Malware Analysis Report

2024-07-28 05:20

Sample ID 240603-r5csbshh8x
Target 51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97
SHA256 51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97
Tags
upx adware discovery evasion link pdf persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97

Threat Level: Known bad

The file 51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97 was found to be: Known bad.

Malicious Activity Summary

upx adware discovery evasion link pdf persistence spyware stealer trojan

Adds autorun key to be loaded by Explorer.exe on startup

Sets file execution options in registry

Modifies Installed Components in the registry

Modifies Shared Task Scheduler registry keys

Uses Session Manager for persistence

Drops file in Drivers directory

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

UPX packed file

Executes dropped EXE

Registers COM server for autorun

Unexpected DNS network traffic destination

Checks whether UAC is enabled

Adds Run key to start application

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Installs/modifies Browser Helper Object

Drops file in System32 directory

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

HTTP links in PDF interactive object

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: LoadsDriver

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

System policy modification

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies Internet Explorer settings

NTFS ADS

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Control Panel

Kills process with taskkill

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Browser Extensions
T1176
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-03 14:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 14:46

Reported

2024-06-03 15:21

Platform

win11-20240508-en

Max time kernel

1052s

Max time network

1050s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe"

Signatures

Adds autorun key to be loaded by Explorer.exe on startup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\VHDMP.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\3WARE.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\AMDSATA.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\AMDSBS.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\AMDXATA.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\ARCSAS.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERS\IASTORAVC.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A

Modifies Shared Task Scheduler registry keys

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A

Uses Session Manager for persistence

persistence
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a000000 C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B78279B-8C76-4CD8-B7DB-04B6A5DA4BDB}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\elevation_service.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackmeschedule.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 45.77.153.162 N/A N/A
Destination IP 45.77.153.162 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=A2BCA1EFEADB4609967AAC78304865FF" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B78279B-8C76-4CD8-B7DB-04B6A5DA4BDB}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\win10\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\MEIPreload\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ug.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\wns_push_client.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_is.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\en-GB.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_bn-IN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_cy.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\qu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\copilot_provider_msix\package_metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\sv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\am.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\copilot_provider_msix\package_metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\psuser_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\MEIPreload\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\prefs_enclave_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\VisualElements\SmallLogo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\mi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\el.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\ru.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\augloop_client.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\eventlog_provider.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\win11\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_gd.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\learning_tools.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2964_1697962601\msedge_7z.data C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\pa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\beta.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_180566566\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-ga.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\Part-NL C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\Sigma\Content C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\Sigma\Social C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_741217057\ct_config.pb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1410943112\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-da.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\Filtering Rules-AA C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_741217057\crs.pb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_180566566\LICENSE C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-as.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-bg.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-eu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\Mu\Analytics C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_180566566\keys.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_180566566\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1390127671\Microsoft.CognitiveServices.Speech.core.dll C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-hi.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_212657776\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\Mu\Entities C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1410943112\crl-set C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\Part-ZH C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-de-1901.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-pt.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\Part-FR C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-be.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-hu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_212657776\protocols.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_970142060\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-kn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-mn-cyrl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\Part-ES C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_741217057\kp_pinslist.pb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-hy.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-te.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-cu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-de-1996.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-or.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1410943112\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-bn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A

HTTP links in PDF interactive object

pdf link
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Styles C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Plugins\Extension C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\MenuExt C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Search C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Explorer Bars C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Extensions C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Search C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\SearchUrl C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Toolbar C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Extensions C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Desktop\Components C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\URLSearchHooks C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1" C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 43003a005c00500072006f006700720061006d002000460069006c00650073002000280078003800360029005c004d006900630072006f0073006f00660074005c0045006400670065005c004100700070006c00690063006100740069006f006e005c00390030002e0030002e003800310038002e00360036005c006d00730065006400670065005f0065006c0066002e0064006c006c0000000000 C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = ec1500000df14195c8b5da01 C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\elevation_service.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mhtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\ = "TypeLib for Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 161934.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 936682.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackmeschedule.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3796 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 3796 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 3796 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 4464 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe
PID 4464 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe
PID 4464 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 572 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 572 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 572 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 572 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 572 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 572 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 572 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 572 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 572 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1488 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1488 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3024 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3024 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3024 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3024 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe
PID 3024 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe
PID 4920 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe
PID 4920 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe
PID 2964 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe
PID 2964 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe
PID 3024 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3024 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3024 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3796 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 3796 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe
PID 2176 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe

"C:\Users\Admin\AppData\Local\Temp\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe"

