Malware Analysis Report

2024-07-28 05:20

Sample ID 240603-ac3plsca41
Target https://protonvpn.com/download
Tags
adware discovery evasion persistence stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://protonvpn.com/download was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan

Downloads MZ/PE file

Sets file execution options in registry

Modifies Installed Components in the registry

Executes dropped EXE

Registers COM server for autorun

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks whether UAC is enabled

Checks installed software on the system

Enumerates connected drives

Installs/modifies Browser Helper Object

Checks system information in the registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Checks processor information in registry

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

System policy modification

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Browser Extensions
T1176
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-03 00:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 00:04

Reported

2024-06-03 00:13

Platform

win10v2004-20240508-en

Max time kernel

446s

Max time network

446s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://protonvpn.com/download

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ProtonVPN_v3.2.11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
N/A N/A C:\Windows\TEMP\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.ba\wixprqba.exe N/A
N/A N/A C:\Windows\TEMP\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.ba\wixiuiba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F4A6D834-7414-4144-9CCE-7CFFDEE4663F}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{1dcb280c-9699-aefe-803c-2007c35cbb5a}\LocalServer32 C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1dcb280c-9699-aefe-803c-2007c35cbb5a}\LocalServer32 C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1dcb280c-9699-aefe-803c-2007c35cbb5a}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Proton\\Drive\\ProtonDrive.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{1dcb280c-9699-aefe-803c-2007c35cbb5a}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Proton\\Drive\\ProtonDrive.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ProtonVPN = "C:\\Program Files\\Proton\\VPN\\ProtonVPN.Launcher.exe" C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{2BEE687E-C12A-42C3-94E4-8965D483ED9F} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{2BEE687E-C12A-42C3-94E4-8965D483ED9F}\\Proton Drive Setup 1.5.4 (8fffdc42).exe\" /burn.runonce" C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Proton Drive = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Proton\\Drive\\ProtonDrive.exe\" -quiet" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=CA85735641E04F8893141D197332F3B6" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F4A6D834-7414-4144-9CCE-7CFFDEE4663F}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\Microsoft.Extensions.Configuration.CommandLine.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-K34LM.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-AL63F.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-JQ0UI.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\BHO\ie_to_edge_bho_64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\dbgshim.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.Core.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-JD8CF.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\msedge.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\Microsoft.AspNetCore.Mvc.Core.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\System.Security.Claims.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\System.Data.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-PTH4G.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-3TUL2.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\fil.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\EBWebView\x64\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-82J5K.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_sr-Cyrl-RS.dll C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-ES1FB.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-FKALV.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\Microsoft.AspNetCore.Http.Results.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-UOE79.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\es.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\Microsoft.AspNetCore.Diagnostics.HealthChecks.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-LHITL.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\win11\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-9F152.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\copilot_provider_msix\copilot_provider_neutral.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-SV0B7.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-O08AL.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\prefs_enclave_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\SetupMetrics\3080_13361846832493827_3080.pma C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-8KBUT.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-Q3V42.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-NK62T.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\dual_engine_adapter_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\hi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\api-ms-win-core-profile-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\DirectWriteForwarder.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-3POQK.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-RPE2B.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-I5Q4H.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files\Proton\VPN\v3.2.11\Microsoft.AspNetCore.Mvc.Abstractions.dll C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\is-NBK36.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File created C:\Program Files\Proton\VPN\v3.2.11\Resources\is-HDJIO.tmp C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI217.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCAB296D92AC64CCE0B1D40A2B2C2386F28\ProtonDrive.Installer.Extensions.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCAB296D92AC64CCE0B1D40A2B2C2386F28\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCA8F7CE447474C39C9D4309C4BB1F82694\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI361.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA737FC44F304631282D9EFD16E5724B57\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\e59fd32.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59fd34.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA737FC44F304631282D9EFD16E5724B57\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA4C23B4419E40752A0E3451C136B26A13\ProtonDrive.Installer.Extensions.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCA4C23B4419E40752A0E3451C136B26A13\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI31.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{7047F1C5-A467-4AAF-A9A5-8A6BBB2ECE78} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFE2C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA4C23B4419E40752A0E3451C136B26A13\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI1E8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCAB296D92AC64CCE0B1D40A2B2C2386F28\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File created C:\Windows\Installer\e59fd32.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAB5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\SFXCA737FC44F304631282D9EFD16E5724B57\ProtonDrive.Installer.Extensions.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCA8F7CE447474C39C9D4309C4BB1F82694\ProtonDrive.Installer.Extensions.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\SFXCA8F7CE447474C39C9D4309C4BB1F82694\WixToolset.Dtf.WindowsInstaller.dll C:\Windows\system32\rundll32.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\LocalService = "MicrosoftEdgeElevationService" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{1dcb280c-9699-aefe-803c-2007c35cbb5a} C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 476054.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp N/A
N/A N/A C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3152 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 2696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 2696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://protonvpn.com/download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Users\Admin\Downloads\ProtonVPN_v3.2.11.exe

"C:\Users\Admin\Downloads\ProtonVPN_v3.2.11.exe"

C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp" /SL5="$1201D0,78361131,1119744,C:\Users\Admin\Downloads\ProtonVPN_v3.2.11.exe"

C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\MicrosoftEdgeWebview2Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\MicrosoftEdgeWebview2Setup.exe" /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRERjZGRDEtMERBOC00NEIxLUI2NTEtMUNBNjBDNUFDNkY4fSIgdXNlcmlkPSJ7QTc0RkM5RTUtQjQyMC00QzFBLUI1RDMtMUY4OEVCRkVFQkVCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFOTMwRkVDRC1FN0QxLTRCNDQtODc3My05REMxNzlENzM4OEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xODcuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwMzUzNDMyNzEiIGluc3RhbGxfdGltZV9tcz0iNjQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{6DDF6FD1-0DA8-44B1-B651-1CA60C5AC6F8}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRERjZGRDEtMERBOC00NEIxLUI2NTEtMUNBNjBDNUFDNkY4fSIgdXNlcmlkPSJ7QTc0RkM5RTUtQjQyMC00QzFBLUI1RDMtMUY4OEVCRkVFQkVCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTMxMUFEMEMtMkJERi00MkVCLUI3MDktREM1MDJEMjQwMkM5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0Q2anhQZVVtS2ZoOHl0eTZGMDdZeE0xZVpESC9UVjZGUVQyZmZEaVp5d3c9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyNSIgaW5zdGFsbGRhdGV0aW1lPSIxNzE1MTcxMjM1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTk2Njg5Mzk0MDY3OTEwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDA2OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA0MDM0MzU5NCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\MicrosoftEdge_X64_125.0.2535.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3A9F35E-7D39-437D-9B51-05E6A4F07A7F}\EDGEMITMP_1A74B.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff722034b18,0x7ff722034b24,0x7ff722034b30

