Analysis Overview
Threat Level: Likely malicious
The file https://goo.su/OlNvUU was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Sets file execution options in registry
Executes dropped EXE
Registers COM server for autorun
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Maps connected drives based on registry
Checks system information in the registry
Drops file in Program Files directory
Enumerates physical storage devices
GoLang User-Agent
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Detects videocard installed
Enumerates system info in registry
Suspicious use of SendNotifyMessage
System policy modification
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:17
Reported
2024-06-03 10:19
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\Temp1_Activation-Patch.zip\Activation-Patch.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\Temp1_Activation-Patch.zip\Activation-Patch.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/OlNvUU
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10207778985988856937,3773582590216123607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Activation-Patch.zip\Activation-Patch.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Activation-Patch.zip\Activation-Patch.exe"
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTZCRjQyMDUtNDNCNC00Q0U1LUFFOTgtODZDQzExMzA0RDFGfSIgdXNlcmlkPSJ7MTc1MDg3RjYtNjkwQy00NUM4LTlFRTEtMzU0MzAzQTY0Qzk1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JGNzM5ODA1LUZFNzktNDAwRi1CMTI2LTE1MUM2RjMyQkI0OH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk5NzY1MDc4MyIgaW5zdGFsbF90aW1lX21zPSI2NzIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{96BF4205-43B4-4CE5-AE98-86CC11304D1F}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTZCRjQyMDUtNDNCNC00Q0U1LUFFOTgtODZDQzExMzA0RDFGfSIgdXNlcmlkPSJ7MTc1MDg3RjYtNjkwQy00NUM4LTlFRTEtMzU0MzAzQTY0Qzk1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NkI3N0VFRkEtRTQwRC00MkI1LUJFRDMtN0ExQzExQUEzNDVEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0Q2anhQZVVtS2ZoOHl0eTZGMDdZeE0xZVpESC9UVjZGUVQyZmZEaVp5d3c9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTM1OTQ1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTg2MDg1MzMwMDAwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAwMzM3ODk4MCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Users\Admin\Desktop\Activation-Patch.exe
"C:\Users\Admin\Desktop\Activation-Patch.exe"
C:\Users\Admin\Desktop\Activation-Patch.exe
"C:\Users\Admin\Desktop\Activation-Patch.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\MicrosoftEdge_X64_125.0.2535.79.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\EDGEMITMP_54758.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\EDGEMITMP_54758.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\EDGEMITMP_54758.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\EDGEMITMP_54758.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90B2BC11-88C9-4EBC-9B24-2434425053EE}\EDGEMITMP_54758.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff65aaa4b18,0x7ff65aaa4b24,0x7ff65aaa4b30
C:\Users\Admin\Desktop\Activation-Patch.exe
"C:\Users\Admin\Desktop\Activation-Patch.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTZCRjQyMDUtNDNCNC00Q0U1LUFFOTgtODZDQzExMzA0RDFGfSIgdXNlcmlkPSJ7MTc1MDg3RjYtNjkwQy00NUM4LTlFRTEtMzU0MzAzQTY0Qzk1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezNFMzIwNDUyLUM5RTUtNDVEOS1CNjIzLUYzMTg4REFGQkQwQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1Ljc5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDE4MDY2NzM5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAxODA2NjczOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1NzI3OTU5MjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzA4YzMwYzZkLTY5ZWItNDk3Yi1hZDgyLWY4NDc4NzllNDI0MD9QMT0xNzE4MDE0Njg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUczYlFyaEFCUUhJUGY5UjRGY2xsQWxqcFhVJTJiRjlMa1lERmFOJTJmZmxDRUdpWndZVzBDbnpMSG5TdUZETm1vekZvWjklMmJSaGZWb0xTcHc0V0piazVUMUZRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczNzE2MDI0IiB0b3RhbD0iMTczNzE2MDI0IiBkb3dubG9hZF90aW1lX21zPSI0ODk0MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1NzI5NTE4ODEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTg3MzE4MDQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDE5NTYzODkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODU5IiBkb3dubG9hZF90aW1lX21zPSI1NTQ1OCIgZG93bmxvYWRlZD0iMTczNzE2MDI0IiB0b3RhbD0iMTczNzE2MDI0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzIyNSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Activation-Patch.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1364.2204.10916504124641990674
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.79 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ff8b96f4ef8,0x7ff8b96f4f04,0x7ff8b96f4f10
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView" --webview-exe-name=Activation-Patch.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,797398069669188249,3346281609600432976,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView" --webview-exe-name=Activation-Patch.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1956,i,797398069669188249,3346281609600432976,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView" --webview-exe-name=Activation-Patch.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2276,i,797398069669188249,3346281609600432976,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView" --webview-exe-name=Activation-Patch.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3596,i,797398069669188249,3346281609600432976,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
C:\Windows\System32\Wbem\wmic.exe
wmic path win32_VideoController get name
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\""
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 172.67.139.105:443 | goo.su | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 105.139.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.140:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 143.191.67.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:80 | tcp | |
| RU | 147.45.44.73:1445 | 147.45.44.73 | tcp |
| N/A | 127.0.0.1:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_100_ZLCWBJXKGQOXWQNT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 830818144ef83f9e86d98f8bf48ae391 |
| SHA1 | f92e4460a04f674eeb3a6e7aa7453a206c27ad0d |
| SHA256 | dbf01962b1e64b914bc082dcd068d6b81133223e48db907a348139484771a47b |
| SHA512 | 19d2d4abb927b3973f969aac262c144618b2b2832c95d5a5a1a0b96c3bd61f501809cd0f83bc99ef4af13ae4a086fb4422b63040e56b20c8a922471bc52a0c07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Activation-Patch.zip
| MD5 | f76a9bba32f111da1a1d27f301e58026 |
| SHA1 | b139660a9188766c8034f00336e1510edb9d2fad |
| SHA256 | 3bf8263b56a109a52c84015c03911470998e7f9815b6504a924e9cf07a4958db |
| SHA512 | 82e9a5b08ab03da8cd864e1d2de81e191996566a163b1c1be50856f2f41c9bd73eb8bf431ddc4af179b818f7ea54ee0b30e9a7b191432f8269ab20f454b8cb93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c55c6fc482c109b30c2bf80983d80f4 |
| SHA1 | 58ddbbb8690a354b9af38d1976d372b3727dd2c6 |
| SHA256 | 1cb4cdde61b46b6d2dd16a0b01d9047943825564a7f8bd33ad3fdf0c609d9b3c |
| SHA512 | 83f02af87ac653cd82fa6992aea6333e0618e6c23526b47f60392740393e573c232e6e196e95f5ae30822694e8fee0c7d0892cc922ed9658f00e19417870de54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82365daa0b0f588d4815db3721f10f71 |
| SHA1 | c02bc99fd0477ca8f47d8f816a4912b4cbb1bc64 |
| SHA256 | 4cd78a54b869e88307dc2cdc316d1895e1d4a3de9176a010576f555f92c65336 |
| SHA512 | f0895af6aafda3312939c627b514a7b238059f03459a7891c42e607976e2f5554ac67bd9d819752bf3ca46b838cb601a9e8c6aeb109ef06c63236e57b567f489 |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | c06e9135c420469715d4310bfb3c1b33 |