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjM1QkQ5OEMtNkEyRC00NDUwLTk0ODktQTk4NThDQjdBRkI5fSIgdXNlcmlkPSJ7MUExNTZGMkMtQkI3QS00NUM1LUJCMDMtOTBEQkIwREYwQjVFfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0YwMDNFNkVDLTk1NUUtNDU4RS1BQ0FFLThDMkVEODg5QkQwMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQzLjU3IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDczMTg0NzY2MSIgaW5zdGFsbF90aW1lX21zPSI2ODciLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{635BD98C-6A2D-4450-9489-A9858CB7AFB9}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjM1QkQ5OEMtNkEyRC00NDUwLTk0ODktQTk4NThDQjdBRkI5fSIgdXNlcmlkPSJ7MUExNTZGMkMtQkI3QS00NUM1LUJCMDMtOTBEQkIwREYwQjVFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NERDMUQyQTItQkJCNS00Njc2LUJGNkItMEI2N0NDRTNDMDlEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyNiIgaW5zdGFsbGRhdGV0aW1lPSIxNzE1MTc0MTYzIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTk2NzIwMTY0MjQ2MDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDA2OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDczNDk3MjgxMyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1E469542-87F3-46FA-8623-94C78BDBF885}\EDGEMITMP_7449D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6fee74b18,0x7ff6fee74b24,0x7ff6fee74b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjM1QkQ5OEMtNkEyRC00NDUwLTk0ODktQTk4NThDQjdBRkI5fSIgdXNlcmlkPSJ7MUExNTZGMkMtQkI3QS00NUM1LUJCMDMtOTBEQkIwREYwQjVFfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezI3Q0MyMUJGLURDOTgtNDVFMi04MDRGLUE2NEJEMkMyQUREOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNS4wLjI1MzUuNzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3NDU3NTQwNTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzQ1OTEwMTI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk2MjE3NDQ2NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDhjMzBjNmQtNjllYi00OTdiLWFkODItZjg0Nzg3OWU0MjQwP1AxPTE3MTgwMzE4NzMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9YU5tS21XeVRuU1FGcFR6V1BHVFpYc01wdHVNQnFpYlluU3doQjQ2cGR3Q0tUNnFDNVpWQVhrOWptQ2JOdXQxMVFsYmFxZ0lGT2ZwYzlwV3k2ZkNibVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM3MTYwMjQiIHRvdGFsPSIxNzM3MTYwMjQiIGRvd25sb2FkX3RpbWVfbXM9IjE1MDE3Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk2MjY0MzAyMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5NzU2MTIyNjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0MDQ1MjMxNTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3ODIiIGRvd25sb2FkX3RpbWVfbXM9IjIxNjQyIiBkb3dubG9hZGVkPSIxNzM3MTYwMjQiIHRvdGFsPSIxNzM3MTYwMjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQyODkyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3796.2276.5510847923593372973

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.79 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7ff9615d4ef8,0x7ff9615d4f04,0x7ff9615d4f10

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1752 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1768,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2152,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3380,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F4

C:\Users\Admin\AppData\Local\Temp\components\LibreHardwareMonitor.Console\LibreHardwareMonitor.Console.exe

./components/LibreHardwareMonitor.Console/LibreHardwareMonitor.Console.exe

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4620,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4740,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4752,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=756,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1216 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4068,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4744,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4876,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4100,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4988,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView" --webview-exe-name=51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=3468,i,6252367681596454615,5661645920687201026,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0xe8,0x10c,0x7ff961fa3cb8,0x7ff961fa3cc8,0x7ff961fa3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B78279B-8C76-4CD8-B7DB-04B6A5DA4BDB}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B78279B-8C76-4CD8-B7DB-04B6A5DA4BDB}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTg2RjdGQjYtQUU4NC00OEY2LTk4MTMtNkU2OUQ2RDJEMzgxfSIgdXNlcmlkPSJ7MUExNTZGMkMtQkI3QS00NUM1LUJCMDMtOTBEQkIwREYwQjVFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4QTZCNDk0Mi1FNzg5LTQwMDUtQkExMy1CMjdENEE2RUZCNDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtENmp4UGVVbUtmaDh5dHk2RjA3WXhNMWVaREgvVFY2RlFUMmZmRGlaeXd3PSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MzMzODk3ODIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzMzNDE5ODA4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NTk4ODY0ODMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxODAzMjE3MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1VUWJpNW9sSTlyc203ZW14TGdLSHJ0UCUyYnpOS1hhZDYxOXBsdnF4dEJWRzRNOGsyMHVXMGpmSlA0dld0alBWJTJmRXBOQjBYaXVPNjhjYzVuJTJiTTdRdk50QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSI1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc1OTkxNjQ1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTgwMzIxNzImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VVFiaTVvbEk5cnNtN2VteExnS0hydFAlMmJ6TktYYWQ2MTlwbHZxeHRCVkc0TThrMjB1VzBqZkpQNHZXdGpQViUyZkVwTkIwWGl1TzY4Y2M1biUyYk03UXZOdEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSIyMTg5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc2MDEwNjM4MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NjYzMjQxNjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzY4MzI4OTQ1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTk1IiBkb3dubG9hZF90aW1lX21zPSIyNjYxIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIxOTUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\MicrosoftEdge_X64_125.0.2535.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff775914b18,0x7ff775914b24,0x7ff775914b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x254,0x258,0x25c,0x250,0x260,0x7ff775914b18,0x7ff775914b24,0x7ff775914b30

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5204 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTAxMERGMTMtQjkwNS00MDBELThDMkYtM0E2RDA0Rjc3REY5fSIgdXNlcmlkPSJ7MUExNTZGMkMtQkI3QS00NUM1LUJCMDMtOTBEQkIwREYwQjVFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyMURBMDUyOS00QjQ3LTQ2MDItOTAzOC0wNjY4OEQ1MkY5NTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtENmp4UGVVbUtmaDh5dHk2RjA3WXhNMWVaREgvVFY2RlFUMmZmRGlaeXd3PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjM5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjI3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1Ljc5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2MTkwMDk1NjI1NTM0MTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyMDQwNTM3NTQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODIwNDA4MzgxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MjMwMzU2MTIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyNDM5NjMzMTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MDEwMjQ0MDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMjA2IiBkb3dubG9hZGVkPSIxNzM3MTYwMjQiIHRvdGFsPSIxNzM3MTYwMjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM1NzAzIi8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNS4wLjI1MzUuNzkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgY29ob3J0PSJycmZAMC4yOCIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjE5MDA3MzkwMzAyMzQwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntGQ0RFRTg4Mi1DNzFCLTRENzctQkY0Mi0yNjAxRUEwNEJDM0F9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5288 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8

