af490efd36dd958b3e6f0423f
SHA1 d4ccc72f66447a0413225d746858a436e72ddc86
SHA256 8e139278f9f68adc2861ae46a5d548c95e51b4a6882d16eb33800556dc95ca4d
SHA512 198ea448e05e366e7b63c6f2b01a4bece79b91608b4c96edc50966d70b46f356dda82dc4b48382bfbbf85edb4e06926b18e672a432a9cb8d3d0742a105278abf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d448472dfe4cbe5a9805221b46a2e646
SHA1 623f87d25ab1bc56533f77d93895214f0ecdfe8f
SHA256 99b5c73b4f2d7fd65b78c42249e31e15182d9c55906702dbe328a6bc9de167ef
SHA512 838c1876656f135f1ea6b6c9b0f20eb94eca01bdfd7edd92be8ef78efe8fa4ba1e5be464877068aee7306df2731b66ec6c17781eddc94515ce96daa39633fd2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 abbd7d09c9cf99703388aaf6a10cc0f4
SHA1 0e38afe5f56163e0aaba9afa8b13b06a75d30676
SHA256 5875cb182bd50042af2e40bc65480ac7e5cbee4ccdaf1ba5d9906fe360ed04a0
SHA512 4c4baa3382a81a4ccc545e2e454b68c54df8dd3c03ac72e436e000d22d2513e95334d3c766bda443dc90ab7e052395205082c75dc45fed15c7b2afd5e49aa6e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 92fbaed0bba80db43c3f708e378e8b99
SHA1 21260ccbb21079598d886b738b8cfc5293457344
SHA256 6fa6b9bd3b50998a9edd96b185eb512fbd75292b23f19b49713dfe885479a59f
SHA512 413cb378ee17481bc7a73514637dee7307325aec5e82ef7b92018fc688da6bc226e90577376d77416002b9f853d42cf16316edf16235a75acf5e70b61eb9451d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b842823d2b0ba1ff3c4a8bfacb82bd0
SHA1 160a0a6d3ecfd1d4377ddde9aaf41a93af8a63f2
SHA256 3c7bf2d70fd0aec28533781e23e242be58516037ca03bea4c12c34481287ae25
SHA512 423be9da8e5b65ba2b779a5050549e324911b97740c3909487749026d551a42eb5a60aa2e2b4a8d0c511a25c087a07629b3053b75df380e7de1df1a515f29b01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

MD5 47d41a980668e9bfae197488d6d56feb
SHA1 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d
SHA256 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43
SHA512 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 8763fe2dc569a1b609b5e6d195f45fb6
SHA1 0f4974db0aa9202dd0707dd61ba2608920ed8e90
SHA256 fa8f5b17b3a48f235c064274712e089b0019aef3d6f1246c3fea3eeca3a5d488
SHA512 7a2431bd38de09875fdda472117ca1680f06367e74e6cfbb232f3ac1987984e611175c8813096d779f449f4b342ed7859df0aa2b6500ca52b6a0c537a1b798c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\3a71f882-81a7-488f-88e6-187bae9aa5a3.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\94d569bc-a5ab-491d-a0e3-8dc69a9e5ada.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\10aad79c-492e-4f98-ab79-609063d40e32.tmp

MD5 fc21c3084ece86a867515f4112126d22
SHA1 7ad412386eeda21136ab332edced98af075cccd2
SHA256 378723490592c0627ac18a287f9a9cb74970c3c6e10a177c322282bfc1d01e01
SHA512 37777d2f86d5586b5db02fe8df853814ff0b1fcf0141adb8cf0a42ce3c15c5da8f65de89e2deb8c13040302f95c6b0ff523a4288c5d38ff7977212aa011b1309

C:\Users\Admin\AppData\Local\Temp\3c2ca734-9f1a-4bf3-8a67-4b7989e6c13d.tmp

MD5 78e47dda17341bed7be45dccfd89ac87
SHA1 1afde30e46997452d11e4a2adbbf35cce7a1404f
SHA256 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA512 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt.tmp

MD5 66f29c96ff7cc7fb0fe8faf0513fb47f
SHA1 5c1d8d02e20692858a86c0bb8f7cccca66935136
SHA256 0a83b8ca5394abe033bcade578e0224f3a883b5c806c9da09791296e5e72b1da
SHA512 134743152cf07a459ab067e232e1db9bdadd78d077e557bef094ce6f5c92c644af5361eba651d43a2c603d833016475e8bfd92e3503125fb9c9e645239f49f28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt~RFe587913.TMP

MD5 4ffea1e67ca3ae52f43013ca7f463bc3
SHA1 34f1d2f941f9ae619a4b3c2270037c46c3c3f6a1
SHA256 19c0473fb22868683bcc7167159e018072f099948fe4153543e8a6ba189f0066
SHA512 5cee2262ec5e53c3d034e3f1f6371cb097ec82d3150b0f3a7051b782543c6ec835de21001cd90f84016269d035eaa56ab178717093d91492dac5059d571654d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 9c20468d3a201e0a14e2e20b362835b8
SHA1 833ec477a69f5e10f631788c0e202181a53254fa
SHA256 007c04c51e76d14bddb99415859e5c2caab86f00e1490fb048f5da6e20127bc6
SHA512 ef9789a7a7d3ddba55ba406cf22aa300a9a351dcc0a8ae713ee1a75bc05c5edcafa260160326f77d3694917046029de5a90a5cad2ae4243aa0edd12092f591e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f88e7d4c-327e-4dcb-bd60-764915e62efb\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000016