| SHA1 | 08b7b18662f19a5193ef92cdcdba63eefb7d80a7 |
| SHA256 | 34efce66f80ccdf56ec4697d323922ca751c783099b9e0d1a38eec054776182f |
| SHA512 | 56260285eb6c19698daf7cc7b74e8b4d4b11a5f892c7d22c62ccb51353947d81192790957916a52dc4eb579f27cb38ed67c5b4fabd449850c8949581f07e847e |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdate.exe
| MD5 | d80d6c8774203980beb027e2192f7df0 |
| SHA1 | cadf926c78a87b65289979388c34191925b57167 |
| SHA256 | 41587c47ed8b365599332d5e321437a6dfca746edfc782a231f5d0d4174b5cb8 |
| SHA512 | c7f67d6c11ab42619b10f341bff9e433fbd36c40fadd283485d60cadbffee8f7448144b221416445aab92593a08c42a6639a225f0baa064cb9cf090d9169cbde |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdate.dll
| MD5 | bfc0ece0ce72654a772f425a2f6a7f89 |
| SHA1 | a464076f5d87582dce2adeeaf3b522c688d5a14a |
| SHA256 | bd57792535d7f2c75136fe09241fce48b225b7d451b5e6241cd40e6374db388e |
| SHA512 | b027339fe0d73fccbad23ecb34dc8e40f6e0c64584ee0367a2c565802fcd6870fd28563f19789207d2e6a4e13d1ffff515fc10a22193a7765115be927106255c |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_en.dll
| MD5 | 7f82701452b6dfdf75c83df9b865a168 |
| SHA1 | cbc560711f74a63781c5de971421a7c3d87452de |
| SHA256 | fb69f9c72a5026b21ebe7717e58f7382ac8a960849c4676b5733948aedf186a0 |
| SHA512 | be6ef129d66a0413edb0c67b82bd4fa3d58e63f61ba5969781c19fee11b37fc6665dad3f99331e5b813e40f9b5a0ecf80412712885b8cd920ded6b7d43d2c82b |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | 08e9b96eb44be746d65eae418abeb20b |
| SHA1 | eb86e91462752a1187d73cf678671bbe34d16dad |
| SHA256 | 39f7c35da1df0dca19b5bc426f0687ff0f8ae8de3ae997857a4672f1176de161 |
| SHA512 | 70e08d09ef398eefbace3bce84e6b6c3e55b6caad8886002fd89466e455e6ffecbfca8d233f47de5cd99a5f6805952726676c8545c7d4884209355a48a34d396 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_af.dll
| MD5 | 91295713d791ad6378b117d020c63444 |
| SHA1 | 0055846b91740c4631026affb5c044b1261e53a8 |
| SHA256 | 41d0565075327e4a0d1364eb556a238981659f063054404458c0b7b37ec64574 |
| SHA512 | 55fbbe74bf45ff9700d5a3b940aac9992625a994bc64f842560a0c15e9a8f85a9cb51db993fc43b412608089d3ed6078a8a81afcba33e7e0b0d9b72a4a5b0358 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_az.dll
| MD5 | f4c8a5f7bc960a03ddf8b74dfae1b060 |
| SHA1 | 74ee2f8420d86652cb4be3b72dadd52c31ee6689 |
| SHA256 | 3ccf9900953a871a129280260909acfc20aa23644181e354847fbe6b2e005110 |
| SHA512 | c9c1b64a5da33130be847f0f2e5acee2af78ec84df14c873d1413a495c40a84c318435c43b5e17ccb0fe2929cc97350bef882b68632f1a80551c0e79ff2bcdcd |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | acfd43f9fb09dc5e05842bb8dfa5b3c5 |
| SHA1 | e673afb66da1f0065bee5da6d52ea9af75e7ecec |
| SHA256 | e703d0fe2e49eef7b8a072830e76143281039527d9c2873c8162f18217b0ed5a |
| SHA512 | df2416d672f059451607a6aa5752bdfce1989fc461f3781033ae8b000941ecc2a29920e7c2c61f7f879cc2a9a63aceb390b627aa602506833ae41f8e574c66aa |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_gl.dll
| MD5 | 4ce45acdc229b38aac0b4849c1f18d94 |
| SHA1 | d43eec8a4f689be874541a0c0e6859d3acd78a95 |
| SHA256 | cb37f5288928cf0a89f7711366b70c943f7e6ade43e73b8bfee5e1660cc54032 |
| SHA512 | 43a0c7eaf20b3827d8a33b1fb696cf9d3eb596b975b24175cbbd28090fcfb090d6bedd59d2d63514c9ff334d1bb0ceaeb77b61c632f9bb8666346abc1b384945 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_km.dll
| MD5 | e133ef71c5724664908ef2cd7af775b4 |
| SHA1 | a30990a3384c62b04259c10d7019ee41fe517c7c |
| SHA256 | 0425f6ec9cfc4f79a43a2963903922526fcd877225da01f88009c7380a0678b8 |
| SHA512 | 86e7188d9faad6635439c9518b5d038b5f60bec3de16b18ae9c1a6574bbeb76b8ba677bfd77b24329a4b6df00c4571a7a932d9afd025d43747007b73fbb419bf |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_kk.dll
| MD5 | 1349c9ae143856ff8af98d8969f97964 |
| SHA1 | b0774042bee34fa2d1fe2bb65ca21a71b6a5e630 |
| SHA256 | d8ed80b5de016554f15b67c68dbcf495807697f56c3bd2ddd3c587719b870c9b |
