Analysis Overview
Threat Level: Likely malicious
The file https://github.com/Kacper-Kondracki/ShindenToAnilist/releases/tag/1.1 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Sets file execution options in registry
Modifies Installed Components in the registry
Executes dropped EXE
UPX packed file
Loads dropped DLL
Checks computer location settings
Registers COM server for autorun
Installs/modifies Browser Helper Object
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks whether UAC is enabled
Drops file in System32 directory
Checks system information in the registry
Drops file in Program Files directory
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
NTFS ADS
System policy modification
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-14 13:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-14 13:07
Reported
2024-04-14 13:18
Platform
win10v2004-20240412-en
Max time kernel
599s
Max time network
604s
Command Line
Signatures
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=E3876A6497394ED989FD4E6A1D7D0C52" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
Drops file in Program Files directory
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\ProgrammaticAccessOnly | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.html | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\Application | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 132247.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\ShindenToAnilist.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ShindenToAnilist.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Kacper-Kondracki/ShindenToAnilist/releases/tag/1.1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1ec346f8,0x7ffb1ec34708,0x7ffb1ec34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.0.615931959\353165994" -parentBuildID 20230214051806 -prefsHandle 1672 -prefMapHandle 1776 -prefsLen 21998 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5af3444-05c5-4c58-a903-5ae2b955c95f} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 1844 1f4e221f858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.1.313293619\1958590905" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 22034 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff36f44-3854-40d3-a1cc-b2a451eee26c} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 2424 1f4d5588a58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.2.2109223556\1242025293" -childID 1 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 22137 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beb47fe7-b501-44ba-a060-ddd25132b7cc} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 3404 1f4e5e1cb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.3.155986632\2032130624" -childID 2 -isForBrowser -prefsHandle 2876 -prefMapHandle 3060 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e9f08de-831b-4659-a69d-4227467128ff} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 2804 1f4e8908b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.4.798772599\895401764" -childID 3 -isForBrowser -prefsHandle 5204 -prefMapHandle 5216 -prefsLen 27617 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d892849-e75b-4485-8611-0677b466c578} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5220 1f4eaeda358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.5.1996584636\2004960465" -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5488 -prefsLen 27617 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b0fb8c-5c80-4e01-9d7e-22ac101a7800} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5380 1f4d557a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.6.1918195901\2048125614" -childID 5 -isForBrowser -prefsHandle 5344 -prefMapHandle 2684 -prefsLen 27617 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0adad281-aae1-437b-86b6-7ce834fa702f} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5532 1f4e84d6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.7.1047455603\221876011" -childID 6 -isForBrowser -prefsHandle 5896 -prefMapHandle 2744 -prefsLen 28041 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b68925b9-6807-4f9d-b417-f7522347ea7a} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 5908 1f4e58b3758 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5392.8.2134020158\760839993" -childID 7 -isForBrowser -prefsHandle 6132 -prefMapHandle 6136 -prefsLen 28177 -prefMapSize 235091 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2e71b0-976c-4d55-985c-1df4d26b9c17} 5392 "\\.\pipe\gecko-crash-server-pipe.5392" 6108 1f4e2953858 tab
C:\Users\Admin\Downloads\ShindenToAnilist.exe
"C:\Users\Admin\Downloads\ShindenToAnilist.exe"
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0YyNkVGMDgtM0M4QS00Q0NDLTk4QjEtNjg1MTE2M0Y2M0Y5fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezY5NUQxMjBELTc4RjMtNEI4RC1BOEY0LTlENkNDNkM3QjBCOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDsrMGpVbVllS3RaQUY1QzNnMjJwQkI1RjBSeWR0ZjFTSDdibndzbm9VK2ZrPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjE0MjExOTAxNSIgaW5zdGFsbF90aW1lX21zPSIxNTgwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{7F26EF08-3C8A-4CCC-98B1-6851163F63F9}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0YyNkVGMDgtM0M4QS00Q0NDLTk4QjEtNjg1MTE2M0Y2M0Y5fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEQ5ODgzNTEtNUE5OC00OTFCLUI0Q0QtRDQzNDgwMkIzNzMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90OyswalVtWWVLdFpBRjVDM2cyMnBCQjVGMFJ5ZHRmMVNIN2Jud3Nub1UrZms9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTI5MjI5NzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NzQyMDM0MzAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTUzMzc4NTAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D1E7C7F-ADB4-4F44-ACD2-AE910A920C7A}\EDGEMITMP_83E7E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff77da1baf8,0x7ff77da1bb04,0x7ff77da1bb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0YyNkVGMDgtM0M4QS00Q0NDLTk4QjEtNjg1MTE2M0Y2M0Y5fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0RCQzRGRjY0LTJFMzktNDkzNy1CMEVBLUNCQUExMzRBMzI5Nn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTY3NzgzOTMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjE2Nzg1MTQ3OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0NDU3NDg4MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFjMWZjOGZlLWYyNTAtNGEzYS05MWVjLTlmOTBlMzFiODI2NT9QMT0xNzEzNzA1MDQ5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWFTMHJuelI5aURTVkFmUk0xbUZ3cDBpNHcwUjBhZFdXRnFLeEdCTjhUZTlCdzAlMmJwU0NCaUNBWnJ0MWZ1UmRWcVBlNDV2aDBrZXkxMFBZV0x5c2ZkaFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIGRvd25sb2FkX3RpbWVfbXM9IjE3ODA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ0NjA2MTM3NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0NjIzMjM5NTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNzM2OTU2NDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDIxIiBkb3dubG9hZF90aW1lX21zPSIyNzgwNiIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTEzNyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4848.1764.13085542542836434609
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=123.0.2420.97 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffb0a1d4e48,0x7ffb0a1d4e54,0x7ffb0a1d4e60
