Malware Analysis Report

2025-01-18 21:45

Sample ID 240414-qc5rzagg56
Target https://github.com/Kacper-Kondracki/ShindenToAnilist/releases/tag/1.1
Tags
adware discovery evasion persistence stealer trojan upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/Kacper-Kondracki/ShindenToAnilist/releases/tag/1.1 was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan upx

Downloads MZ/PE file

Sets file execution options in registry

Modifies Installed Components in the registry

Executes dropped EXE

UPX packed file

Loads dropped DLL

Checks computer location settings

Registers COM server for autorun

Installs/modifies Browser Helper Object

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks whether UAC is enabled

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

NTFS ADS

System policy modification

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-14 13:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-14 13:07

Reported

2024-04-14 13:18

Platform

win10v2004-20240412-en

Max time kernel

599s

Max time network

604s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Kacper-Kondracki/ShindenToAnilist/releases/tag/1.1

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=E3876A6497394ED989FD4E6A1D7D0C52" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_sr-Cyrl-RS.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\msedge.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\onramp.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\VisualElements\LogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-mn-cyrl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\VisualElements\LogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_sq.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\fr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Trust Protection Lists\Sigma\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\identity_proxy\win10\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\pa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Trust Protection Lists\Sigma\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\onnxruntime.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\MEIPreload\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ca-Es-VALENCIA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\nn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-en-us.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\bs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Locales\fi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\id.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\vulkan-1.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\icudtl.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\new_msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-mr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\de.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\vk_swiftshader.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\telclient.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\nn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_mt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\ru.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\ProgrammaticAccessOnly C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 132247.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\Downloads\ShindenToAnilist.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\ShindenToAnilist.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3676 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Kacper-Kondracki/ShindenToAnilist/releases/tag/1.1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1ec346f8,0x7ffb1ec34708,0x7ffb1ec34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3024 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.0.615931959\353165994" -parentBuildID 20230214051806 -prefsHandle 1672 -prefMapHandle 1776 -prefsLen 21998 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5af3444-05c5-4c58-a903-5ae2b955c95f} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 1844 1f4e221f858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.1.313293619\1958590905" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 22034 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff36f44-3854-40d3-a1cc-b2a451eee26c} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 2424 1f4d5588a58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.2.2109223556\1242025293" -childID 1 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 22137 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beb47fe7-b501-44ba-a060-ddd25132b7cc} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 3404 1f4e5e1cb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.3.155986632\2032130624" -childID 2 -isForBrowser -prefsHandle 2876 -prefMapHandle 3060 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e9f08de-831b-4659-a69d-4227467128ff} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 2804 1f4e8908b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.4.798772599\895401764" -childID 3 -isForBrowser -prefsHandle 5204 -prefMapHandle 5216 -prefsLen 27617 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d892849-e75b-4485-8611-0677b466c578} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5220 1f4eaeda358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.5.1996584636\2004960465" -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5488 -prefsLen 27617 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b0fb8c-5c80-4e01-9d7e-22ac101a7800} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5380 1f4d557a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.6.1918195901\2048125614" -childID 5 -isForBrowser -prefsHandle 5344 -prefMapHandle 2684 -prefsLen 27617 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0adad281-aae1-437b-86b6-7ce834fa702f} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5532 1f4e84d6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.7.1047455603\221876011" -childID 6 -isForBrowser -prefsHandle 5896 -prefMapHandle 2744 -prefsLen 28041 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b68925b9-6807-4f9d-b417-f7522347ea7a} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5908 1f4e58b3758 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.8.2134020158\760839993" -childID 7 -isForBrowser -prefsHandle 6132 -prefMapHandle 6136 -prefsLen 28177 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2e71b0-976c-4d55-985c-1df4d26b9c17} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 6108 1f4e2953858 tab

C:\Users\Admin\Downloads\ShindenToAnilist.exe

"C:\Users\Admin\Downloads\ShindenToAnilist.exe"

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0YyNkVGMDgtM0M4QS00Q0NDLTk4QjEtNjg1MTE2M0Y2M0Y5fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezY5NUQxMjBELTc4RjMtNEI4RC1BOEY0LTlENkNDNkM3QjBCOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDsrMGpVbVllS3RaQUY1QzNnMjJwQkI1RjBSeWR0ZjFTSDdibndzbm9VK2ZrPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjE0MjExOTAxNSIgaW5zdGFsbF90aW1lX21zPSIxNTgwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{7F26EF08-3C8A-4CCC-98B1-6851163F63F9}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0YyNkVGMDgtM0M4QS00Q0NDLTk4QjEtNjg1MTE2M0Y2M0Y5fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEQ5ODgzNTEtNUE5OC00OTFCLUI0Q0QtRDQzNDgwMkIzNzMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90OyswalVtWWVLdFpBRjVDM2cyMnBCQjVGMFJ5ZHRmMVNIN2Jud3Nub1UrZms9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTI5MjI5NzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NzQyMDM0MzAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTUzMzc4NTAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff77da1baf8,0x7ff77da1bb04,0x7ff77da1bb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0YyNkVGMDgtM0M4QS00Q0NDLTk4QjEtNjg1MTE2M0Y2M0Y5fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0RCQzRGRjY0LTJFMzktNDkzNy1CMEVBLUNCQUExMzRBMzI5Nn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTY3NzgzOTMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjE2Nzg1MTQ3OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0NDU3NDg4MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFjMWZjOGZlLWYyNTAtNGEzYS05MWVjLTlmOTBlMzFiODI2NT9QMT0xNzEzNzA1MDQ5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWFTMHJuelI5aURTVkFmUk0xbUZ3cDBpNHcwUjBhZFdXRnFLeEdCTjhUZTlCdzAlMmJwU0NCaUNBWnJ0MWZ1UmRWcVBlNDV2aDBrZXkxMFBZV0x5c2ZkaFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIGRvd25sb2FkX3RpbWVfbXM9IjE3ODA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ0NjA2MTM3NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0NjIzMjM5NTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNzM2OTU2NDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDIxIiBkb3dubG9hZF90aW1lX21zPSIyNzgwNiIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTEzNyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4848.1764.13085542542836434609

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=123.0.2420.97 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffb0a1d4e48,0x7ffb0a1d4e54,0x7ffb0a1d4e60

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2032,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2256,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3392,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4088,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4912,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4752,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2124 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4708,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1244 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4940,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=784,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4416,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4184,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5020,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4684,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUZCRTYzNUYtMkRBNC00MTVELTk2NzYtNjEyMUU0MTY4NUNDfSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGNjA1QjY5QS0yNjQxLTQ2MjAtODJDRS1ENzhEOTZBMDI4NjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzMiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTM2NDAxMTY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTEzNjQ4MjYwMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTkwMzgxNDcwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM3MDUzNDYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9Y1RjTlUlMmY1Y04yRFVVREZ2Qk1JT0hlc0g5NUZId201dWJ6clE2cmRyZUxmamFRVVpLendKaEglMmJjVmZNY2FpWUQlMmYzUGNIYk5QTmZZNE5OaHZiNFNVYlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxOTAzODE0NzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2RhMDE3ZGVhLTM0ZjgtNGE5Zi1hM2ZkLTI3ZjFiOTUzODYwMD9QMT0xNzEzNzA1MzQ2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNUY05VJTJmNWNOMkRVVURGdkJNSU9IZXNIOTVGSHdtNXVienJRNnJkcmVMZmphUVVaS3p3SmhIJTJiY1ZmTWNhaVlEJTJmM1BjSGJOUE5mWTROTmh2YjRTVWJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDcwMDgiIHRvdGFsPSIxODA0NzAwOCIgZG93bmxvYWRfdGltZV9tcz0iNDkxMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxOTA1NDY5MzYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTk3NzQxMTk5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIwMTAwMDY1NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQxOCIgZG93bmxvYWRfdGltZV9tcz0iNTM3NCIgZG93bmxvYWRlZD0iMTgwNDcwMDgiIHRvdGFsPSIxODA0NzAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x1dc,0x218,0x23c,0x200,0x240,0x7ff79c1bbaf8,0x7ff79c1bbb04,0x7ff79c1bbb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff79c1bbaf8,0x7ff79c1bbb04,0x7ff79c1bbb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDJCQTMxMzUtMzYzNS00QUJGLUFDMTYtQ0I3RDcwMkQ1OTY4fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2NDg3QjkxMC04QTA3LTQzNDItODdCRS1CMjc0RjVEQzg1QTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC4yNSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIyIiByZD0iNjMxMSIgcGluZ19mcmVzaG5lc3M9Ins0QjM5MjkyQy0xMEI0LTQwMDUtQUJFNC0wMjhGMEI4RTA1RkR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc1NzM2OTIwMTAwMjAwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjU2NDY1NTQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNTY1NTExNTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI5OTc2Mzk5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MzE4MzAwNDgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzI1ODkyMTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzQ5IiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjQwNzQzIi8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iMiIgYWQ9Ii0xIiByZD0iNjMxMSIgcGluZ19mcmVzaG5lc3M9InszQzQxNUI5QS01N0U0LTQ0MjUtQkM2Mi0zREE0NjA0NUZBMDZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMDciIGNvaG9ydD0icnJmQDAuMzAiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzU3Mzk0MDQ3ODg0NzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezhGOTZBRUI3LTU0M0MtNDI1Ni1CRjQwLTEzOUVENzNDREYwQX0iLz48L2FwcD48L3JlcXVlc3Q-