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\dashost.exe

dashost.exe {d7388bef-2e8a-4ef7-911259ac588f49aa}

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3CF78BECA2305D35BC14319E28BCCDBF --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7F3AEDC95277188E794F286CF7C546D9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7F3AEDC95277188E794F286CF7C546D9 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=913DD99438E940517DA7F4CF94612386 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2F93706206F0EF7B435FF7F60FEEA9D7 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67C45B22FA6EAA5E480F48F914436E94 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4424476250640946724,8105179146208501534,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6156 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRERjZGRDEtMERBOC00NEIxLUI2NTEtMUNBNjBDNUFDNkY4fSIgdXNlcmlkPSJ7QTc0RkM5RTUtQjQyMC00QzFBLUI1RDMtMUY4OEVCRkVFQkVCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MTZDMzQ1NC1EMEI0LTRGMTktQTdEMS04NEY5MENEQTM5MTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS43OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA1MzAwNDMzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwNTMwMDQzMzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDU4OTAzMDQ1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wOGMzMGM2ZC02OWViLTQ5N2ItYWQ4Mi1mODQ3ODc5ZTQyNDA_UDE9MTcxNzk3Nzk4MCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1OaCUyZlRieEp6aDMlMmZTNU02UW9zUkZjdmxRRjlHdUMzeXRnZndkdTNNMlcycHhoYU81WTVkUU9vY2kzeXFOUDZWJTJiMmZCbTU5M3RYSEs5TVF6NUdaQnU1USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzcxNjAyNCIgdG90YWw9IjE3MzcxNjAyNCIgZG93bmxvYWRfdGltZV9tcz0iMzM4MDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDU5MDU5Mzc0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ3MzI3ODMwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTkxNjk1MDE2OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg1OSIgZG93bmxvYWRfdGltZV9tcz0iNDA1NzUiIGRvd25sb2FkZWQ9IjE3MzcxNjAyNCIgdG90YWw9IjE3MzcxNjAyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDQzNTIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe

"C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe" "C:\Program Files\Proton\Drive"

C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe

"C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe" /lang en-US

C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe

"v3.2.11\ProtonVPN.exe" /lang en-US

C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe

"C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe"

C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.5.4.exe" /qn APPDIR="C:\Program Files\Proton\Drive"

C:\Windows\TEMP\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.ba\wixprqba.exe

"C:\Windows\TEMP\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.ba\wixprqba.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{BEB5FD84-1302-4F38-B0A2-5AE67F38814D} {9D58E7B5-0838-400D-B566-3B7EFBFF29D6}

C:\Windows\TEMP\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.ba\wixiuiba.exe

"C:\Windows\TEMP\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.ba\wixiuiba.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{19BC255A-530F-4554-820A-120DE4AC0447} {9A79621E-7EE4-430B-BE93-15C4B97DDF95}

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 917B3409BD86CA088AA2601732978A49 C

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIBCDE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240762156 15 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.QueryUserProgramFilesFolder

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIBF30.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240762687 19 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.DoPerMachineUpgradeSupportActions

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 1468E9440A900365A302776C70DF6361

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIFE2C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240778843 2 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.QueryUserProgramFilesFolder

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI31.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240779328 6 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.HideCancelButton

C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe

"C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F4A6D834-7414-4144-9CCE-7CFFDEE4663F}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F4A6D834-7414-4144-9CCE-7CFFDEE4663F}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDMxNjUwMTUtOTg3My00Njg3LUIxMDItQkM2OTg4N0Q5Rjk3fSIgdXNlcmlkPSJ7QTc0RkM5RTUtQjQyMC00QzFBLUI1RDMtMUY4OEVCRkVFQkVCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxQkM4RjNGNC00QUMwLTRGMzktOTNBQi1BNkVGQTZBNEE5Mzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDM3OTY5NTk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAzODA1OTQ2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NDk3NTk5NjUwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTc5NzgyNzgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RnpiODV5R1JnSmlEbzEzUEZkVTJmS1Ria2NJTGlVTzlWVFN3N2RScVVzdExJJTJiVDg2T25YZnlTcmlxNXlMQkNQSEFYZ2g5SmF5c21mcVZLdnhBUkVHUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxMiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0OTc2MDkzNjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE3OTc4Mjc4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUZ6Yjg1eUdSZ0ppRG8xM1BGZFUyZktUYmtjSUxpVU85VlRTdzdkUnFVc3RMSSUyYlQ4Nk9uWGZ5U3JpcTV5TEJDUEhBWGdoOUpheXNtZnFWS3Z4QVJFR1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSI0MTM0MCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0OTc2NjkzNzEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NTA0MDg5NDgxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODUwNzk0OTQ3NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjkzNSIgZG93bmxvYWRfdGltZV9tcz0iNDU4OTkiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM4MyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\MicrosoftEdge_X64_125.0.2535.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x11c,0x118,0x124,0x13c,0x120,0x7ff7dd5f4b18,0x7ff7dd5f4b24,0x7ff7dd5f4b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7dd5f4b18,0x7ff7dd5f4b24,0x7ff7dd5f4b30

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38a4055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 protonvpn.com udp
DE 185.159.159.140:443 protonvpn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 140.159.159.185.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
DE 185.159.159.140:443 protonvpn.com tcp
DE 185.159.159.140:443 protonvpn.com tcp
US 8.8.8.8:53 res.cloudinary.com udp
DE 185.159.159.140:443 protonvpn.com tcp
DE 185.159.159.140:443 protonvpn.com tcp
DE 185.159.159.140:443 protonvpn.com tcp
US 104.19.167.65:443 res.cloudinary.com tcp
US 8.8.8.8:53 images.prismic.io udp
US 151.101.2.208:443 images.prismic.io tcp
US 8.8.8.8:53 certificates.starfieldtech.com udp
US 192.124.249.31:80 certificates.starfieldtech.com tcp
DE 185.159.159.140:443 protonvpn.com tcp
US 8.8.8.8:53 65.167.19.104.in-addr.arpa udp
US 8.8.8.8:53 31.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 208.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 account.protonvpn.com udp
DE 185.159.159.143:443 account.protonvpn.com tcp
DE 185.159.159.143:443 account.protonvpn.com tcp
DE 185.159.159.143:443 account.protonvpn.com tcp
US 8.8.8.8:53 143.159.159.185.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 104.91.71.144:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 144.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 proton.me udp
DE 185.70.42.45:443 proton.me tcp
US 8.8.8.8:53 45.42.70.185.in-addr.arpa udp
US 8.8.8.8:53 vpn-api.proton.me udp
DE 185.159.159.148:443 vpn-api.proton.me tcp
DE 185.159.159.148:443 vpn-api.proton.me tcp
US 8.8.8.8:53 148.159.159.185.in-addr.arpa udp
US 8.8.8.8:53 protonvpn.com udp
DE 185.159.159.140:443 protonvpn.com tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 87.248.204.0:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_3152_AULRYZPERVPIRRHD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 958ccfe4589c9f5127d8fe59b0d1f07e
SHA1 854cc5407999d4f01d459a86d69a83315451c2c5
SHA256 efd98205c2eea4a3cef42e70fa6b2758284fdae92010e6e60ed2eaefb8897c4c
SHA512 4e2fb9b07270a5d34c30b2078c7edd638ee617d9fb2cd6f24c885426d61aba75a050ab3be302b518b80bbaeeb00befe04bfa3af3b6e03b9f15b8a2f54e7b442d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0e0302f1abc5be62898c584c14b0d35
SHA1 601385c4ad37cd7f8cfe9e4c3390a3a2bd79be30
SHA256 f1f9fbc1c285de9aebf021e0d1b5a86e79109d0d6d70aa6aa12d17e939e8bdce
SHA512 10931eeffa2c5d43b0b47ebf6b72d4ddee40bc60e0b5819aee153c970593479b913ef1d45869a39928ea35cab123c45abcaa17e21e55930da4fe516639f96585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c9102a2562047cc27630f604743f60a
SHA1 44eae2c9e2eb5680fd37184f8d3decaa7dab4a39
SHA256 00f096d023f9d129351d11207308d08d707f93c55ca4acf6413473c1f226725a
SHA512 001d68bf9ee92348d8d36b30efba1a267f0aaa7037731e4ed4a36f531434b407177170f7fb69905f2a39b053b3b430498ce0413e65854cfc87f170005b4b7d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 16527bdbb659c9fa3b77e27d86c0fcff
SHA1 f24f18bfda012c0b5ad58063efb13ea17a1ce648
SHA256 bef943bdc513acc5d131cdac737fa75025ef70c9a5756b3ab7cc35083822aaf9
SHA512 8f0f4c8be25af556a38cba3db7882bb8a51ebf70523203fe3756952bff9dbce8a90d8cc1713bc8a9d7d24f9793cf6d3ad24132440838f64ca081363a7680240c

memory/5916-166-0x0000000000400000-0x000000000051F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-SL4GL.tmp\ProtonVPN_v3.2.11.tmp