| SHA512 | 912e36fd2e23d4508a89392e713ebe6e8fdbd99576afa1a12a743cfeb3e1cefbbe024d973550015f9dea8bda9309d353871f3ed32d7a51b1e44ac46449b72180 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_ka.dll
| MD5 | ac87df6bb94463336a09c2cbdd17b23d |
| SHA1 | 71b45a3e00d593aa0569a4316d9f48dd7ae6540d |
| SHA256 | f97d24c55a1563767cb606ab7644ce10c871989a8fe86786e27d17dbede4de7f |
| SHA512 | 391d352fe0d997db1462e00e19da52c48ae79225afcfb083ff1e10a9f005090b1de0b3e1f5129c8a2cde1d2264dd4a91398d8d1c121c24e7d847eb824028a38f |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_ja.dll
| MD5 | 0a4f6041656b7441e2aa9184163f4b44 |
| SHA1 | 3f4f700e5b9b82a661681d37a4c321fcf98e1bf7 |
| SHA256 | 53e4719733ae1819d642815bc27e576dae5cfba1e592714e2c9976bc2f1246b6 |
| SHA512 | f63d1873f4b364d7eadb26bf0a2fca2146e7c4e4ec17350f1adfba82b76cf127c5f1983bcd12895713ec3299624b6f0fe9c09ac4b58add475e4b633938ade235 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_iw.dll
| MD5 | 87c3c118e280e39eabb8d545617592e7 |
| SHA1 | b952980c0436df129e10571fbc79ae6dd78aa5a1 |
| SHA256 | f14b2b780c72815e2e398816867b6dee5afcec9eb5e72efe733b6926f08c9d14 |
| SHA512 | 37469d8fc4cb037f057ea96fe49edbb02515df2584018b04dd7665c6544c1fc140430cf5be70fa99e6392227f92e7383291570c32f79b271f0f771a8dfe93b53 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_it.dll
| MD5 | b73574b5bdfa3126045dcf4b489df505 |
| SHA1 | 7cd73a13d1f0af197637b14977427f9df761e29f |
| SHA256 | 2fb9bcb4826b747701d41ed53f1dc7d4c0e2f0b2c8d0b1b7a6dbf43fa5349197 |
| SHA512 | 13e6dc225cfcb2292d72a161270d6ecb0a0c1b6b48ee1708e49ac64000e512f7f6a3984bfb680add36a34d44bdd7ba619da873eca4aa63f53215074f420f576e |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_is.dll
| MD5 | 1c49739edd71f83f2adbb770616bfb41 |
| SHA1 | 83b0ee79f63f6ec24360197e20cbac24ae02b688 |
| SHA256 | 0ace9ef559a167d3f36266c036306473a5cc2161ad12294217e2d2061c5a4e0f |
| SHA512 | f3316a96e84a5bcbcb176387540bfc0397855dcf049975d0b1dff44d6bf75a0dcefd34d4e914cd760772ff295d979dd7959b64e0eaaf0e10f7e6039b23b7478e |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_id.dll
| MD5 | 65fb1c07237d63bc38d11a2416c34ba8 |
| SHA1 | 8eabd2b245511809e00b78b06b1985152dd2578f |
| SHA256 | 57b01bc5a7b4e8c656b08c89213278f81ce264cc399999e76733ddd90c580f26 |
| SHA512 | e66cba2a1951706186ab1b13b85679d0aef21dbe56bd3c15e0f2e76ba25df15dce0826ea050b40c8e1c05cdbe257f629fe018096bf488c6845b0a9f5cf565e8d |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_hu.dll
| MD5 | cdff9cdd17e3950f3d274e1be976b2d4 |
| SHA1 | 41590b06ca7e74db8d286e5952f32f5be47d7abf |
| SHA256 | 7cf8997e700cbb81931bc9becf7d0887db7477d97c9f88718c0c2d7849310048 |
| SHA512 | e0386fd5e0dbdd4e65fb04a554dc0e3d5ef4f862c685614abbf66e8a14cfaa3d2243e77c3d6d14d56aaf1ae38465aa0762a5c3d32a0ed81605b1c7b3274562e7 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_hr.dll
| MD5 | 846b9b5f9f5ce6d8e1e18b053ccc96e3 |
| SHA1 | be17600fb7f1f305158eb735206e1c2a6eddb410 |
| SHA256 | 10e40940f8dc323c6e1fea3f625de0cf2efaceb266b64e81cfa66a2eb51d1f0d |
| SHA512 | 148a48489b2787051074ded3a0f38f03b0b034a8b2b1b991ec833848fdcb307e3c6570d829439dc2205455115aaf166f845866cf7d89a07e011aa8d822e9bcdd |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_hi.dll
| MD5 | 00661e0428373734fa46030533215a12 |
| SHA1 | 5af1f8606a60dbc8126431d568acc0ab9e48e164 |
| SHA256 | 4e2b724f581f3eeb2a3bb7c561d635741f515bc01be84c9d6ae245e5c7ddd37b |
| SHA512 | 7c7b30ff996d29efacb5877edc6840cf88a7148c7f9f42bae1fc2f142169867fa2a66863a5b01a0096b01ad18d9eb9fe6eeb2653879cc8f7519634bb3c49a133 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_gu.dll
| MD5 | 5ad48f292a34d8a600f3ee5b02664536 |
| SHA1 | bdd7bb9e1b730cd63de7e8a50f9c3d76963db4a5 |
| SHA256 | faf2d0d88df753be0de3fa0218b78c3582947ead0be012c0af30f863cb3dda2d |
| SHA512 | 527c425b5ec64554154bd226bc6488fd4c1af47db67020d865cd1f52400e55c01797a0fd38422278bfc2d481a293902b1cd51a4e5882e3cc6b4ebc223384c38f |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_gd.dll