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
N/A 127.0.0.1:52696 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 124.14.239.44.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 127.0.0.1:52704 tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 animezone.pl udp
US 172.67.129.15:80 animezone.pl tcp
US 8.8.8.8:53 animezone.pl udp
US 8.8.8.8:53 animezone.pl udp
US 172.67.129.15:443 animezone.pl tcp
US 8.8.8.8:53 15.129.67.172.in-addr.arpa udp
US 172.67.129.15:443 animezone.pl udp
US 8.8.8.8:53 www.animezone.pl udp
US 8.8.8.8:53 www.animezone.pl udp
US 104.21.2.98:443 www.animezone.pl tcp
US 8.8.8.8:53 www.animezone.pl udp
US 104.21.2.98:443 www.animezone.pl udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 98.2.21.104.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.11:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.73.139.11:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 11.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-4g5ednsz.gvt1.com udp
DE 173.194.188.138:443 r5---sn-4g5ednsz.gvt1.com tcp
US 8.8.8.8:53 r5.sn-4g5ednsz.gvt1.com udp
US 8.8.8.8:53 r5.sn-4g5ednsz.gvt1.com udp
DE 173.194.188.138:443 r5.sn-4g5ednsz.gvt1.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.188.194.173.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 104.21.2.98:443 www.animezone.pl tcp
US 104.21.2.98:443 www.animezone.pl tcp
US 104.21.2.98:443 www.animezone.pl tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.142:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 104.91.71.142:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 142.71.91.104.in-addr.arpa udp
US 104.21.2.98:443 www.animezone.pl udp
GB 104.91.71.142:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 104.91.71.142:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.35:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.73.139.35:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 35.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.75:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.73.139.75:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 75.139.73.23.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.4.4:443 dns.google udp
GB 23.73.139.75:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.73.139.75:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.73.139.75:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.73.139.75:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 204.79.197.239:443 tcp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 62677bdc196e22a7b4c8a595efb130cd
SHA1 bd2adf18caf764c8f034c08b6269d9693875f3c8
SHA256 b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6
SHA512 d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

\??\pipe\LOCAL\crashpad_3676_JBNLYMARIXINBMNW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 22bb6af63c7710354ac7070e45ac988c
SHA1 34d29d6b316e39ed8fb8c5efb42c4269040fcf1f
SHA256 1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb
SHA512 42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e456f73bcadee0d71b65d65e0107b99
SHA1 cd43d2275c4823dc7834607cf032aa780f1243be
SHA256 f123b59a06234f17800115972e3fe2add8784a6107456ea824bcde66b6dc67f3
SHA512 b8c81c1b5c89311825c5bcca835381ccd761da90c7c9fa5f72c00ad940cf05bac6a1476bb233a9f9272db562d9b42e1dbd4d042bd0367989203a63b4665b39ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f185ded713a384298cef3270c5eccb17
SHA1 c2bb5bc860e97ee9669d907c4b47109f6d86a340
SHA256 29aa351036567009db707a649b06c101b14e43ec035ba1f5041181dcf2502154
SHA512 77a3f9242f0cb5869d641e34f2da0a77940b786fc726c99f2436a8f0cd801ef12b921f3dee885fbf5b8a9fe718f8669b6b23854d0afc5591b72aefc28ef648d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 41e8f8932f1ab57e7041868dd105cf36
SHA1 1828e044cb0ed9672a3dd1925b9578f84023ff62
SHA256 ea0ec3bb7e8b03a82fac7fc353da5ae158cde1c5c87b53dcd9e495d106ae20cb
SHA512 db747fc7cb1603959820391441578310183f6a6972c90e1e4b1cc156f9bc0ad4adf030d3c27ad6efa5d4d71de937aa447d0b9e001d5cea6756d0ead8d3a48772

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b0ed6ee33bdde7ff3d998ee8d1c0abc9
SHA1 700765ddc0a1085d5a8f86e51256c0065314559e
SHA256 5914c8430d3a31067380337a7d74438b85ba847af038a333b5c3cf22f1d90182
SHA512 85650b47be999f4da3955d3eeddaf7610780ebb42dbb28f907961f0729570c6d269739bda749a63d73390fa1bd3a996b14355b603400cd6dc4d4bb1383f77951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 06f005d67a0adcbe998245ec22ec4107
SHA1 3f8acb10af293c1794fff1e0b7583570e73f0bb3
SHA256 78777cb4462197c8a1dd43a68cec8dd8f27fe504041ab45cfa41811aa7215264
SHA512 21221d1c5048eb8b55bda2c545a7986f14dc60cee42e07a61e16cc49d3ce170e3b79ef5c81a4190589ec920dd8454d90bfecd28b4c47a34a37440c8753bf5d03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 818dd58e7a3f28f52c521c247ced7e84
SHA1 cd19374c782742135ec07ea575c16b0bcdcffe5f
SHA256 445ced3213bfacce5660dfafa654668d2eb731c7007677d0debd3758e21873ed
SHA512 f1906498656f11d8946b4dc8ab426301b8a86b2992515e8b6f8b5964ff50553500bfd279129d444a3664e7d343dc5c2c0a9772a1d34d53aee3eab6481c85508c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5807db.TMP

MD5 50666d5ac670e771f78b2016a5c9907e
SHA1 af6d68cc26f4401ba061dc1186b0151510003218
SHA256 272c267eaca52e530ce0d0ff97ce3239085b64d160ac0c3c6153d6cb60f590a4
SHA512 75e20b6d15333082f2fc8f6044411e08c157d581cf2a13356beaae4b0a0d72a66161399aa1527229c646ffa7f324e8870e8faabace9acd5b07a4961980089534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d708c7453e1a8e99c8bbe21e2c4c4b1a
SHA1 a6028d47299ebf5fde1cde7d749cd1311559bd61
SHA256 468998dbc11ea82bd24ff7fc95ec0d8990c5e72cc8ca53f963111950e17bc252
SHA512 ae6008b0d819a5ecbf7bd47013f06589278aac905d6c4ccea1402950a0490e9edaaaa78f004b26da27743e308e0170ec36da030b62fb1ae4da7412454a32fccc

C:\Users\Admin\Downloads\Unconfirmed 132247.crdownload

MD5 d57b93f74b4ebdcc11b22053b95cedd2
SHA1 76981a5512bc11f9872ccdd24b0bbe02f97c07c1
SHA256 efb5732f24026305dd9c4a2ddb6519ce5028c2b71a04c2dd8570478a03276f1c
SHA512 73aaf19ae4db48ba0454574b89dfd331ba57a9cca4463cdd0d04c138746eb4f007d9974035595de8d8950d4bd852a37c7e8730ee3420c8d9ae5747ff77fbab02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d087f10ceb7134020bc84384b946d421
SHA1 3205eb8ec68fc832f08736c79e7a9f98091b00b5
SHA256 b4b5d95a0b4e8df9a4b9c4ccc0c59ae91e449b59b8957874db9a3e6472cfd80a
SHA512 45e06da1300f0565b4c87c87c1b2496d68b8a9d184da103eb484cc2a157ca41357951939106fd56d9ff19ff7a225b2e65d2cdcc4c27ac31d0b1761319283f31f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 600fed44a395d6c74b386287c90964af
SHA1 dcb2537f7821a403f1814f49e04598d4b0e3c01f
SHA256 f35d15101e00b3515a544dc32aa23d317f3ecb96bf64d8ea1a10a901cf2853d2
SHA512 f2f53f8f0b6187db224e7a907aa9f5ab658ffaf7e925192705abf39fd2764dc056858809a89142424c98ca029e5d0f5979ee4f5b45a418bb79683bf08dfb5644