MD5 e8a267384532d362c2329263853b7f3c
SHA1 924823eec4d8b01e90fbfe55a92f49c1701c89a0
SHA256 ecd501b440fd62b924b16e683af30b64ad6ae45dc06d5f807c4d77a1b0e934ff
SHA512 8782bc7134fbde9b1e903780240443bd559f32b67b672f87f9419aa0749d34e3a3e5d452419f1854e3d2d95bac326a65a8ec94d5f9c570265eebfa7a4ffc7c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

MD5 3d20584f7f6c8eac79e17cca4207fb79
SHA1 3c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA256 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 91859521a6b6ca7e24682f788fff2638
SHA1 3b57a53bfbef270fe71faaa9578d5a619bce7343
SHA256 bc7939795ca39b4245a8b4aefb0b5f86c2c55af9617bdda710a9eb4d3aa8b873
SHA512 af985969808a62d1700f878ce5e861b2050ce2f058b74d38e220d4ae64c65eb6f3b3324c55bc25579811b43d386b5885944ad091bffe28d969c0be4f5a748f3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ec3b4e1166e005570f9ec4ed45719ec
SHA1 02e8d6c5300ded002b1c6cf131f5b3cca163382b
SHA256 8d1812bc6684e9f7dd7cbcfc08a5c9d2dec6bf436abfa8967f5d97e14350e521
SHA512 697dee675e5fb5618b1aca76fe3caf46d945cf8e07f1a2b482aeb8a5a3370bab4c35b772e49d4c1c8a0cdca52849a65aa7745c61c5bed5bfd9ac8e031d334e85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16fe6ede1b28e332a9485086636fec0a
SHA1 c2e6d73db4c534265f1c8bdeb9e1de828dbad218
SHA256 76015a89ac46292314023a94ae6adb91f7bb0c4290ed47996acf1958f2040413
SHA512 8ba4c7a7d779d28e19e3efbcd47a51739fbb01d6d4dc2a53a292c7dea2cdbc0ef8634a3398809707f2262fd5d4061dc68af7e6584617bf8b85dcbeb92418b4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\4abc77c0-37bc-4354-a4fd-8170afa51be9.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 9c7d436bf2b076a7ab4df36ae0d7c26c
SHA1 1083d986d0597e277220dee700b8d2bde64b671f
SHA256 6a11c20d04bfe4a026587a068226fe40aa5462ee163cf8a95d1649e147e28172
SHA512 3f1438168ad12f6f8968cf9b30e822c74664c1372c5623dd60ca5bff9114a5adfcd07608ec434566f58d4313af7bde9a2a25ce779a6007ed82410465c669da15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RFe58b86e.TMP

MD5 8dff09964e4732fb1ca7d4bfca9fe678
SHA1 cf59a722011e6919345ab1ec37c282ab24f56570
SHA256 5f7ef9f502b637a57725080dcbbcced25aa9b01ef2c53aabe12afadeec4ac25a
SHA512 68f99b06a92d08860576266fab55e1df1611062d397e6f65a1c384bd766cd0bfc09475c0aefb0ef200c3522059ba1442bee764aeb34761f249752d7370e3a738

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b9651c8ab2c85324552a78e9505ca719
SHA1 4ba2f02f1810148e2c2c31d8dc5b690534d881a8
SHA256 450b08001365c827d1b2c7ec334eabc87051f6236bd88f7d60987c48cbd151c7
SHA512 282a23ceb6316052b8eac8226508e9d9a8bec82c97b90cffcc2fba976171a5594aa71e96a66882248052f9e28b64160d0a445f8a3d4572bf2a32e8303b5e7ed2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c8d9.TMP

MD5 86516f2701d679f8fe367abe55a65afe
SHA1 787c6fc1182a1ae5a053fe65ebe1b3996912bec4
SHA256 322e4c7ae0bde676a7bb98032e9ff0d23d413f1cdcc7623985d45156701fec48
SHA512 6cb1730d79b1a53ee4c6f46b1a1cd4b4d86974727d4a1e5aa14969e8e64d808492294c2a684db729fae07ab9131221c23c8165d522d058cfd02919e34e440c51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\61032af3-9e35-45d8-ae9a-f66b7bb0e08b\index-dir\the-real-index~RFe58cafc.TMP

MD5 5235fb18195663ad42a8ab4cdf0de8a8
SHA1 ad74f77e6864c1ad4ab41741266a75dec7bbcce5
SHA256 f500acd8ed4a6a8c81cd5b2039be4a8c416ded3dc74517e61238af56f3d0ec48
SHA512 66ca73f361381ed6bfced1e3479aa45b5c8964e2ed3f3e6b59a28b090e3aa116163751b8251b475f5b2fcd84d3db87113bd65cf79234b6c6d7f5a8f8ef129261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\61032af3-9e35-45d8-ae9a-f66b7bb0e08b\index-dir\the-real-index