| MD5 | 0be6761d833c240b79c092afa2f4d4a0 |
| SHA1 | 3f13b2fb19489bba686cd681b00d6178a2ce9923 |
| SHA256 | 248bb8fba661f7b7d4045331d1e4ad808ffe8f446f732c14d2f3a6857f0ebd4e |
| SHA512 | 1ec9596ce5ada65ba5739ed11c7554133217d9352913e109012f07d810883080d613e057ea75df6c4cd6a4150e669e55c5100b07026073e9bab68af44974e56c |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_ga.dll
| MD5 | d6ef74d45d1dd95d9c3c07abc6ec2b85 |
| SHA1 | 8a161184979d02361688f4214a415ee909c58401 |
| SHA256 | f595794586d38fd55bee18c9dbd21c87d33dfc0d03dfe87ade8b0bef5e97252e |
| SHA512 | 3f74f4c47757b3a0c6969dc1e9ccccc6c03161014184232430cadac4c85a8fb0748d6f894e99b169d4fcc8190d5cd20ff03157e0d155c3c6e40d4a212e981cdb |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_fr-CA.dll
| MD5 | f5c88d98f81d525185f5ad8ce5572e86 |
| SHA1 | 5cd1375cc42a430aec940e4d73b90748890abc79 |
| SHA256 | 6f6eef8c4afb0deee2497a55854f10407a69dd76e2211c83dc33546f6917a7ad |
| SHA512 | ce41a2dcaa35145e4a638af9e70d3efb9ae5ba8357d0ad3762ab2dd5ed7a1bf141efa83ad9922e0aa11d73521d498226e83515b0166611e7ce1c81f0be9d4ba2 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_fr.dll
| MD5 | 24d190e6f80c7a09dd0ea52db8dc3495 |
| SHA1 | 02997fc50123612e7100aeca728153b62de8ca52 |
| SHA256 | f3cfc3eecf03e256dd6df7d95fae127a4e2c86f3dce58545ae16c422fa8f562b |
| SHA512 | 0b5f2c59c3e740c70308174757015f25412f64643abd6fc7965dbc4cc1fd8540a06550b983b62d70dc77cbfdcffc4475143436eef76a07ecb23485bbab054f03 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_fil.dll
| MD5 | 49c11b98ab805533476c335f62502a73 |
| SHA1 | 74bf2b11f0a695f5581ede4f2e4215decd5e0409 |
| SHA256 | 6b982a78ff95831477342ed6935dbd3abd1f730dd9bf364afc2556ce6a3afd50 |
| SHA512 | 3e64b2f1b15bf4436368732757f2a92f8983da5a996dd179824e82205041c41b2235a00c3bd0d765d5630d20902dc978018436657114f569aa89e09b3bde69c4 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_fi.dll
| MD5 | 8f5be4d7e225f2cbf66f3960b56502d0 |
| SHA1 | f43fe1f55007dda26ebf78711ebbfb512390b7ed |
| SHA256 | a121a308be48878337fe8c68a45aa10ca898e39c2d195ef244bb657755327366 |
| SHA512 | f92088d7babe2d0f4eee14e16f6d67fab8225dff0d3798b1c47f5a291cc9b820c2a7a0c2eecaa97850fa6998e260932941364b100eb8047e5e4bc9e1432a3c06 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_eu.dll
| MD5 | e3db9c5ec70ac6c8bf69272f3596c7bb |
| SHA1 | 815d877bfe2dcf83a5387da48c3e7534c97f0bb8 |
| SHA256 | 0aaa5b02f2541fdbea4357155e3ff28c4d715994646364fb9cff591c27c8150a |
| SHA512 | b6d283923b7ad531014f9113dc95c8484deb76cfffd738f223057839de0b163053b5fbb2447fda238369275637870b3e5e911b8f4ab04e4115b6ce7a7f84cd5a |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_fa.dll
| MD5 | 3aa4579d9819617c80568f1f2cb1e287 |
| SHA1 | 271fa4f97b32d76fa890c4cb9c30ddb2e0298152 |
| SHA256 | 77b558ba96080390a79ec321af1579b1d17b7179e8a893e10462c7b22c8e8a5e |
| SHA512 | aecf49ff9385947cd7b5c9c0626015c36b106ef6482ecc47c8c189e5d9e4d670ef119e47302accab93214e6b70e9641aebac552d0b2cde4ef4ac252d3ee8d465 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_et.dll
| MD5 | bd8f9362d99be154cdd697b8120e096d |
| SHA1 | c15f2533bd74320a85cafe96b37947bdc3d7cdb3 |
| SHA256 | 49424f739809b3d7fe874852420cd91752cfa605005bf6186c9f89b1b704f40e |
| SHA512 | 69341c9521488c26b16740e9a5501ee6f0a95689d14aa3806df06bf1a21e9b902743e24d3d169a66b5a19c28a6c9217538162ce4fa6b2b3f658e276327de34d9 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_es-419.dll
| MD5 | 3c2f0bf38763071676a0e2d3428d3ce2 |
| SHA1 | d7f550ad1b00df2ef3dc962ace455958e0c715c3 |
| SHA256 | 0ae0b861bc4079593e4fe9a2721b187245a80afec33742f80fa7bab4c63928bc |
| SHA512 | 9317ae64848b626b95c7f129c4ca30ec64e6ae6f686b4a71a9a31d2cbc1adde352001463421a5581324a85d4492b9d06f58698fb89c4c80775fdb1ee91eaf87f |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_es.dll
| MD5 | 19d6139c5aa6162e8a2a8ba17ec81822 |
| SHA1 | d81f95f5e4021c4ef9b9781d32a729782eeccbbe |