C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe

"C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe"

C:\Windows\ComodoAptAtScanner\cmdapt64.exe

C:\Windows\ComodoAptAtScanner\cmdapt64.exe --service --scope "processes|drivers|autoruns" --status "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\scan_status.txt" --output "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\out.xml" --tvl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\tvl.txt" --trl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\trl.txt" --filter "*" --scanPeOnly on --flsUdpPort 53 --flsTcpPort 80 --skipGAC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3094591032370329346,9519516544072240395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff725cd4b18,0x7ff725cd4b24,0x7ff725cd4b30

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff725cd4b18,0x7ff725cd4b24,0x7ff725cd4b30

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff725cd4b18,0x7ff725cd4b24,0x7ff725cd4b30

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\" -spe -an -ai#7zMap32403:126:7zEvent9385

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\Unhackme.exe"

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe"

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe" http://greatis.com/reanimator.ini /r /w 66636

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe" "C:\Users\Admin\Desktop\regrunlog.txt"

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe"

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe" http://greatis.com/reanimator.ini /r /w 132168

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.exe" /wiz /full /imode

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\wu.exe" http://greatis.com/dbs.ini /r /i

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select,C:\WINDOWS\SYSTEM32\LRO3O3.EXE

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\System32\lro3o3.exe

"C:\Windows\System32\lro3o3.exe"

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\regruninfo.exe" /postga break:skipfix:6

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /IM hackmon.exe

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackmeschedule.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackmeschedule.exe" /u

C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe

"C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe"

Network

Country Destination Domain Proto
US 2.17.251.15:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
US 2.17.251.17:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 tcp
US 2.17.251.28:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 tcp
US 8.8.4.4:443 dns.google udp
NL 23.62.61.75:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 104.20.139.65:80 tinyurl.com tcp
US 104.20.139.65:80 tinyurl.com tcp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
GB 142.250.187.238:443 drive.google.com tcp
GB 217.20.56.98:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.187.238:443 drive.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 4.26.95.13.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.200.14:443 contacts.google.com udp
GB 142.250.200.42:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.200.42:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.187.225:443 drive.fife.usercontent.google.com tcp
GB 142.250.200.42:443 drivefrontend-pa.clients6.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.16.234:443 people-pa.clients6.google.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.206:443 clients6.google.com tcp
GB 142.250.200.14:443 contacts.google.com tcp
GB 142.250.187.206:443 clients6.google.com udp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
GB 142.250.187.238:443 ogs.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.225:443 drive.usercontent.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
GB 142.250.178.10:443 content.googleapis.com tcp
GB 142.250.178.10:443 content.googleapis.com udp
GB 142.250.178.10:443 content.googleapis.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 142.250.178.10:443 content.googleapis.com udp
US 137.184.246.236:443 accounts.comodo.com tcp
N/A 127.0.0.1:445 tcp
N/A 127.0.0.1:135 tcp
N/A 127.0.0.1:49669 tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp
US 45.77.153.162:53 fls.security.comodo.com udp
US 45.77.153.162:38769 fls.security.comodo.com udp
US 8.8.8.8:53 162.153.77.45.in-addr.arpa udp
US 8.8.8.8:53 255.185.222.15.in-addr.arpa udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:10587 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 27.169.217.172.in-addr.arpa udp
US 45.77.153.162:57769 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:32546 fls.security.comodo.com udp
GB 142.250.187.238:443 ogs.google.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:18340 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:11134 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:36943 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:18095 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
CA 144.217.89.149:80 greatis.com tcp
US 8.8.8.8:53 www.greatissoftware.com udp
CA 54.39.156.188:80 www.greatissoftware.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 8.8.8.8:53 149.89.217.144.in-addr.arpa udp
US 8.8.8.8:53 188.156.39.54.in-addr.arpa udp
US 45.77.153.162:2237 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:41235 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:53 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 greatis.com udp
CA 144.217.89.149:80 greatis.com tcp
CA 54.39.156.188:80 www.greatissoftware.com tcp
CA 54.39.156.188:443 www.greatissoftware.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
CA 144.217.89.149:80 greatis.com tcp
US 8.8.8.8:53 www.greatis.com udp
CA 144.217.89.149:80 www.greatis.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp
N/A 127.0.0.1:445 tcp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 api.gameanalytics.com udp
US 44.196.126.53:443 api.gameanalytics.com tcp
US 44.196.126.53:443 api.gameanalytics.com tcp
US 44.196.126.53:443 api.gameanalytics.com tcp
US 44.196.126.53:443 api.gameanalytics.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.0.0.1:445 tcp
US 137.184.246.236:443 accounts.comodo.com tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp

Files

memory/3796-0-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-379-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 c06e9135c420469715d4310bfb3c1b33
SHA1 08b7b18662f19a5193ef92cdcdba63eefb7d80a7
SHA256 34efce66f80ccdf56ec4697d323922ca751c783099b9e0d1a38eec054776182f
SHA512 56260285eb6c19698daf7cc7b74e8b4d4b11a5f892c7d22c62ccb51353947d81192790957916a52dc4eb579f27cb38ed67c5b4fabd449850c8949581f07e847e