MD5 6a4317d52d78cd2b2b818a7a6e0edda8
SHA1 dbcf165e23852607505adbe6e0dee9863ef3453c
SHA256 570c1dd6be1f83a9cf7020de1c737946795a4a139090785f04d993a6c5a32129
SHA512 9f84741f7e2d202871fd513db2b9cbaea46f45821fdc807d7d348f16a42623de3b4091e6e83ad6fde04ddbc570ec12ea79c7aa0fa367aa70101213df73fad1ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 28c5816660cf92075126ea4ef37b7840
SHA1 4ab9ce8835442b72efecfd9e98dd898c7d262da6
SHA256 07ff85f9ebfd6ddbad7e9fec301d0ca8dbeae3284bbf2ec41bc59a36cd133109
SHA512 9a084ebdef4314d70478f39c25b7fc1e6060c83911ef5e4c8122deeff226fd035bf59e7301af910dee4e40327de7e6f9c97fb38562174aa2efc8bb6737949b76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f88e7d4c-327e-4dcb-bd60-764915e62efb\index-dir\the-real-index~RFe58e663.TMP

MD5 c3c9ba51575b077cc223f228de4dcf76
SHA1 804bfa86bcd63f3b812f8ebcf9c5e71db4eb916f
SHA256 a5468f47bc180c05e0dcab780676006a44b178eeb2304505e7f8ab37cac5b20a
SHA512 7e3171fc7db6e96b2054a0a2b4ac84cd00e7639ca5531a33d241c7236ff77b9b340bd937ddee41c1a5018da3591d7b2414ca6efaa46a4f8e6da0ad48221d8a41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f88e7d4c-327e-4dcb-bd60-764915e62efb\index-dir\the-real-index

MD5 35cec6c4849bb31148839dcf5fdb0690
SHA1 802bfd2bd916c14898a55bceacb4e4a4b59a26f3
SHA256 b890cfd8f185cc295c9d0b23d5ff8ccac8b86fdae9d29eea8fb2c3bbd5512084
SHA512 7df4ec9cfc9289a93fc66cf535edb9aa5cea0d70ac2251bdc784152cec9931dca9133321ba5f3d22ee1897c70f84dfc690cd211714b3bac682bf015a1a2f84a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 0de84833b0dceb64356e3ee3b1db9080
SHA1 ddb77ae560be6fbed5a420b7f96060987f4118b9
SHA256 5ea15022393bc455aad8df8ec50ce897abadf0b7aa3ae60d980cebdc29eef7b4
SHA512 c159b2b3f0cbce38704f84dda90b968fb31143a935998342f8ee00756f69badcfdfb5bfb0a3564c35e7ce5a2a22c0d3e61765414acc08564a618e9295eb62c80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 7c5dfeb63d3170cdf9057cbaafcc82b8
SHA1 70999d8395a542947fb993a1c6c8c640cd5886d9
SHA256 70f19488bf72ea69acc000b30f9db3d2971b6e513e72ca769dc1eb2a6c2dd84d
SHA512 3b06db6241da45e18c8e7f5d4b2dfee4a25a43c53ad414869f28c3c29e718d4f105c7ea542595c17b5f3fa2b2e7b7ee612bc6713131f5b27fb17645e1962cc10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 5fa3f5229b050d3e301b9da64eccb850
SHA1 ad62511ac638a2a0a39448fc9f8cafb6b983adcd
SHA256 ad25a0c196b21d84b477afeb3a88f6d7679e58f753f4dbf95cd7909d4b8be21d
SHA512 e32b52e0d64c71e009e132ec9522274c4d7008b95df0206a45b62721016c4c0f1242e29663c345686b0180e50a646a575d0674e19bc70577ceb19f1a9893da49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 4ffa2d6f52b8bf696a672dae04ae3e39
SHA1 b6f2fb6a9950613c16e1f06e0f59a5e8af73611e
SHA256 2e8f2fdcc890c09e4c808c2a29ee0fa9ddaf124fb3b0973119bd17f459c64029
SHA512 84c82b0a51ec394cbc07dad97a561d11721c77d15c8f65df8f0c9a3f05108faa1d689303296c1f24e7e8dcc549f624636d5ffa6e75ecd40e010c7e4a6073db70

C:\Program Files\chrome_Unpacker_BeginUnzipping4628_1686004857\manifest.json

MD5 55cf847309615667a4165f3796268958
SHA1 097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA256 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA512 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 106ca2d2597d1d9eeef7becbe6e6b963
SHA1 e2c69df9d286d8e1067677e6d70e108fb51ee7c4
SHA256 fee576dd145c3c49bdc36d7af44b925d08360f2b01afe9d38fb83e651844c165
SHA512 d720d5df1918443a0c6c91509977d27cf348db379dd27b337fbb256880bdc3c8b33eef42e1842adf6b1d7d0372df2c43065627e0bacd02279d5438b83da3c9b7