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2032,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2256,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3392,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4088,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4912,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4752,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2124 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4708,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1244 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4940,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=784,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4416,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4184,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5020,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView" --webview-exe-name=ShindenToAnilist.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4684,i,12260936468871359346,14200600265035709450,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F482D663-364A-46CB-B0B0-C874ACDDC864}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUZCRTYzNUYtMkRBNC00MTVELTk2NzYtNjEyMUU0MTY4NUNDfSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGNjA1QjY5QS0yNjQxLTQ2MjAtODJDRS1ENzhEOTZBMDI4NjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzMiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTM2NDAxMTY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTEzNjQ4MjYwMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTkwMzgxNDcwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM3MDUzNDYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9Y1RjTlUlMmY1Y04yRFVVREZ2Qk1JT0hlc0g5NUZId201dWJ6clE2cmRyZUxmamFRVVpLendKaEglMmJjVmZNY2FpWUQlMmYzUGNIYk5QTmZZNE5OaHZiNFNVYlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxOTAzODE0NzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2RhMDE3ZGVhLTM0ZjgtNGE5Zi1hM2ZkLTI3ZjFiOTUzODYwMD9QMT0xNzEzNzA1MzQ2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNUY05VJTJmNWNOMkRVVURGdkJNSU9IZXNIOTVGSHdtNXVienJRNnJkcmVMZmphUVVaS3p3SmhIJTJiY1ZmTWNhaVlEJTJmM1BjSGJOUE5mWTROTmh2YjRTVWJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDcwMDgiIHRvdGFsPSIxODA0NzAwOCIgZG93bmxvYWRfdGltZV9tcz0iNDkxMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxOTA1NDY5MzYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTk3NzQxMTk5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIwMTAwMDY1NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQxOCIgZG93bmxvYWRfdGltZV9tcz0iNTM3NCIgZG93bmxvYWRlZD0iMTgwNDcwMDgiIHRvdGFsPSIxODA0NzAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13889121807710061731,7074979671143875569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x1dc,0x218,0x23c,0x200,0x240,0x7ff79c1bbaf8,0x7ff79c1bbb04,0x7ff79c1bbb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff79c1bbaf8,0x7ff79c1bbb04,0x7ff79c1bbb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDJCQTMxMzUtMzYzNS00QUJGLUFDMTYtQ0I3RDcwMkQ1OTY4fSIgdXNlcmlkPSJ7Mjk1Q0FDMkYtODEyNi00REY4LTgyOTMtMzg2QkUzRTc3NjM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2NDg3QjkxMC04QTA3LTQzNDItODdCRS1CMjc0RjVEQzg1QTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC4yNSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIyIiByZD0iNjMxMSIgcGluZ19mcmVzaG5lc3M9Ins0QjM5MjkyQy0xMEI0LTQwMDUtQUJFNC0wMjhGMEI4RTA1RkR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc1NzM2OTIwMTAwMjAwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjU2NDY1NTQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNTY1NTExNTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI5OTc2Mzk5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MzE4MzAwNDgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzI1ODkyMTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzQ5IiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjQwNzQzIi8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iMiIgYWQ9Ii0xIiByZD0iNjMxMSIgcGluZ19mcmVzaG5lc3M9InszQzQxNUI5QS01N0U0LTQ0MjUtQkM2Mi0zREE0NjA0NUZBMDZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMDciIGNvaG9ydD0icnJmQDAuMzAiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzU3Mzk0MDQ3ODg0NzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezhGOTZBRUI3LTU0M0MtNDI1Ni1CRjQwLTEzOUVENzNDREYwQX0iLz48L2FwcD48L3JlcXVlc3Q-
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| N/A | 127.0.0.1:52696 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 124.14.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:52704 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | animezone.pl | udp |
| US | 172.67.129.15:80 | animezone.pl | tcp |
| US | 8.8.8.8:53 | animezone.pl | udp |
| US | 8.8.8.8:53 | animezone.pl | udp |
| US | 172.67.129.15:443 | animezone.pl | tcp |
| US | 8.8.8.8:53 | 15.129.67.172.in-addr.arpa | udp |
| US | 172.67.129.15:443 | animezone.pl | udp |
| US | 8.8.8.8:53 | www.animezone.pl | udp |
| US | 8.8.8.8:53 | www.animezone.pl | udp |
| US | 104.21.2.98:443 | www.animezone.pl | tcp |
| US | 8.8.8.8:53 | www.animezone.pl | udp |
| US | 104.21.2.98:443 | www.animezone.pl | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 98.2.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 23.73.139.11:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 23.73.139.11:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 11.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5ednsz.gvt1.com | udp |
| DE | 173.194.188.138:443 | r5---sn-4g5ednsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5ednsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5ednsz.gvt1.com | udp |
| DE | 173.194.188.138:443 | r5.sn-4g5ednsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.188.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 104.21.2.98:443 | www.animezone.pl | tcp |
| US | 104.21.2.98:443 | www.animezone.pl | tcp |
| US | 104.21.2.98:443 | www.animezone.pl | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.142:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 104.91.71.142:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 142.71.91.104.in-addr.arpa | udp |
| US | 104.21.2.98:443 | www.animezone.pl | udp |
| GB | 104.91.71.142:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 104.91.71.142:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 23.73.139.35:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 23.73.139.35:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 35.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 23.73.139.75:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 23.73.139.75:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 75.139.73.23.in-addr.arpa | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 23.73.139.75:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 23.73.139.75:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 23.73.139.75:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 23.73.139.75:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 204.79.197.239:443 | tcp | |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 191.2.166.20.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 62677bdc196e22a7b4c8a595efb130cd |
| SHA1 | bd2adf18caf764c8f034c08b6269d9693875f3c8 |
| SHA256 | b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6 |
| SHA512 | d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32 |