| SHA256 | f9ba82d35d780cf5b4819570e81933b06da524eacb5d0eebeef4276aafb9c96e |
| SHA512 | 7b287470db50e78bebe8c0906d5f0ccf3aa2c20f70948f7074a8dad29eef40d850c996a790eccdef6ec3d5271a22a5100cb96720966cf0fc032c139e42e10e37 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_en-GB.dll
| MD5 | f80b43c11b35344c4601f91d61ba01aa |
| SHA1 | 9cdbe9b73dc803e642cdf8fa7c9be3ed13928009 |
| SHA256 | 18cc6c1c2cb593f1f0450745e5ad4d5d0be3b7d6d3f904b907ffb863391badba |
| SHA512 | be390c82be4956090d55f96ef78387d3fe4abb149ddeb66fa6e61c52d2c480f0cd7cce580554ad2743c118697a2d761e1f0ff37f7f50ac437e6f154143fc1ff9 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_el.dll
| MD5 | f9bbe44306e396b4f5828033d4a8e129 |
| SHA1 | 2db819ba55ceaa502f7158159d1d6c3de8844ccc |
| SHA256 | 3723b0bb625284d49824ab7689721e180238e0c693fb41d9948920210fb171ce |
| SHA512 | 608e1122641ff864627d144925d853bfedb7704cda6bef9257d6ae2a6c5d6eb4e2ef773f717cfab1f9c463b17997acf8762b08ac24412ea898e4cd690809d1fb |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_de.dll
| MD5 | 88580c499f109cef95f3020b64266097 |
| SHA1 | da6cd858d8e9715a82a792da35a4c97b76e341a4 |
| SHA256 | 444f87c7ab5a89e3d423b497abf05fe22ae4605569abd83f3925d3a50a74cd08 |
| SHA512 | 1838d59b0e414b68b785646b01c8c5f6ebf0466e59c946ebf845782edeca76a396609ef2742341b4d89fad58468d9f0e0e24492be78255ac71a3e0e963e1c999 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_da.dll
| MD5 | 887777535ec4dafc37e04009dc33d46e |
| SHA1 | 87755165910c80b6451e6e49c6a5dea346f949f2 |
| SHA256 | 8123fc78e3217a67de7051574abc16d33043ac9a1d67fbe1220a51ef92c8d80e |
| SHA512 | a67f21474ffdad53ffbdaa8cf8142b399eba399daedaa7c82b62b4d4629b1d60bcb6f04e87ca030299c14dac9f6c291c5d4069181bdc14c83def63c0ac0c68e3 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_cy.dll
| MD5 | eafbe4b540d5717792cf9e1107aaba90 |
| SHA1 | 99daa2697b99139c966e58d8e89a64667a9015b3 |
| SHA256 | a12771439505f2d419b246d6a974fe8937e0aa5d3b1f9863dbae9f4b7e6197c8 |
| SHA512 | d89ca2292190b5914b92f11087970910d18b5e60bbc853466d2439b84612f74248f57b8347c48ee3b1f11232771f99ddb07229cec4beb206bcb1bcee68e6183b |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_cs.dll
| MD5 | ea83abf1891a11ff03172d0473a64923 |
| SHA1 | a19f2e3a26467d8dba5eb73194be1becd0f5563b |
| SHA256 | 8a981d1abbd9c6454d2798c7df5708e4af44f54991ac06e988e4e66022c15489 |
| SHA512 | f717431b7fca156a476059525307c7f82c74570b1b9c41d6596af14a340d8b3c26493f962c4f4cbfef0d6971d47822e91111ce2f1204c7127a6f6503942bb39c |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_ca.dll
| MD5 | a1f2eb33a406b65da04306f52686d6df |
| SHA1 | 1a5314c97f23df4ced0466c46aca61286f87d9d2 |
| SHA256 | d75877f6cc1b4be175872e8d33778721e3e5acfe1a1154772a68c799f2e3ee1a |
| SHA512 | 4d0bfaf9fa80cf308c629eddee7a850dd485d36753fa5c0825b05dd680998aba96eaad7835de1ddea357a124bf5107d3f10b1b71c0ba4fecdc4fc362b6f326f2 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_bs.dll
| MD5 | cfdfa919f3f9b33b9e75f9e22a023063 |
| SHA1 | 2bcfdf9abfe7c13b8883da19cb973da2156a93c2 |
| SHA256 | 4d2ad964da1441bb08800618db62f9e8117751a4a78bdfa3ae1c2dcf903d6d43 |
| SHA512 | 42481f9700d2afa9d28d7d4d1d1937e1acd569b3039230fb6d7c52de12d473e708324d1cd285985186e2531831004d5ec2b801f48a0ce3dbf53549fb88ac7793 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_bn-IN.dll
| MD5 | c00dd2c1ada230d747f4914e569a4766 |
| SHA1 | 3c71082db0a88876fd0c929cbf2e25969669c395 |
| SHA256 | 19fecbe5aa1f007f5f4ed719ad474b3270603c1535f187067c30ceddd4444091 |
| SHA512 | 5a33f9b756ed41251f4e85a2b85489c679c350e2838e07b1df00b17f655f73d4b16783cbd4031863fb9c9851815ebbd5bb1f58c465e7d88a41d642d0118530c0 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_bn.dll
| MD5 | f010d0ef5fa1c42df991e6a0dd63ea85 |
| SHA1 | ebb19b0804b99f55c41754bfc43d654b87f86b14 |
| SHA256 | 97e41d2acb8b638ac2a039da4f9750a0e9387ac10433cb68e0415c0093695ce0 |