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp

MD5 c01b28d76d1f0b90b4ddb64872434f6e
SHA1 49cbc63ea61097e6db36e569c319c71e1c727ccb
SHA256 28effc846841e517058a63d8293ae0fa97f9f19c79a5305b4c4c10a9cd6f8651
SHA512 11ae2508e54a40196bac218100d7e3e56f597ecd78be98cd21220dc596bc5f160b9c6590e08113fa43e969b5748a4db31f13ca740def08effe9034dd38a3b887

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp

MD5 907e69b3b9f9e8b4e8ea25db264144de
SHA1 74e6afe494bc926cd66f0b44a0a1b1c15d609b92
SHA256 553958d77c8a97197075dd7800dab21d151f2608f6dc99e58c53e0a102a80b8c
SHA512 64bc944d57ab5d2476df9466c4b1240ea5f8f5cc6494fc24f92fd2cf5e748a142259f71d0b5d695b84bba1d93f1a6951eac514419f9b815d3d4e88ea2ec3c672

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js

MD5 42d698bf07ef7f5b1cb5885d27e9159e
SHA1 7e1b0602397124945a8e56f8eb6995ee4a35eaca
SHA256 821882bae4c7103ceb19171870961b3576602239368e00c9fa865118bd74737a
SHA512 759cc98d2e99f43467d3cea771c74751396066df7807714734234cf8e7f61befef8746f26176f5d8390f752522e016d4cf83574489c682ea0a822c7046841252

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 efb82827971564ad7c6f6ab563d8b363
SHA1 f361f30bc3b503739eb6fd24dfc1158518f02289
SHA256 bc19145605b59680279aa52fb563c495bf20a7ccd21a98ebcfc0151394b35261
SHA512 f818972abab51f127bda02f3ddfe3b0c5f627459d252cc51ec3c6879ce10d90b49beeb8b5f26368189d0d36f571c9a78dd60056e88847f530a164757435f1add

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f8225a4f0a6dc814fb3e6e0435d7d6c3
SHA1 c12227ae1c22d22382317d05ea5b07f3c12c4a40
SHA256 466b469cb5fa1f82df44bd5aa876bc0453c42eb7e11e57f4195fedd1638136d2
SHA512 9f3fecb8b8610303d4e34829601ce882f0e87a18fe4cf1407e5768c3a4cf1dad3ec12363507039bba801604606efc61e8f56fa695275d4d6c8642dc0c0da9b7d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js

MD5 4510c9fe5f4678c4dd3530331684ce04
SHA1 2418728c952884d4653750ed49aaf40bf785b8f2
SHA256 fae6def1d5476a75b1d614cace5456a1b7745cfc34bf222303f66f8d82450e79
SHA512 2ef246775ffa165adbf1a5846c1823b004ca246ff26f31759547fa7592f9d67306dde247663e140e519af187ff5949ac6fe805d6eb774f0fc1a013b47ca497e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ec0fea0ba077413125371cde7ab66ab
SHA1 834effcd2d568e0f05797b554ca42fb533dd7750
SHA256 8cf7f212d777028ca2f60a5d3ad6895eb7fbd91c38bdbdc0849fe7e482fef6a1
SHA512 26f2b51bf0436b79b030cc161c02dafccc70ec803904c72109fb02340a079c7adeedf793b6191226cc83acfe6f520114a28dfd046c5b27227d50652aafdc5e15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 be58ccd297254523bd3c579e0ab89b6c
SHA1 8278731745612610d49fa52541bfd84c6d5b407a
SHA256 effec27d3989afec042c457c71c409a0f858f54ea91a199c3742c343ebd95d11
SHA512 c34a104b88cfbdce54b7b1cd33d372a767086e37a7586c51c56b9358265111e4f379f0d6b1056bae5e831758efd6cdafb9e244214a44e1bf8f55650834948b48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bfb0c5d0ce33b4ac8e2e8d4b2fd4807b
SHA1 25a2ee3e912508f1ee91848e362aa45cd858dba2
SHA256 e6357653526d11b6aff873730ab05441eda5f48897189530fd9ca42a4c3db8a0
SHA512 2db982c62b726b19ca547f734a6615fa4ee0236da9a45779c8a8d360f633157631375a170046b844bf8ca04dd7f8b019a13f4d3326192fd82e152252c7fb7603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5765d2f6da4320a0aab21e0da3f2f054
SHA1 a9f8eb381ff68ead7316a1dcaa298d50ce67f66c
SHA256 783640604c60acc12d08b300723a3ca872641c204e975cb01590cc2c36c498e8
SHA512 f9b270991fc17d394aaae75a6bd5cc8a31da2dd2d568d75e03ec3a7c7d30524bd200b2dcc426a9c676b6fe7176160cdcfcdc1adffcc0de3b254c484783220475

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 68a75aacdd68d1f92bee238ec5792e9b
SHA1 1221223a4af46c15ec514a42355e8cd34d6a81b4
SHA256 c06d808dde844244223e5a1e1c0d8d6b88c170f8f43f4c314414bad219f48932
SHA512 26c495cf1d66e539ef29aeebd5cd46774b8e8c4f4cd534c96e822968724705fd3d72b186ac310ea32441368713952fb7c620f73f88d2355434d23e5b5bb1b893

memory/4848-641-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 92bce50c10f9c51bd54a823ea5b78f09
SHA1 6fea579a6d46fef9b40d062220c6ff7034d4da8b
SHA256 00f4eef86d9387b1c2c4b749724c81ab03bc45f1fe4cfed546af60e5bd6a9f09
SHA512 5add5b74b1dabd17b9108da9ba2bd945f67e35a0772098d288247ac2a97e46fd6c51ac2f36d3a2004efe8e49873a5216b9e8112d4b421dc1a722176f381b28cf

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 8b9812ba27e12c79319d859e97955ca4
SHA1 3cb35ac811c27e7b21b381dccab55517609190c3
SHA256 a63d59b2af0c7b2be6984280386042a230dab928e3b426d51a0afb2eff5f98e9
SHA512 8312081fcca20f1d8d393ea2588c2fd19830eb9b36700ec8bc541cd25c4c2046008f3eec07883056956adae5c56083d43ded74d3122d21555d1e43a9d1ab5618

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe

MD5 24e62a7c8d7f60336e60c003af843a87
SHA1 9576d1924d37113c301cadfd36481586cdef870c
SHA256 43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c
SHA512 34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdate.dll

MD5 c1c4e3a4d49561dd0f6bc85f8062530d
SHA1 5394c3a4a2601a6bf7b06b5ae9119a3f0c95c974
SHA256 e9f1d362867beb3a767233de9d5af3a6e2762bb0627f291c6cb8f9faffb922ea
SHA512 0e7f6d2a29c48d99fb417c630287d8d9e9f0365f1c1f2e415f0fc64e12e577c9d4e93bf6573a589e88c75a9dc6c5758fcfd970588c3d187621f8aff8e5ffc5b3

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_en.dll

MD5 f5f1ed2d55637a183674959e82cab3c2
SHA1 9472086a62950c6b40e1ecefc1fda4573e36ef3c
SHA256 cfbe36dac5d40f221f377aeaf2e983dc76ab3667f4672676a8fb37c7bd4f9fbd
SHA512 9c4635f791608f815e359ce49f7535bcaca404dd4932efb23f638bc9900cd77854b1d38b5ca60e5dbf3e252cf06bb179b4d9a77368b524233117f48bef345013

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_is.dll

MD5 07aa8bf27778ef275b4f7a5242eede66
SHA1 386a57f02a521d373466eef276d59c69409d6854
SHA256 60e6e4cdcb2147a4a516198746adba553bf9da839a2979222efb9c4220399ec6
SHA512 2e529fcbed1418bd2ac674e21d49636af0e7aaaee4f2a63bc17a13a19e43ed9c7c55335089f3d73b232ea911ba384639696a33b603e2b5bc0857875ae78c8217