MD5 6760378807a18455aceba9a13b33306a
SHA1 8a7f64422f2e71cf24e79e6b014b325ea3cc6aa0
SHA256 587896eddddc7554571fbfa9e430a99176b06f56fc74fb15d1054790f01a058d
SHA512 403092ab993110cf119d2a483894d25e6ef83e3cb8e9b11ad896807fd830bc4e21834fa75babfa3257e42be46bfad837b0eced1945c8a15e47b6d2a864099816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 123ac105060e165eface0f1bd4411d91
SHA1 a2d47f86df9daeced2211ee18d4e670851952542
SHA256 b063d9c2f5246a6731a27a59e8b9a395b41643dfffae3c1a56860bd85722d2ab
SHA512 e630afbecfcda985813f035bcecc75c80509fbe4d0820ad00a2182956c43c681a81c44d1ec127a0d537bd2c49075c19b0c60dfb67c6e0055b15652be049d82fb

memory/6016-182-0x00000000023B0000-0x00000000024F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\ProtonVPN.InstallActions.x86.dll

MD5 c026ea86bfb609d354bc0fe7701e0bec
SHA1 cc55fcd83094d0f05bc97f97a4ef50168be47391
SHA256 efff858e17d6a82ffd1b34445884208305e31c36c6a9cef509f67f0cc2d7e369
SHA512 32fc1507dc52b263ae7ed0008bf92cb7f0944d6d5afc0eb8ba065ce55a0b4f366bf3affcf0362a59b438646d09bda85400e363e877284a9ae022ab4cd7c57d3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 34e55cb1d170c08af1ff65e553927c60
SHA1 b0725dac0d542eaceea6e92109c85629f2567526
SHA256 75fc3c321b8defb18960c0a2ce34230555c187d1bd5a838ecfd3b5558bc96f64
SHA512 9375b82e774ad337c4d7d1addeadc1411244e3b5f20543136d2908d8a6c541cf8c6c682d6ab4d67daf6d4df63748af74260277e013691350b870d39b7e3c78e9

memory/5916-198-0x0000000000400000-0x000000000051F000-memory.dmp

memory/6016-199-0x0000000000400000-0x0000000000767000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-M1JK5.tmp\MicrosoftEdgeWebview2Setup.exe

MD5 c06e9135c420469715d4310bfb3c1b33
SHA1 08b7b18662f19a5193ef92cdcdba63eefb7d80a7
SHA256 34efce66f80ccdf56ec4697d323922ca751c783099b9e0d1a38eec054776182f
SHA512 56260285eb6c19698daf7cc7b74e8b4d4b11a5f892c7d22c62ccb51353947d81192790957916a52dc4eb579f27cb38ed67c5b4fabd449850c8949581f07e847e

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdate.exe

MD5 d80d6c8774203980beb027e2192f7df0
SHA1 cadf926c78a87b65289979388c34191925b57167
SHA256 41587c47ed8b365599332d5e321437a6dfca746edfc782a231f5d0d4174b5cb8
SHA512 c7f67d6c11ab42619b10f341bff9e433fbd36c40fadd283485d60cadbffee8f7448144b221416445aab92593a08c42a6639a225f0baa064cb9cf090d9169cbde

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdate.dll

MD5 bfc0ece0ce72654a772f425a2f6a7f89
SHA1 a464076f5d87582dce2adeeaf3b522c688d5a14a
SHA256 bd57792535d7f2c75136fe09241fce48b225b7d451b5e6241cd40e6374db388e
SHA512 b027339fe0d73fccbad23ecb34dc8e40f6e0c64584ee0367a2c565802fcd6870fd28563f19789207d2e6a4e13d1ffff515fc10a22193a7765115be927106255c

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_en.dll

MD5 7f82701452b6dfdf75c83df9b865a168
SHA1 cbc560711f74a63781c5de971421a7c3d87452de
SHA256 fb69f9c72a5026b21ebe7717e58f7382ac8a960849c4676b5733948aedf186a0
SHA512 be6ef129d66a0413edb0c67b82bd4fa3d58e63f61ba5969781c19fee11b37fc6665dad3f99331e5b813e40f9b5a0ecf80412712885b8cd920ded6b7d43d2c82b

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdateCore.exe

MD5 08e9b96eb44be746d65eae418abeb20b
SHA1 eb86e91462752a1187d73cf678671bbe34d16dad
SHA256 39f7c35da1df0dca19b5bc426f0687ff0f8ae8de3ae997857a4672f1176de161
SHA512 70e08d09ef398eefbace3bce84e6b6c3e55b6caad8886002fd89466e455e6ffecbfca8d233f47de5cd99a5f6805952726676c8545c7d4884209355a48a34d396

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 f87a4644fd6dc581ef7b67062fdb55ba
SHA1 38feeaf764e787bd68c06fe243c6064f130b8eab
SHA256 1c2fd257dfc2c3967f7afc0ee726319cb6eaa0f1db86c34f97d703ce7bdcb5eb
SHA512 1f054a7111c9d7576ca80b3102670786f8d44276d36446c96f1c8f6aa7f51aa4d81edd4cc36a33cbffeba6d5b6b313f5de0e4209f6edbfe291958b2022677125

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_af.dll

MD5 91295713d791ad6378b117d020c63444
SHA1 0055846b91740c4631026affb5c044b1261e53a8
SHA256 41d0565075327e4a0d1364eb556a238981659f063054404458c0b7b37ec64574
SHA512 55fbbe74bf45ff9700d5a3b940aac9992625a994bc64f842560a0c15e9a8f85a9cb51db993fc43b412608089d3ed6078a8a81afcba33e7e0b0d9b72a4a5b0358

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_am.dll

MD5 f18d85b1e1c45b935e0003f1dbb912f0
SHA1 ba3da8ed55807f6dbb8641620e2594b245e80ced
SHA256 2fa5350047962335602e7a450d1e29951609487e997bf183ce0eb5d01b28f066
SHA512 7a0a22a7efe14f8f8541dd5d59a355d6b601ab3aed2d7ab3895e31d4a1c6531b199243223a3b001dad06186c1f4eca882966c197f2c05256c9f73d8ba96e50bc

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_as.dll

MD5 7b0f190cfa90f9cfcac3f22644b03559
SHA1 de5aa579ead3696433d5509d922fab6fc4954746
SHA256 68a495ee65652ebb55f856b7a82dde20fdda0b38880019170fa5cbafb336c123
SHA512 62572ed3b1cef8d8aac514c9224c4b44546b4c935ab141eeaa696a69caa88b3525199d75fd2f5edaf15fae07b354a7c5e7df86d50dbc50cc093448640b95fdae

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_bg.dll

MD5 e53485ec77800ab9ea0283aac2d0aa89
SHA1 7b4bd4a142a78a95273a91396fbed85432789f34
SHA256 6b380706e9273948be9995da09e3aebb71e7275ba6852086cf5bd1594c7d1232
SHA512 514617c4142cb5f1eb2f72be50d81158136d427d83a8d4f93e6c0c08c30fa012379453a2046ab068cb51853e8c8b12b81df4c18ee80cfb279d80ce4ba5d65b04

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_ca.dll

MD5 a1f2eb33a406b65da04306f52686d6df
SHA1 1a5314c97f23df4ced0466c46aca61286f87d9d2
SHA256 d75877f6cc1b4be175872e8d33778721e3e5acfe1a1154772a68c799f2e3ee1a
SHA512 4d0bfaf9fa80cf308c629eddee7a850dd485d36753fa5c0825b05dd680998aba96eaad7835de1ddea357a124bf5107d3f10b1b71c0ba4fecdc4fc362b6f326f2

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_bn-IN.dll

MD5 c00dd2c1ada230d747f4914e569a4766
SHA1 3c71082db0a88876fd0c929cbf2e25969669c395
SHA256 19fecbe5aa1f007f5f4ed719ad474b3270603c1535f187067c30ceddd4444091
SHA512 5a33f9b756ed41251f4e85a2b85489c679c350e2838e07b1df00b17f655f73d4b16783cbd4031863fb9c9851815ebbd5bb1f58c465e7d88a41d642d0118530c0

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_de.dll

MD5 88580c499f109cef95f3020b64266097
SHA1 da6cd858d8e9715a82a792da35a4c97b76e341a4
SHA256 444f87c7ab5a89e3d423b497abf05fe22ae4605569abd83f3925d3a50a74cd08
SHA512 1838d59b0e414b68b785646b01c8c5f6ebf0466e59c946ebf845782edeca76a396609ef2742341b4d89fad58468d9f0e0e24492be78255ac71a3e0e963e1c999

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_fil.dll

MD5 49c11b98ab805533476c335f62502a73
SHA1 74bf2b11f0a695f5581ede4f2e4215decd5e0409
SHA256 6b982a78ff95831477342ed6935dbd3abd1f730dd9bf364afc2556ce6a3afd50
SHA512 3e64b2f1b15bf4436368732757f2a92f8983da5a996dd179824e82205041c41b2235a00c3bd0d765d5630d20902dc978018436657114f569aa89e09b3bde69c4

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_id.dll

MD5 65fb1c07237d63bc38d11a2416c34ba8
SHA1 8eabd2b245511809e00b78b06b1985152dd2578f
SHA256 57b01bc5a7b4e8c656b08c89213278f81ce264cc399999e76733ddd90c580f26
SHA512 e66cba2a1951706186ab1b13b85679d0aef21dbe56bd3c15e0f2e76ba25df15dce0826ea050b40c8e1c05cdbe257f629fe018096bf488c6845b0a9f5cf565e8d

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_hr.dll

MD5 846b9b5f9f5ce6d8e1e18b053ccc96e3
SHA1 be17600fb7f1f305158eb735206e1c2a6eddb410
SHA256 10e40940f8dc323c6e1fea3f625de0cf2efaceb266b64e81cfa66a2eb51d1f0d
SHA512 148a48489b2787051074ded3a0f38f03b0b034a8b2b1b991ec833848fdcb307e3c6570d829439dc2205455115aaf166f845866cf7d89a07e011aa8d822e9bcdd

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_hu.dll

MD5 cdff9cdd17e3950f3d274e1be976b2d4
SHA1 41590b06ca7e74db8d286e5952f32f5be47d7abf
SHA256 7cf8997e700cbb81931bc9becf7d0887db7477d97c9f88718c0c2d7849310048
SHA512 e0386fd5e0dbdd4e65fb04a554dc0e3d5ef4f862c685614abbf66e8a14cfaa3d2243e77c3d6d14d56aaf1ae38465aa0762a5c3d32a0ed81605b1c7b3274562e7

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_fi.dll

MD5 8f5be4d7e225f2cbf66f3960b56502d0
SHA1 f43fe1f55007dda26ebf78711ebbfb512390b7ed
SHA256 a121a308be48878337fe8c68a45aa10ca898e39c2d195ef244bb657755327366
SHA512 f92088d7babe2d0f4eee14e16f6d67fab8225dff0d3798b1c47f5a291cc9b820c2a7a0c2eecaa97850fa6998e260932941364b100eb8047e5e4bc9e1432a3c06

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_gu.dll

MD5 5ad48f292a34d8a600f3ee5b02664536
SHA1 bdd7bb9e1b730cd63de7e8a50f9c3d76963db4a5
SHA256 faf2d0d88df753be0de3fa0218b78c3582947ead0be012c0af30f863cb3dda2d
SHA512 527c425b5ec64554154bd226bc6488fd4c1af47db67020d865cd1f52400e55c01797a0fd38422278bfc2d481a293902b1cd51a4e5882e3cc6b4ebc223384c38f

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_gl.dll

MD5 4ce45acdc229b38aac0b4849c1f18d94
SHA1 d43eec8a4f689be874541a0c0e6859d3acd78a95
SHA256 cb37f5288928cf0a89f7711366b70c943f7e6ade43e73b8bfee5e1660cc54032
SHA512 43a0c7eaf20b3827d8a33b1fb696cf9d3eb596b975b24175cbbd28090fcfb090d6bedd59d2d63514c9ff334d1bb0ceaeb77b61c632f9bb8666346abc1b384945

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_hi.dll

MD5 00661e0428373734fa46030533215a12
SHA1 5af1f8606a60dbc8126431d568acc0ab9e48e164
SHA256 4e2b724f581f3eeb2a3bb7c561d635741f515bc01be84c9d6ae245e5c7ddd37b
SHA512 7c7b30ff996d29efacb5877edc6840cf88a7148c7f9f42bae1fc2f142169867fa2a66863a5b01a0096b01ad18d9eb9fe6eeb2653879cc8f7519634bb3c49a133

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_gd.dll

MD5 0be6761d833c240b79c092afa2f4d4a0
SHA1 3f13b2fb19489bba686cd681b00d6178a2ce9923
SHA256 248bb8fba661f7b7d4045331d1e4ad808ffe8f446f732c14d2f3a6857f0ebd4e
SHA512 1ec9596ce5ada65ba5739ed11c7554133217d9352913e109012f07d810883080d613e057ea75df6c4cd6a4150e669e55c5100b07026073e9bab68af44974e56c

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_ga.dll

MD5 d6ef74d45d1dd95d9c3c07abc6ec2b85
SHA1 8a161184979d02361688f4214a415ee909c58401
SHA256 f595794586d38fd55bee18c9dbd21c87d33dfc0d03dfe87ade8b0bef5e97252e
SHA512 3f74f4c47757b3a0c6969dc1e9ccccc6c03161014184232430cadac4c85a8fb0748d6f894e99b169d4fcc8190d5cd20ff03157e0d155c3c6e40d4a212e981cdb

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_fr-CA.dll

MD5 f5c88d98f81d525185f5ad8ce5572e86
SHA1 5cd1375cc42a430aec940e4d73b90748890abc79
SHA256 6f6eef8c4afb0deee2497a55854f10407a69dd76e2211c83dc33546f6917a7ad
SHA512 ce41a2dcaa35145e4a638af9e70d3efb9ae5ba8357d0ad3762ab2dd5ed7a1bf141efa83ad9922e0aa11d73521d498226e83515b0166611e7ce1c81f0be9d4ba2

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_fr.dll

MD5 24d190e6f80c7a09dd0ea52db8dc3495
SHA1 02997fc50123612e7100aeca728153b62de8ca52
SHA256 f3cfc3eecf03e256dd6df7d95fae127a4e2c86f3dce58545ae16c422fa8f562b
SHA512 0b5f2c59c3e740c70308174757015f25412f64643abd6fc7965dbc4cc1fd8540a06550b983b62d70dc77cbfdcffc4475143436eef76a07ecb23485bbab054f03

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_fa.dll

MD5 3aa4579d9819617c80568f1f2cb1e287
SHA1 271fa4f97b32d76fa890c4cb9c30ddb2e0298152
SHA256 77b558ba96080390a79ec321af1579b1d17b7179e8a893e10462c7b22c8e8a5e
SHA512 aecf49ff9385947cd7b5c9c0626015c36b106ef6482ecc47c8c189e5d9e4d670ef119e47302accab93214e6b70e9641aebac552d0b2cde4ef4ac252d3ee8d465

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_eu.dll

MD5 e3db9c5ec70ac6c8bf69272f3596c7bb
SHA1 815d877bfe2dcf83a5387da48c3e7534c97f0bb8
SHA256 0aaa5b02f2541fdbea4357155e3ff28c4d715994646364fb9cff591c27c8150a
SHA512 b6d283923b7ad531014f9113dc95c8484deb76cfffd738f223057839de0b163053b5fbb2447fda238369275637870b3e5e911b8f4ab04e4115b6ce7a7f84cd5a

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_et.dll

MD5 bd8f9362d99be154cdd697b8120e096d
SHA1 c15f2533bd74320a85cafe96b37947bdc3d7cdb3
SHA256 49424f739809b3d7fe874852420cd91752cfa605005bf6186c9f89b1b704f40e
SHA512 69341c9521488c26b16740e9a5501ee6f0a95689d14aa3806df06bf1a21e9b902743e24d3d169a66b5a19c28a6c9217538162ce4fa6b2b3f658e276327de34d9

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_es-419.dll

MD5 3c2f0bf38763071676a0e2d3428d3ce2
SHA1 d7f550ad1b00df2ef3dc962ace455958e0c715c3
SHA256 0ae0b861bc4079593e4fe9a2721b187245a80afec33742f80fa7bab4c63928bc
SHA512 9317ae64848b626b95c7f129c4ca30ec64e6ae6f686b4a71a9a31d2cbc1adde352001463421a5581324a85d4492b9d06f58698fb89c4c80775fdb1ee91eaf87f

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_es.dll

MD5 19d6139c5aa6162e8a2a8ba17ec81822
SHA1 d81f95f5e4021c4ef9b9781d32a729782eeccbbe
SHA256 f9ba82d35d780cf5b4819570e81933b06da524eacb5d0eebeef4276aafb9c96e
SHA512 7b287470db50e78bebe8c0906d5f0ccf3aa2c20f70948f7074a8dad29eef40d850c996a790eccdef6ec3d5271a22a5100cb96720966cf0fc032c139e42e10e37

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_en-GB.dll

MD5 f80b43c11b35344c4601f91d61ba01aa
SHA1 9cdbe9b73dc803e642cdf8fa7c9be3ed13928009
SHA256 18cc6c1c2cb593f1f0450745e5ad4d5d0be3b7d6d3f904b907ffb863391badba
SHA512 be390c82be4956090d55f96ef78387d3fe4abb149ddeb66fa6e61c52d2c480f0cd7cce580554ad2743c118697a2d761e1f0ff37f7f50ac437e6f154143fc1ff9

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_el.dll

MD5 f9bbe44306e396b4f5828033d4a8e129
SHA1 2db819ba55ceaa502f7158159d1d6c3de8844ccc
SHA256 3723b0bb625284d49824ab7689721e180238e0c693fb41d9948920210fb171ce
SHA512 608e1122641ff864627d144925d853bfedb7704cda6bef9257d6ae2a6c5d6eb4e2ef773f717cfab1f9c463b17997acf8762b08ac24412ea898e4cd690809d1fb

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_da.dll

MD5 887777535ec4dafc37e04009dc33d46e
SHA1 87755165910c80b6451e6e49c6a5dea346f949f2
SHA256 8123fc78e3217a67de7051574abc16d33043ac9a1d67fbe1220a51ef92c8d80e
SHA512 a67f21474ffdad53ffbdaa8cf8142b399eba399daedaa7c82b62b4d4629b1d60bcb6f04e87ca030299c14dac9f6c291c5d4069181bdc14c83def63c0ac0c68e3

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_cy.dll

MD5 eafbe4b540d5717792cf9e1107aaba90
SHA1 99daa2697b99139c966e58d8e89a64667a9015b3
SHA256 a12771439505f2d419b246d6a974fe8937e0aa5d3b1f9863dbae9f4b7e6197c8
SHA512 d89ca2292190b5914b92f11087970910d18b5e60bbc853466d2439b84612f74248f57b8347c48ee3b1f11232771f99ddb07229cec4beb206bcb1bcee68e6183b

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_cs.dll

MD5 ea83abf1891a11ff03172d0473a64923
SHA1 a19f2e3a26467d8dba5eb73194be1becd0f5563b
SHA256 8a981d1abbd9c6454d2798c7df5708e4af44f54991ac06e988e4e66022c15489
SHA512 f717431b7fca156a476059525307c7f82c74570b1b9c41d6596af14a340d8b3c26493f962c4f4cbfef0d6971d47822e91111ce2f1204c7127a6f6503942bb39c

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 acfd43f9fb09dc5e05842bb8dfa5b3c5
SHA1 e673afb66da1f0065bee5da6d52ea9af75e7ecec
SHA256 e703d0fe2e49eef7b8a072830e76143281039527d9c2873c8162f18217b0ed5a
SHA512 df2416d672f059451607a6aa5752bdfce1989fc461f3781033ae8b000941ecc2a29920e7c2c61f7f879cc2a9a63aceb390b627aa602506833ae41f8e574c66aa

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_bs.dll

MD5 cfdfa919f3f9b33b9e75f9e22a023063
SHA1 2bcfdf9abfe7c13b8883da19cb973da2156a93c2
SHA256 4d2ad964da1441bb08800618db62f9e8117751a4a78bdfa3ae1c2dcf903d6d43
SHA512 42481f9700d2afa9d28d7d4d1d1937e1acd569b3039230fb6d7c52de12d473e708324d1cd285985186e2531831004d5ec2b801f48a0ce3dbf53549fb88ac7793

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_bn.dll

MD5 f010d0ef5fa1c42df991e6a0dd63ea85
SHA1 ebb19b0804b99f55c41754bfc43d654b87f86b14
SHA256 97e41d2acb8b638ac2a039da4f9750a0e9387ac10433cb68e0415c0093695ce0
SHA512 31fcca5c46be1967696fc9b3e9d23a4d81700fea64a826245b674dd1a0c4571a4515ceec6e9fc7d3c9d6bb2a7b7139082bded78847d614917e605b806597ce84

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_az.dll

MD5 f4c8a5f7bc960a03ddf8b74dfae1b060
SHA1 74ee2f8420d86652cb4be3b72dadd52c31ee6689
SHA256 3ccf9900953a871a129280260909acfc20aa23644181e354847fbe6b2e005110
SHA512 c9c1b64a5da33130be847f0f2e5acee2af78ec84df14c873d1413a495c40a84c318435c43b5e17ccb0fe2929cc97350bef882b68632f1a80551c0e79ff2bcdcd

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\msedgeupdateres_ar.dll

MD5 b09436f36b5a4a81a153984bbf3fddfc
SHA1 6939928c6c5cfa89525e728b541568869de2804b
SHA256 b4e66f907dde78b4d4f85c5c44656667b7b0fa0659eb56f7f96d974cb66d4dd0
SHA512 472798b8419b2e6614c72eac27bd3c3a2ac0d93b3a15c992d26d44f1ee3f628406a405df36145bdeeee45b2e96b2def9058869dd2dc857030ae7972e0b0bcf52

C:\Program Files (x86)\Microsoft\Temp\EUF9F0.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 80779f870e88307143083fcf97f251b4
SHA1 e299c63a8745ab0a46cae731514f936f9714d622
SHA256 8a75eaf5677dc11b1c37fbf57ca354b0e3d25c8aa867269c2deb0e7fb7fa0693
SHA512 a1f56f0706cf7cbd35d74840ed58c685f3bf86e35efcbd73ae2d73ca6ce9a8ad1f7ced8528b3d81785e3bb9297023bf42f8e60bc4631232d9947cdbeb56afb47

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 66518e13170f663de04bcad63df2868f
SHA1 e3ec113a583861740e8fad7054058deec134b36c
SHA256 1fe2f1eedd324105611346d6c9c4439c41e90b981ceef3391e16590fbf873c24
SHA512 282a14326b17f21023204342947892a2aa2551c0298ac9609c98920e938d83f4a76a9c6ae12809fd901f8917362876ade2a2c6be34fe3819d9fe18009c2db068

memory/6016-373-0x0000000000400000-0x0000000000767000-memory.dmp

memory/640-383-0x0000000000260000-0x0000000000295000-memory.dmp

memory/640-384-0x0000000072A30000-0x0000000072C4F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5a8d526a6197c3a4bbbc63d297de82a
SHA1 55aaa5d63233aa790dee8e8d2b5ab1ae41a26f6b
SHA256 cca340869f4916a925ae853a543fbab3d63f6e5197a7c2d29e5594716a9806c3
SHA512 aae655b730d22738df2976c07f0ba1a1d7cd2105bb2d9b60817bd6619f5dac9df1c182c745b3f45415adece62dab22049aa15700893edd51f0a60925d83d0fad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3edd1731c8e74be869e5f41146ecf836
SHA1 e33b7b6f28f781ef9f991789fc2d7fb2992d198f
SHA256 4f89369141c7738a8c1084202fc2d9a382efc630704c573d729b009e6cff16e4
SHA512 82b0a338097c36be66b1aa1909a6e97bd8dc754dbad009161fc70ec9227c32933a0b39840b92a6f96f67c78fdd6fcb55730814d1bc48c90411fe48572ef857f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ac257b277b4fef88f0e578fa9bc05484
SHA1 0fe1e2d67bcd3b223727e61e50c004253b8f2200
SHA256 88161588cde1a1aa6c056756db92ca81d08d75abbce9c29bc0d9037ed39acc2a
SHA512 d4a2d1ce02f20046f753740d0a619db2d959fe004a8a0696a0ec1efdaeb8f6eb5e93b5672450248191a4178bf3a0c727a58855c372fb0949ba76df628a2d69d2

memory/640-433-0x0000000072A30000-0x0000000072C4F000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 744475c0efb8d131af7dc49920909338
SHA1 ef7d3f5b2aa3cf46a3171195eeec4e1ced79ca86
SHA256 81e20aff388d67fe444ec032aaaafef33fa9b7647cb874d32aa8acbb88930421
SHA512 13c999ad78bd429b92b64c8bc7496a24071474360f65ba6c745aec0751ffc776d1f97ebf92eacba943ac381350e55070b35a32de2cbd76ea376392cffb78dc48

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Installer\setup.exe

MD5 365eb1aab5e477760126569b7f72f85a
SHA1 06aa9c213c163b7716644314ea6d3997f882ab06
SHA256 19dc1f8c7901ec057bfaf763d8354a07880ce6fa3093185c64b95d082f8055af
SHA512 0d34bc14ed5328f2ded1c48acc29872a2154db0c4c9072a098266a08c0d0b235705223f988e64e3fd418e9c62338560e33d7f3d9ae933f43da77763e88938888

memory/640-535-0x0000000000260000-0x0000000000295000-memory.dmp

C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.deps.json

MD5 60d0fc9be2bb280e6e0180263f5c5eec
SHA1 02b70fe8c665432d270975904bdb695691a4a911
SHA256 212e78448f79af44d6b55a53f3a3e69d43ed20d8676e1b2ff1abc750b7e3c729
SHA512 9a3067904b9b999ed5a03b383e4a405527398125ec5d54efd898cf6fc687a518d3a2e30d8111313e9f8ea168ee446939f1c44f4e4484e23de5ad5455b0916c81

C:\Program Files\Proton\VPN\v3.2.11\is-J90KD.tmp

MD5 0f699c934a98f229e08b805ced7e265d
SHA1 191e6e106081033b448d0ccb32b5d6a81d6c8d63
SHA256 a0eb69194b1819658ba615351a79859707d3a5cab440bdfc26e015a64ddc7b82
SHA512 0ad0d5fac9bde0eaeceff4b60be75df6e6f2745670d56da5674c96b179b609312ef1c66a94ae0aeb7566bf9ff22193556a3817fdd7a29c777322521db7aa239f

C:\Program Files\Proton\VPN\v3.2.11\is-KR0R4.tmp

MD5 aee6e7a5e5e35b52c9feed7f45645d0d
SHA1 525ce55d12ceca073009ec64281b6629452ff739
SHA256 3de6b890d0878014ac37f4807f8354d479c6e4ae6f96452564049379b57d0484
SHA512 0133e05f7efbbf9c750576a4447473df70bcf0a4a6f9cb68476eeb139d98368ea314bba8f7f812e3edc710dc3204f3cb894bb4851834ab5ae76852c23edfb023

C:\Program Files\Proton\VPN\v3.2.11\is-67UFG.tmp

MD5 fceeafc460df5609a1f10921b03da7d7
SHA1 dc281c4a126df181e4330a4cdfd9e43bf39997c3
SHA256 1b8a0096c02b3f1ddf6756a3b112b4e5a3ff7698b8500eadd28298837387c60b
SHA512 b5ea390511370f27e761269c8bc25f1f2fd0befcce9c1cc6a919f319220a440c1203954703eddb373d35e96ef73aeb3a02b35ee530b63496735cc877bc7d186e

memory/6016-1771-0x0000000000400000-0x0000000000767000-memory.dmp

C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe

MD5 89f0ff7933d9f05e52d354e1c19a34c7
SHA1 ae1c56284f6efbf3c5af3cf2fb23ae0e4fd7f8e1
SHA256 ed3c8d4f6703e1138f22d4df73dfe50ec31474cf126ba9fbc590a37077ae99b6
SHA512 0b39f0a14ae11a9b4293e2b76ee73528ba2d347318f85e6036dd62adec8847ad4e35d91a6dda35b12fe6db5df01a1923737acf5bd5214226ee5c0bc63558fd0c

C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-06-03 #001.txt

MD5 1c1079ca33d50912c7e520e8e4865a7a
SHA1 f91334bf9333db5c1ae8a2a5b718cd6e40ccc864
SHA256 cbeaad4903748bf6354d05fd651cd0a67040204ac8cd5fc0df55d4051e060ed6
SHA512 b5c726384bced3c1937791d2a850d12332f5f36eb1f8edcc38125483a6c3139f05dc831f831a8b53976c1934f2cf5c31bf479e28dcc1239c7acaa831db6d6f7a

memory/5916-1840-0x0000000000400000-0x000000000051F000-memory.dmp

memory/6016-1839-0x0000000000400000-0x0000000000767000-memory.dmp

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\user.config

MD5 cb725a0bfa4bca970522ce191113e222
SHA1 10e80b51cc07e567b446e779d04e0a33ace49975
SHA256 0e0e8e0c97eeb3656379d2924b729ca29dc8c1790c9e8fc50f61d2ddb43f26f4
SHA512 6edc552a70661ffdb8ce09d67cb40a6557e06131c4e3bc6cfc9af7b753c15734b5595333f003a4bbbf5744e7dc287f49fb779932c512758483ce277fa8d809f1

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\5afyly1s.newcfg

MD5 89d372c5373d57ea6f5849bf8305cc6f
SHA1 e690040bc6213106ba5bc67ae1cc6be3c8a7003a
SHA256 b9e304b05c9ed57f9427ced0fdbf16dda64aee87cbf104c8c66166f1e8bb6c06
SHA512 1486d347c83689daa1d07730d4e480fd66a09ae2f60aca9811720ae07ef107ffa39842b025749ac9111f87d2356b9edcd22890702159cd4f7e3133a76a71d877

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\kdeqtmaa.newcfg

MD5 448918ab6c434f768d61fc786e9cc652
SHA1 d1ac8014885264d86edea311a3cf9d96adb2bae6
SHA256 4e2754843c6267b012fa1d8cc38c2c5194172ea6e880f0f8f1e2a8fbd526b292
SHA512 c33905bb143a6df49cc1c0d720b7bd8d6b8e2bed39140f4643df79f1f69115e387f356bef8722568473484344d388ae28a4f95526c3ee8c98c0b8e4ab92980ae

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\2xibddts.newcfg

MD5 1ba4bf3bd358cc213a933c85bdf25ba3
SHA1 6dd59dc5bdd847b7697f6656c587cc40c4d0f82a
SHA256 fd36025a55e26feece8114f733e74ca469d5ae38762d05d5a2a22388692e500f
SHA512 c8365f7fc32c7f8922aadb53ca44a7c1d3d7ec6fefc57227abf8f6bbc61622de90c86892990daef3840002da8e5fa0ff80fc533d53e04622721f1c61c38f02ce

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\onztgvcl.newcfg

MD5 c44b1f7bf3ab9081f4f53c0b58946caa
SHA1 e2d118e45ae87a12deaa120225a4a1e9f26e3b73
SHA256 225b712637f4fc2294ab247817eae2b2ff997e61ccb1515e0c9a8afd34d871c4
SHA512 0e38f964724040198809076e57f62b73c913fe4b7e788edb01900894cbd248646ff6b2d3f5ecf49a827fbdd2f083a1eeb6b827dfa55b1a240dd558e61048c70c

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\zc2xzc3u.newcfg

MD5 fd85597278888a1da8eec3590fc6e339
SHA1 39819e0549622a81f19fd5fbcc5d275683722027
SHA256 0563289f927756743267f676024869da32e3a9ca156ef6e0ad86d85012427ee5
SHA512 c084b368eb8121cf75ddbce5d28ea0e1d40ed0b4fb56c1532d74d9fee959570219ddec9a0b5f4f893c5e77ceae582d655be02e79ae411652957f7ccf59879ca4

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\wiat0j21.newcfg

MD5 78f302274d570853d0ec97d9c6ab2ded
SHA1 5e722386ac9457658095a732782fcf07650a45f3
SHA256 ce805995fb4efa40d8d0cba537dae3f8cbef9b76933dbacf155df19d9fee712b
SHA512 217ea6f25a67f4a72c10326ce573f72e2f44121d3c3fb4621ac42db8313f5d8a57e3597b8e57b131fe307dc7bc57decd9db62ea5dd6201addb68f2ac948d8ed0

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\ii4ruz5e.newcfg

MD5 769645ce26ebd29e9f8477e06db29caa
SHA1 b2d8fd51672e1bb75ef5f6eb6c32a54609ea67f8
SHA256 3e62127f9ee292f420fc846287d91b6f23fc589165cb87829f1f273c0e1b09b4
SHA512 5286884942fe8213ce64d90ecd19d0b3f7b28b499124b85b3ae990797bea4c2af23eacd06d74e42171578ad51e3cca7005bdda6fe0e947f0d8bafe0c8ac58a1e

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\e4myntlu.newcfg

MD5 341efc4d857528381af1948b11aab349
SHA1 ec832b4c3b151b6978717c6fb756f8840d27ec05
SHA256 4e0e6f2e178a679fceca6299c0cfeb83391fc0dec3fd2c52b8d6551df12316bb
SHA512 ce63773fbc68a4e6222d11a47b0f0de7b0989b1eda59b830925e2f96f1efa973b07cd5709392a7dfe71025c6227ce8628bfac448488aaa7488f0e818eae6d8f3

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\syfoonif.newcfg

MD5 9aef7a422ed5dc5075c401b9a47a5d7d
SHA1 7f8dfa71bcb09355a5577332481c403184855845
SHA256 7ac4953d74d53c34c5802babf1dde2d425a7a45a4e5126b9ba4a6fc6c4f46130
SHA512 fa64ae66a824d98de05d58aedba6c34def1f4738d05b162a16f8a0c7ba654f6e2a2c8920886f7b5a1224d9f748021079bc2f53dbd14329e5c4d312d0838d0369

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\pme5y5ap.newcfg

MD5 8888e5e3e66ffdd4cfd9a182f876c230
SHA1 6c8b97492fe8bc6271767cab4d111622250c852d
SHA256 59ac703b6faf45e28ef6d665a8e6f1bb414cf53c52dedad047572a6d7e3f8d64
SHA512 80d769056b4bba5243e83b858595f5a2168aaf7a4d9c39c2dea22a4410a509fa4163e26d0039bbf39be8017446a7e5ff20f3e8a703234ee608c886efdae707d1

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\xdvdmkgm.newcfg

MD5 bae5e58fdccc95fc6d2c86c92c762761
SHA1 b9f1ffec9edf8fa4059e536d6cfb38bfe0498c8c
SHA256 c45f69e34ad0bcfb4e4db5674e8cd75195b11828373eb257b7a7028387df0681
SHA512 e1d6ead41e4a4abe7e24bd37795cdfa9a51cd335b0e9f3ada5eddbc6f08bf037001ea61d96794db72d2295976bb753106b0d097cbcc6b3ed856b222331945149

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\b1ptjq03.newcfg

MD5 2d34724b522b4b8f114b971352cc1af4
SHA1 2a50de0b38b34b84b80c836fa4cab79ca20c23c1
SHA256 9d8868773e63f54c16b05c47281d8bcfbbd9f2b8e71d9e9f926d28353f34af36
SHA512 f729d7565beb4e1ef5e772f4a9eaaa387a671738c1f86fd3df6721334011b56aac193c09477f920c5b50bc6d0677b3e25b679265626c918a11350568fd72a421

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\ywx21lhq.newcfg

MD5 f45e956ef7ae1755fccf93b82074368f
SHA1 b536a44da972d12209d50a3ef363cb408b8409ce
SHA256 b992734233be8d3c0ddc88c0d0b8f233eb419322ea9dc305b33f4a14439f0b3e
SHA512 9fc509a033cd24618fdd0ef1a259dff66648e56a26fafdaf66a396fc397bafaaf5addbda7dcfba73010687b51a1076e62ba815fb0b82fa7769701d513bc6aa1d

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\ph1m4jq5.newcfg

MD5 33f46a939600acfd50143d36f3429034
SHA1 e54be9e930a45650b5a6c3a00461e972077fabdb
SHA256 5ce903e58a452e705f0108783679523882799875b67c1b58d779c963c92a81b8
SHA512 4025b55b88303f7283db43c50545ffd65d48b7a02ff10f54e584074318abbdffacff1e839f9f3979d789192bb5b7a2cfe9c86b3abdf02dfa79ea86c6605257b7

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\yiyntdjf.newcfg

MD5 aeac4892ed6aa177210d7408fd513a32
SHA1 83e376adacaeb858049f9122a84fa00a44f75b0b
SHA256 012cb7b2b5ae6e59b2b08945a7cb3f1008f6435a9cc341347354f71e528600a7
SHA512 bfc02e748e64e925d1b2b457a3e230343c092002510d8a6dc4c513e78e629ed3cd3f98a93c55c9af854827fbce0e93c3d2eeec0408d2c426bdd0b321b8113c50

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\0c4wgtks.newcfg

MD5 53141db330273a4bf26e6810050ef807
SHA1 73474ee4c3a9820adf4fab47c0e8abe49744874f
SHA256 ed598b79200e9c090d2c23744c3073eeaafaeb8375a65304bd3b81fc41b78edd
SHA512 7e71f5cbdfc98cbd62caae037a14514ce3f33332a3fcb61807e9682f3057fef9f6fbdb51dcf814d9dd2fc4c0f271c5d35751c4f9fc8bb91f7dd3e6b1d2ceac83

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\mffq2vsb.newcfg

MD5 b9ccc7cb7e3bd009b692204df5c4d26f
SHA1 08242565a29c29517576ba5e84ca22e6933c245d
SHA256 239d410238053c57e84476afe5194ea4551b937a5a3e0d6c7f65daa7c40089ee
SHA512 da7c622eecfdac469b20b29d0ff16d9387b11c56a1ad4f0c8db93ef1a3320a345c20afcfa13f827499171f8275a6ae43dc6901555adfa19ff88d09c879032b5c

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\leww0xch.newcfg

MD5 19c19f6b19d1921b2ec0534c350f0b63
SHA1 8ecbd262e56e55673674992b2a9d36954f097445
SHA256 e37fae0a97c4c2c5a136d192fc8a3845ad1568c2ac05c39ed0bc4ca0e2257486
SHA512 a60c81c6d9b7a022ea113c77efbc9bb19c54a0a1cacc1ca897a2bba2f1fac7860f06ae4ef956e759f8bd210cc5b64134ff836e05d3553889a59f9824fe7daf26

C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.2.11.0\qsxgrmeh.newcfg

MD5 be448eb24a4ff652754173e41bf63903
SHA1 d88ea1eeb66b67faf5586cd3c1695663e8870768
SHA256 efdd9527d2ee217298e8f902f3b164c0f1b3c77c5e0b5d60e5253880abed007a
SHA512 fd67f7500722089ae74c83335b85b730b486263cdd262acc08fb94877938a62e5d4266ddd9d93e9a54c48901be9b563090fe5e0bd7f66da896fb8785c6d66973

C:\Windows\Temp\{CDA63A03-FFB5-4470-8AAE-E2832B22C347}\.be\Proton Drive Setup 1.5.4 (8fffdc42).exe

MD5 b68c806e5d38bce51bdffb01817c6fa6
SHA1 12786aec1b14254c3383df8aa2cf8fb86e9e65ca
SHA256 07024c422d31d777cfd6d49a7084edbe77b37758e0caed30b0d9f838f29a04b9
SHA512 6ec3534c00173493c43b9539af7216a83357ceea520fcb88c2224cf9d32281193c66ab4be41bde9e9944b9787accff233a87843db1d318967389fd0a1153a11a

memory/644-2219-0x000001B057920000-0x000001B057954000-memory.dmp

memory/644-2221-0x000001B057790000-0x000001B057796000-memory.dmp

C:\Windows\Installer\SFXCAB296D92AC64CCE0B1D40A2B2C2386F28\CustomAction.config

MD5 ee9a8381338b060d86c58e2415f481f3
SHA1 200f3ed7c773f50c80644f3976e09e876f45993f
SHA256 7e1096d6f39ebe04d6e38bc714983af05ed92cc2bb4d3365ed4c85e733cb145c
SHA512 26b9108b9522574e08560bc45a6470f85ca149317bd763f3a357040e0f0e743fd7bfc05e0ce2d9fb52bf89e22c61d221ddf8a7163f5143848717ca3d56847ef1

C:\Windows\Installer\SFXCAB296D92AC64CCE0B1D40A2B2C2386F28\WixToolset.Dtf.WindowsInstaller.dll

MD5 195e24ce1176fcf271b12c208638a6f9
SHA1 3e0f5d607a6e866fb26ea3d652de3ff2764af2d8
SHA256 04ff498139c67cccb791ce0a6a2dc38792149fa94516736689bc224f026bde35
SHA512 91deb84f9a4577de7c133f9c18544b70c3e1aa8e99cfc6e2673864a744382120493c9424b7a88aa6a403a4ff88af96dc5628c4473fe37d4e1b9ff7b28724da56

C:\Windows\Installer\SFXCAB296D92AC64CCE0B1D40A2B2C2386F28\ProtonDrive.Installer.Extensions.dll

MD5 2515e5a2619f2474fd8eeb53fbb0b31c
SHA1 306c3a0d9def43a2c22c4c4216d567541d9d6c62
SHA256 e35b22864e8cd869261becd0c99fbcc4a94a9cc71f7ead6dfefeb952d6fae7ce
SHA512 fe8a4d6951563539b15aa4a5b30d54253ec3b0155c7f63afad6ccb1e1d1cfd20b56f33d9752839383ae35028e31475d71c6d210b13b011fb8cb75ac3e803cc05

C:\Windows\Installer\MSIFE2C.tmp

MD5 bf7c9617c77d91120cdeb21c1864d2ce
SHA1 0445bf735c5ff1b43f7682f6d46e4f3a62b7a520
SHA256 0d8ca90a8191d243d517b411da2ee4223b21533a68ae0da2a44c7f9ed053b753
SHA512 77d2121af5908818230864f2004f9228a31d33cabfe45e951dac9b00b6fde2d802fdd9a72603ed6941356b2046854f647498d78d8ee1453053deef73e029904e

C:\Windows\Installer\MSI217.tmp

MD5 44e75952b658ffe4869cd40db1299c8f
SHA1 6bb94bf54f401772d2aa21a37f17b319fe0417b3
SHA256 50bbf22db97433456a4307211b99641740f20a6421bcee32216fa888feaa7b2c
SHA512 bca6f5b4bc1f301191f713c7ecb5161ad8eedba6503ddee0ffc41b6e48c617c4fec19de22a63e139055ddba4fe4dae51505bb005b5cdad72d6684dfecd55c8a6

C:\Config.Msi\e59fd33.rbs

MD5 972f6f976d8e97a7b73fb4eda616825b
SHA1 c4a9bb19ed01a75d69265a473d6842443841e7a2
SHA256 a55e2b1db330c678d20415974bc3fdc6a4819f7ec0d0647c9bbfe32178347fc5
SHA512 3bdcdc681533ec8d63e0b84abf739a86478153ae7503d28132db7a7c3e09eac89469796ae6381e2994548d0cf6b14f6cb63f1f8c87fc6edbd2efc1b72e488a39

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DDB72EA7-3030-4647-AF18-3BACEAA55914}\EDGEMITMP_6A4B3.tmp\SETUP.EX_

MD5 acba8d068b4ad0fb79a424af26103aca
SHA1 cddda10d8d6f495fd331132df3ffee76369833d7
SHA256 597006630d186095a14e003334b1260b4de8a5931b68597e3916ae2129b24336
SHA512 5097fbd09f42582a5cb2cd82dac4eeecb2e5c8e652ebf3601f6eb78b9438fcb4e9afdb4eafb3dca73a837d7536f981c3bd977815bbbf40d03e1837d2b93f529f

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 97d1b4590e918c3800d4785b702c8dc4
SHA1 26c15ead3328396cc668cccd874768c59bb7eb33
SHA256 632d1d841d8fd8a1f65f782438bf3ea9c44d426ba23e6103ca4ef67c40afb81a
SHA512 f32189e6727f2d0bf7023dd3d16ab421aa41c9d430873ff1ac4a0e99c327618efaf5d2efb2dcdd0a17c9e9622b41176ad331fc298c2d87cdcf9a55998a384b7d