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdate.exe

MD5 d80d6c8774203980beb027e2192f7df0
SHA1 cadf926c78a87b65289979388c34191925b57167
SHA256 41587c47ed8b365599332d5e321437a6dfca746edfc782a231f5d0d4174b5cb8
SHA512 c7f67d6c11ab42619b10f341bff9e433fbd36c40fadd283485d60cadbffee8f7448144b221416445aab92593a08c42a6639a225f0baa064cb9cf090d9169cbde

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdate.dll

MD5 bfc0ece0ce72654a772f425a2f6a7f89
SHA1 a464076f5d87582dce2adeeaf3b522c688d5a14a
SHA256 bd57792535d7f2c75136fe09241fce48b225b7d451b5e6241cd40e6374db388e
SHA512 b027339fe0d73fccbad23ecb34dc8e40f6e0c64584ee0367a2c565802fcd6870fd28563f19789207d2e6a4e13d1ffff515fc10a22193a7765115be927106255c

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_en.dll

MD5 7f82701452b6dfdf75c83df9b865a168
SHA1 cbc560711f74a63781c5de971421a7c3d87452de
SHA256 fb69f9c72a5026b21ebe7717e58f7382ac8a960849c4676b5733948aedf186a0
SHA512 be6ef129d66a0413edb0c67b82bd4fa3d58e63f61ba5969781c19fee11b37fc6665dad3f99331e5b813e40f9b5a0ecf80412712885b8cd920ded6b7d43d2c82b

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 80779f870e88307143083fcf97f251b4
SHA1 e299c63a8745ab0a46cae731514f936f9714d622
SHA256 8a75eaf5677dc11b1c37fbf57ca354b0e3d25c8aa867269c2deb0e7fb7fa0693
SHA512 a1f56f0706cf7cbd35d74840ed58c685f3bf86e35efcbd73ae2d73ca6ce9a8ad1f7ced8528b3d81785e3bb9297023bf42f8e60bc4631232d9947cdbeb56afb47

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_af.dll

MD5 91295713d791ad6378b117d020c63444
SHA1 0055846b91740c4631026affb5c044b1261e53a8
SHA256 41d0565075327e4a0d1364eb556a238981659f063054404458c0b7b37ec64574
SHA512 55fbbe74bf45ff9700d5a3b940aac9992625a994bc64f842560a0c15e9a8f85a9cb51db993fc43b412608089d3ed6078a8a81afcba33e7e0b0d9b72a4a5b0358

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_am.dll

MD5 f18d85b1e1c45b935e0003f1dbb912f0
SHA1 ba3da8ed55807f6dbb8641620e2594b245e80ced
SHA256 2fa5350047962335602e7a450d1e29951609487e997bf183ce0eb5d01b28f066
SHA512 7a0a22a7efe14f8f8541dd5d59a355d6b601ab3aed2d7ab3895e31d4a1c6531b199243223a3b001dad06186c1f4eca882966c197f2c05256c9f73d8ba96e50bc

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_bs.dll

MD5 cfdfa919f3f9b33b9e75f9e22a023063
SHA1 2bcfdf9abfe7c13b8883da19cb973da2156a93c2
SHA256 4d2ad964da1441bb08800618db62f9e8117751a4a78bdfa3ae1c2dcf903d6d43
SHA512 42481f9700d2afa9d28d7d4d1d1937e1acd569b3039230fb6d7c52de12d473e708324d1cd285985186e2531831004d5ec2b801f48a0ce3dbf53549fb88ac7793

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_hu.dll

MD5 cdff9cdd17e3950f3d274e1be976b2d4
SHA1 41590b06ca7e74db8d286e5952f32f5be47d7abf
SHA256 7cf8997e700cbb81931bc9becf7d0887db7477d97c9f88718c0c2d7849310048
SHA512 e0386fd5e0dbdd4e65fb04a554dc0e3d5ef4f862c685614abbf66e8a14cfaa3d2243e77c3d6d14d56aaf1ae38465aa0762a5c3d32a0ed81605b1c7b3274562e7

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_mr.dll

MD5 23e847dd772151b1acef939f486132cc
SHA1 6ab55a40c883de391f63cd423d34e8fb66a0e3db
SHA256 e9f5d5690a62e780269b981229185978b04c210a6248e1acccccd3162b59a4ce
SHA512 4a2541aab913e95a13d1e07177803eaebfbd4eaa9e309d1b58ad36a8a2c091f6262f776b50190f8c9b75a9670abb5f403f4b14cfd469579121e3f673723772a4

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ml.dll

MD5 6a8f4cd03794b550fc7dd37fafc74ecc
SHA1 903099d40fa1031292c4266131567b5e29b583a5
SHA256 77d9b5ef256a2685bfa2cf06eb7cdb9ae2297d2129fd8e03a00d9c88573b98d7
SHA512 83ad9ddba650e5c2af938d4b6c5fda82244cd7066ef7f0108e2508fce715c122f8d6d82a1c6a45c145a1e628a32c2fa93936e26a902c26431aa3970e39feb8b4