| SHA512 | 31fcca5c46be1967696fc9b3e9d23a4d81700fea64a826245b674dd1a0c4571a4515ceec6e9fc7d3c9d6bb2a7b7139082bded78847d614917e605b806597ce84 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_bg.dll
| MD5 | e53485ec77800ab9ea0283aac2d0aa89 |
| SHA1 | 7b4bd4a142a78a95273a91396fbed85432789f34 |
| SHA256 | 6b380706e9273948be9995da09e3aebb71e7275ba6852086cf5bd1594c7d1232 |
| SHA512 | 514617c4142cb5f1eb2f72be50d81158136d427d83a8d4f93e6c0c08c30fa012379453a2046ab068cb51853e8c8b12b81df4c18ee80cfb279d80ce4ba5d65b04 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_as.dll
| MD5 | 7b0f190cfa90f9cfcac3f22644b03559 |
| SHA1 | de5aa579ead3696433d5509d922fab6fc4954746 |
| SHA256 | 68a495ee65652ebb55f856b7a82dde20fdda0b38880019170fa5cbafb336c123 |
| SHA512 | 62572ed3b1cef8d8aac514c9224c4b44546b4c935ab141eeaa696a69caa88b3525199d75fd2f5edaf15fae07b354a7c5e7df86d50dbc50cc093448640b95fdae |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_ar.dll
| MD5 | b09436f36b5a4a81a153984bbf3fddfc |
| SHA1 | 6939928c6c5cfa89525e728b541568869de2804b |
| SHA256 | b4e66f907dde78b4d4f85c5c44656667b7b0fa0659eb56f7f96d974cb66d4dd0 |
| SHA512 | 472798b8419b2e6614c72eac27bd3c3a2ac0d93b3a15c992d26d44f1ee3f628406a405df36145bdeeee45b2e96b2def9058869dd2dc857030ae7972e0b0bcf52 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\msedgeupdateres_am.dll
| MD5 | f18d85b1e1c45b935e0003f1dbb912f0 |
| SHA1 | ba3da8ed55807f6dbb8641620e2594b245e80ced |
| SHA256 | 2fa5350047962335602e7a450d1e29951609487e997bf183ce0eb5d01b28f066 |
| SHA512 | 7a0a22a7efe14f8f8541dd5d59a355d6b601ab3aed2d7ab3895e31d4a1c6531b199243223a3b001dad06186c1f4eca882966c197f2c05256c9f73d8ba96e50bc |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 80779f870e88307143083fcf97f251b4 |
| SHA1 | e299c63a8745ab0a46cae731514f936f9714d622 |
| SHA256 | 8a75eaf5677dc11b1c37fbf57ca354b0e3d25c8aa867269c2deb0e7fb7fa0693 |
| SHA512 | a1f56f0706cf7cbd35d74840ed58c685f3bf86e35efcbd73ae2d73ca6ce9a8ad1f7ced8528b3d81785e3bb9297023bf42f8e60bc4631232d9947cdbeb56afb47 |
C:\Program Files (x86)\Microsoft\Temp\EUECA2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | f87a4644fd6dc581ef7b67062fdb55ba |
| SHA1 | 38feeaf764e787bd68c06fe243c6064f130b8eab |
| SHA256 | 1c2fd257dfc2c3967f7afc0ee726319cb6eaa0f1db86c34f97d703ce7bdcb5eb |
| SHA512 | 1f054a7111c9d7576ca80b3102670786f8d44276d36446c96f1c8f6aa7f51aa4d81edd4cc36a33cbffeba6d5b6b313f5de0e4209f6edbfe291958b2022677125 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | b993396019953b8d80eec5bddb453b04 |
| SHA1 | 6de93634b55afd32670f5f53cd1ce2ed7f4515f2 |
| SHA256 | 56d08c49142ffa391a519b6e6ae91583d8b9fff6e38d759fac32a9e95a28f3d4 |
| SHA512 | 7d12ccb8d3296a558627b3f6761e7fe283d2f4c6eaedbb9914c91fd7f66352e035b8739e756bdf67e585c7501a42ccfab1612d1c0c79ead4d2fff46288a92c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b12c10d5104406872fea860a3f0208dc |
| SHA1 | 79d5449ae36440ee2f1144bddc8d2ae91c96a5ec |
| SHA256 | cf00926dd07988cd14049314ee6a6aaec8901657852c0269a441179ede381bf2 |
| SHA512 | 4fb19cb27a894aa99523005c27483a118742be2cd1bf7f1aed62beee6c44d1ac239eb4a134bb3716708e6b57076759a546cde0f8fb1af945ffe93ce0145ed042 |
memory/2912-278-0x0000000074B40000-0x0000000074D5F000-memory.dmp
memory/2912-277-0x00000000007E0000-0x0000000000815000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a70e39bee5f5ec61def76ab81283d259 |
| SHA1 | a75009e732d8e3901f73e159061ea7e9cb88173f |
| SHA256 | 96461daeafc68bec8d4fed855edc48e990032e95139ba2a65166142c9a8bf4af |
| SHA512 | e129da37fe21318f71d650ee5047c09b09c0fab6749c6bd26c7622695443bd022e7ab8dda1826e8658ddfdb6f817254980f0b9359cc7c426b7f264e1069e9af5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a7d8695d46da7da9a76981944c3a4d96 |
| SHA1 | a2902fbed505bae7c2aed97730e1a31d722e268f |
| SHA256 | fcf2ce64561dd76f06de30d2fbd274598ff8928e206444f5f81a94fdd986780f |
| SHA512 | 582f204b02373b807f7adbda5b299e20d1267752650b30ec8414bf7d1e44b3b17f33b313563a166de4cd57a3a7b7d773f1205506d9bf33356826a2763e01ecba |