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_eu.dll

MD5 7ee4925d3b4e4116b0b4d61a03ffdc96
SHA1 7f6e1116374314527100ee854ef5befcb962ce77
SHA256 99fd8800699829fd0ad767eff54dafeb913a6261ccb5c31825fdef6835653ae9
SHA512 c6ef896870d427fc2ee783bc38b187fc5485dfa9c29f14f4b044b060f2385b445dd051c83a9412d3fde79f929755239061ddcefb012f8fc38ce257c87dd9a8b5

memory/4848-775-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_et.dll

MD5 28777e8a0de15e07d365f375b71796c3
SHA1 4f3231a68e7d4817c5f6ab20bcfbc208ba63b6ea
SHA256 571aa6917ccbfe221dbeeb485b9f9b358dc2b3ec72271854f880fbadeebc9665
SHA512 87a14421ba72f5255d568c1be6f8e108db587525909ae33cd84526714ff89a3ea2bf9c9a78c11718fc3f22c0139ec2bb4d9cde2327cfd4a8dbdd51e992d7381a

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_id.dll

MD5 874409f9bd74f4238e02a15ef3a21d94
SHA1 5e0336c6717345d102c4b58032e43e2a316e92ca
SHA256 77fc8dd2400150d098583ce867fb98c5beec0f0ea72542418a8a99451af12fe7
SHA512 4bfda3c743f435ad88db71feaef1a8ed9706adb255d68dedf7704af618476191524e0d9fe19b2213542ac9413f05d4673eca1cc94b00f5d4191868b59e063d5e

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hu.dll

MD5 23a61f4e352d09431c3e6ec05522fd84
SHA1 c663b459ce508255cc7b09615520142694526191
SHA256 65c0d3996fef2d9caf87e609fb16173c1b35a691a71d926ed3858955566be3fe
SHA512 4ec261b2b4b32219eb168da8c247152a1ea4139e577974c0ab571ce84301fde030cc5c3fd554ab4f8dbfba9059be51b6ffca4eef996d5782968cbdf94a474133

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hr.dll

MD5 a2027e9099d943f12ca8a5b6f3f216d5
SHA1 b9060511354ac7204df9aa441fb084886f135034
SHA256 c74ed61b07e5120798795de86695b8b80255f3111b77836f89820df27dc09b87
SHA512 2ea7d141b568ac5df1ba6ccf2af3c4c4acef080763e68e3f3e2b3b3ffda9deda93fa1b9a4e19541afa1f4cf2039b576df23ff98c68d96213944d4f942266ca44

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hi.dll

MD5 2cdd815eca87eea8363d7789cbdd8595
SHA1 3dec86ff3c88b96da8ebdf340d149b775f84880c
SHA256 0150d75f78763060d4b5b00e1cdc87cdd6398fb42666da9a733c8b708f3f53f5
SHA512 3d66a2b955cc31885df66b9ace4f472136ffd94a00ad769414831f4df66e5f1b44b1d8787e781fdd2ef4300ab0e03b4ecd638f46e39958df7a12281ad6812fcc

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_gu.dll

MD5 80f4ee6f0158c5a2f50e90ab12051ef3
SHA1 4a0daef60adc57559bcc22a5b071a0609de82b75
SHA256 066e0e6f67fb92785002e0cfdc09777b330c55cf8d34f9597ad45aa5c2171849
SHA512 b6cf12625f54bf1855797100a4fa3a5fff0e4c6fa8448ea78afdadccc2639237b34a4b058592a783d5918bdcdafe562d8e8bb59fdec5bb90f3f356fb94e70432

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_gl.dll

MD5 75c582abc6e13902afae51da71cdb3ec
SHA1 0f1813d9992209d9fe60bcafae8f8652658832eb
SHA256 587b4af55922cbf961852d0a9234c77eebf0ded6e561b18b09bdb2b2d8b2190e
SHA512 7afa52772caf93df7cba83fcffb8b427860dcd92fee4ac732f42b5db11c3c5ef086b212bda555cb095e23d89669e0e8a31c55ca59d9b00e564c5b7ddc43de4ad

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_gd.dll

MD5 6feb8258912fca8354160c02d70de767
SHA1 d04f918370da6a637f5a032c8bb616ab8d0d9b64
SHA256 6b13e8b6149be225e7f35fbccfd84cedeed9219f06b70630db6bf4be598fa25d
SHA512 f69ae204b6569b1cea77fbcaab30d556d325fd18989a347837cd08eb669dbc6bb7794820cb3028f864be7109af84c8532525242063fc2d1901f588fb458dc02a

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ga.dll

MD5 5381426201e98d1e6efd86d24e341f62
SHA1 2b2df88be65d0512e140931c2878563345c77dc0
SHA256 e3f7c7d612945fc79d2e47872898ae3831d4bcc73bed8d24513780612fbc0523
SHA512 9e6aed7dcc33f7c9e9a888da580c2d1e4732e3a61a04bc7e682c11aea53391c82d849e341a98edff7d4792b2d2f5f0e61730d12e19fc5b2a77a5a1087c2b9fab

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fr-CA.dll

MD5 30c5a417363b47f3a58d08e44198dd17
SHA1 1e979631e34cefee21b8a0e0aa22f4dd6e30dedd
SHA256 1e76475df6a8a5889f0757584787112745a3775c8dcb04257a4ec0a2cfa58b9a
SHA512 691e25436186bbda91b471b5451d06950943e6efe653362be50a3f0d21f341f4b8f751c617f39ab04571d92ef93c04b9db04192220173b66d879cbd5128f7287

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fr.dll

MD5 46b4263a73c35d717d65eae93c781f81
SHA1 3f8678c63d174aa8289d20b7f821a326c33ec07d
SHA256 88661266d279b161264678af48fbfbdcaf28b1f8821336b3fb16e2126c5e5e11
SHA512 3453b80619277b9efe19f2302a2a2c94372ed2ccec2a01d07741fe037f64e93b281757669750db8e6cc2efdef96b0eb1e373211da51ab887d8f0eb748931cce6

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fil.dll

MD5 06fc13625ead1257583224eae1afe1c3
SHA1 02f3de2d81c4c2868a73211d8096ae79c506d846
SHA256 ef3f30691b45838caff42db92a4d6cb8857c8c36ba4b3ed9bd600bae8dc0fcf6
SHA512 b2fb89890c6ebf54a325bb1023194f461b532f94113b3ddbe337aa556b0db38159643c57e41b121b3bb21c4e547bd3e89137462a3fa29608e0dbcba00aa9cae5

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fi.dll

MD5 73b893cd1d2d759f98944e8809db3ce4
SHA1 70fae4564f9eeb3c503a13eebbcbe725e9c2caae
SHA256 bc9ed2615e5e6c185c20bbbef898e5ba1543b6dedb15330080dc41e74a0a5df1
SHA512 255ef2552a35cba6fd41b53cebee1b9749485017a053668c1271aaf0056bd08107dba6c842a926c83d78472c92aa92f54fbd84678557dc911d20fc190ee242ed

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fa.dll

MD5 f1e551e10354047b68ec1aa1b36327c4
SHA1 417b267661838c0626a74e1232154d8245c4bb0c
SHA256 171ef4f700c8bdfe146e9ac7306c72b7a41153796d23e526aa6852a150207463
SHA512 674ba129c8e1b2d9dc57e77595a994afd8e19f81cff86dbd749c855aff1ffec9c7e9920e1d45b193d83ec6f20ee4fe5966415006a0dff357b471d97b271fa067

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_es-419.dll

MD5 67ca727bdf1e5fd6686fe3e6c1b1d43d
SHA1 d3ee7ce26c3b1eb4e0fcd5af6f83bbf3c949e8df
SHA256 c54a461e2eeb79d7462a4f3810f720835a2827ca752282c01520b8fede5c65da
SHA512 68e93cae35433f27593f92d1741ba98a430c6a408394de4f10ce0219fe8213e7878df71747c597c7384660ed696e35dedc08a1d15d5175f9b781fa70d92a3dfe

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_es.dll

MD5 4dce98d8ab8857371dc4f787c77b91b7
SHA1 9d8569edcb1af0e122e5293495f94b388a3c6f3d
SHA256 7b79d2f66bdfea60aed02eb60f3d28d396c23c147e1d42f3f10a82b5d3afeb47
SHA512 6f4ec5f3fc6f5dcc77d2e811b9fbc4dd00dd15385739888e81835624bbc5e5d32c11eb23bc5dc4e6e9c2b66c77c923efd7edb81f9d8b88b446ba244455881fb2

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_en-GB.dll

MD5 985d279b815e130a790eaecd697bb5ad
SHA1 bed21cdb6b3983a86fc7fd3d4e0bdf2a7690807a
SHA256 22a5f81e478dcc8d54e0a0ca10a66ff98117698883d9fbdee36a110d6554f14f
SHA512 018c9dd127a8b8900236c4c10c7770384db82946f6f1646878683960dee06b150558e52bf55a8003e7467eb9b1359d24f081539c644b7c11efa5e661e645ba4e

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_el.dll

MD5 2c1b44a6c27b8510335dfe8c22d01840
SHA1 e2c291fbf5a709a7a1e3c5ad507fcecf25e11554
SHA256 b15d11ec96c712d102125d2e1de19507889562f857910e6f76a400d412c4afe4
SHA512 adc4171a9335721c13d9d4c71ec0eaa3e873ec1729443b258eebe9ad723380bbf3eb912415f650ac3c8a13d31b658acbcc8cfbbb6fc6453eeb82b619a35e805d

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_de.dll

MD5 642225f16e2c841a23eb51dfc6e0e1f6
SHA1 bcb8ed686351cc56f8c5c326b1032eea7e07c4bc
SHA256 95643c34f8ba13738ad3d19a4eb6cd52eaf39f55cd46b21e148627866b4ea30f
SHA512 d9fe06e5a81dbdb457f93435966e4321c1b0020e68ca0c466d870e599206a9f1b245653259a051e885cd8b88117881456d248308d278af86e6b3f75f41918b1d

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_da.dll

MD5 bf382a14c9546ca8a6311f6b5df66d75
SHA1 10b61ba1e20da2b1b01e760caaa179256aa844e8
SHA256 5e516cb414cd8adf278cdceb2ae537cfd7c49c277cb5d7718bcf97897350ce70
SHA512 0172c495cc6213b073056dab89979a05ae9eabb7a04d2cc7c16206628f7eb98396909a1914055575b0edde75e53479739c54eae1b9282eb96172930ee10935d0

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_cy.dll

MD5 6ce4b22b621bf021bf79117a13118280
SHA1 1b35ca44973ac7bbdadc4d6f3d160ab15ceb47f7
SHA256 7aa813b3bb3fbbec5d56da83d5b1db923be9c365511b1b02588336213fede938
SHA512 f8deca730042198c2b4fe506b6ef1af62b0e1dd1983b9e92e8d4247027f30d07cec7ff097a8304226ff96cdd528208961754d33403f20463d0b6802ade2cfde0

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_cs.dll

MD5 85f99091263667f3b5e10ef585c6e31f
SHA1 de83594f08a9cf2df74b4100827d2a68d0304961
SHA256 c73bdd7c4c4d89f9e0c6827f4f2feb78efd4cb047253aab3cf48412b9a78fb7a
SHA512 272d8d8e45c5c9d96af41431747b09814b11ae7b08955e598b07f639277cfee8cac11455db43530d78a85ecb095ad83a8735d3e80f0e745629b0091fb0b8a2ad

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 97dc17c19ea5196783b2a20ce423697a
SHA1 693744a6f679cb111fca1134dd5efddf90b4b13a
SHA256 05b78e67f9400c654ad368d3e63b988602cb2cb89ad486ea340bfe05acefa040
SHA512 cbd980f7a99244bc47bf631bf6e661adece2c5d3f998172cbcdef59aab9cedf8226f15222cc9d96c56153c08d2424de70967dd96b76ab629492e25ca8660c974

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ca.dll

MD5 6212f397ffe20c6cef27ce0ff4fef439
SHA1 7910895fb0b9ff6f954ece32aa069507e6914a45
SHA256 e94189425823ef69f9bf1f3cc133c23e67ad46419cc455a21d4090bf73a11ea6
SHA512 5f04d8c9bd0269ba87bbf4b6a8af07ba426784c08b0a88af4fda3555e1c4e192b56db3c6f0214433fed23675ffde8b0590e5b39bd6b1011c2aad71599ec47ed5

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bs.dll

MD5 c7fb8690962bd9a9051cfb04b87d3ec3
SHA1 d843498bbc3ae01fc0f0fce13160db723696767b
SHA256 12330d302841d37fd8bb5b74df7d454062524fac88e954041ce485ac818122c0
SHA512 ed074b0890e5cfc2beadab8dab624687f2838ecebafc3da760e248c315201d2230ac6197e016ce480e1798d34e6bd2329e5bda2ef2d329207f1ed7f9d00491aa

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bn-IN.dll

MD5 690f6eaa05e17f94ef59f988f052a4b6
SHA1 a3703cd237aa460e2729657a339febcbf8b8a863
SHA256 5a6dd9d9fdf372b723e8043881d4c39fcaa4f70c838fefbfb192f9c11b18fdf4
SHA512 47aa48f8de124d928c0b5d7f635909b3bbb6e640da67a0f014e00c238e06b060540b98a99fa51c9ce1c37baf9ee149502e05a753a25608b00ec7da39526f88d8

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bn.dll

MD5 93a91259d51cf1260bcea708c44319d8
SHA1 2d76d5f7afa1be815838e1aab109973006e3d0fb
SHA256 a1ab052c365976ae66b6b851a2282636c2c1f1b838a929e761f374472f0bcc55
SHA512 8c3d7bf11796adb998362343399a85ab5127f36f7ce64d575cf9918724e09a21ca8cae0cc0123290db5bcf6254a7b10d979ad0c2a7251c43529edebce85279e7

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bg.dll

MD5 e3d3b90ed17afc3312b22051de516aba
SHA1 6dfd177bda02980ddcb21459969c8d21b4a42df0
SHA256 ee36812f90b3a1b5f72c512d44d312dc0d72404d98222bca8ea27ccc8ef106ae
SHA512 dbbe7499f0218e2628c357b5195e1f19349e79c53309daa972e294b19582c86d91a23b642c3bace74b0b7d7c94920931db7548178e0b7324feb29b0bae156a70

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_az.dll

MD5 af0364c9356845870577374bc5609ea1
SHA1 be464b53d5dc8a31a32bffec2413081a330f0170
SHA256 813220adb207a07ec609a757a10217bccf22bd3742e3ca658324add81849121c
SHA512 68fecac6bf4e00fcd5c6c201c1756da13a3d87e4cbfa64fd2d1ab986bf3124303724f5ab9576bf33542d8a0f64d70069becd61182e4c6ab46801fe49a2e5be93

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_as.dll

MD5 7310b6ae3b95e9a1ca5b60b3fbd619f9
SHA1 03fd7d4d53fd38cc8b48d837d5a43788a6bd8ea1
SHA256 65dcfc983496529b89c575451c6a897b4491f886783228526e06417499b124f9
SHA512 d012d3a27bd7ac166c3ec3614423b89216ff7dcb165d99462f01ac204117fb5afc525d448f8c250638f0ee11929e2c5be61447f83089a4cee9cdd26459656687

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ar.dll

MD5 b06ae2aaa639338686ec4f4445173ae8
SHA1 842f67cab1334871e81e6428d23827505055a9bf
SHA256 7e0fbc3af82b58dfc244d17d18335fac1c7e72d87d9593a359a2390a241450a7
SHA512 4b8bb12b11074ce21314072577a7172dec62926a7a628d6526db46062354ad23c2e76b2dcc93e489c9ad17bf2a1b3782d155193f1ea24eb50c8fa551d40486bf

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_am.dll

MD5 914899c76f15e4eb33455f50f60e9e25
SHA1 a66113325b547638824d5fa020e4b1eb0c3a4a96
SHA256 5c0b6bcb983b3ec422c1459802c993219b66318e8b69ffb09f07ccb28f607ffd
SHA512 ee2699489c6496d9db21484771a957acff27e39f2535d74f91dd352432b33ff15581ce4d9023a7ae273b7f2d8729103c5c06859e6cbcdef2c6ebda32ebfca3e8

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_af.dll

MD5 bd6f3d4a46abc156e47fe0d6c312a203
SHA1 dedb517b1d75993df4d7140cea0a84afebbfb22b
SHA256 5294a6e08b6f9818e89931eda4a0bd4ac3949c3f17ff036c1c5e2a6de8df458e
SHA512 bee57ee4c14d4c93a125f5219894d10f68982e3f03fac8acc90f2f9e159553ed82aee373107d0ab3b6d5aac2ea8cd58ecb0138de8f6ab28d5d963c28d0d84039