\??\pipe\LOCAL\crashpad_3676_JBNLYMARIXINBMNW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 22bb6af63c7710354ac7070e45ac988c |
| SHA1 | 34d29d6b316e39ed8fb8c5efb42c4269040fcf1f |
| SHA256 | 1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb |
| SHA512 | 42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e456f73bcadee0d71b65d65e0107b99 |
| SHA1 | cd43d2275c4823dc7834607cf032aa780f1243be |
| SHA256 | f123b59a06234f17800115972e3fe2add8784a6107456ea824bcde66b6dc67f3 |
| SHA512 | b8c81c1b5c89311825c5bcca835381ccd761da90c7c9fa5f72c00ad940cf05bac6a1476bb233a9f9272db562d9b42e1dbd4d042bd0367989203a63b4665b39ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f185ded713a384298cef3270c5eccb17 |
| SHA1 | c2bb5bc860e97ee9669d907c4b47109f6d86a340 |
| SHA256 | 29aa351036567009db707a649b06c101b14e43ec035ba1f5041181dcf2502154 |
| SHA512 | 77a3f9242f0cb5869d641e34f2da0a77940b786fc726c99f2436a8f0cd801ef12b921f3dee885fbf5b8a9fe718f8669b6b23854d0afc5591b72aefc28ef648d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41e8f8932f1ab57e7041868dd105cf36 |
| SHA1 | 1828e044cb0ed9672a3dd1925b9578f84023ff62 |
| SHA256 | ea0ec3bb7e8b03a82fac7fc353da5ae158cde1c5c87b53dcd9e495d106ae20cb |
| SHA512 | db747fc7cb1603959820391441578310183f6a6972c90e1e4b1cc156f9bc0ad4adf030d3c27ad6efa5d4d71de937aa447d0b9e001d5cea6756d0ead8d3a48772 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b0ed6ee33bdde7ff3d998ee8d1c0abc9 |
| SHA1 | 700765ddc0a1085d5a8f86e51256c0065314559e |
| SHA256 | 5914c8430d3a31067380337a7d74438b85ba847af038a333b5c3cf22f1d90182 |
| SHA512 | 85650b47be999f4da3955d3eeddaf7610780ebb42dbb28f907961f0729570c6d269739bda749a63d73390fa1bd3a996b14355b603400cd6dc4d4bb1383f77951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06f005d67a0adcbe998245ec22ec4107 |
| SHA1 | 3f8acb10af293c1794fff1e0b7583570e73f0bb3 |
| SHA256 | 78777cb4462197c8a1dd43a68cec8dd8f27fe504041ab45cfa41811aa7215264 |
| SHA512 | 21221d1c5048eb8b55bda2c545a7986f14dc60cee42e07a61e16cc49d3ce170e3b79ef5c81a4190589ec920dd8454d90bfecd28b4c47a34a37440c8753bf5d03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 818dd58e7a3f28f52c521c247ced7e84 |
| SHA1 | cd19374c782742135ec07ea575c16b0bcdcffe5f |
| SHA256 | 445ced3213bfacce5660dfafa654668d2eb731c7007677d0debd3758e21873ed |
| SHA512 | f1906498656f11d8946b4dc8ab426301b8a86b2992515e8b6f8b5964ff50553500bfd279129d444a3664e7d343dc5c2c0a9772a1d34d53aee3eab6481c85508c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5807db.TMP
| MD5 | 50666d5ac670e771f78b2016a5c9907e |
| SHA1 | af6d68cc26f4401ba061dc1186b0151510003218 |
| SHA256 | 272c267eaca52e530ce0d0ff97ce3239085b64d160ac0c3c6153d6cb60f590a4 |
| SHA512 | 75e20b6d15333082f2fc8f6044411e08c157d581cf2a13356beaae4b0a0d72a66161399aa1527229c646ffa7f324e8870e8faabace9acd5b07a4961980089534 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d708c7453e1a8e99c8bbe21e2c4c4b1a |
| SHA1 | a6028d47299ebf5fde1cde7d749cd1311559bd61 |
| SHA256 | 468998dbc11ea82bd24ff7fc95ec0d8990c5e72cc8ca53f963111950e17bc252 |
| SHA512 | ae6008b0d819a5ecbf7bd47013f06589278aac905d6c4ccea1402950a0490e9edaaaa78f004b26da27743e308e0170ec36da030b62fb1ae4da7412454a32fccc |
C:\Users\Admin\Downloads\Unconfirmed 132247.crdownload
| MD5 | d57b93f74b4ebdcc11b22053b95cedd2 |
| SHA1 | 76981a5512bc11f9872ccdd24b0bbe02f97c07c1 |
| SHA256 | efb5732f24026305dd9c4a2ddb6519ce5028c2b71a04c2dd8570478a03276f1c |
| SHA512 | 73aaf19ae4db48ba0454574b89dfd331ba57a9cca4463cdd0d04c138746eb4f007d9974035595de8d8950d4bd852a37c7e8730ee3420c8d9ae5747ff77fbab02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d087f10ceb7134020bc84384b946d421 |
| SHA1 | 3205eb8ec68fc832f08736c79e7a9f98091b00b5 |
| SHA256 | b4b5d95a0b4e8df9a4b9c4ccc0c59ae91e449b59b8957874db9a3e6472cfd80a |
| SHA512 | 45e06da1300f0565b4c87c87c1b2496d68b8a9d184da103eb484cc2a157ca41357951939106fd56d9ff19ff7a225b2e65d2cdcc4c27ac31d0b1761319283f31f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 600fed44a395d6c74b386287c90964af |
| SHA1 | dcb2537f7821a403f1814f49e04598d4b0e3c01f |
| SHA256 | f35d15101e00b3515a544dc32aa23d317f3ecb96bf64d8ea1a10a901cf2853d2 |
| SHA512 | f2f53f8f0b6187db224e7a907aa9f5ab658ffaf7e925192705abf39fd2764dc056858809a89142424c98ca029e5d0f5979ee4f5b45a418bb79683bf08dfb5644 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | c01b28d76d1f0b90b4ddb64872434f6e |
| SHA1 | 49cbc63ea61097e6db36e569c319c71e1c727ccb |
| SHA256 | 28effc846841e517058a63d8293ae0fa97f9f19c79a5305b4c4c10a9cd6f8651 |
| SHA512 | 11ae2508e54a40196bac218100d7e3e56f597ecd78be98cd21220dc596bc5f160b9c6590e08113fa43e969b5748a4db31f13ca740def08effe9034dd38a3b887 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 907e69b3b9f9e8b4e8ea25db264144de |
| SHA1 | 74e6afe494bc926cd66f0b44a0a1b1c15d609b92 |
| SHA256 | 553958d77c8a97197075dd7800dab21d151f2608f6dc99e58c53e0a102a80b8c |
| SHA512 | 64bc944d57ab5d2476df9466c4b1240ea5f8f5cc6494fc24f92fd2cf5e748a142259f71d0b5d695b84bba1d93f1a6951eac514419f9b815d3d4e88ea2ec3c672 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js
| MD5 | 42d698bf07ef7f5b1cb5885d27e9159e |
| SHA1 | 7e1b0602397124945a8e56f8eb6995ee4a35eaca |
| SHA256 | 821882bae4c7103ceb19171870961b3576602239368e00c9fa865118bd74737a |
| SHA512 | 759cc98d2e99f43467d3cea771c74751396066df7807714734234cf8e7f61befef8746f26176f5d8390f752522e016d4cf83574489c682ea0a822c7046841252 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | efb82827971564ad7c6f6ab563d8b363 |
| SHA1 | f361f30bc3b503739eb6fd24dfc1158518f02289 |
| SHA256 | bc19145605b59680279aa52fb563c495bf20a7ccd21a98ebcfc0151394b35261 |
| SHA512 | f818972abab51f127bda02f3ddfe3b0c5f627459d252cc51ec3c6879ce10d90b49beeb8b5f26368189d0d36f571c9a78dd60056e88847f530a164757435f1add |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f8225a4f0a6dc814fb3e6e0435d7d6c3 |
| SHA1 | c12227ae1c22d22382317d05ea5b07f3c12c4a40 |
| SHA256 | 466b469cb5fa1f82df44bd5aa876bc0453c42eb7e11e57f4195fedd1638136d2 |
| SHA512 | 9f3fecb8b8610303d4e34829601ce882f0e87a18fe4cf1407e5768c3a4cf1dad3ec12363507039bba801604606efc61e8f56fa695275d4d6c8642dc0c0da9b7d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js
| MD5 | 4510c9fe5f4678c4dd3530331684ce04 |
| SHA1 | 2418728c952884d4653750ed49aaf40bf785b8f2 |
| SHA256 | fae6def1d5476a75b1d614cace5456a1b7745cfc34bf222303f66f8d82450e79 |
| SHA512 | 2ef246775ffa165adbf1a5846c1823b004ca246ff26f31759547fa7592f9d67306dde247663e140e519af187ff5949ac6fe805d6eb774f0fc1a013b47ca497e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ec0fea0ba077413125371cde7ab66ab |
| SHA1 | 834effcd2d568e0f05797b554ca42fb533dd7750 |
| SHA256 | 8cf7f212d777028ca2f60a5d3ad6895eb7fbd91c38bdbdc0849fe7e482fef6a1 |
| SHA512 | 26f2b51bf0436b79b030cc161c02dafccc70ec803904c72109fb02340a079c7adeedf793b6191226cc83acfe6f520114a28dfd046c5b27227d50652aafdc5e15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | be58ccd297254523bd3c579e0ab89b6c |
| SHA1 | 8278731745612610d49fa52541bfd84c6d5b407a |
| SHA256 | effec27d3989afec042c457c71c409a0f858f54ea91a199c3742c343ebd95d11 |
| SHA512 | c34a104b88cfbdce54b7b1cd33d372a767086e37a7586c51c56b9358265111e4f379f0d6b1056bae5e831758efd6cdafb9e244214a44e1bf8f55650834948b48 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bfb0c5d0ce33b4ac8e2e8d4b2fd4807b |
| SHA1 | 25a2ee3e912508f1ee91848e362aa45cd858dba2 |
| SHA256 | e6357653526d11b6aff873730ab05441eda5f48897189530fd9ca42a4c3db8a0 |