memory/2912-325-0x0000000074B40000-0x0000000074D5F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9294b6bc18c80727841c7fa8e5c600b4 |
| SHA1 | c3e603424bf554373fdfe9b992d61f08780722b2 |
| SHA256 | 5e9a2f0239a53d57808f991ecca8908a1ec477b88383fded4b9caed6cca13bb5 |
| SHA512 | bae48462819bc670fd4471775976e93d37b8aaf1d18171acb0402387fc602ba6ede34fd64dbe5801beb64339dc0fab3eb79331b679879502d0076c5fd2010cc7 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 1fddb4bb3ad084298ab2345b6ec25f13 |
| SHA1 | f96437efc5ab35401105dfb01c3a984f5dc493bd |
| SHA256 | 1c9858618b9b9d63db8ea52ac0dfc318f5f9410e3703c7e18aa4a7215f39ae1a |
| SHA512 | f04e82bdeaf3ae932db43d77d9fc32430be7ee2ddad90fee5ed30e38b5bc35835f07ef64f1cd13cd6f54725098a997481474b10e664e6a5de000d2802e2b0a64 |
C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Installer\setup.exe
| MD5 | 365eb1aab5e477760126569b7f72f85a |
| SHA1 | 06aa9c213c163b7716644314ea6d3997f882ab06 |
| SHA256 | 19dc1f8c7901ec057bfaf763d8354a07880ce6fa3093185c64b95d082f8055af |
| SHA512 | 0d34bc14ed5328f2ded1c48acc29872a2154db0c4c9072a098266a08c0d0b235705223f988e64e3fd418e9c62338560e33d7f3d9ae933f43da77763e88938888 |
memory/2912-470-0x00000000007E0000-0x0000000000815000-memory.dmp
memory/2672-481-0x00007FF8D5B50000-0x00007FF8D5B51000-memory.dmp
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Local State
| MD5 | 72773a97e459dc3bd2dd358538fd5a42 |
| SHA1 | 552acebc7b5fd434d6b4590c8bbdcd82e328b76f |
| SHA256 | f13b7d95c1d85e36187ea000831238e1615231981e0675732491a88f8036e883 |
| SHA512 | ea3d049ee352c84341285cc2b23fa6bb0db9c3babd45fa6ddbf8acccbc52454a18051d2a0a25e03a01992bcfe8695ccc201e6d09f1206862841758e92dd5196d |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Local State~RFe59867c.TMP
| MD5 | a01e45136a43f54d54dc46fcff923860 |
| SHA1 | 2269436de4d1f75e8087016afd72556533a41c06 |
| SHA256 | 5a152229950b83be6629225195e41174945b35b832e88fac80751b055f4e493f |
| SHA512 | afd7a7fad7557bcb33fed3a323a63e373e6781948042ae861506d881bfea375f18d767b43931d182569691b09449a3508ed348813c9b937ae5cab595bcddc23c |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\ShaderCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Local State
| MD5 | 1766af8f3d054a27e2c9015c8d339055 |
| SHA1 | 4585b7b7f4a26330e8a5ec87b3566ae76c91f1b5 |
| SHA256 | 9447e6127c50dbeb3c8f119578d4cdcc3380caf3f39c26a6737dbd310391135c |
| SHA512 | 5fe86c0ed8a026b74effe9e11ed8d356c7469b299d502836df860eda37f2dfa5dd7a7c402fafde4df703b549a1593fbaf61a3cb7796d7ead297fcf608c3ae459 |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Local State
| MD5 | 733343c34c123fb5436335163489767f |
| SHA1 | 264572e437e895e5ac2997fddcc8b644bc9a3a19 |
| SHA256 | 12178e5b015921e8bf74c77c297fdcc06379b7262f552b515056a0af3e63783f |
| SHA512 | dc72a2b66daa7412737f275bda260ce2d41dd8b1ceb2495ed19dbc57e055883f4d97064ff474a9af5cee32fd57aff900b6e90407f0d24c8b3d03b9d70f0dffbf |
memory/4260-566-0x00007FF8D5660000-0x00007FF8D5661000-memory.dmp
memory/4260-565-0x00007FF8D64D0000-0x00007FF8D64D1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Default\Extension Rules\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Crashpad\settings.dat
| MD5 | 55ea8f671a94ec135a4f10ce8e8c2b36 |
| SHA1 | 6a8acb37ec7156660f2be548d21fd5cc649e0c56 |
| SHA256 | 6e8cfbb710e503457a9c31f1d24f3e309df08daa9208175659b373fff54eb15f |
| SHA512 | 74238861e13ebf1774004c2cfeeb1ddea9c307fc368855636af7ba185720a486ee8c43ccae14180cedcced5ad483b28b0ebe9032f2b0bd8958b3ac5f799abb95 |
memory/2296-595-0x00007FF8D5B50000-0x00007FF8D5B51000-memory.dmp
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Activation-Patch.exe\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/5040-638-0x0000022A1F3B0000-0x0000022A1F3D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cbbgb5kf.vpf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |