Analysis Overview
Threat Level: Likely malicious
The file https://wearedevs.net/exploits was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Downloads MZ/PE file
Sets file execution options in registry
Executes dropped EXE
Registers COM server for autorun
Loads dropped DLL
Checks computer location settings
Checks whether UAC is enabled
Checks installed software on the system
Enumerates connected drives
Checks system information in the registry
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Modifies registry class
Uses Volume Shadow Copy service COM API
System policy modification
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:44
Reported
2024-04-07 18:49
Platform
win10-20240404-en
Max time kernel
284s
Max time network
282s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\DLL Injector\DLL Injector.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\DLL Injector\DLL Injector.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e58e28b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE347.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{B49406D8-4171-4801-8E93-CD18B90BD12B}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{B49406D8-4171-4801-8E93-CD18B90BD12B}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58e28b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B49406D8-4171-4801-8E93-CD18B90BD12B} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58e28d.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\system32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133569890918001170" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D60494B17141084E839DC819BB01DB2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D60494B17141084E839DC819BB01DB2\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe | N/A |
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wearedevs.net/exploits
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd7049758,0x7ffdd7049768,0x7ffdd7049778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5064 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4936 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4376 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5616 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5928 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5704 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4444 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5160 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5124 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5992 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\DLL Injector_2.1.0_x86_en-US.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AF8A3A6764F6524A2EA7212B34602049 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkI2NUI5QzgtNjQ2NC00QzRDLUJERkQtMzJGNUY1OTZBMEZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5REY0NERFNy1DODQwLTQ2ODAtQjVEQS1FRjZGOTk2MDg0OTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Njc1NDgzOTcwIiBpbnN0YWxsX3RpbWVfbXM9IjY1NiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2B65B9C8-6464-4C4C-BDFD-32F5F596A0FF}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkI2NUI5QzgtNjQ2NC00QzRDLUJERkQtMzJGNUY1OTZBMEZGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QkM1RjdBN0UtMDhERi00NTEzLTk2QUItMkI2RTFGN0EzQUQzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDttRGNXVmJZQUhQNi80cUQ4YlZIc3FXQ3NMZDNrWEJjN3QvVy96ZysyZVAwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzEyMjMzNzEyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTY3MzE3MjIxNjk4NzE4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDA2OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY3OTM3ODkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 --field-trial-handle=1924,i,12288272298585579142,10439420770255415742,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\MicrosoftEdge_X64_123.0.2420.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\EDGEMITMP_13D1F.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\EDGEMITMP_13D1F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\EDGEMITMP_13D1F.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\EDGEMITMP_13D1F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A131BD2-A95F-4D64-AC5A-4421FDD190F2}\EDGEMITMP_13D1F.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff66cd8baf8,0x7ff66cd8bb04,0x7ff66cd8bb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkI2NUI5QzgtNjQ2NC00QzRDLUJERkQtMzJGNUY1OTZBMEZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOUJERjZFMS1DRkVGLTQ3MUEtOTVGNC05OTAxQzMyQ0EwMDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3MjUzMTY0NzQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NzI1MzE2NDc0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk0MTE0OTk2NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMxMjAzOTUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aSUyYnZJTVR0ZSUyZmh0aEFXZXQlMmZPQW9VM0xrV0V0QzY5ZTd6MExESTROOWxNSERnMiUyZndjcjNBc0JteURsQ1lCWTgzbTI4Nnh4UjExNUFkNHlkVGFjQ0dTUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjA4Njc0NCIgdG90YWw9IjE3MjA4Njc0NCIgZG93bmxvYWRfdGltZV9tcz0iMTcwNTMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTQxMTQ5OTY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk1NTM2OTIxMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQwMDM0NzQzOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwMDAiIGRvd25sb2FkX3RpbWVfbXM9IjIxNTY3IiBkb3dubG9hZGVkPSIxNzIwODY3NDQiIHRvdGFsPSIxNzIwODY3NDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0NDk4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\DLL Injector\DLL Injector.exe
"C:\Program Files (x86)\DLL Injector\DLL Injector.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="DLL Injector.exe" --webview-exe-version=2.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=5296.5300.11539870066017837006
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=123.0.2420.81 --initial-client-data=0x120,0x124,0x128,0xfc,0xc4,0x7ffdc5634e48,0x7ffdc5634e54,0x7ffdc5634e60
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView" --webview-exe-name="DLL Injector.exe" --webview-exe-version=2.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1676,i,16422473552180176910,11131848316099574027,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1672 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView" --webview-exe-name="DLL Injector.exe" --webview-exe-version=2.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1656,i,16422473552180176910,11131848316099574027,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView" --webview-exe-name="DLL Injector.exe" --webview-exe-version=2.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1244,i,16422473552180176910,11131848316099574027,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView" --webview-exe-name="DLL Injector.exe" --webview-exe-version=2.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=2996,i,16422473552180176910,11131848316099574027,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2984 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView" --webview-exe-name="DLL Injector.exe" --webview-exe-version=2.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4320,i,16422473552180176910,11131848316099574027,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.7.147:443 | wearedevs.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 104.26.7.147:443 | wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 130.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| DE | 172.217.16.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| NL | 216.58.206.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| NL | 216.58.206.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | udp |
| DE | 142.250.184.194:443 | googleads4.g.doubleclick.net | tcp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 154.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.184.250.142.in-addr.arpa | udp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| DE | 216.58.206.46:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| DE | 142.250.184.194:443 | googleads4.g.doubleclick.net | udp |
| DE | 142.250.186.34:443 | cm.g.doubleclick.net | tcp |
| DE | 142.250.186.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| DE | 142.250.186.34:443 | cm.g.doubleclick.net | udp |
| DE | 216.58.206.46:443 | fundingchoicesmessages.google.com | udp |
| DE | 172.217.16.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| NL | 216.58.206.70:443 | s0.2mdn.net | udp |
| US | 23.53.113.212:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 131.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| DE | 216.58.206.46:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 98.186.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| DE | 142.250.185.194:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 194.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.184.233.64.in-addr.arpa | udp |
| DE | 142.250.185.194:443 | ade.googlesyndication.com | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | udp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | dllinjector.net | udp |
| US | 64.233.177.120:443 | csi.gstatic.com | tcp |
| US | 64.233.177.120:443 | csi.gstatic.com | tcp |
| US | 64.233.177.120:443 | csi.gstatic.com | tcp |
| US | 104.21.96.65:443 | dllinjector.net | tcp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | tcp |
| US | 64.233.177.120:443 | csi.gstatic.com | tcp |
| US | 64.233.177.120:443 | csi.gstatic.com | tcp |
| US | 104.21.96.65:443 | dllinjector.net | tcp |
| US | 8.8.8.8:53 | r2---sn-aigl6nl7.gvt1.com | udp |
| GB | 173.194.183.199:443 | r2---sn-aigl6nl7.gvt1.com | udp |
| US | 104.21.96.65:443 | dllinjector.net | udp |
| NL | 216.58.206.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 65.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.177.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.183.194.173.in-addr.arpa | udp |
| DE | 142.250.185.194:443 | ade.googlesyndication.com | udp |
| US | 64.233.177.120:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| DE | 142.250.186.46:443 | google.com | tcp |
| US | 8.8.8.8:53 | e2c70.gcp.gvt2.com | udp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 46.186.250.142.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c34.gcp.gvt2.com | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 29.63.0.34.in-addr.arpa | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 75.18.216.35.in-addr.arpa | udp |
| US | 192.178.48.227:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.48.178.192.in-addr.arpa | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdnwrd2.com | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 188.114.97.2:443 | cdnwrd2.com | tcp |
| US | 188.114.97.2:443 | cdnwrd2.com | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.114.58.89:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.58.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.77.118.123:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 123.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| DE | 172.217.16.131:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| DE | 172.217.16.131:443 | beacons3.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dllinjector.net | udp |
| US | 172.67.173.251:443 | dllinjector.net | tcp |
| US | 8.8.8.8:53 | 251.173.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 217.20.56.98:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | daa20f1f15e6c4446f16d45f993483b9 |
| SHA1 | d2ac716dfe90856f3b8608eee39dff8f2e9a8ca3 |
| SHA256 | 4410d3abd801bd8501293f4c0e58cdd8cdd3e3592209d1b5f7ce8f31b256805a |
| SHA512 | a20e76a1c1f977848566cdc3da59ab088a4e77bb9b884d38225803875f803dfd6fae1d41d87aea0b2863695174bf003fab9a2656c4b0202e1e2987c6f417b0ff |
\??\pipe\crashpad_824_BGIAJDUQLIZBTOUO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 6a59472d5758454dd7618ca11cdd0a31 |
| SHA1 | df04951009c2359629c075c38dc4fb2a3d61938a |
| SHA256 | 98959dd2826e09927ebee0eadfe62554d1a93a77b011a6247d432361c5639cc9 |
| SHA512 | 00a4b9ee18c23b16905056b0219bb436c29a990fce10faf0c5b07b772c66a12be4be3461faede6cee67c2a6470fada57bfc791bc1578bf5385dedaeee39fe7e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d77b0c6aecbfa98383d227770667b9f6 |
| SHA1 | dd4f87d5c34cdbb8e1bbb76539e0bb0395c52272 |
| SHA256 | 3bfe500f1e2fad3460fe57df0aa73d10b3bbb880a21b65cbe010e34baaf5eb0a |
| SHA512 | 7da9383bcb20267a3d9f406e7d1e67058671e6e93bb48fe937b3e355305b08ce4e366b445a19774d12b245bbe279863c0e27431c6a8ce90611595e6e0c3989cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b60568cae79e2825461d154407c9dd61 |
| SHA1 | 772c59676dab210de07d82cbfe59d2be268e546f |
| SHA256 | 970c336c28058c403af6ffccb5dfd3c7ea3942f14f6a8756349dcfa61bed296f |
| SHA512 | a1cc3d27e17fda0477fd31d8577e4a535c013da0b8cd750f7e2e9d2a5b21a0ed1af8b13f4c0ebdac4ea39e868dcae4ae8c8cb109ebf4cd02686edacfe045f220 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d132c17ff4cdd971d9a13272c679f0b5 |
| SHA1 | 8de88585b4e2ca4dbdc7a6d6c69bb6fe32fd4d05 |
| SHA256 | 213d27ef025d6d157b32db64a16eec982faf73282975d50f89f3834c317e6fde |
| SHA512 | 5b8db83ea755c1206eea3034c6a2fef7e734a6a95d1853d4881b520155778e25f75ecd75199ad68e993574f61cdd9f0303897a40ea27ac5b8f04a4b52f493417 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a2ad4c83d4978e81c690f958fe0fe82b |
| SHA1 | 15c62a4f074ac84dd84a451e0095ed9999b2d94e |
| SHA256 | e68b120b9dccab277a61c4bd53e876fed854f8bfb046861718092c90436b7aa2 |
| SHA512 | e86b12681a3d885d555282dcd968e34c5f1d4c05377f3d2edd2c91a62469f0ebed106ad58a6271fa584f56310ecc4a598ab047857625a30f3645c39a6cb99900 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 305ee87c6086e5c7d80b86f29d7ef713 |
| SHA1 | 78b526659bfc8ed35d55aed950d51a7d83a16433 |
| SHA256 | f42a1d6d91220ec39af421ceddadb5588f5f2611a7ab6ea530b6ebc2b265bb93 |
| SHA512 | 9543c4165fc2de2e9617ca779b463761b4d1d1689019b0cf41d6ed91abee4af155f35ed0c08e593d7670027018c1e449a4832351ce4ebcca80e581621ac3df36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b92e.TMP
| MD5 | c5b2433fe60b8eb08f9ffa2b68a6376d |
| SHA1 | 22c1a4d50df98c4431bba6db45597a13a41a9c2c |
| SHA256 | 6a5133607f4a5cbf828500b8735a3d5fdab5da39b5ff16fce7cab63fbe758485 |
| SHA512 | 5295051055bdac15fa65a77a32c9153220a5467d129af841fe94fc1c32ba4e8d2ac683bd4c59932448ccfab3665d943403ebe04325a73ad93d466b51f49b8758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae315541c840097dc5265c400f7c3e64 |
| SHA1 | c856348aea062f572d7230bad6b42b0c7c3d3516 |
| SHA256 | 4b51cf77298f84c2511beb8eed62cebb6e38a0c25d94e74e1e74b4bd207b80a8 |
| SHA512 | a8101cb5104ad6be921f15ba67c3d0c217ef407bdf9986f3a7ca42d1819b8998085d00b8580345b9a2561b64d56ec3cf9ec6aca9170807dfa36da8cd9306cc81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 64b2c1d2fc54acb8b913528a6d61b54a |
| SHA1 | c44b18803741c7b2ba981f24427f97abe7c8b190 |
| SHA256 | d51e0e64c9451c560e648c7a7b9e938be024e3df7c42dda4d2ae92cbd1d320b8 |
| SHA512 | 7b74cc052df22c52de028aa14efff853fbe7e396df19e5aedd666eeb63d0cc70553a443079a2dba3c939f7e80a97d207ea68cd21b338429424ba6d170c4e7238 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45d8c22cbfe36be9177dd13ffd03c16a |
| SHA1 | 775cdec944a810a55a2c300b91d1057a8768067b |
| SHA256 | 608a7a5285fb80b3ab8f1494d6e25b4462232555d2c1ddc2155f34d6bbffd5a8 |
| SHA512 | 95bae093f75728b7ccd874b908820a952d9af7d87b3852c69d3b49658e7a8306dd27497fcb0c8bec7b1d4c9719d200ffba077d2ebb1e08974a29bfce3342b8c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b94527edc0f54f169f189e80ee31bbc1 |
| SHA1 | b61462a982ece557de0abeb187c7ef2e7071cb08 |
| SHA256 | 30c24d6f92da5328994bc4bef7e54098dede8fecbf6872f7cd870240e14101bc |
| SHA512 | 136bb16fde37e7d5f9dbd14c286a17ccc4e252ed5d5b9ddd2a3700ede245aa5850454e7633795a3ebad2e6890d5285a7af4ff49b1e95184dad44ce72330e3e89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b5d38a91b98bdb8efc0c52c833d50af1 |
| SHA1 | 4628290ed2b880ec649125c39b0061c24fde755e |
| SHA256 | 41b306f61849a986fe85d3c4eef44f048f2c05e647983a14f2b768d14cc4d932 |
| SHA512 | 0cc2d4aea7b191b5cc263de6b3df57e692864b8866123387efccc0d4a0bec804fa952987203ed6f6dce1dc32d222bd287bc94c6760c1daece19eaf9799e37a77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cc21684ecc670c86eeac00ee85dc8cfb |
| SHA1 | 04d61d1b55df9faba397a9e1f7aaa85272014c74 |
| SHA256 | 846105c7e21da575ce038368d816b4c4f1a6f42c10e927723f013f198ada07bb |
| SHA512 | 83add562939d71171515674a99a592783f5c443603aa1a6a6ede2e9dd6a667f0676eb51530000ebbb20798a5bb1135f3760a087c01df5593d9bb7b3852743da1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4244d4487065a0738b5ad42f1b54d11 |
| SHA1 | 1d6c7d2522db491edfd2f56b73af70b0a2b9577e |
| SHA256 | 09b42653997e1d7c8a5bbded1b3473b1214c45f561d5d0d829e7d52e52295167 |
| SHA512 | 8dcb882e456705fe9bc22cd622b27e09436c58f3f8aa069dee7f4db9f79e004b804affa54cbdf1b22d1d5638bf36dd8bb39047c12afdf6730af4a11155cc9a64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2f008ad7acaaab9b93d3776577e6d49d |
| SHA1 | 84e1fa399c392af566d7c25c7f8ac79faa6829e2 |
| SHA256 | 18cfd64debe648e138e9c67d228010771092feec69977fb609109a60453ca28d |
| SHA512 | 76013ce8ac7b615df4ab754501d0091be02ad4cc4add817af843b412b896274163677c6b9ae2e3002eeef6cb7481a23000a53f5b2dd34d59a8f6b0e3a3919b9f |
C:\Users\Admin\Downloads\Unconfirmed 620169.crdownload
| MD5 | 0592ca25cf22e8d5daabacd1130d38f6 |
| SHA1 | 0a59fd8723de4cb9bf6c3272a5db7771e575eff9 |
| SHA256 | 3b8991f1eebfc46988db25fe0ded11c3c08df81ae2ca1baf9103ba8259cafc99 |
| SHA512 | 1be2c9f7ff9fc9cab5e5a784b281585d89070413722cb4584e91d4a4b57e628643871ee672049c32a8b2399c8358f1c6d7df20af1b3c39aa9b669902b71a91cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fbe3f7bebc46b4bdbd40e4777775a9ad |
| SHA1 | f764a2657451e71c31a6aed1037edf0b1c09faf8 |
| SHA256 | 141f9d918bc72f3c6cd02e155b370b4134668e6ae850f7050223faef907be21d |
| SHA512 | 14ce978c3a0a5380b045ad6ff1d11af1c0286c7945b43454e7d8fcf788d0a61a48a0b50b22b31b45c787eec59551f06ca8e1e8a3f857226864d291947e4807c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f1e7c5737d6663b3ffa6bbefd0e9ce91 |
| SHA1 | 8c5aaaccecdf6e02ef7506031c0cdccdc19354f9 |
| SHA256 | 825fed59e594f36386e678ddc254a1f9c4c9f77d035143e59322faafdadfbd43 |
| SHA512 | 71e05f1a6f22083be684aae2048eccf29ecdb8c8caeabd4a10b4d756b3890c6e732536deb3a26717ea1b7303bd2f34cda20c8a3f1f7bb6367d23c7a50b1675e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bad4e6e08bb24a2dbf32f084b363293e |
| SHA1 | a5ed0e72dfe61f5fd819552948eb553643460eb4 |
| SHA256 | 6a0066cc3f66875367fba8df7bacc94ad32f008a1e653b3f91954ae79ce4169a |
| SHA512 | b22d5e5e0d8934609e8fa38f547fd10f8a9949a5094d55e5ed0fc3d5ed43823f564f57541ae18b10885aad1d4edce50e86432dda3d8ae12cbf7cff613656d910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8be54cd7eb3867d8cbf340594679e483 |
| SHA1 | 2c713f1702b010b2110983da20e19f5983b4c59b |
| SHA256 | 8eaba2769959cc10850fbfc44a599d970e16b257827ce38e80472c5d67fbc619 |
| SHA512 | 11dbea24e14374dd15361fab2e62c3c39278c9158255b9de4764729c3ab787b0687f1f46847dd9bb4e7cfd0b5542fdbafd079fe57f0cbc4df9cc6cc4e24e729c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37b446ea789e9b017156e2a26ae07c7d |
| SHA1 | d0b8e26200bf7a96a60aab9dfe6fea72b2552480 |
| SHA256 | 99615d40e70b7a4e491df5d05e1966c9fe988ef3ea94390f8b23d6d3845ff29f |
| SHA512 | ae1c2983ae9a5f7f025be3397902cd5c995e67987180406b2678e885e4a627afd8c646aa46c3289406023b80ce2bff9161859f8d764b9c61b23730146959e12f |
C:\Users\Admin\AppData\Local\Temp\MSIB09E.tmp
| MD5 | 4fdd16752561cf585fed1506914d73e0 |
| SHA1 | f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424 |
| SHA256 | aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7 |
| SHA512 | 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 92b961cf0be755740d64863af2275afe |
| SHA1 | 0a88994edcd961481e4823ecc70e1d19e9193842 |
| SHA256 | 333011c924b4f44a00f8e6b85f8d29c3b38df3756f1096e951b7e5d0d5dd323c |
| SHA512 | 13f18745cfe72c19f8437bbf97f086809f3216cd2759953ad3d2b5442732b4a723eee948be5f308e272be09ab4196b046cf786ffeaf55325bba3ebfa26dd574b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bd9e.TMP
| MD5 | 8bb9fbd5333ca69613de839c45a37dc4 |
| SHA1 | 035b5b0e6434f9d666e93791a5ab9ffdc0f08f97 |
| SHA256 | 28c56b0a144b4e0f9afe05d83b331b1e0083c8b14ddca74d5016b12032df7117 |
| SHA512 | 917456cbb509d434ca011da8a21b890203df1bd6768fa172df0ee50742c17f56b9b1f11451944245b0aae9638764dbdba96d5140aee8c82d85fe60f0756d8968 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Injector\DLL Injector.lnk~RFe58e3e3.TMP
| MD5 | 9a222920dbd7899934e0f1c86f6e4803 |
| SHA1 | 67b8d5ce5290df313519f335bb95ea1189c8519f |
| SHA256 | 0a356ed44ac0f0c02bea0c0c8a6c8d8167053f6f824484d81437525bdbf2e80c |
| SHA512 | 43e18951971e488c148284a99df5ebc4e204be95fb74d92861e8ce07478219d0179e4b3c00be298c6a02179d5e932ad36a7cc054640d0b6d64d90b6d518e094c |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Injector\DLL Injector.lnk
| MD5 | 3e5a627c818ca835b0b86a1d0a897ebb |
| SHA1 | 3fc80252f1624b05ede64dc733bcba2efabc14af |
| SHA256 | 6ef3745e0cdb0214d256f4727c427aa36b2e2e6b630c2c046d08ae8e8726c598 |
| SHA512 | d47bbee5f82ebb7bd6361fff577c82e8a0306c6bd4346571fad7cbdbf92f19968abc28fb8369df674af063855ec4e34747457a054857fbe013e426343bd6a389 |
C:\Program Files (x86)\DLL Injector\DLL Injector.exe
| MD5 | c6eaeae3cab85586271aa8e94a1d3de8 |
| SHA1 | 4b7b23bf9e9e966ffcf21e8306f31765b993ae23 |
| SHA256 | c91c71046f15cc7f5dc4bb4e1e14b5a7a3329ea95954a245c47e181c808a70d2 |
| SHA512 | 6ec08f95e66ec4a00c72a5a257bcfbbacad09b8a2de4168780373e76fef6951dc0a830b2eb129799dea8dbdc30eb10bc73061aeeab4ce8074f3bb6ede9e7cc81 |
memory/1180-499-0x00007FFDC4470000-0x00007FFDC4E5C000-memory.dmp
memory/1180-500-0x0000023675FD0000-0x0000023675FE0000-memory.dmp
memory/1180-502-0x0000023675FD0000-0x0000023675FE0000-memory.dmp
memory/1180-503-0x00000236760E0000-0x0000023676102000-memory.dmp
memory/1180-508-0x0000023676B50000-0x0000023676BC6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4oowoqfb.kvm.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/1180-521-0x0000023675FD0000-0x0000023675FE0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | 8b9812ba27e12c79319d859e97955ca4 |
| SHA1 | 3cb35ac811c27e7b21b381dccab55517609190c3 |
| SHA256 | a63d59b2af0c7b2be6984280386042a230dab928e3b426d51a0afb2eff5f98e9 |
| SHA512 | 8312081fcca20f1d8d393ea2588c2fd19830eb9b36700ec8bc541cd25c4c2046008f3eec07883056956adae5c56083d43ded74d3122d21555d1e43a9d1ab5618 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 24e62a7c8d7f60336e60c003af843a87 |
| SHA1 | 9576d1924d37113c301cadfd36481586cdef870c |
| SHA256 | 43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c |
| SHA512 | 34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdate.dll
| MD5 | c1c4e3a4d49561dd0f6bc85f8062530d |
| SHA1 | 5394c3a4a2601a6bf7b06b5ae9119a3f0c95c974 |
| SHA256 | e9f1d362867beb3a767233de9d5af3a6e2762bb0627f291c6cb8f9faffb922ea |
| SHA512 | 0e7f6d2a29c48d99fb417c630287d8d9e9f0365f1c1f2e415f0fc64e12e577c9d4e93bf6573a589e88c75a9dc6c5758fcfd970588c3d187621f8aff8e5ffc5b3 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_en.dll
| MD5 | f5f1ed2d55637a183674959e82cab3c2 |
| SHA1 | 9472086a62950c6b40e1ecefc1fda4573e36ef3c |
| SHA256 | cfbe36dac5d40f221f377aeaf2e983dc76ab3667f4672676a8fb37c7bd4f9fbd |
| SHA512 | 9c4635f791608f815e359ce49f7535bcaca404dd4932efb23f638bc9900cd77854b1d38b5ca60e5dbf3e252cf06bb179b4d9a77368b524233117f48bef345013 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | 8f559de7fab651b2a31caed79ac2600d |
| SHA1 | 46c7ce06e6592c391dfb54634b5caf136f5f6d7f |
| SHA256 | a1b818b507c87bab9e3b4643ff68e6e35f05872ebcd1e8075a68a4cc87650df6 |
| SHA512 | e975ab0175a363c56da03e43730abfd0dc90e14a486a0f04ecb40c4f2279eafd29254ff69748930d102fb8480bdcbc86611105fccb18028f60e7b3f451c6a69d |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_af.dll
| MD5 | bd6f3d4a46abc156e47fe0d6c312a203 |
| SHA1 | dedb517b1d75993df4d7140cea0a84afebbfb22b |
| SHA256 | 5294a6e08b6f9818e89931eda4a0bd4ac3949c3f17ff036c1c5e2a6de8df458e |
| SHA512 | bee57ee4c14d4c93a125f5219894d10f68982e3f03fac8acc90f2f9e159553ed82aee373107d0ab3b6d5aac2ea8cd58ecb0138de8f6ab28d5d963c28d0d84039 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_ar.dll
| MD5 | b06ae2aaa639338686ec4f4445173ae8 |
| SHA1 | 842f67cab1334871e81e6428d23827505055a9bf |
| SHA256 | 7e0fbc3af82b58dfc244d17d18335fac1c7e72d87d9593a359a2390a241450a7 |
| SHA512 | 4b8bb12b11074ce21314072577a7172dec62926a7a628d6526db46062354ad23c2e76b2dcc93e489c9ad17bf2a1b3782d155193f1ea24eb50c8fa551d40486bf |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_bg.dll
| MD5 | e3d3b90ed17afc3312b22051de516aba |
| SHA1 | 6dfd177bda02980ddcb21459969c8d21b4a42df0 |
| SHA256 | ee36812f90b3a1b5f72c512d44d312dc0d72404d98222bca8ea27ccc8ef106ae |
| SHA512 | dbbe7499f0218e2628c357b5195e1f19349e79c53309daa972e294b19582c86d91a23b642c3bace74b0b7d7c94920931db7548178e0b7324feb29b0bae156a70 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_cs.dll
| MD5 | 85f99091263667f3b5e10ef585c6e31f |
| SHA1 | de83594f08a9cf2df74b4100827d2a68d0304961 |
| SHA256 | c73bdd7c4c4d89f9e0c6827f4f2feb78efd4cb047253aab3cf48412b9a78fb7a |
| SHA512 | 272d8d8e45c5c9d96af41431747b09814b11ae7b08955e598b07f639277cfee8cac11455db43530d78a85ecb095ad83a8735d3e80f0e745629b0091fb0b8a2ad |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_cy.dll
| MD5 | 6ce4b22b621bf021bf79117a13118280 |
| SHA1 | 1b35ca44973ac7bbdadc4d6f3d160ab15ceb47f7 |
| SHA256 | 7aa813b3bb3fbbec5d56da83d5b1db923be9c365511b1b02588336213fede938 |
| SHA512 | f8deca730042198c2b4fe506b6ef1af62b0e1dd1983b9e92e8d4247027f30d07cec7ff097a8304226ff96cdd528208961754d33403f20463d0b6802ade2cfde0 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_fa.dll
| MD5 | f1e551e10354047b68ec1aa1b36327c4 |
| SHA1 | 417b267661838c0626a74e1232154d8245c4bb0c |
| SHA256 | 171ef4f700c8bdfe146e9ac7306c72b7a41153796d23e526aa6852a150207463 |
| SHA512 | 674ba129c8e1b2d9dc57e77595a994afd8e19f81cff86dbd749c855aff1ffec9c7e9920e1d45b193d83ec6f20ee4fe5966415006a0dff357b471d97b271fa067 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_fr-CA.dll
| MD5 | 30c5a417363b47f3a58d08e44198dd17 |
| SHA1 | 1e979631e34cefee21b8a0e0aa22f4dd6e30dedd |
| SHA256 | 1e76475df6a8a5889f0757584787112745a3775c8dcb04257a4ec0a2cfa58b9a |
| SHA512 | 691e25436186bbda91b471b5451d06950943e6efe653362be50a3f0d21f341f4b8f751c617f39ab04571d92ef93c04b9db04192220173b66d879cbd5128f7287 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_fil.dll
| MD5 | 06fc13625ead1257583224eae1afe1c3 |
| SHA1 | 02f3de2d81c4c2868a73211d8096ae79c506d846 |
| SHA256 | ef3f30691b45838caff42db92a4d6cb8857c8c36ba4b3ed9bd600bae8dc0fcf6 |
| SHA512 | b2fb89890c6ebf54a325bb1023194f461b532f94113b3ddbe337aa556b0db38159643c57e41b121b3bb21c4e547bd3e89137462a3fa29608e0dbcba00aa9cae5 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_fr.dll
| MD5 | 46b4263a73c35d717d65eae93c781f81 |
| SHA1 | 3f8678c63d174aa8289d20b7f821a326c33ec07d |
| SHA256 | 88661266d279b161264678af48fbfbdcaf28b1f8821336b3fb16e2126c5e5e11 |
| SHA512 | 3453b80619277b9efe19f2302a2a2c94372ed2ccec2a01d07741fe037f64e93b281757669750db8e6cc2efdef96b0eb1e373211da51ab887d8f0eb748931cce6 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_fi.dll
| MD5 | 73b893cd1d2d759f98944e8809db3ce4 |
| SHA1 | 70fae4564f9eeb3c503a13eebbcbe725e9c2caae |
| SHA256 | bc9ed2615e5e6c185c20bbbef898e5ba1543b6dedb15330080dc41e74a0a5df1 |
| SHA512 | 255ef2552a35cba6fd41b53cebee1b9749485017a053668c1271aaf0056bd08107dba6c842a926c83d78472c92aa92f54fbd84678557dc911d20fc190ee242ed |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_eu.dll
| MD5 | 7ee4925d3b4e4116b0b4d61a03ffdc96 |
| SHA1 | 7f6e1116374314527100ee854ef5befcb962ce77 |
| SHA256 | 99fd8800699829fd0ad767eff54dafeb913a6261ccb5c31825fdef6835653ae9 |
| SHA512 | c6ef896870d427fc2ee783bc38b187fc5485dfa9c29f14f4b044b060f2385b445dd051c83a9412d3fde79f929755239061ddcefb012f8fc38ce257c87dd9a8b5 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_et.dll
| MD5 | 28777e8a0de15e07d365f375b71796c3 |
| SHA1 | 4f3231a68e7d4817c5f6ab20bcfbc208ba63b6ea |
| SHA256 | 571aa6917ccbfe221dbeeb485b9f9b358dc2b3ec72271854f880fbadeebc9665 |
| SHA512 | 87a14421ba72f5255d568c1be6f8e108db587525909ae33cd84526714ff89a3ea2bf9c9a78c11718fc3f22c0139ec2bb4d9cde2327cfd4a8dbdd51e992d7381a |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_es.dll
| MD5 | 4dce98d8ab8857371dc4f787c77b91b7 |
| SHA1 | 9d8569edcb1af0e122e5293495f94b388a3c6f3d |
| SHA256 | 7b79d2f66bdfea60aed02eb60f3d28d396c23c147e1d42f3f10a82b5d3afeb47 |
| SHA512 | 6f4ec5f3fc6f5dcc77d2e811b9fbc4dd00dd15385739888e81835624bbc5e5d32c11eb23bc5dc4e6e9c2b66c77c923efd7edb81f9d8b88b446ba244455881fb2 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_es-419.dll
| MD5 | 67ca727bdf1e5fd6686fe3e6c1b1d43d |
| SHA1 | d3ee7ce26c3b1eb4e0fcd5af6f83bbf3c949e8df |
| SHA256 | c54a461e2eeb79d7462a4f3810f720835a2827ca752282c01520b8fede5c65da |
| SHA512 | 68e93cae35433f27593f92d1741ba98a430c6a408394de4f10ce0219fe8213e7878df71747c597c7384660ed696e35dedc08a1d15d5175f9b781fa70d92a3dfe |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_en-GB.dll
| MD5 | 985d279b815e130a790eaecd697bb5ad |
| SHA1 | bed21cdb6b3983a86fc7fd3d4e0bdf2a7690807a |
| SHA256 | 22a5f81e478dcc8d54e0a0ca10a66ff98117698883d9fbdee36a110d6554f14f |
| SHA512 | 018c9dd127a8b8900236c4c10c7770384db82946f6f1646878683960dee06b150558e52bf55a8003e7467eb9b1359d24f081539c644b7c11efa5e661e645ba4e |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_el.dll
| MD5 | 2c1b44a6c27b8510335dfe8c22d01840 |
| SHA1 | e2c291fbf5a709a7a1e3c5ad507fcecf25e11554 |
| SHA256 | b15d11ec96c712d102125d2e1de19507889562f857910e6f76a400d412c4afe4 |
| SHA512 | adc4171a9335721c13d9d4c71ec0eaa3e873ec1729443b258eebe9ad723380bbf3eb912415f650ac3c8a13d31b658acbcc8cfbbb6fc6453eeb82b619a35e805d |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_de.dll
| MD5 | 642225f16e2c841a23eb51dfc6e0e1f6 |
| SHA1 | bcb8ed686351cc56f8c5c326b1032eea7e07c4bc |
| SHA256 | 95643c34f8ba13738ad3d19a4eb6cd52eaf39f55cd46b21e148627866b4ea30f |
| SHA512 | d9fe06e5a81dbdb457f93435966e4321c1b0020e68ca0c466d870e599206a9f1b245653259a051e885cd8b88117881456d248308d278af86e6b3f75f41918b1d |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_da.dll
| MD5 | bf382a14c9546ca8a6311f6b5df66d75 |
| SHA1 | 10b61ba1e20da2b1b01e760caaa179256aa844e8 |
| SHA256 | 5e516cb414cd8adf278cdceb2ae537cfd7c49c277cb5d7718bcf97897350ce70 |
| SHA512 | 0172c495cc6213b073056dab89979a05ae9eabb7a04d2cc7c16206628f7eb98396909a1914055575b0edde75e53479739c54eae1b9282eb96172930ee10935d0 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 97dc17c19ea5196783b2a20ce423697a |
| SHA1 | 693744a6f679cb111fca1134dd5efddf90b4b13a |
| SHA256 | 05b78e67f9400c654ad368d3e63b988602cb2cb89ad486ea340bfe05acefa040 |
| SHA512 | cbd980f7a99244bc47bf631bf6e661adece2c5d3f998172cbcdef59aab9cedf8226f15222cc9d96c56153c08d2424de70967dd96b76ab629492e25ca8660c974 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_ca.dll
| MD5 | 6212f397ffe20c6cef27ce0ff4fef439 |
| SHA1 | 7910895fb0b9ff6f954ece32aa069507e6914a45 |
| SHA256 | e94189425823ef69f9bf1f3cc133c23e67ad46419cc455a21d4090bf73a11ea6 |
| SHA512 | 5f04d8c9bd0269ba87bbf4b6a8af07ba426784c08b0a88af4fda3555e1c4e192b56db3c6f0214433fed23675ffde8b0590e5b39bd6b1011c2aad71599ec47ed5 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_bn-IN.dll
| MD5 | 690f6eaa05e17f94ef59f988f052a4b6 |
| SHA1 | a3703cd237aa460e2729657a339febcbf8b8a863 |
| SHA256 | 5a6dd9d9fdf372b723e8043881d4c39fcaa4f70c838fefbfb192f9c11b18fdf4 |
| SHA512 | 47aa48f8de124d928c0b5d7f635909b3bbb6e640da67a0f014e00c238e06b060540b98a99fa51c9ce1c37baf9ee149502e05a753a25608b00ec7da39526f88d8 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_bs.dll
| MD5 | c7fb8690962bd9a9051cfb04b87d3ec3 |
| SHA1 | d843498bbc3ae01fc0f0fce13160db723696767b |
| SHA256 | 12330d302841d37fd8bb5b74df7d454062524fac88e954041ce485ac818122c0 |
| SHA512 | ed074b0890e5cfc2beadab8dab624687f2838ecebafc3da760e248c315201d2230ac6197e016ce480e1798d34e6bd2329e5bda2ef2d329207f1ed7f9d00491aa |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_bn.dll
| MD5 | 93a91259d51cf1260bcea708c44319d8 |
| SHA1 | 2d76d5f7afa1be815838e1aab109973006e3d0fb |
| SHA256 | a1ab052c365976ae66b6b851a2282636c2c1f1b838a929e761f374472f0bcc55 |
| SHA512 | 8c3d7bf11796adb998362343399a85ab5127f36f7ce64d575cf9918724e09a21ca8cae0cc0123290db5bcf6254a7b10d979ad0c2a7251c43529edebce85279e7 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_az.dll
| MD5 | af0364c9356845870577374bc5609ea1 |
| SHA1 | be464b53d5dc8a31a32bffec2413081a330f0170 |
| SHA256 | 813220adb207a07ec609a757a10217bccf22bd3742e3ca658324add81849121c |
| SHA512 | 68fecac6bf4e00fcd5c6c201c1756da13a3d87e4cbfa64fd2d1ab986bf3124303724f5ab9576bf33542d8a0f64d70069becd61182e4c6ab46801fe49a2e5be93 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_as.dll
| MD5 | 7310b6ae3b95e9a1ca5b60b3fbd619f9 |
| SHA1 | 03fd7d4d53fd38cc8b48d837d5a43788a6bd8ea1 |
| SHA256 | 65dcfc983496529b89c575451c6a897b4491f886783228526e06417499b124f9 |
| SHA512 | d012d3a27bd7ac166c3ec3614423b89216ff7dcb165d99462f01ac204117fb5afc525d448f8c250638f0ee11929e2c5be61447f83089a4cee9cdd26459656687 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\msedgeupdateres_am.dll
| MD5 | 914899c76f15e4eb33455f50f60e9e25 |
| SHA1 | a66113325b547638824d5fa020e4b1eb0c3a4a96 |
| SHA256 | 5c0b6bcb983b3ec422c1459802c993219b66318e8b69ffb09f07ccb28f607ffd |
| SHA512 | ee2699489c6496d9db21484771a957acff27e39f2535d74f91dd352432b33ff15581ce4d9023a7ae273b7f2d8729103c5c06859e6cbcdef2c6ebda32ebfca3e8 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | e0a4142f6fd7098661dd27f41f6b51d3 |
| SHA1 | b92bed61c6b66f958878f498d4e7bb3d23e8975d |
| SHA256 | 52496289bd868f12474d9dca3f063853923f541803388b427487ef63f52c6e8a |
| SHA512 | 42d071c4990cd2d5aefe53ba91cf0880810a003236675d7f251588a507d2654db332b940962479f97811b7b83f5f686f5ff662df4ffa124552fdb0a1be8d1cb5 |
C:\Program Files (x86)\Microsoft\Temp\EUF43E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 8200a55843c5c0da5ca8e01f77038bcc |
| SHA1 | cdf2588a010fd6ac5536f9083076c480e05eb43d |
| SHA256 | 098eb4c373a48ee49681d83f9f03e3701f6dfd5361b6a071242ca23b3162ee96 |
| SHA512 | 10780aa7a9d2021f7dfa2273a641f64ca37a941ec5ef08486becf2422e76382f424f9aca03925adb964e2423322b62ba4ff87b4ae8731e7d5743ac82e33b75f9 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 5645ddd6358f143c87327a179703997f |
| SHA1 | c9522815dc43ac77a6636ef65cb6e3dc9f2c5288 |
| SHA256 | 2f43afb3b6eba611efef52d98211797793838f1b5edc80b50061a1a37b672588 |
| SHA512 | f1b5b8d07022ba4b369dc52c63d9ed653b4ced78c0833c304b7867dae36902e1d9fb2273d581547e1d8177494bf7cf54b3f672df39bc9cb69b6161e68455a989 |
memory/1180-727-0x00007FFDC4470000-0x00007FFDC4E5C000-memory.dmp
memory/1180-728-0x0000023675FD0000-0x0000023675FE0000-memory.dmp
memory/1180-732-0x0000023675FD0000-0x0000023675FE0000-memory.dmp
memory/1180-733-0x0000023675FD0000-0x0000023675FE0000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe
| MD5 | cf5144a59c3b26558c05a5226c4b53fe |
| SHA1 | bcf541fbd1bf0168a2d63ead5b06d8918b89b296 |
| SHA256 | 3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea |
| SHA512 | 2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 322a90f3a02faa544907583369315f94 |
| SHA1 | 447a025dbf3a4a578df1b9675220e056623b2a2e |
| SHA256 | 3299b1ac8700935b47700f6a299a8de129d3c8f0cc49f5a2b2f979e8dccb51dd |
| SHA512 | 5af35e9394552767506859fbb198efe160aae0dc3181f0c08481eb3ece3e09f261c85952343db250168fae3cabacbbebbdff6962af20b57586fb498bd3301f5e |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | dc70fe147f7583278cacc78cb9e05a6a |
| SHA1 | 70ff2044ff6cd939b233bd2754568a7d382892d7 |
| SHA256 | 00b7bedb4acaeae670b6de4cae1bb5b03dbacb63bb0c21d17f4800fce01ff2cf |
| SHA512 | b8bb23fb7ae23066e18a5517131569d439a09beebddb452dd1a8d6341060a724293969cd43373c0e3b70406ac0a623a5fa91c3ebb60d7bf913a85c26b8937b56 |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe
| MD5 | 149e6b831dee17cc2122c64124654b5a |
| SHA1 | c4f67f0781345cfc6fdfc5670dcbecf3848afee2 |
| SHA256 | 3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40 |
| SHA512 | 679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085 |
memory/1180-800-0x00007FFDC4470000-0x00007FFDC4E5C000-memory.dmp
C:\Config.Msi\e58e28c.rbs
| MD5 | 1a9052051fa6c88d46100071ed8d6117 |
| SHA1 | 4b33c13378d55560bef30b8d85053318786057f5 |
| SHA256 | c9b534b07f3246b1b72d8d557aa534ccd054a8639ae996697c2f2c8abb9a64db |
| SHA512 | 4fd44e9b9b135d58a6eab065e3ffed6408048045b52956b66cdc646382b04a80f64e713f5fdfb809f23fb05c5658b2d192ed0df7125a427d7b5c6cd191a4e167 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Crashpad\settings.dat
| MD5 | 49ab3c1801c222056d56084c7a2bc54d |
| SHA1 | 48d7991a8311840b749205a6974d5b3d865ca7fa |
| SHA256 | 951063595579db184cbd811f4e20bd15276feb79cc7859d2547a510530833049 |
| SHA512 | cfd433eda0f13424510e5d26f63bc5855fde7974434d832aa25da5f90dc2163154c9c7d1ab5e6773ba1eba60ef71e4e5b2cee74092badad8f52c1006d0860a56 |
memory/4904-837-0x00007FFDE1B90000-0x00007FFDE1B91000-memory.dmp
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State
| MD5 | 722cc15eab52a03f37fa2b0620470a24 |
| SHA1 | 2110523aa2ec090ac6c4a5c3cbfee2a9843c4a01 |
| SHA256 | e1a8a42be22ed7297d956b1933602fe5210a975cf04ec1b33e12d707d0ea1409 |
| SHA512 | 6980ecfec91caf9c38e9e60244c489cf957ebc2aa74a2a4b99f8d2be008b37fc50a7e878508942174a44fdce83cce238816ba26e79a772b53ad3ef9b8794ff7f |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State
| MD5 | 260210b9ab4b4b004ab28f3eb31f4341 |
| SHA1 | bd982d27dac103ab174f7758fbd2fac5827339e4 |
| SHA256 | 9fba99efdf037fe4ad786dde78f239acfafb7d4dd3d3dcc28d85b9c547db3635 |
| SHA512 | d45d2f8fbaf2d9a63202968cad77561918708c2d814288e3fc8aa875c2c4249871877c9b6ea679d80399b553860c24c94d8b74234eb8accdf0fa2dd05bf3bc29 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State~RFe5a6f07.TMP
| MD5 | a641ae1405b375e6abcb761c2ea73c2c |
| SHA1 | 71f0e924634df683550a4e0d42a5956bcff6a995 |
| SHA256 | 4ddb3e15214222a4902495186cf7e9d1d3648d5a2c9895a938cca55acbfab3bc |
| SHA512 | 13f1806f5ef15e3f219bfddb8dba262b02acff92955dd46e91bffe0d61affc460fe081a3828c24ec7b92fff80b4175abebd16c46ee57a228ae84d1a1bd992bcf |
memory/4180-864-0x00007FFDE1B90000-0x00007FFDE1B91000-memory.dmp
memory/5672-878-0x00007FFDE1B90000-0x00007FFDE1B91000-memory.dmp
memory/5672-873-0x00007FFDE31C0000-0x00007FFDE31C1000-memory.dmp
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State
| MD5 | 1fc5bd967247eeb4985265dc0c0741ed |
| SHA1 | 64768d89a375f8c56688fd86b2f733eed81886d5 |
| SHA256 | f469acdda1c7ea1950af0bdab1ab7764a8972b5212e82d95b233209d2ea8daa2 |
| SHA512 | 04d26dbc8a276e6dbd3c2c9f0066f7203ec1ed223287bc3ce75a500bf556811e74cb879f444368b57e501c06fa4f3336b9ed42e16825cecf401773f7e0bdb578 |
memory/5672-928-0x0000024AD15B0000-0x0000024AD15DD000-memory.dmp
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Preferences
| MD5 | 0d1b7acf9d308875098d2bae3901de4b |
| SHA1 | 99d702deafd27766b3462d6e59398a0a832aaec7 |
| SHA256 | 6eaf6291ab0f77a86e1a75e2caa17b2e43c43853b9feb4bc87d185ae2d6b8d53 |
| SHA512 | 334c4a1c96362ba9d046c51bd9b39cc3dfd3f85c36433cf27d8e1022d544163579377104257119924904e388a99623593d0867d26fd3eb390d30ad922a7a4ea0 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Preferences~RFe5adf45.TMP
| MD5 | a759d69e99d3a5b8d21ed8809a0c25bb |
| SHA1 | be05e3261a52dc9054886cc4069cc58f39fc688e |
| SHA256 | bc54fd78b66ea1fdece97b3c75847af73524ba4918968fc8808dea8cd1c1c614 |
| SHA512 | d7ef5d7f1279e4132df35b1901c9cdf0d248946619188df8dd1df63779015fe719ee4046db1246e6d8faafd30e4602fa7d57fc9ce005fab569c8e0fb517cb735 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State
| MD5 | 21869b8c271055a09ff585b54593a042 |
| SHA1 | 9eec51da19d3df6ecf52d5f992c1f8bd4623b811 |
| SHA256 | a831ef9b89303873ce84d1373653f7eb5ff2d18a5725970fa7ce5c577240654e |
| SHA512 | 5d55cfe5466f2547ae2d985e6b11f473bba34ff253c588611e629c69b7e27f22d3df8c992003a345469ea7d0695e908577223a4da8fe64331ba38ae66827da34 |
memory/5672-982-0x0000024AD15E0000-0x0000024AD2A17000-memory.dmp
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Preferences
| MD5 | 543165df4681661911d065ec73309800 |
| SHA1 | bb8a5c948f7c39440061c011fd4553d3f1d6dcdf |
| SHA256 | d85a15517992e5e7be768d68d8adc9484e2808cc799af4a1fd33a2cf878784ee |
| SHA512 | a607ad31760f09c105f03833b85fe85bad750963ffaaace3d89cebfbdd4b6b09bd56358bdddc68e6670a8d47871da060fd81fc321aac757ff5ac4a7b3a58c1c7 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State
| MD5 | 15d579f82ec65e9df2e3b6ed15804a59 |
| SHA1 | 6067a0afbf471671cee1bc139b012405c6cebe0b |
| SHA256 | 423e7c3f5ddc7ae731b6d24b2e7786d1ec6acea021ad5216317928f62a2e61d0 |
| SHA512 | 4c622a95698ca6f1c4e8c5628f5e068cee869477e8fbd2ce06fe5ba3c8dd75ea8f36c7eb7ff8efba45531ab49cf03eb062573683421fc70fbdc46e8a96b29448 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\GraphiteDawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\GrShaderCache\data_3
| MD5 | cff4d79662f09ee208b210d3092c6a02 |
| SHA1 | 738561bf33e051c8e16072f92f0347e8b00f2b4d |
| SHA256 | 1cb624f737e553652b3d335602ac5c108c52a90709d7b40bea5c7866d208eab5 |
| SHA512 | 47390184b2193a6ab63eea362c03b05275228f62a874660f404f4ce029dc8041ac3656d387939b6f505cabfb99435a213795b15d93c78b8f1fddde2febd148ab |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\GrShaderCache\data_0
| MD5 | da1328956295b0f8292dbdfb7d21e766 |
| SHA1 | 8fea4f9028caf893145f44ea615bab8be857ee8e |
| SHA256 | e971bd8ab82a248c503ffbad32fff4814dc679f7d87b56b0ab819ff647e7acb8 |
| SHA512 | 052a79a4c7b3b69ef962d6996beeafb906384b2f06cd754a06a53beb3ed26e28fa48bf02f122df22ed62f13f044415e8330949dde1fd7a39e1279a88d099f376 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\GrShaderCache\data_1
| MD5 | 5fec28005c74b22c9fc848145db92fd3 |
| SHA1 | 99f892d166c1bfb8fbddce274d5eb62dfaa9c58a |
| SHA256 | c71041374a7850a96443cb32edec5d25bf6dea1814b5fa3c90c5d80c467cbe02 |
| SHA512 | f4932211530e67cc5e3d5117c9858301c4e9bb25b693e87fb39bcc4b790fe18be88ee2aa07d13375b46c44cd66f55c012b3640237a73253a1eca3fba953d9a37 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Local State
| MD5 | 84e17db2080f7a629306e399cb944193 |
| SHA1 | 27222896d2448bf1b7dd38976c72e37142e7ae43 |
| SHA256 | cf4bc27b1c44e208d1e202a639d2a2cdacbd7926cac9beffa6870837f8b0ea3f |
| SHA512 | 5282b5aa0d72a667fe72b053a604f33a1272b6758859fe9ed9c427f8edc7ed25cb997f0370f9ea737c820cee9903c0abfa6d12939a6282241dacd1099c59daa0 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Preferences
| MD5 | a4c2fa54da5b176da0c329a97c7e281d |
| SHA1 | b274952e4b01787530fb5019b2c42cb639522058 |
| SHA256 | 58ef9be8bffa947d3e79f7d9c4fada44a357090cd3e2d0ae240f83a9a4a72c90 |
| SHA512 | 40a9ec5f6672b955b2e1d9e62dc96d7f99586c85c2e5bd3b60b97abbec88bb3ed0e79ee1dcff706e027e39e93ab539cb0d2d0eb9cbb2d996b6db591874c52574 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f9f1f75bd934ef725b12fbc538c5d12 |
| SHA1 | 6749ea0b9a0360b6f3a9bed482798e612e999eb0 |
| SHA256 | 24228ddee6b0ee2d1a1524a2dad187987753d9c31a5c14fd5ba6b48008c1322c |
| SHA512 | 31b7f45b22e648c2786c798caaa7738e4c9723f1c50124c8698ae017ba2e1c180cd29d15a5d14c52cb0736d0b005150a39095a3b71bdc851e2aa9a00cd8288f7 |
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c8c27d25bd2899f1f74f126103172170 |
| SHA1 | 798e9193e73fdf70ec26d33ed9aedf8cb0e38997 |
| SHA256 | b474022bc8ae6fa36fc80057523b3825a4782bdc7f02740a7464383b6d758d3b |
| SHA512 | 00987338513069ec798b2a67ab631d5decbcc5172900100bd24994611b5dcdf835ab64ea531233ebc2ad2fb05ec6d1d48d2778aac20ed7fa2c269ff4b9aa9517 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5376_1178633405\manifest.json
| MD5 | 30a7eec36accfaa11602d1f47ae8238f |
| SHA1 | f56e424eab99c31f01fc57d377f3e2793ffa3a72 |
| SHA256 | 4c2c7dc8277c4f5beb11ad27e9cb00939f6d6e374c1631027a5cedc9722e09a0 |
| SHA512 | aeecc515850e288988580485d6fca37c295e437c3f5001378220bc491cb7ae5d296eba283d90b51dc3811283c85b2fb417cc7e0d291170b87ae528c7adf71e2f |
C:\Program Files\chrome_Unpacker_BeginUnzipping5376_1178633405\manifest.fingerprint
| MD5 | 32454e759c25500439b4cacbf13471e2 |
| SHA1 | c8d506a4abbdb536648b59fddd22ef55e18325a8 |
| SHA256 | b9867763545a2f7c5154905f0cc3d73d7e3dc6b55ed0a2d062765a72572597fd |
| SHA512 | 62e36731b010e53d5072e2466b8e6e6b0d4ed6cfb8388388759c422a9858eb9c668b21f9c16829ddc705ef8fb5372ca07811cab20a9f7e13467eae3bb7caf598 |
memory/6100-1170-0x0000021DB1A10000-0x0000021DB1A3D000-memory.dmp
C:\Users\Admin\AppData\Local\net.dllinjector\EBWebView\TpcdMetadata\2024.4.4.1\metadata.pb
| MD5 | 5cc69a73238667029ca40bd0b411ed98 |
| SHA1 | 0f3d737817f94011ce2683eab387aeaecad0b157 |
| SHA256 | 263ce0a058d198e904f83a337b92b2e0f49f37e87a48f2a39de0017b6a850611 |
| SHA512 | f42fc0f12adb12d391eb8610427ffd5abdcfbca6e8eb1a9af8b01914190d4aecca0003f17ed3920408bb64118ed8822a36a99890f151625d3ec2dc01e74a9a6f |
memory/6100-1176-0x0000021DB1A40000-0x0000021DB2E77000-memory.dmp