| SHA512 | 2db982c62b726b19ca547f734a6615fa4ee0236da9a45779c8a8d360f633157631375a170046b844bf8ca04dd7f8b019a13f4d3326192fd82e152252c7fb7603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5765d2f6da4320a0aab21e0da3f2f054 |
| SHA1 | a9f8eb381ff68ead7316a1dcaa298d50ce67f66c |
| SHA256 | 783640604c60acc12d08b300723a3ca872641c204e975cb01590cc2c36c498e8 |
| SHA512 | f9b270991fc17d394aaae75a6bd5cc8a31da2dd2d568d75e03ec3a7c7d30524bd200b2dcc426a9c676b6fe7176160cdcfcdc1adffcc0de3b254c484783220475 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68a75aacdd68d1f92bee238ec5792e9b |
| SHA1 | 1221223a4af46c15ec514a42355e8cd34d6a81b4 |
| SHA256 | c06d808dde844244223e5a1e1c0d8d6b88c170f8f43f4c314414bad219f48932 |
| SHA512 | 26c495cf1d66e539ef29aeebd5cd46774b8e8c4f4cd534c96e822968724705fd3d72b186ac310ea32441368713952fb7c620f73f88d2355434d23e5b5bb1b893 |
memory/4848-641-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 92bce50c10f9c51bd54a823ea5b78f09 |
| SHA1 | 6fea579a6d46fef9b40d062220c6ff7034d4da8b |
| SHA256 | 00f4eef86d9387b1c2c4b749724c81ab03bc45f1fe4cfed546af60e5bd6a9f09 |
| SHA512 | 5add5b74b1dabd17b9108da9ba2bd945f67e35a0772098d288247ac2a97e46fd6c51ac2f36d3a2004efe8e49873a5216b9e8112d4b421dc1a722176f381b28cf |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | 8b9812ba27e12c79319d859e97955ca4 |
| SHA1 | 3cb35ac811c27e7b21b381dccab55517609190c3 |
| SHA256 | a63d59b2af0c7b2be6984280386042a230dab928e3b426d51a0afb2eff5f98e9 |
| SHA512 | 8312081fcca20f1d8d393ea2588c2fd19830eb9b36700ec8bc541cd25c4c2046008f3eec07883056956adae5c56083d43ded74d3122d21555d1e43a9d1ab5618 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 24e62a7c8d7f60336e60c003af843a87 |
| SHA1 | 9576d1924d37113c301cadfd36481586cdef870c |
| SHA256 | 43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c |
| SHA512 | 34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdate.dll
| MD5 | c1c4e3a4d49561dd0f6bc85f8062530d |
| SHA1 | 5394c3a4a2601a6bf7b06b5ae9119a3f0c95c974 |
| SHA256 | e9f1d362867beb3a767233de9d5af3a6e2762bb0627f291c6cb8f9faffb922ea |
| SHA512 | 0e7f6d2a29c48d99fb417c630287d8d9e9f0365f1c1f2e415f0fc64e12e577c9d4e93bf6573a589e88c75a9dc6c5758fcfd970588c3d187621f8aff8e5ffc5b3 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_en.dll
| MD5 | f5f1ed2d55637a183674959e82cab3c2 |
| SHA1 | 9472086a62950c6b40e1ecefc1fda4573e36ef3c |
| SHA256 | cfbe36dac5d40f221f377aeaf2e983dc76ab3667f4672676a8fb37c7bd4f9fbd |
| SHA512 | 9c4635f791608f815e359ce49f7535bcaca404dd4932efb23f638bc9900cd77854b1d38b5ca60e5dbf3e252cf06bb179b4d9a77368b524233117f48bef345013 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_is.dll
| MD5 | 07aa8bf27778ef275b4f7a5242eede66 |
| SHA1 | 386a57f02a521d373466eef276d59c69409d6854 |
| SHA256 | 60e6e4cdcb2147a4a516198746adba553bf9da839a2979222efb9c4220399ec6 |
| SHA512 | 2e529fcbed1418bd2ac674e21d49636af0e7aaaee4f2a63bc17a13a19e43ed9c7c55335089f3d73b232ea911ba384639696a33b603e2b5bc0857875ae78c8217 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_eu.dll
| MD5 | 7ee4925d3b4e4116b0b4d61a03ffdc96 |
| SHA1 | 7f6e1116374314527100ee854ef5befcb962ce77 |
| SHA256 | 99fd8800699829fd0ad767eff54dafeb913a6261ccb5c31825fdef6835653ae9 |
| SHA512 | c6ef896870d427fc2ee783bc38b187fc5485dfa9c29f14f4b044b060f2385b445dd051c83a9412d3fde79f929755239061ddcefb012f8fc38ce257c87dd9a8b5 |
memory/4848-775-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_et.dll
| MD5 | 28777e8a0de15e07d365f375b71796c3 |
| SHA1 | 4f3231a68e7d4817c5f6ab20bcfbc208ba63b6ea |
| SHA256 | 571aa6917ccbfe221dbeeb485b9f9b358dc2b3ec72271854f880fbadeebc9665 |
| SHA512 | 87a14421ba72f5255d568c1be6f8e108db587525909ae33cd84526714ff89a3ea2bf9c9a78c11718fc3f22c0139ec2bb4d9cde2327cfd4a8dbdd51e992d7381a |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_id.dll
| MD5 | 874409f9bd74f4238e02a15ef3a21d94 |
| SHA1 | 5e0336c6717345d102c4b58032e43e2a316e92ca |
| SHA256 | 77fc8dd2400150d098583ce867fb98c5beec0f0ea72542418a8a99451af12fe7 |
| SHA512 | 4bfda3c743f435ad88db71feaef1a8ed9706adb255d68dedf7704af618476191524e0d9fe19b2213542ac9413f05d4673eca1cc94b00f5d4191868b59e063d5e |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hu.dll
| MD5 | 23a61f4e352d09431c3e6ec05522fd84 |
| SHA1 | c663b459ce508255cc7b09615520142694526191 |
| SHA256 | 65c0d3996fef2d9caf87e609fb16173c1b35a691a71d926ed3858955566be3fe |
| SHA512 | 4ec261b2b4b32219eb168da8c247152a1ea4139e577974c0ab571ce84301fde030cc5c3fd554ab4f8dbfba9059be51b6ffca4eef996d5782968cbdf94a474133 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hr.dll
| MD5 | a2027e9099d943f12ca8a5b6f3f216d5 |
| SHA1 | b9060511354ac7204df9aa441fb084886f135034 |
| SHA256 | c74ed61b07e5120798795de86695b8b80255f3111b77836f89820df27dc09b87 |
| SHA512 | 2ea7d141b568ac5df1ba6ccf2af3c4c4acef080763e68e3f3e2b3b3ffda9deda93fa1b9a4e19541afa1f4cf2039b576df23ff98c68d96213944d4f942266ca44 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_hi.dll
| MD5 | 2cdd815eca87eea8363d7789cbdd8595 |
| SHA1 | 3dec86ff3c88b96da8ebdf340d149b775f84880c |
| SHA256 | 0150d75f78763060d4b5b00e1cdc87cdd6398fb42666da9a733c8b708f3f53f5 |
| SHA512 | 3d66a2b955cc31885df66b9ace4f472136ffd94a00ad769414831f4df66e5f1b44b1d8787e781fdd2ef4300ab0e03b4ecd638f46e39958df7a12281ad6812fcc |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_gu.dll
| MD5 | 80f4ee6f0158c5a2f50e90ab12051ef3 |
| SHA1 | 4a0daef60adc57559bcc22a5b071a0609de82b75 |
| SHA256 | 066e0e6f67fb92785002e0cfdc09777b330c55cf8d34f9597ad45aa5c2171849 |
| SHA512 | b6cf12625f54bf1855797100a4fa3a5fff0e4c6fa8448ea78afdadccc2639237b34a4b058592a783d5918bdcdafe562d8e8bb59fdec5bb90f3f356fb94e70432 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_gl.dll
| MD5 | 75c582abc6e13902afae51da71cdb3ec |
| SHA1 | 0f1813d9992209d9fe60bcafae8f8652658832eb |
| SHA256 | 587b4af55922cbf961852d0a9234c77eebf0ded6e561b18b09bdb2b2d8b2190e |
| SHA512 | 7afa52772caf93df7cba83fcffb8b427860dcd92fee4ac732f42b5db11c3c5ef086b212bda555cb095e23d89669e0e8a31c55ca59d9b00e564c5b7ddc43de4ad |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_gd.dll
| MD5 | 6feb8258912fca8354160c02d70de767 |
| SHA1 | d04f918370da6a637f5a032c8bb616ab8d0d9b64 |
| SHA256 | 6b13e8b6149be225e7f35fbccfd84cedeed9219f06b70630db6bf4be598fa25d |
| SHA512 | f69ae204b6569b1cea77fbcaab30d556d325fd18989a347837cd08eb669dbc6bb7794820cb3028f864be7109af84c8532525242063fc2d1901f588fb458dc02a |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ga.dll
| MD5 | 5381426201e98d1e6efd86d24e341f62 |
| SHA1 | 2b2df88be65d0512e140931c2878563345c77dc0 |
| SHA256 | e3f7c7d612945fc79d2e47872898ae3831d4bcc73bed8d24513780612fbc0523 |
| SHA512 | 9e6aed7dcc33f7c9e9a888da580c2d1e4732e3a61a04bc7e682c11aea53391c82d849e341a98edff7d4792b2d2f5f0e61730d12e19fc5b2a77a5a1087c2b9fab |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fr-CA.dll
| MD5 | 30c5a417363b47f3a58d08e44198dd17 |
| SHA1 | 1e979631e34cefee21b8a0e0aa22f4dd6e30dedd |
| SHA256 | 1e76475df6a8a5889f0757584787112745a3775c8dcb04257a4ec0a2cfa58b9a |
| SHA512 | 691e25436186bbda91b471b5451d06950943e6efe653362be50a3f0d21f341f4b8f751c617f39ab04571d92ef93c04b9db04192220173b66d879cbd5128f7287 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fr.dll
| MD5 | 46b4263a73c35d717d65eae93c781f81 |
| SHA1 | 3f8678c63d174aa8289d20b7f821a326c33ec07d |
| SHA256 | 88661266d279b161264678af48fbfbdcaf28b1f8821336b3fb16e2126c5e5e11 |
| SHA512 | 3453b80619277b9efe19f2302a2a2c94372ed2ccec2a01d07741fe037f64e93b281757669750db8e6cc2efdef96b0eb1e373211da51ab887d8f0eb748931cce6 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fil.dll
| MD5 | 06fc13625ead1257583224eae1afe1c3 |
| SHA1 | 02f3de2d81c4c2868a73211d8096ae79c506d846 |
| SHA256 | ef3f30691b45838caff42db92a4d6cb8857c8c36ba4b3ed9bd600bae8dc0fcf6 |
| SHA512 | b2fb89890c6ebf54a325bb1023194f461b532f94113b3ddbe337aa556b0db38159643c57e41b121b3bb21c4e547bd3e89137462a3fa29608e0dbcba00aa9cae5 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fi.dll
| MD5 | 73b893cd1d2d759f98944e8809db3ce4 |
| SHA1 | 70fae4564f9eeb3c503a13eebbcbe725e9c2caae |
| SHA256 | bc9ed2615e5e6c185c20bbbef898e5ba1543b6dedb15330080dc41e74a0a5df1 |
| SHA512 | 255ef2552a35cba6fd41b53cebee1b9749485017a053668c1271aaf0056bd08107dba6c842a926c83d78472c92aa92f54fbd84678557dc911d20fc190ee242ed |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_fa.dll
| MD5 | f1e551e10354047b68ec1aa1b36327c4 |
| SHA1 | 417b267661838c0626a74e1232154d8245c4bb0c |
| SHA256 | 171ef4f700c8bdfe146e9ac7306c72b7a41153796d23e526aa6852a150207463 |
| SHA512 | 674ba129c8e1b2d9dc57e77595a994afd8e19f81cff86dbd749c855aff1ffec9c7e9920e1d45b193d83ec6f20ee4fe5966415006a0dff357b471d97b271fa067 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_es-419.dll
| MD5 | 67ca727bdf1e5fd6686fe3e6c1b1d43d |
| SHA1 | d3ee7ce26c3b1eb4e0fcd5af6f83bbf3c949e8df |
| SHA256 | c54a461e2eeb79d7462a4f3810f720835a2827ca752282c01520b8fede5c65da |
| SHA512 | 68e93cae35433f27593f92d1741ba98a430c6a408394de4f10ce0219fe8213e7878df71747c597c7384660ed696e35dedc08a1d15d5175f9b781fa70d92a3dfe |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_es.dll
| MD5 | 4dce98d8ab8857371dc4f787c77b91b7 |
| SHA1 | 9d8569edcb1af0e122e5293495f94b388a3c6f3d |
| SHA256 | 7b79d2f66bdfea60aed02eb60f3d28d396c23c147e1d42f3f10a82b5d3afeb47 |
| SHA512 | 6f4ec5f3fc6f5dcc77d2e811b9fbc4dd00dd15385739888e81835624bbc5e5d32c11eb23bc5dc4e6e9c2b66c77c923efd7edb81f9d8b88b446ba244455881fb2 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_en-GB.dll
| MD5 | 985d279b815e130a790eaecd697bb5ad |
| SHA1 | bed21cdb6b3983a86fc7fd3d4e0bdf2a7690807a |
| SHA256 | 22a5f81e478dcc8d54e0a0ca10a66ff98117698883d9fbdee36a110d6554f14f |
| SHA512 | 018c9dd127a8b8900236c4c10c7770384db82946f6f1646878683960dee06b150558e52bf55a8003e7467eb9b1359d24f081539c644b7c11efa5e661e645ba4e |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_el.dll
| MD5 | 2c1b44a6c27b8510335dfe8c22d01840 |
| SHA1 | e2c291fbf5a709a7a1e3c5ad507fcecf25e11554 |
| SHA256 | b15d11ec96c712d102125d2e1de19507889562f857910e6f76a400d412c4afe4 |
| SHA512 | adc4171a9335721c13d9d4c71ec0eaa3e873ec1729443b258eebe9ad723380bbf3eb912415f650ac3c8a13d31b658acbcc8cfbbb6fc6453eeb82b619a35e805d |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_de.dll
| MD5 | 642225f16e2c841a23eb51dfc6e0e1f6 |
| SHA1 | bcb8ed686351cc56f8c5c326b1032eea7e07c4bc |
| SHA256 | 95643c34f8ba13738ad3d19a4eb6cd52eaf39f55cd46b21e148627866b4ea30f |
| SHA512 | d9fe06e5a81dbdb457f93435966e4321c1b0020e68ca0c466d870e599206a9f1b245653259a051e885cd8b88117881456d248308d278af86e6b3f75f41918b1d |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_da.dll
| MD5 | bf382a14c9546ca8a6311f6b5df66d75 |
| SHA1 | 10b61ba1e20da2b1b01e760caaa179256aa844e8 |
| SHA256 | 5e516cb414cd8adf278cdceb2ae537cfd7c49c277cb5d7718bcf97897350ce70 |
| SHA512 | 0172c495cc6213b073056dab89979a05ae9eabb7a04d2cc7c16206628f7eb98396909a1914055575b0edde75e53479739c54eae1b9282eb96172930ee10935d0 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_cy.dll
| MD5 | 6ce4b22b621bf021bf79117a13118280 |
| SHA1 | 1b35ca44973ac7bbdadc4d6f3d160ab15ceb47f7 |
| SHA256 | 7aa813b3bb3fbbec5d56da83d5b1db923be9c365511b1b02588336213fede938 |
| SHA512 | f8deca730042198c2b4fe506b6ef1af62b0e1dd1983b9e92e8d4247027f30d07cec7ff097a8304226ff96cdd528208961754d33403f20463d0b6802ade2cfde0 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_cs.dll
| MD5 | 85f99091263667f3b5e10ef585c6e31f |
| SHA1 | de83594f08a9cf2df74b4100827d2a68d0304961 |
| SHA256 | c73bdd7c4c4d89f9e0c6827f4f2feb78efd4cb047253aab3cf48412b9a78fb7a |
| SHA512 | 272d8d8e45c5c9d96af41431747b09814b11ae7b08955e598b07f639277cfee8cac11455db43530d78a85ecb095ad83a8735d3e80f0e745629b0091fb0b8a2ad |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 97dc17c19ea5196783b2a20ce423697a |
| SHA1 | 693744a6f679cb111fca1134dd5efddf90b4b13a |
| SHA256 | 05b78e67f9400c654ad368d3e63b988602cb2cb89ad486ea340bfe05acefa040 |
| SHA512 | cbd980f7a99244bc47bf631bf6e661adece2c5d3f998172cbcdef59aab9cedf8226f15222cc9d96c56153c08d2424de70967dd96b76ab629492e25ca8660c974 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ca.dll
| MD5 | 6212f397ffe20c6cef27ce0ff4fef439 |
| SHA1 | 7910895fb0b9ff6f954ece32aa069507e6914a45 |
| SHA256 | e94189425823ef69f9bf1f3cc133c23e67ad46419cc455a21d4090bf73a11ea6 |
| SHA512 | 5f04d8c9bd0269ba87bbf4b6a8af07ba426784c08b0a88af4fda3555e1c4e192b56db3c6f0214433fed23675ffde8b0590e5b39bd6b1011c2aad71599ec47ed5 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bs.dll
| MD5 | c7fb8690962bd9a9051cfb04b87d3ec3 |
| SHA1 | d843498bbc3ae01fc0f0fce13160db723696767b |
| SHA256 | 12330d302841d37fd8bb5b74df7d454062524fac88e954041ce485ac818122c0 |
| SHA512 | ed074b0890e5cfc2beadab8dab624687f2838ecebafc3da760e248c315201d2230ac6197e016ce480e1798d34e6bd2329e5bda2ef2d329207f1ed7f9d00491aa |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bn-IN.dll
| MD5 | 690f6eaa05e17f94ef59f988f052a4b6 |
| SHA1 | a3703cd237aa460e2729657a339febcbf8b8a863 |
| SHA256 | 5a6dd9d9fdf372b723e8043881d4c39fcaa4f70c838fefbfb192f9c11b18fdf4 |
| SHA512 | 47aa48f8de124d928c0b5d7f635909b3bbb6e640da67a0f014e00c238e06b060540b98a99fa51c9ce1c37baf9ee149502e05a753a25608b00ec7da39526f88d8 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bn.dll
| MD5 | 93a91259d51cf1260bcea708c44319d8 |
| SHA1 | 2d76d5f7afa1be815838e1aab109973006e3d0fb |
| SHA256 | a1ab052c365976ae66b6b851a2282636c2c1f1b838a929e761f374472f0bcc55 |
| SHA512 | 8c3d7bf11796adb998362343399a85ab5127f36f7ce64d575cf9918724e09a21ca8cae0cc0123290db5bcf6254a7b10d979ad0c2a7251c43529edebce85279e7 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_bg.dll
| MD5 | e3d3b90ed17afc3312b22051de516aba |
| SHA1 | 6dfd177bda02980ddcb21459969c8d21b4a42df0 |
| SHA256 | ee36812f90b3a1b5f72c512d44d312dc0d72404d98222bca8ea27ccc8ef106ae |
| SHA512 | dbbe7499f0218e2628c357b5195e1f19349e79c53309daa972e294b19582c86d91a23b642c3bace74b0b7d7c94920931db7548178e0b7324feb29b0bae156a70 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_az.dll
| MD5 | af0364c9356845870577374bc5609ea1 |
| SHA1 | be464b53d5dc8a31a32bffec2413081a330f0170 |
| SHA256 | 813220adb207a07ec609a757a10217bccf22bd3742e3ca658324add81849121c |
| SHA512 | 68fecac6bf4e00fcd5c6c201c1756da13a3d87e4cbfa64fd2d1ab986bf3124303724f5ab9576bf33542d8a0f64d70069becd61182e4c6ab46801fe49a2e5be93 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_as.dll
| MD5 | 7310b6ae3b95e9a1ca5b60b3fbd619f9 |
| SHA1 | 03fd7d4d53fd38cc8b48d837d5a43788a6bd8ea1 |
| SHA256 | 65dcfc983496529b89c575451c6a897b4491f886783228526e06417499b124f9 |
| SHA512 | d012d3a27bd7ac166c3ec3614423b89216ff7dcb165d99462f01ac204117fb5afc525d448f8c250638f0ee11929e2c5be61447f83089a4cee9cdd26459656687 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_ar.dll
| MD5 | b06ae2aaa639338686ec4f4445173ae8 |
| SHA1 | 842f67cab1334871e81e6428d23827505055a9bf |
| SHA256 | 7e0fbc3af82b58dfc244d17d18335fac1c7e72d87d9593a359a2390a241450a7 |
| SHA512 | 4b8bb12b11074ce21314072577a7172dec62926a7a628d6526db46062354ad23c2e76b2dcc93e489c9ad17bf2a1b3782d155193f1ea24eb50c8fa551d40486bf |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_am.dll
| MD5 | 914899c76f15e4eb33455f50f60e9e25 |
| SHA1 | a66113325b547638824d5fa020e4b1eb0c3a4a96 |
| SHA256 | 5c0b6bcb983b3ec422c1459802c993219b66318e8b69ffb09f07ccb28f607ffd |
| SHA512 | ee2699489c6496d9db21484771a957acff27e39f2535d74f91dd352432b33ff15581ce4d9023a7ae273b7f2d8729103c5c06859e6cbcdef2c6ebda32ebfca3e8 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\msedgeupdateres_af.dll
| MD5 | bd6f3d4a46abc156e47fe0d6c312a203 |
| SHA1 | dedb517b1d75993df4d7140cea0a84afebbfb22b |
| SHA256 | 5294a6e08b6f9818e89931eda4a0bd4ac3949c3f17ff036c1c5e2a6de8df458e |
| SHA512 | bee57ee4c14d4c93a125f5219894d10f68982e3f03fac8acc90f2f9e159553ed82aee373107d0ab3b6d5aac2ea8cd58ecb0138de8f6ab28d5d963c28d0d84039 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | e0a4142f6fd7098661dd27f41f6b51d3 |
| SHA1 | b92bed61c6b66f958878f498d4e7bb3d23e8975d |
| SHA256 | 52496289bd868f12474d9dca3f063853923f541803388b427487ef63f52c6e8a |
| SHA512 | 42d071c4990cd2d5aefe53ba91cf0880810a003236675d7f251588a507d2654db332b940962479f97811b7b83f5f686f5ff662df4ffa124552fdb0a1be8d1cb5 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 8200a55843c5c0da5ca8e01f77038bcc |
| SHA1 | cdf2588a010fd6ac5536f9083076c480e05eb43d |
| SHA256 | 098eb4c373a48ee49681d83f9f03e3701f6dfd5361b6a071242ca23b3162ee96 |
| SHA512 | 10780aa7a9d2021f7dfa2273a641f64ca37a941ec5ef08486becf2422e76382f424f9aca03925adb964e2423322b62ba4ff87b4ae8731e7d5743ac82e33b75f9 |
C:\Program Files (x86)\Microsoft\Temp\EU9810.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | 8f559de7fab651b2a31caed79ac2600d |
| SHA1 | 46c7ce06e6592c391dfb54634b5caf136f5f6d7f |
| SHA256 | a1b818b507c87bab9e3b4643ff68e6e35f05872ebcd1e8075a68a4cc87650df6 |
| SHA512 | e975ab0175a363c56da03e43730abfd0dc90e14a486a0f04ecb40c4f2279eafd29254ff69748930d102fb8480bdcbc86611105fccb18028f60e7b3f451c6a69d |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | ffa9da210de0d9767a3c9349a02f7288 |
| SHA1 | b7f4b9339ec558cce2ddc443c6bd263543847810 |
| SHA256 | f8a6dfa81ce133a074e322be14dee5b823fe3e18b08366895b75291edaf5e4f9 |
| SHA512 | 7e0638daf547c9ddd85578137a17a61737f4e91d85f1b7aef83816d758014b5f823b5d1d090c0875d4efe351dc3677408eb53187fd574f312e299e27f3591eb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 19753d7c8c05831894346f4d3d3b5414 |
| SHA1 | 6c15f80e4f7775d0d70235797ab87fa8f2f38c1b |
| SHA256 | 8e3bbed324570da57f9f0696820d173a2d44925f1e1f4b5602bac02092cda313 |
| SHA512 | f1776482d642cbf793896449303ffa54761e88a5e9db786376ce1fd344b3b7f09b2cc8af7f51bf78a393f2df090e6a4065eee790dcbd3b2d5838879cff730d03 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe
| MD5 | 300df46436ba5d076b227c32967ada91 |
| SHA1 | de9d47ef0c61fb04b7309875e2f03c8fa37d19f4 |
| SHA256 | 1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b |
| SHA512 | ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | b2cbe749a6b1b20d2027a64e293d251e |
| SHA1 | de68b9e8513b1d082757d962486379caff1f5638 |
| SHA256 | 2df8d24083a5482c9f30a9f66d41599ca57ac8699e3cc3b6cc66e26b484d832e |
| SHA512 | 0ebad18a4e1ca7c8220e459d554375a136acb96bbe6f99b16f2db76458ade2d316eadb3e515545189eebd46c8351c0730e153c98e8e481ebca157b92ab13771c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc2b0b57661141af2052919cd378b1a2 |
| SHA1 | d9e1f29672b6dc579fdd5a2bbc08bb4ee1b0e6d3 |
| SHA256 | 514c75687361e3934dfe9c6852e86f52b64cb4940b9cfc60fd5edffa08980734 |
| SHA512 | 84db1987021c9831597f54aba9e43ec7ab1bca71b83a36a1efb707a7c3f22ecc0c0002ca7310b65603d3af512500d1541ff7f8470733ecd3c134514a370db33c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js
| MD5 | 0e1c0a57c45215d9a9cc42d671a241a2 |
| SHA1 | f00d6086f415597c88d9eea7940bf3d6ecbbd641 |
| SHA256 | bad3c3a1222236620fa6551965c8ac77e874bf1a4da7350c2107740829a9df66 |
| SHA512 | 8f0eecd35cd4628e56ba26eeae5c643bd70c681c448fad7a0815f7c0ef06f1a5b70d9e93f418a4eef5e1a48fb0e956cad956cddd86a6535e5c0f6344c6115251 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
| MD5 | 259f9a3ff222abbc32b697212d085b08 |
| SHA1 | 84d804274bd8314f2fbd31e1abf47df5533df37c |
| SHA256 | e3f4da7a369a0eb98ee7e1f9caeb6ba79766d7dd654a3767e8f293202bcecc14 |
| SHA512 | 989d09b4a79556faf51241e9056aaef68bc741c665ef526bde19a4f9c13e9996a56ff4c20c924ee28447fc73d4ce986a2bc1442a2c0222234702694bff2e2c13 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe
| MD5 | 31ddc9e1c11a44b88cf96c45b3551ffb |
| SHA1 | 811ccb9706f656e29d089e30a2ee1650302394e2 |
| SHA256 | 46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da |
| SHA512 | 67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8 |
memory/4848-2855-0x0000000000990000-0x00000000017D3000-memory.dmp
memory/4276-2870-0x00007FFB2BFF0000-0x00007FFB2BFF1000-memory.dmp
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Crashpad\settings.dat
| MD5 | 6e6889e334dddccbac91ed1c373aedec |
| SHA1 | dfbfa76748fb9c2d0f8dac5738cb8ad84aac741e |
| SHA256 | a30d6db9bf88c87cf15ea1cd8ebf922ad2bf225e2c629700a9e42219dace3297 |
| SHA512 | 6f3a79f9ad02c932e6ac80a39d9f8b9e215c49f6b48c87d2516a354577428f971cbeffb823197e9e553075621b996451cec2395b29893f33ee359228c26c5ccb |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State
| MD5 | 9e1d24150c7e6013111504224e661d35 |
| SHA1 | 70f4c2c411a29dc3c9a1b34e7b96adbc8c2e9b02 |
| SHA256 | 45e23578b57271dbb49ea89116127a31e57645e4dc0c5a3be0ed0ca6109750b1 |
| SHA512 | 16214c4949c9ce6ccd1e0969d2263a64c1481a6c7ebfd03022917d00fd9422d55c29a930db915a66af848d21f4737f55490a162cf1cd8429d6e6bd90ba50a43d |
memory/5348-2910-0x00007FFB2D0E0000-0x00007FFB2D0E1000-memory.dmp
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State
| MD5 | a9d8da170cc5e7b39c9c37653f34f6e6 |
| SHA1 | e7fe15d3526267c220ff8b0e6c53ac3cac9f4103 |
| SHA256 | 2abb871f29f0c5bf37e458db336f0dde48a7449aefa460cf7f2d5ebdcd0b3e84 |
| SHA512 | 6343be8df0413aab7986b6ac474c930c80d5e304a4498c8b7262e29a50b41aef5a125eed448478aa50c7e7b94577788c73137c0273a32b3fcdcd5bfdd35bf99a |
memory/5348-2907-0x00007FFB2C120000-0x00007FFB2C121000-memory.dmp
memory/2124-2934-0x00007FFB2BFF0000-0x00007FFB2BFF1000-memory.dmp
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State~RFe5b2622.TMP
| MD5 | 7d7bb2f4a5e31fb74c35fa1895cc220c |
| SHA1 | 2ae45cf78a850ba1e5766bb7fa435f29a8718a67 |
| SHA256 | cff57a69e8b70bc8124e86dbeed6f9881aef152288d344bcb65ee9a9071ed6da |
| SHA512 | e0c0ac85d92ac9b10485dd8be453609f586eb961c66b7e06e83c0eeadcc389cadc24219b12f3d23156489f90557f317cf13bc1f970ea28d994bd1ea800823f5a |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\GraphiteDawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4848-3021-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State
| MD5 | 57b721d86fa790facca83d65d4a1a6e0 |
| SHA1 | 79e626ccf6f52dd8bbc06634e82499c7f0369f17 |
| SHA256 | 5e359b68f14f51029a2af43de60ea860abd8cb759caace7d5e4a20788b7488ac |
| SHA512 | 76e8ebd2a3b75782ac6d9779a0bb9cfd8eea46085b3a089f5a81ce26521944d17e041b4962431a7e02f6d6f3084c8af73ef75b3f574f445a3ddc9ac27dc8448b |