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 e0a4142f6fd7098661dd27f41f6b51d3
SHA1 b92bed61c6b66f958878f498d4e7bb3d23e8975d
SHA256 52496289bd868f12474d9dca3f063853923f541803388b427487ef63f52c6e8a
SHA512 42d071c4990cd2d5aefe53ba91cf0880810a003236675d7f251588a507d2654db332b940962479f97811b7b83f5f686f5ff662df4ffa124552fdb0a1be8d1cb5

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 8200a55843c5c0da5ca8e01f77038bcc
SHA1 cdf2588a010fd6ac5536f9083076c480e05eb43d
SHA256 098eb4c373a48ee49681d83f9f03e3701f6dfd5361b6a071242ca23b3162ee96
SHA512 10780aa7a9d2021f7dfa2273a641f64ca37a941ec5ef08486becf2422e76382f424f9aca03925adb964e2423322b62ba4ff87b4ae8731e7d5743ac82e33b75f9

C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdateCore.exe

MD5 8f559de7fab651b2a31caed79ac2600d
SHA1 46c7ce06e6592c391dfb54634b5caf136f5f6d7f
SHA256 a1b818b507c87bab9e3b4643ff68e6e35f05872ebcd1e8075a68a4cc87650df6
SHA512 e975ab0175a363c56da03e43730abfd0dc90e14a486a0f04ecb40c4f2279eafd29254ff69748930d102fb8480bdcbc86611105fccb18028f60e7b3f451c6a69d

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 ffa9da210de0d9767a3c9349a02f7288
SHA1 b7f4b9339ec558cce2ddc443c6bd263543847810
SHA256 f8a6dfa81ce133a074e322be14dee5b823fe3e18b08366895b75291edaf5e4f9
SHA512 7e0638daf547c9ddd85578137a17a61737f4e91d85f1b7aef83816d758014b5f823b5d1d090c0875d4efe351dc3677408eb53187fd574f312e299e27f3591eb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 19753d7c8c05831894346f4d3d3b5414
SHA1 6c15f80e4f7775d0d70235797ab87fa8f2f38c1b
SHA256 8e3bbed324570da57f9f0696820d173a2d44925f1e1f4b5602bac02092cda313
SHA512 f1776482d642cbf793896449303ffa54761e88a5e9db786376ce1fd344b3b7f09b2cc8af7f51bf78a393f2df090e6a4065eee790dcbd3b2d5838879cff730d03

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe

MD5 300df46436ba5d076b227c32967ada91
SHA1 de9d47ef0c61fb04b7309875e2f03c8fa37d19f4
SHA256 1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b
SHA512 ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 b2cbe749a6b1b20d2027a64e293d251e
SHA1 de68b9e8513b1d082757d962486379caff1f5638
SHA256 2df8d24083a5482c9f30a9f66d41599ca57ac8699e3cc3b6cc66e26b484d832e
SHA512 0ebad18a4e1ca7c8220e459d554375a136acb96bbe6f99b16f2db76458ade2d316eadb3e515545189eebd46c8351c0730e153c98e8e481ebca157b92ab13771c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cc2b0b57661141af2052919cd378b1a2
SHA1 d9e1f29672b6dc579fdd5a2bbc08bb4ee1b0e6d3
SHA256 514c75687361e3934dfe9c6852e86f52b64cb4940b9cfc60fd5edffa08980734
SHA512 84db1987021c9831597f54aba9e43ec7ab1bca71b83a36a1efb707a7c3f22ecc0c0002ca7310b65603d3af512500d1541ff7f8470733ecd3c134514a370db33c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js

MD5 0e1c0a57c45215d9a9cc42d671a241a2
SHA1 f00d6086f415597c88d9eea7940bf3d6ecbbd641
SHA256 bad3c3a1222236620fa6551965c8ac77e874bf1a4da7350c2107740829a9df66
SHA512 8f0eecd35cd4628e56ba26eeae5c643bd70c681c448fad7a0815f7c0ef06f1a5b70d9e93f418a4eef5e1a48fb0e956cad956cddd86a6535e5c0f6344c6115251

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 259f9a3ff222abbc32b697212d085b08
SHA1 84d804274bd8314f2fbd31e1abf47df5533df37c
SHA256 e3f4da7a369a0eb98ee7e1f9caeb6ba79766d7dd654a3767e8f293202bcecc14
SHA512 989d09b4a79556faf51241e9056aaef68bc741c665ef526bde19a4f9c13e9996a56ff4c20c924ee28447fc73d4ce986a2bc1442a2c0222234702694bff2e2c13

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe

MD5 31ddc9e1c11a44b88cf96c45b3551ffb
SHA1 811ccb9706f656e29d089e30a2ee1650302394e2
SHA256 46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da
SHA512 67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8

memory/4848-2855-0x0000000000990000-0x00000000017D3000-memory.dmp

memory/4276-2870-0x00007FFB2BFF0000-0x00007FFB2BFF1000-memory.dmp

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Crashpad\settings.dat

MD5 6e6889e334dddccbac91ed1c373aedec
SHA1 dfbfa76748fb9c2d0f8dac5738cb8ad84aac741e
SHA256 a30d6db9bf88c87cf15ea1cd8ebf922ad2bf225e2c629700a9e42219dace3297
SHA512 6f3a79f9ad02c932e6ac80a39d9f8b9e215c49f6b48c87d2516a354577428f971cbeffb823197e9e553075621b996451cec2395b29893f33ee359228c26c5ccb

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State

MD5 9e1d24150c7e6013111504224e661d35
SHA1 70f4c2c411a29dc3c9a1b34e7b96adbc8c2e9b02
SHA256 45e23578b57271dbb49ea89116127a31e57645e4dc0c5a3be0ed0ca6109750b1
SHA512 16214c4949c9ce6ccd1e0969d2263a64c1481a6c7ebfd03022917d00fd9422d55c29a930db915a66af848d21f4737f55490a162cf1cd8429d6e6bd90ba50a43d

memory/5348-2910-0x00007FFB2D0E0000-0x00007FFB2D0E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State

MD5 a9d8da170cc5e7b39c9c37653f34f6e6
SHA1 e7fe15d3526267c220ff8b0e6c53ac3cac9f4103
SHA256 2abb871f29f0c5bf37e458db336f0dde48a7449aefa460cf7f2d5ebdcd0b3e84
SHA512 6343be8df0413aab7986b6ac474c930c80d5e304a4498c8b7262e29a50b41aef5a125eed448478aa50c7e7b94577788c73137c0273a32b3fcdcd5bfdd35bf99a

memory/5348-2907-0x00007FFB2C120000-0x00007FFB2C121000-memory.dmp

memory/2124-2934-0x00007FFB2BFF0000-0x00007FFB2BFF1000-memory.dmp

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State~RFe5b2622.TMP

MD5 7d7bb2f4a5e31fb74c35fa1895cc220c
SHA1 2ae45cf78a850ba1e5766bb7fa435f29a8718a67
SHA256 cff57a69e8b70bc8124e86dbeed6f9881aef152288d344bcb65ee9a9071ed6da
SHA512 e0c0ac85d92ac9b10485dd8be453609f586eb961c66b7e06e83c0eeadcc389cadc24219b12f3d23156489f90557f317cf13bc1f970ea28d994bd1ea800823f5a

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4848-3021-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State

MD5 57b721d86fa790facca83d65d4a1a6e0
SHA1 79e626ccf6f52dd8bbc06634e82499c7f0369f17
SHA256 5e359b68f14f51029a2af43de60ea860abd8cb759caace7d5e4a20788b7488ac
SHA512 76e8ebd2a3b75782ac6d9779a0bb9cfd8eea46085b3a089f5a81ce26521944d17e041b4962431a7e02f6d6f3084c8af73ef75b3f574f445a3ddc9ac27dc8448b

memory/4276-3048-0x00000214104D0000-0x00000214105FA000-memory.dmp

memory/2124-3055-0x000001C51CCD0000-0x000001C51CDFA000-memory.dmp

memory/4848-3056-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 a928efe68e7d27ca6a5291f45d270239
SHA1 82e022adb9cfa7e26ed0e4cf58fe402238fbd222
SHA256 cc3c9057cd67a98bc30c0255cabc6c1d6fef8bb756a63e9521e475e1a073cd5c
SHA512 c666c6a06ab076b859a8cf34073fb3d7db7380134a92d5fc6130a4d677b96491dc7fd218ab569a33a4fd30dbb91d04e19afab51fcfd1ed67e9d0074056ebbf23

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 209cf3375711c37af95a0f7ddee734f7
SHA1 a6d3f46cf41d6e2bad820bb60d35fe1dc5bd04eb
SHA256 a0a8e462ebf71879709853a135b65cd0f22597824b2fe17ac55b2964fb2807d7
SHA512 ea3f676f2da4a7b433c60096ad5cf903894cffd7657ac77070b47b9cc9a136522aca397ff77dbe952c7a830a2a4f5f9bbeafe7813b78416f1ef6f16463603c0e

memory/4848-3071-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State

MD5 7009ee5971d44cb6cbb0a1e3a07a926d
SHA1 b3169c6c07190fad8515321418d122bff5dcaa4d
SHA256 5bc2277c2a0b5ae2c44a14948cb590c6128e235a6b8926b71bbd7cc32ef6f521
SHA512 19fb645cbd573bbaddd95870d69d261620e1eeaab9b1a08f8f3b5f83a193cbf4dcf5e976042bcbf43ef53569cec6408aac7373c6ad1d72cdb1acaf32dbf7e8cb

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\be280238-337c-42af-879b-13960d75ce51.tmp

MD5 61bd80ffa7f9ffeec91426b616f3041a
SHA1 8a4529f2e7af46693d593ba39c5d0f18ec650b01
SHA256 781ebe90420069a623b89b2610978926bcbbd45e8e3e3b4a55e1684c4b68d2de
SHA512 d02b915c8ddcaab30457faf287cce7efab78627745f13f95d3ef7de3c118187a6b930a21fee9ace944e00c6f0d9b8ff2f4135241192fca76d3ee7fde0126938d

memory/4276-3114-0x00000214104D0000-0x00000214105FA000-memory.dmp

memory/4848-3117-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f5ff7283b2ae573bcf31eabd016419aa
SHA1 f83a90e924dd31ae29e09f9b93bf7eadf29d04c0
SHA256 59e3a59bcdc7ad4eacc6e07b74770ff46ca7762121d98b555283c7e172b158d7
SHA512 1193ff34dbcdc4a9b5ce0e8567eb615f8e41f6dae83d6eb4eeeea5b62d893f6ed2b1df77951a3dd3afd2ec9ccb4abe639542baaab06b20fa998264ae07c679e1

memory/4848-3132-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75821ce84ec9255969d9c66af5e76e48
SHA1 9ab87976bfbee7dd26e358c20f31d5c54ebd3081
SHA256 84f34db2d8f0c141054fb25d70becd8e24ada6e94a05d110e692d94cf51fc89b
SHA512 89bf7b1acb6dd9bd50416f13950eca74e5fd756451917543d95b2b40627713812378ef0590d83f74ee4d155cde52db377c7fc817df189f67faadc50939bea4e7

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State

MD5 99ba447b529e2114afadfdfb13e209a4
SHA1 36980f445bd0e23814740cd66631d40cc7746091
SHA256 0ce102f00ca9ad9a70d6acadfb457591fe39b26e8625a1b25369c095d06465e1
SHA512 104fea57decce017f39121f7834688446f4c1025d86c2d311676eeb9d6e5a64428b9715635483c634fcf8459b7e7840d72a55d8195931df181a476253c16fe86

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 93de659e1bc8c708f2c5f07d561b6de1
SHA1 f369ecd72fb02b5f9976cd79535b20b5aa627b7f
SHA256 05c76592cc76e51f6a54cbe334f9907a4529c589d2acd79458c78f1162202fcb
SHA512 30f3b48e76792d5fbc1a0f81a533418cd444a6adbffcd539c4e91ec2283fdae166f3dc06585068667c25a27d3beb563e8c57f23136c3c48c24405144336ce57d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6a7817c0a720ff08c42d502153a4688d
SHA1 e22f2fe5ee5e5533a828115af48885ae62fa21d2
SHA256 d04046788568519f7bcc0668915b1613a562ab4bc1fa6acf2aaa18d62e109b50
SHA512 3171d428df8d0f55c13ad6bfa4dc59bea8161ff23137d765fb3601b457b91a70a677f985be7d3c32383e59744838a1a1ff0109ed5b71f9b7ec522a40a72eb78a

memory/4848-3183-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_1278688677\manifest.fingerprint

MD5 32454e759c25500439b4cacbf13471e2
SHA1 c8d506a4abbdb536648b59fddd22ef55e18325a8
SHA256 b9867763545a2f7c5154905f0cc3d73d7e3dc6b55ed0a2d062765a72572597fd
SHA512 62e36731b010e53d5072e2466b8e6e6b0d4ed6cfb8388388759c422a9858eb9c668b21f9c16829ddc705ef8fb5372ca07811cab20a9f7e13467eae3bb7caf598

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_1278688677\manifest.json

MD5 30a7eec36accfaa11602d1f47ae8238f
SHA1 f56e424eab99c31f01fc57d377f3e2793ffa3a72
SHA256 4c2c7dc8277c4f5beb11ad27e9cb00939f6d6e374c1631027a5cedc9722e09a0
SHA512 aeecc515850e288988580485d6fca37c295e437c3f5001378220bc491cb7ae5d296eba283d90b51dc3811283c85b2fb417cc7e0d291170b87ae528c7adf71e2f

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\TpcdMetadata\2024.4.4.1\metadata.pb

MD5 5cc69a73238667029ca40bd0b411ed98
SHA1 0f3d737817f94011ce2683eab387aeaecad0b157
SHA256 263ce0a058d198e904f83a337b92b2e0f49f37e87a48f2a39de0017b6a850611
SHA512 f42fc0f12adb12d391eb8610427ffd5abdcfbca6e8eb1a9af8b01914190d4aecca0003f17ed3920408bb64118ed8822a36a99890f151625d3ec2dc01e74a9a6f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 08e913eb22d8f80911c7b3e91da17257
SHA1 95f1ee5c246eadd9aea70376e9d2205a66b6f2fc
SHA256 b03ffaaac11a83961698355acd2aac4f76a2ff1309a20e46dc3f01d92dec0a2c
SHA512 4b5e05167fe4724f1c17eb1eec77dbc6bdd69a1746a4e9060ebe09fedf4a5cf5d230754584a675145a9cdb5787734e6f79758f9fcf7381691286cc2d472c1548

memory/4848-3265-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Network\Network Persistent State~RFe5c4cb0.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_528312546\manifest.json

MD5 b2ac91ca2bec034d1a335f9e2f574526
SHA1 ae9d2be2c07bfe84fea807d18a235609ac5cae8e
SHA256 dfa347c4668c5d16a7d946e9330f08d3551a89dea06e53e1cf24bcf3510ea40e
SHA512 ff3dd90c1dc9b10754f54c5c54fff2a6877f00fda09f47e07ab05bcaa40a8d3e960a3654b1cad498cd233c0c09d44d686b523b882a385525b60040d708e88b44

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\TrustTokenKeyCommitments\2024.3.25.1\keys.json

MD5 af8fcadd95b5f42bdb56962938f7d078
SHA1 2713e1da42c96163d18f84ee662b8b61a1e56d35
SHA256 142c07267a3e13f64862d83748ff110704354d3facc3b60743602fc47e651ab3
SHA512 a45d792cb98509a1ec7e87e8371f6dd16b7c12b167f62ab68af43f7f3c3d2e5f5890a9556826dc80565adc2db20f7f06eeb3f12cef797ed2d1b132bd6c304d28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 00042591081aca18011e372c6c55fc28
SHA1 5fe2faf5c01bced87f1c94c1660ae6615e070fa6
SHA256 f3de499edec41c29d232f2f8df347127dc058447a726a71aec5029bf8b577c2b
SHA512 fdf636327d157f27cc3d029da62197b16dcbabe5a41714982ac31c849362aefd79f81d49f57ed98fb64c040a6fb35042a85dd64ae17b3aaedf94f319d5f2bed1

memory/4848-3317-0x0000000000990000-0x00000000017D3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 991ddf48de050d7078cbb890a47cc42e
SHA1 139e9037933cd10dece66f7c3de32ea892b05ae6
SHA256 05d6a6330b246a71459e50c7c3cab02f7521008cdf903db08931cc93f4d24e7c
SHA512 e3006b0856696265eae322cf7439f1ffd7a03c36c87784a58642b05fd11c8a2109b694b48d10805d7b66ff8dd88a74deb5bcbba107358b265c43ec0c78fc5cd4

memory/4848-3351-0x0000000000990000-0x00000000017D3000-memory.dmp

memory/4848-3361-0x0000000000990000-0x00000000017D3000-memory.dmp

memory/4848-3374-0x0000000000990000-0x00000000017D3000-memory.dmp

memory/3436-3398-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3399-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3400-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3405-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3406-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3408-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3409-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3410-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3407-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

memory/3436-3404-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2008758262\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\manifest.json

MD5 273755bb7d5cc315c91f47cab6d88db9
SHA1 c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA256 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA512 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Preferences

MD5 9465a4a9ec1ad68e232ee2ed808a5db7
SHA1 90bb46d45c57792a3fed972bb55b66f499e5dfbf
SHA256 8a8630c123d7ab0bead117e2e34bed6e4752beb2562e800ecb78e610dfe3a9e0
SHA512 12cb3d64b76b758b286a78be459b63fdd4d68d5e211e3d60998513d275684423ca496ff2163ebb868f1e50f90a799601ccc3dc73e141efd59ede84b17e0f7ae3

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_928428107\manifest.json

MD5 58d3ca1189df439d0538a75912496bcf
SHA1 99af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256 a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512 afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

MD5 6bbb18bb210b0af189f5d76a65f7ad80
SHA1 87b804075e78af64293611a637504273fadfe718
SHA256 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA512 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2047238948\manifest.json

MD5 178174a0125d4ff3ed5211426f1ea113
SHA1 26f72c5a2f65c767c4edb04d8da62bdadc02e809
SHA256 64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f
SHA512 c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\Filtering Rules

MD5 a97ea939d1b6d363d1a41c4ab55b9ecb
SHA1 3669e6477eddf2521e874269769b69b042620332
SHA256 97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f
SHA512 399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

C:\Program Files\chrome_Unpacker_BeginUnzipping3456_1259740415\manifest.json

MD5 1c539c68a00bd842136703d2cdc94235
SHA1 b39f04946e7da8380fa340ddf1baa757afb37df5
SHA256 bdd48d0d2e047e4816e1aa4dc248c095998cbda255b50db66b94bd7a42206aed
SHA512 eaf0cc24ecfbf8adc1b216a098fa72b95aebe6fbea9206860622c54f684e08447050cc9734fcf83f3eb2e15cb263dfed636539b24c5e4ba94b2ce309d651325b

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\PKIMetadata\11.0.0.0\ct_config.pb

MD5 f86abfc2651f24867cf9aee405d95a07
SHA1 51531932b533a36a6ab41700f625f33ae7296825
SHA256 70c4568dcbf75e36879c75b068e67a2de7653cb5eff6c12697c3bbfead81d85a
SHA512 351a0a4e5b2b4800ef535d4ca1a9ebd65027543608df883a303a32ce37e110206da2555cd37853711bdf049e6a9df17005e6520ea0daadbe6d0fb08bd51b7020

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\PKIMetadata\11.0.0.0\crs.pb

MD5 5418f0d0f7d15ca9fbe5da74453722f5
SHA1 3ca9d7ae11a35a6c47d590b301602583add40e10
SHA256 251ad4f7aedd823ee97077e9764592188657aa831cd0948990fb549fd3e593e3
SHA512 4206c7c04eda629a2af109e35e48986e80fc16a2285ae3afc2e92f6a29651d7a06d1dc3d49f618fd33965f91e6cccc8b0dcbc34b4613eedabc7fbafc18783b7a

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 f0e44aae113e4f2692ea119a53c3c19f
SHA1 33f07a28169d6d902074937ad6a08511e9d53eef
SHA256 a19698b059e88dfd3452832f11433ef10e45cbdfb86217756f3b82d686bd0a50
SHA512 2e474491a7cb5ead6b93f5b5e7948f9239c3f497c923bc732e630d564ac438e2d23a7c1f99f92a1264dd4a3a22d83f0b2688838d84c07b639e7936b0c244722f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 fb7466b7e29e8ff354a9d7a9a49b9428
SHA1 22b725cdd9690111df83407fff39f15ac52942ae
SHA256 c38bfe19078b532b8aaf99bb642c517c6a56e7fe4cd08826fe2b7c987ca2e2af
SHA512 28adc00f1132396c714e16a229c22e51ab2af30591d8f3e8b186423de421260062a680c770dc847a09b5882906018741b2db8ff995d57ee6779e775040c8be0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 73d71c615bd4b32769c8a46e2d200aa2
SHA1 2af95c298c5d236f89e7fc9745988652afec5cef
SHA256 39079447794cd4654a01e43366b5e39178b4c09af5c8dc68fba030aeeec449ba
SHA512 e68e0c8738715e48159b7241dccfb2691e841528054ef0d9fec01d3a8328decc297b4ec87a82d8138eae88e42fc99848a9ad4c32be4ea42979d0fba86793e4dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

MD5 c8f56c47f60ffe42634d8c02aefb7d27
SHA1 f47f1c3c510092999801d382243a5007c4bfdaa3
SHA256 604f84656b2ba915b069779a19694c628d2584c9fc59dcd7846d2904de33b007
SHA512 fe49da758860591559a1f72cfe99f2ee4881bd1e07c3abf2c5b0f8b040b8e0b30ee7cf0aba3d1739f5e5e9c1a884081d88513faca52e45d1578d30612a35bbfc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

MD5 3fec9d397659b1a4e8b00272553c1267
SHA1 00dc2967773816c1f8e8f5662a2baebc016a0d95
SHA256 6ed70b3f3b8c40bf7617cef75d63d64711235fc01d685b0a478b44796b731362
SHA512 a1037d7148576baa920153305ba9ae0327d7b3995ddb099f42e46d277804ca22f0618d83ccaed48bdc2877c0ad74191988d28ec5c1802cf09626adb6f3d17b05

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe

MD5 09fc5490d32c867927e960f673911ebf
SHA1 2ecbee3518fb701959d2539a88892391250dc010
SHA256 9014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6
SHA512 cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\SETUP.EX_

MD5 2415cb112f130a1382726afa58a0933e
SHA1 74ac041e6dc607e476dfeaff2d2bbf2b5c004b5c
SHA256 85679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179
SHA512 a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17d0c5a8352a2cb54e14ff07244551fc
SHA1 27b25d87922248d25f8e20b83c6ed400ae2dd098
SHA256 feea734ed98cffdc92c91cfea513ba78b15792ee48b6f3e344aff432bc62daae
SHA512 6130e0ffe0bfd01929c9430d8fe92b302b2444e0a308014bfd85006acf6911def5b3172856d84ecf044820ef45f950dc639c978cf0e6ff273c899488b9a6e2d5

C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State

MD5 2ca3751e30feb4576c4ecf4e5a962948
SHA1 f46107e80dbab2d5b804d932be200ac3e6695499
SHA256 e2f1181ff9c12dfe19b181a897ce45c6d57de00d9e83f4735078e1de2aad6c9a
SHA512 59d9b585ab190f70000a1ebcc771b465f85f43cbdc6603113bdac4cbfebe4b7cb1fdf54904c6ca78c86211ad824e2d929c1e7b30f403b084c16e2c392c26eff7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 150efc40a2475b98d93efd914f46fb6b
SHA1 d15c156175012e4893ecb962c3775babc949aefd
SHA256 6f92b161969720e936f242a8abe9a34dd219577be97f9b8559555d44c9c574e6
SHA512 dfd978af64c8ad65ac0d71f5737d077fa82a79f1f513c118193183e89e64305f40db95e83ffa2284e03bbd7c41d23378f955d66dce954d4df949ffa9965f60fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52a8bb458455cdcafb6c3fa1c3d80013
SHA1 0774673393f43fcc190884238d58edfafe848725
SHA256 c6903124f0ca4fd636c1b2d61e0eb23c5a9509ce01a3c894e75adb0adb47db7a
SHA512 d0c23c560934063c99076a54ad8d3ef3101eb857255a11b14ff606534734fdb92c81eea00b9ceb3e1bdea639b37e0217888116866af4fa22ea7d8fa5ff30c464