memory/4276-3048-0x00000214104D0000-0x00000214105FA000-memory.dmp
memory/2124-3055-0x000001C51CCD0000-0x000001C51CDFA000-memory.dmp
memory/4848-3056-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a928efe68e7d27ca6a5291f45d270239 |
| SHA1 | 82e022adb9cfa7e26ed0e4cf58fe402238fbd222 |
| SHA256 | cc3c9057cd67a98bc30c0255cabc6c1d6fef8bb756a63e9521e475e1a073cd5c |
| SHA512 | c666c6a06ab076b859a8cf34073fb3d7db7380134a92d5fc6130a4d677b96491dc7fd218ab569a33a4fd30dbb91d04e19afab51fcfd1ed67e9d0074056ebbf23 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 209cf3375711c37af95a0f7ddee734f7 |
| SHA1 | a6d3f46cf41d6e2bad820bb60d35fe1dc5bd04eb |
| SHA256 | a0a8e462ebf71879709853a135b65cd0f22597824b2fe17ac55b2964fb2807d7 |
| SHA512 | ea3f676f2da4a7b433c60096ad5cf903894cffd7657ac77070b47b9cc9a136522aca397ff77dbe952c7a830a2a4f5f9bbeafe7813b78416f1ef6f16463603c0e |
memory/4848-3071-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State
| MD5 | 7009ee5971d44cb6cbb0a1e3a07a926d |
| SHA1 | b3169c6c07190fad8515321418d122bff5dcaa4d |
| SHA256 | 5bc2277c2a0b5ae2c44a14948cb590c6128e235a6b8926b71bbd7cc32ef6f521 |
| SHA512 | 19fb645cbd573bbaddd95870d69d261620e1eeaab9b1a08f8f3b5f83a193cbf4dcf5e976042bcbf43ef53569cec6408aac7373c6ad1d72cdb1acaf32dbf7e8cb |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\be280238-337c-42af-879b-13960d75ce51.tmp
| MD5 | 61bd80ffa7f9ffeec91426b616f3041a |
| SHA1 | 8a4529f2e7af46693d593ba39c5d0f18ec650b01 |
| SHA256 | 781ebe90420069a623b89b2610978926bcbbd45e8e3e3b4a55e1684c4b68d2de |
| SHA512 | d02b915c8ddcaab30457faf287cce7efab78627745f13f95d3ef7de3c118187a6b930a21fee9ace944e00c6f0d9b8ff2f4135241192fca76d3ee7fde0126938d |
memory/4276-3114-0x00000214104D0000-0x00000214105FA000-memory.dmp
memory/4848-3117-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f5ff7283b2ae573bcf31eabd016419aa |
| SHA1 | f83a90e924dd31ae29e09f9b93bf7eadf29d04c0 |
| SHA256 | 59e3a59bcdc7ad4eacc6e07b74770ff46ca7762121d98b555283c7e172b158d7 |
| SHA512 | 1193ff34dbcdc4a9b5ce0e8567eb615f8e41f6dae83d6eb4eeeea5b62d893f6ed2b1df77951a3dd3afd2ec9ccb4abe639542baaab06b20fa998264ae07c679e1 |
memory/4848-3132-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75821ce84ec9255969d9c66af5e76e48 |
| SHA1 | 9ab87976bfbee7dd26e358c20f31d5c54ebd3081 |
| SHA256 | 84f34db2d8f0c141054fb25d70becd8e24ada6e94a05d110e692d94cf51fc89b |
| SHA512 | 89bf7b1acb6dd9bd50416f13950eca74e5fd756451917543d95b2b40627713812378ef0590d83f74ee4d155cde52db377c7fc817df189f67faadc50939bea4e7 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State
| MD5 | 99ba447b529e2114afadfdfb13e209a4 |
| SHA1 | 36980f445bd0e23814740cd66631d40cc7746091 |
| SHA256 | 0ce102f00ca9ad9a70d6acadfb457591fe39b26e8625a1b25369c095d06465e1 |
| SHA512 | 104fea57decce017f39121f7834688446f4c1025d86c2d311676eeb9d6e5a64428b9715635483c634fcf8459b7e7840d72a55d8195931df181a476253c16fe86 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 93de659e1bc8c708f2c5f07d561b6de1 |
| SHA1 | f369ecd72fb02b5f9976cd79535b20b5aa627b7f |
| SHA256 | 05c76592cc76e51f6a54cbe334f9907a4529c589d2acd79458c78f1162202fcb |
| SHA512 | 30f3b48e76792d5fbc1a0f81a533418cd444a6adbffcd539c4e91ec2283fdae166f3dc06585068667c25a27d3beb563e8c57f23136c3c48c24405144336ce57d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6a7817c0a720ff08c42d502153a4688d |
| SHA1 | e22f2fe5ee5e5533a828115af48885ae62fa21d2 |
| SHA256 | d04046788568519f7bcc0668915b1613a562ab4bc1fa6acf2aaa18d62e109b50 |
| SHA512 | 3171d428df8d0f55c13ad6bfa4dc59bea8161ff23137d765fb3601b457b91a70a677f985be7d3c32383e59744838a1a1ff0109ed5b71f9b7ec522a40a72eb78a |
memory/4848-3183-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_1278688677\manifest.fingerprint
| MD5 | 32454e759c25500439b4cacbf13471e2 |
| SHA1 | c8d506a4abbdb536648b59fddd22ef55e18325a8 |
| SHA256 | b9867763545a2f7c5154905f0cc3d73d7e3dc6b55ed0a2d062765a72572597fd |
| SHA512 | 62e36731b010e53d5072e2466b8e6e6b0d4ed6cfb8388388759c422a9858eb9c668b21f9c16829ddc705ef8fb5372ca07811cab20a9f7e13467eae3bb7caf598 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_1278688677\manifest.json
| MD5 | 30a7eec36accfaa11602d1f47ae8238f |
| SHA1 | f56e424eab99c31f01fc57d377f3e2793ffa3a72 |
| SHA256 | 4c2c7dc8277c4f5beb11ad27e9cb00939f6d6e374c1631027a5cedc9722e09a0 |
| SHA512 | aeecc515850e288988580485d6fca37c295e437c3f5001378220bc491cb7ae5d296eba283d90b51dc3811283c85b2fb417cc7e0d291170b87ae528c7adf71e2f |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\TpcdMetadata\2024.4.4.1\metadata.pb
| MD5 | 5cc69a73238667029ca40bd0b411ed98 |
| SHA1 | 0f3d737817f94011ce2683eab387aeaecad0b157 |
| SHA256 | 263ce0a058d198e904f83a337b92b2e0f49f37e87a48f2a39de0017b6a850611 |
| SHA512 | f42fc0f12adb12d391eb8610427ffd5abdcfbca6e8eb1a9af8b01914190d4aecca0003f17ed3920408bb64118ed8822a36a99890f151625d3ec2dc01e74a9a6f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 08e913eb22d8f80911c7b3e91da17257 |
| SHA1 | 95f1ee5c246eadd9aea70376e9d2205a66b6f2fc |
| SHA256 | b03ffaaac11a83961698355acd2aac4f76a2ff1309a20e46dc3f01d92dec0a2c |
| SHA512 | 4b5e05167fe4724f1c17eb1eec77dbc6bdd69a1746a4e9060ebe09fedf4a5cf5d230754584a675145a9cdb5787734e6f79758f9fcf7381691286cc2d472c1548 |
memory/4848-3265-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Network\Network Persistent State~RFe5c4cb0.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_528312546\manifest.json
| MD5 | b2ac91ca2bec034d1a335f9e2f574526 |
| SHA1 | ae9d2be2c07bfe84fea807d18a235609ac5cae8e |
| SHA256 | dfa347c4668c5d16a7d946e9330f08d3551a89dea06e53e1cf24bcf3510ea40e |
| SHA512 | ff3dd90c1dc9b10754f54c5c54fff2a6877f00fda09f47e07ab05bcaa40a8d3e960a3654b1cad498cd233c0c09d44d686b523b882a385525b60040d708e88b44 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\TrustTokenKeyCommitments\2024.3.25.1\keys.json
| MD5 | af8fcadd95b5f42bdb56962938f7d078 |
| SHA1 | 2713e1da42c96163d18f84ee662b8b61a1e56d35 |
| SHA256 | 142c07267a3e13f64862d83748ff110704354d3facc3b60743602fc47e651ab3 |
| SHA512 | a45d792cb98509a1ec7e87e8371f6dd16b7c12b167f62ab68af43f7f3c3d2e5f5890a9556826dc80565adc2db20f7f06eeb3f12cef797ed2d1b132bd6c304d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 00042591081aca18011e372c6c55fc28 |
| SHA1 | 5fe2faf5c01bced87f1c94c1660ae6615e070fa6 |
| SHA256 | f3de499edec41c29d232f2f8df347127dc058447a726a71aec5029bf8b577c2b |
| SHA512 | fdf636327d157f27cc3d029da62197b16dcbabe5a41714982ac31c849362aefd79f81d49f57ed98fb64c040a6fb35042a85dd64ae17b3aaedf94f319d5f2bed1 |
memory/4848-3317-0x0000000000990000-0x00000000017D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 991ddf48de050d7078cbb890a47cc42e |
| SHA1 | 139e9037933cd10dece66f7c3de32ea892b05ae6 |
| SHA256 | 05d6a6330b246a71459e50c7c3cab02f7521008cdf903db08931cc93f4d24e7c |
| SHA512 | e3006b0856696265eae322cf7439f1ffd7a03c36c87784a58642b05fd11c8a2109b694b48d10805d7b66ff8dd88a74deb5bcbba107358b265c43ec0c78fc5cd4 |
memory/4848-3351-0x0000000000990000-0x00000000017D3000-memory.dmp
memory/4848-3361-0x0000000000990000-0x00000000017D3000-memory.dmp
memory/4848-3374-0x0000000000990000-0x00000000017D3000-memory.dmp
memory/3436-3398-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3399-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3400-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3405-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3406-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3408-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3409-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3410-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3407-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
memory/3436-3404-0x00000267CE8D0000-0x00000267CE8D1000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2008758262\manifest.json
| MD5 | ba25fcf816a017558d3434583e9746b8 |
| SHA1 | be05c87f7adf6b21273a4e94b3592618b6a4a624 |
| SHA256 | 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11 |
| SHA512 | 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\manifest.json
| MD5 | 273755bb7d5cc315c91f47cab6d88db9 |
| SHA1 | c933c95cc07b91294c65016d76b5fa0fa25b323b |
| SHA256 | 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902 |
| SHA512 | 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2023065821\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Default\Preferences
| MD5 | 9465a4a9ec1ad68e232ee2ed808a5db7 |
| SHA1 | 90bb46d45c57792a3fed972bb55b66f499e5dfbf |
| SHA256 | 8a8630c123d7ab0bead117e2e34bed6e4752beb2562e800ecb78e610dfe3a9e0 |
| SHA512 | 12cb3d64b76b758b286a78be459b63fdd4d68d5e211e3d60998513d275684423ca496ff2163ebb868f1e50f90a799601ccc3dc73e141efd59ede84b17e0f7ae3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_928428107\manifest.json
| MD5 | 58d3ca1189df439d0538a75912496bcf |
| SHA1 | 99af5b6a006a6929cc08744d1b54e3623fec2f36 |
| SHA256 | a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437 |
| SHA512 | afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
| MD5 | 6bbb18bb210b0af189f5d76a65f7ad80 |
| SHA1 | 87b804075e78af64293611a637504273fadfe718 |
| SHA256 | 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c |
| SHA512 | 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_2047238948\manifest.json
| MD5 | 178174a0125d4ff3ed5211426f1ea113 |
| SHA1 | 26f72c5a2f65c767c4edb04d8da62bdadc02e809 |
| SHA256 | 64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f |
| SHA512 | c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\Filtering Rules
| MD5 | a97ea939d1b6d363d1a41c4ab55b9ecb |
| SHA1 | 3669e6477eddf2521e874269769b69b042620332 |
| SHA256 | 97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f |
| SHA512 | 399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3456_1259740415\manifest.json
| MD5 | 1c539c68a00bd842136703d2cdc94235 |
| SHA1 | b39f04946e7da8380fa340ddf1baa757afb37df5 |
| SHA256 | bdd48d0d2e047e4816e1aa4dc248c095998cbda255b50db66b94bd7a42206aed |
| SHA512 | eaf0cc24ecfbf8adc1b216a098fa72b95aebe6fbea9206860622c54f684e08447050cc9734fcf83f3eb2e15cb263dfed636539b24c5e4ba94b2ce309d651325b |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\PKIMetadata\11.0.0.0\ct_config.pb
| MD5 | f86abfc2651f24867cf9aee405d95a07 |
| SHA1 | 51531932b533a36a6ab41700f625f33ae7296825 |
| SHA256 | 70c4568dcbf75e36879c75b068e67a2de7653cb5eff6c12697c3bbfead81d85a |
| SHA512 | 351a0a4e5b2b4800ef535d4ca1a9ebd65027543608df883a303a32ce37e110206da2555cd37853711bdf049e6a9df17005e6520ea0daadbe6d0fb08bd51b7020 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\PKIMetadata\11.0.0.0\crs.pb
| MD5 | 5418f0d0f7d15ca9fbe5da74453722f5 |
| SHA1 | 3ca9d7ae11a35a6c47d590b301602583add40e10 |
| SHA256 | 251ad4f7aedd823ee97077e9764592188657aa831cd0948990fb549fd3e593e3 |
| SHA512 | 4206c7c04eda629a2af109e35e48986e80fc16a2285ae3afc2e92f6a29651d7a06d1dc3d49f618fd33965f91e6cccc8b0dcbc34b4613eedabc7fbafc18783b7a |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | f0e44aae113e4f2692ea119a53c3c19f |
| SHA1 | 33f07a28169d6d902074937ad6a08511e9d53eef |
| SHA256 | a19698b059e88dfd3452832f11433ef10e45cbdfb86217756f3b82d686bd0a50 |
| SHA512 | 2e474491a7cb5ead6b93f5b5e7948f9239c3f497c923bc732e630d564ac438e2d23a7c1f99f92a1264dd4a3a22d83f0b2688838d84c07b639e7936b0c244722f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | fb7466b7e29e8ff354a9d7a9a49b9428 |
| SHA1 | 22b725cdd9690111df83407fff39f15ac52942ae |
| SHA256 | c38bfe19078b532b8aaf99bb642c517c6a56e7fe4cd08826fe2b7c987ca2e2af |
| SHA512 | 28adc00f1132396c714e16a229c22e51ab2af30591d8f3e8b186423de421260062a680c770dc847a09b5882906018741b2db8ff995d57ee6779e775040c8be0e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 73d71c615bd4b32769c8a46e2d200aa2 |
| SHA1 | 2af95c298c5d236f89e7fc9745988652afec5cef |
| SHA256 | 39079447794cd4654a01e43366b5e39178b4c09af5c8dc68fba030aeeec449ba |
| SHA512 | e68e0c8738715e48159b7241dccfb2691e841528054ef0d9fec01d3a8328decc297b4ec87a82d8138eae88e42fc99848a9ad4c32be4ea42979d0fba86793e4dc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
| MD5 | c8f56c47f60ffe42634d8c02aefb7d27 |
| SHA1 | f47f1c3c510092999801d382243a5007c4bfdaa3 |
| SHA256 | 604f84656b2ba915b069779a19694c628d2584c9fc59dcd7846d2904de33b007 |
| SHA512 | fe49da758860591559a1f72cfe99f2ee4881bd1e07c3abf2c5b0f8b040b8e0b30ee7cf0aba3d1739f5e5e9c1a884081d88513faca52e45d1578d30612a35bbfc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
| MD5 | 3fec9d397659b1a4e8b00272553c1267 |
| SHA1 | 00dc2967773816c1f8e8f5662a2baebc016a0d95 |
| SHA256 | 6ed70b3f3b8c40bf7617cef75d63d64711235fc01d685b0a478b44796b731362 |
| SHA512 | a1037d7148576baa920153305ba9ae0327d7b3995ddb099f42e46d277804ca22f0618d83ccaed48bdc2877c0ad74191988d28ec5c1802cf09626adb6f3d17b05 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe
| MD5 | 09fc5490d32c867927e960f673911ebf |
| SHA1 | 2ecbee3518fb701959d2539a88892391250dc010 |
| SHA256 | 9014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6 |
| SHA512 | cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5F190579-B766-472C-A31D-FEC0CEE03E22}\EDGEMITMP_5B1F4.tmp\SETUP.EX_
| MD5 | 2415cb112f130a1382726afa58a0933e |
| SHA1 | 74ac041e6dc607e476dfeaff2d2bbf2b5c004b5c |
| SHA256 | 85679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179 |
| SHA512 | a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17d0c5a8352a2cb54e14ff07244551fc |
| SHA1 | 27b25d87922248d25f8e20b83c6ed400ae2dd098 |
| SHA256 | feea734ed98cffdc92c91cfea513ba78b15792ee48b6f3e344aff432bc62daae |
| SHA512 | 6130e0ffe0bfd01929c9430d8fe92b302b2444e0a308014bfd85006acf6911def5b3172856d84ecf044820ef45f950dc639c978cf0e6ff273c899488b9a6e2d5 |
C:\Users\Admin\AppData\Roaming\ShindenToAnilist.exe\EBWebView\Local State
| MD5 | 2ca3751e30feb4576c4ecf4e5a962948 |
| SHA1 | f46107e80dbab2d5b804d932be200ac3e6695499 |
| SHA256 | e2f1181ff9c12dfe19b181a897ce45c6d57de00d9e83f4735078e1de2aad6c9a |
| SHA512 | 59d9b585ab190f70000a1ebcc771b465f85f43cbdc6603113bdac4cbfebe4b7cb1fdf54904c6ca78c86211ad824e2d929c1e7b30f403b084c16e2c392c26eff7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 150efc40a2475b98d93efd914f46fb6b |
| SHA1 | d15c156175012e4893ecb962c3775babc949aefd |
| SHA256 | 6f92b161969720e936f242a8abe9a34dd219577be97f9b8559555d44c9c574e6 |
| SHA512 | dfd978af64c8ad65ac0d71f5737d077fa82a79f1f513c118193183e89e64305f40db95e83ffa2284e03bbd7c41d23378f955d66dce954d4df949ffa9965f60fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52a8bb458455cdcafb6c3fa1c3d80013 |
| SHA1 | 0774673393f43fcc190884238d58edfafe848725 |
| SHA256 | c6903124f0ca4fd636c1b2d61e0eb23c5a9509ce01a3c894e75adb0adb47db7a |
| SHA512 | d0c23c560934063c99076a54ad8d3ef3101eb857255a11b14ff606534734fdb92c81eea00b9ceb3e1bdea639b37e0217888116866af4fa22ea7d8fa5ff30c464 |