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_mk.dll

MD5 e3f432ed48166aa5eee026e78670af10
SHA1 6763f5f8c924557aee5c7dd7e43ba4c7025e85a5
SHA256 8612e8bf3935d24cad3435b569c37d87d2c0a38d067183c7db41a2f13d18e74c
SHA512 b351b3425fc488c970a2128b59a1d9526b390eaa4cc2c449227bde63a3d281d06d5d4d559f1562203d4139e24d499fd41761575422dd5ebb2749db80e38296fb

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_mi.dll

MD5 ea85038966f2d1590cf0eec9a1121f66
SHA1 5588cbcff8cf45068ed22918792b43d3a84ae13f
SHA256 706b7ec4c6703952c75b405f06e09c1a8dcf1ec82cb46f2b7a322a911fa4815c
SHA512 73dc7b24b55106b95d5c9a79bf012a93304bed5d6f905e1fba001bb05988fce33a73bfc402bb28b381fc59143c770e6a19c3fbfa5ac0dff5c9ed0f25a7a33eb3

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_lv.dll

MD5 d6ecc88f4c614c2968a18f2dbbea3a77
SHA1 1c466ec539c7af23607d2b8d4ee2bff0936836ae
SHA256 2b042ca049760e903fb9918079d20bd17bd724e6c2a0212528d236aa18f5a4a9
SHA512 edd1ee4b6a46f7de2378399c20f4740b17a9fb07ee307409dd1bb49397afb3ede4480b744b337b197fd3f96c8e0088d322f64ea0b9b8db92690589fbb520aa2f

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_lt.dll

MD5 ad30a4fe50163bfdb3796ed7bd5fa376
SHA1 3d307f23e8be36575806a12de3eff54fce9240e3
SHA256 cef18c955461bf41a2f0dffbdd4680f5a4d760fd587aa595caadbf6e5ecc173a
SHA512 8f318e17fcc89d3a637253bb253851fc65bee1baa2fe4ecb8b93966f05f5a207ad1fd8f9a5899a0b276d0efb61cfc5c3dcaad917d4012d343ffc31a8c315788a

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_lo.dll

MD5 cc680df66d6678d2eb8cfbdee2e44a61
SHA1 29c5286be2304147f1b9e9ebb0ed1cf7e41ff791
SHA256 30ba2826611d043a59314f335e6af343d6bcb738ca6ebf0307268a20cbc03d46
SHA512 fca9dcd7deaf2d5870f70df0be8fec8d8df395b71b931819f848c9bbd922a85b8d55eaba4c00106c364f5fc85fd10254659df29be8d87b0296eeb830719effe8

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_lb.dll

MD5 ff47bde993d34dd79c66acb70db09009
SHA1 6a8817b7cab9d2335059c0130f1b95e35431591e
SHA256 db43e3263a24600cea81ae634c8f42a41d22a52479c873b28bc260b0400e7220
SHA512 3ec1bf2363534f399093780503a4c77b4d878d208ef55613c2e41687eb6dac26c75e541b4f93115de5a06432cb3aef3715d3f282cd06a7d41983db3a1ad28a4c

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_kok.dll

MD5 cad04507b6038d757a28aee789d16fda
SHA1 0bffa7678d129a235becac22662fa807b7b6319e
SHA256 72c3acca20e4fc82d12635756977a353f5698249ae87e401012d243cb348746c
SHA512 4567b19fb854f3866b627ed13aa6c122b5ee9d0d06379b09f38f3a15f15e81e26ac7f3ef572fb4340313e47c1285ebddf8438c6b19da527f72c3b051d5f954d2

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ko.dll

MD5 b2d7a95280580a921ece1f65593e79d0
SHA1 b611e29593788ab46b3d86f472d08e90a2a3ca88
SHA256 2f4221684404a9a0dca802102ef5e1bc263d5ea4435265384cc85d55188dfd3e
SHA512 bb6cdbf4f8ea20bf39bd24801d0a8710c714b9d7070776178810325213f8c797978437f9e647510a8ff613ae8245871bdf7daff7e48372eb395604022442aa1d

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_kn.dll

MD5 055a4f614d8056ae16ff91959a0f3570
SHA1 48cbb61f7f6bdf5399cb9aa0f512b78a57ba1e18
SHA256 458ede85c40745a5f79201bbc8b0785549e2c13be8ec726d32e4ff2e052db27a
SHA512 2e2991582c5d0776880063052d483feae79d7d97a45580465e134c517b080fe7761410de8401722dbfaa3211aa7ac1cbb030d5002e544fd196735bad3706767a

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_km.dll

MD5 e133ef71c5724664908ef2cd7af775b4
SHA1 a30990a3384c62b04259c10d7019ee41fe517c7c
SHA256 0425f6ec9cfc4f79a43a2963903922526fcd877225da01f88009c7380a0678b8
SHA512 86e7188d9faad6635439c9518b5d038b5f60bec3de16b18ae9c1a6574bbeb76b8ba677bfd77b24329a4b6df00c4571a7a932d9afd025d43747007b73fbb419bf

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_kk.dll

MD5 1349c9ae143856ff8af98d8969f97964
SHA1 b0774042bee34fa2d1fe2bb65ca21a71b6a5e630
SHA256 d8ed80b5de016554f15b67c68dbcf495807697f56c3bd2ddd3c587719b870c9b
SHA512 912e36fd2e23d4508a89392e713ebe6e8fdbd99576afa1a12a743cfeb3e1cefbbe024d973550015f9dea8bda9309d353871f3ed32d7a51b1e44ac46449b72180

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ka.dll

MD5 ac87df6bb94463336a09c2cbdd17b23d
SHA1 71b45a3e00d593aa0569a4316d9f48dd7ae6540d
SHA256 f97d24c55a1563767cb606ab7644ce10c871989a8fe86786e27d17dbede4de7f
SHA512 391d352fe0d997db1462e00e19da52c48ae79225afcfb083ff1e10a9f005090b1de0b3e1f5129c8a2cde1d2264dd4a91398d8d1c121c24e7d847eb824028a38f

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ja.dll

MD5 0a4f6041656b7441e2aa9184163f4b44
SHA1 3f4f700e5b9b82a661681d37a4c321fcf98e1bf7
SHA256 53e4719733ae1819d642815bc27e576dae5cfba1e592714e2c9976bc2f1246b6
SHA512 f63d1873f4b364d7eadb26bf0a2fca2146e7c4e4ec17350f1adfba82b76cf127c5f1983bcd12895713ec3299624b6f0fe9c09ac4b58add475e4b633938ade235

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_iw.dll

MD5 87c3c118e280e39eabb8d545617592e7
SHA1 b952980c0436df129e10571fbc79ae6dd78aa5a1
SHA256 f14b2b780c72815e2e398816867b6dee5afcec9eb5e72efe733b6926f08c9d14
SHA512 37469d8fc4cb037f057ea96fe49edbb02515df2584018b04dd7665c6544c1fc140430cf5be70fa99e6392227f92e7383291570c32f79b271f0f771a8dfe93b53

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_it.dll

MD5 b73574b5bdfa3126045dcf4b489df505
SHA1 7cd73a13d1f0af197637b14977427f9df761e29f
SHA256 2fb9bcb4826b747701d41ed53f1dc7d4c0e2f0b2c8d0b1b7a6dbf43fa5349197
SHA512 13e6dc225cfcb2292d72a161270d6ecb0a0c1b6b48ee1708e49ac64000e512f7f6a3984bfb680add36a34d44bdd7ba619da873eca4aa63f53215074f420f576e

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_is.dll

MD5 1c49739edd71f83f2adbb770616bfb41
SHA1 83b0ee79f63f6ec24360197e20cbac24ae02b688
SHA256 0ace9ef559a167d3f36266c036306473a5cc2161ad12294217e2d2061c5a4e0f
SHA512 f3316a96e84a5bcbcb176387540bfc0397855dcf049975d0b1dff44d6bf75a0dcefd34d4e914cd760772ff295d979dd7959b64e0eaaf0e10f7e6039b23b7478e

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_id.dll

MD5 65fb1c07237d63bc38d11a2416c34ba8
SHA1 8eabd2b245511809e00b78b06b1985152dd2578f
SHA256 57b01bc5a7b4e8c656b08c89213278f81ce264cc399999e76733ddd90c580f26
SHA512 e66cba2a1951706186ab1b13b85679d0aef21dbe56bd3c15e0f2e76ba25df15dce0826ea050b40c8e1c05cdbe257f629fe018096bf488c6845b0a9f5cf565e8d

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_hr.dll

MD5 846b9b5f9f5ce6d8e1e18b053ccc96e3
SHA1 be17600fb7f1f305158eb735206e1c2a6eddb410
SHA256 10e40940f8dc323c6e1fea3f625de0cf2efaceb266b64e81cfa66a2eb51d1f0d
SHA512 148a48489b2787051074ded3a0f38f03b0b034a8b2b1b991ec833848fdcb307e3c6570d829439dc2205455115aaf166f845866cf7d89a07e011aa8d822e9bcdd

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_hi.dll

MD5 00661e0428373734fa46030533215a12
SHA1 5af1f8606a60dbc8126431d568acc0ab9e48e164
SHA256 4e2b724f581f3eeb2a3bb7c561d635741f515bc01be84c9d6ae245e5c7ddd37b
SHA512 7c7b30ff996d29efacb5877edc6840cf88a7148c7f9f42bae1fc2f142169867fa2a66863a5b01a0096b01ad18d9eb9fe6eeb2653879cc8f7519634bb3c49a133

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_gu.dll

MD5 5ad48f292a34d8a600f3ee5b02664536
SHA1 bdd7bb9e1b730cd63de7e8a50f9c3d76963db4a5
SHA256 faf2d0d88df753be0de3fa0218b78c3582947ead0be012c0af30f863cb3dda2d
SHA512 527c425b5ec64554154bd226bc6488fd4c1af47db67020d865cd1f52400e55c01797a0fd38422278bfc2d481a293902b1cd51a4e5882e3cc6b4ebc223384c38f

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_gl.dll

MD5 4ce45acdc229b38aac0b4849c1f18d94
SHA1 d43eec8a4f689be874541a0c0e6859d3acd78a95
SHA256 cb37f5288928cf0a89f7711366b70c943f7e6ade43e73b8bfee5e1660cc54032
SHA512 43a0c7eaf20b3827d8a33b1fb696cf9d3eb596b975b24175cbbd28090fcfb090d6bedd59d2d63514c9ff334d1bb0ceaeb77b61c632f9bb8666346abc1b384945

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_gd.dll

MD5 0be6761d833c240b79c092afa2f4d4a0
SHA1 3f13b2fb19489bba686cd681b00d6178a2ce9923
SHA256 248bb8fba661f7b7d4045331d1e4ad808ffe8f446f732c14d2f3a6857f0ebd4e
SHA512 1ec9596ce5ada65ba5739ed11c7554133217d9352913e109012f07d810883080d613e057ea75df6c4cd6a4150e669e55c5100b07026073e9bab68af44974e56c

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ga.dll

MD5 d6ef74d45d1dd95d9c3c07abc6ec2b85
SHA1 8a161184979d02361688f4214a415ee909c58401
SHA256 f595794586d38fd55bee18c9dbd21c87d33dfc0d03dfe87ade8b0bef5e97252e
SHA512 3f74f4c47757b3a0c6969dc1e9ccccc6c03161014184232430cadac4c85a8fb0748d6f894e99b169d4fcc8190d5cd20ff03157e0d155c3c6e40d4a212e981cdb

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_fr-CA.dll

MD5 f5c88d98f81d525185f5ad8ce5572e86
SHA1 5cd1375cc42a430aec940e4d73b90748890abc79
SHA256 6f6eef8c4afb0deee2497a55854f10407a69dd76e2211c83dc33546f6917a7ad
SHA512 ce41a2dcaa35145e4a638af9e70d3efb9ae5ba8357d0ad3762ab2dd5ed7a1bf141efa83ad9922e0aa11d73521d498226e83515b0166611e7ce1c81f0be9d4ba2

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_fr.dll

MD5 24d190e6f80c7a09dd0ea52db8dc3495
SHA1 02997fc50123612e7100aeca728153b62de8ca52
SHA256 f3cfc3eecf03e256dd6df7d95fae127a4e2c86f3dce58545ae16c422fa8f562b
SHA512 0b5f2c59c3e740c70308174757015f25412f64643abd6fc7965dbc4cc1fd8540a06550b983b62d70dc77cbfdcffc4475143436eef76a07ecb23485bbab054f03

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_fil.dll

MD5 49c11b98ab805533476c335f62502a73
SHA1 74bf2b11f0a695f5581ede4f2e4215decd5e0409
SHA256 6b982a78ff95831477342ed6935dbd3abd1f730dd9bf364afc2556ce6a3afd50
SHA512 3e64b2f1b15bf4436368732757f2a92f8983da5a996dd179824e82205041c41b2235a00c3bd0d765d5630d20902dc978018436657114f569aa89e09b3bde69c4

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_fi.dll

MD5 8f5be4d7e225f2cbf66f3960b56502d0
SHA1 f43fe1f55007dda26ebf78711ebbfb512390b7ed
SHA256 a121a308be48878337fe8c68a45aa10ca898e39c2d195ef244bb657755327366
SHA512 f92088d7babe2d0f4eee14e16f6d67fab8225dff0d3798b1c47f5a291cc9b820c2a7a0c2eecaa97850fa6998e260932941364b100eb8047e5e4bc9e1432a3c06

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_fa.dll

MD5 3aa4579d9819617c80568f1f2cb1e287
SHA1 271fa4f97b32d76fa890c4cb9c30ddb2e0298152
SHA256 77b558ba96080390a79ec321af1579b1d17b7179e8a893e10462c7b22c8e8a5e
SHA512 aecf49ff9385947cd7b5c9c0626015c36b106ef6482ecc47c8c189e5d9e4d670ef119e47302accab93214e6b70e9641aebac552d0b2cde4ef4ac252d3ee8d465

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_eu.dll

MD5 e3db9c5ec70ac6c8bf69272f3596c7bb
SHA1 815d877bfe2dcf83a5387da48c3e7534c97f0bb8
SHA256 0aaa5b02f2541fdbea4357155e3ff28c4d715994646364fb9cff591c27c8150a
SHA512 b6d283923b7ad531014f9113dc95c8484deb76cfffd738f223057839de0b163053b5fbb2447fda238369275637870b3e5e911b8f4ab04e4115b6ce7a7f84cd5a

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_et.dll

MD5 bd8f9362d99be154cdd697b8120e096d
SHA1 c15f2533bd74320a85cafe96b37947bdc3d7cdb3
SHA256 49424f739809b3d7fe874852420cd91752cfa605005bf6186c9f89b1b704f40e
SHA512 69341c9521488c26b16740e9a5501ee6f0a95689d14aa3806df06bf1a21e9b902743e24d3d169a66b5a19c28a6c9217538162ce4fa6b2b3f658e276327de34d9

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_es-419.dll

MD5 3c2f0bf38763071676a0e2d3428d3ce2
SHA1 d7f550ad1b00df2ef3dc962ace455958e0c715c3
SHA256 0ae0b861bc4079593e4fe9a2721b187245a80afec33742f80fa7bab4c63928bc
SHA512 9317ae64848b626b95c7f129c4ca30ec64e6ae6f686b4a71a9a31d2cbc1adde352001463421a5581324a85d4492b9d06f58698fb89c4c80775fdb1ee91eaf87f

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_es.dll

MD5 19d6139c5aa6162e8a2a8ba17ec81822
SHA1 d81f95f5e4021c4ef9b9781d32a729782eeccbbe
SHA256 f9ba82d35d780cf5b4819570e81933b06da524eacb5d0eebeef4276aafb9c96e
SHA512 7b287470db50e78bebe8c0906d5f0ccf3aa2c20f70948f7074a8dad29eef40d850c996a790eccdef6ec3d5271a22a5100cb96720966cf0fc032c139e42e10e37

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_en-GB.dll

MD5 f80b43c11b35344c4601f91d61ba01aa
SHA1 9cdbe9b73dc803e642cdf8fa7c9be3ed13928009
SHA256 18cc6c1c2cb593f1f0450745e5ad4d5d0be3b7d6d3f904b907ffb863391badba
SHA512 be390c82be4956090d55f96ef78387d3fe4abb149ddeb66fa6e61c52d2c480f0cd7cce580554ad2743c118697a2d761e1f0ff37f7f50ac437e6f154143fc1ff9

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_el.dll

MD5 f9bbe44306e396b4f5828033d4a8e129
SHA1 2db819ba55ceaa502f7158159d1d6c3de8844ccc
SHA256 3723b0bb625284d49824ab7689721e180238e0c693fb41d9948920210fb171ce
SHA512 608e1122641ff864627d144925d853bfedb7704cda6bef9257d6ae2a6c5d6eb4e2ef773f717cfab1f9c463b17997acf8762b08ac24412ea898e4cd690809d1fb

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_de.dll

MD5 88580c499f109cef95f3020b64266097
SHA1 da6cd858d8e9715a82a792da35a4c97b76e341a4
SHA256 444f87c7ab5a89e3d423b497abf05fe22ae4605569abd83f3925d3a50a74cd08
SHA512 1838d59b0e414b68b785646b01c8c5f6ebf0466e59c946ebf845782edeca76a396609ef2742341b4d89fad58468d9f0e0e24492be78255ac71a3e0e963e1c999

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_da.dll

MD5 887777535ec4dafc37e04009dc33d46e
SHA1 87755165910c80b6451e6e49c6a5dea346f949f2
SHA256 8123fc78e3217a67de7051574abc16d33043ac9a1d67fbe1220a51ef92c8d80e
SHA512 a67f21474ffdad53ffbdaa8cf8142b399eba399daedaa7c82b62b4d4629b1d60bcb6f04e87ca030299c14dac9f6c291c5d4069181bdc14c83def63c0ac0c68e3

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_cy.dll

MD5 eafbe4b540d5717792cf9e1107aaba90
SHA1 99daa2697b99139c966e58d8e89a64667a9015b3
SHA256 a12771439505f2d419b246d6a974fe8937e0aa5d3b1f9863dbae9f4b7e6197c8
SHA512 d89ca2292190b5914b92f11087970910d18b5e60bbc853466d2439b84612f74248f57b8347c48ee3b1f11232771f99ddb07229cec4beb206bcb1bcee68e6183b

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_cs.dll

MD5 ea83abf1891a11ff03172d0473a64923
SHA1 a19f2e3a26467d8dba5eb73194be1becd0f5563b
SHA256 8a981d1abbd9c6454d2798c7df5708e4af44f54991ac06e988e4e66022c15489
SHA512 f717431b7fca156a476059525307c7f82c74570b1b9c41d6596af14a340d8b3c26493f962c4f4cbfef0d6971d47822e91111ce2f1204c7127a6f6503942bb39c

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 acfd43f9fb09dc5e05842bb8dfa5b3c5
SHA1 e673afb66da1f0065bee5da6d52ea9af75e7ecec
SHA256 e703d0fe2e49eef7b8a072830e76143281039527d9c2873c8162f18217b0ed5a
SHA512 df2416d672f059451607a6aa5752bdfce1989fc461f3781033ae8b000941ecc2a29920e7c2c61f7f879cc2a9a63aceb390b627aa602506833ae41f8e574c66aa

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ca.dll

MD5 a1f2eb33a406b65da04306f52686d6df
SHA1 1a5314c97f23df4ced0466c46aca61286f87d9d2
SHA256 d75877f6cc1b4be175872e8d33778721e3e5acfe1a1154772a68c799f2e3ee1a
SHA512 4d0bfaf9fa80cf308c629eddee7a850dd485d36753fa5c0825b05dd680998aba96eaad7835de1ddea357a124bf5107d3f10b1b71c0ba4fecdc4fc362b6f326f2

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_bn-IN.dll

MD5 c00dd2c1ada230d747f4914e569a4766
SHA1 3c71082db0a88876fd0c929cbf2e25969669c395
SHA256 19fecbe5aa1f007f5f4ed719ad474b3270603c1535f187067c30ceddd4444091
SHA512 5a33f9b756ed41251f4e85a2b85489c679c350e2838e07b1df00b17f655f73d4b16783cbd4031863fb9c9851815ebbd5bb1f58c465e7d88a41d642d0118530c0

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_bn.dll

MD5 f010d0ef5fa1c42df991e6a0dd63ea85
SHA1 ebb19b0804b99f55c41754bfc43d654b87f86b14
SHA256 97e41d2acb8b638ac2a039da4f9750a0e9387ac10433cb68e0415c0093695ce0
SHA512 31fcca5c46be1967696fc9b3e9d23a4d81700fea64a826245b674dd1a0c4571a4515ceec6e9fc7d3c9d6bb2a7b7139082bded78847d614917e605b806597ce84

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_bg.dll

MD5 e53485ec77800ab9ea0283aac2d0aa89
SHA1 7b4bd4a142a78a95273a91396fbed85432789f34
SHA256 6b380706e9273948be9995da09e3aebb71e7275ba6852086cf5bd1594c7d1232
SHA512 514617c4142cb5f1eb2f72be50d81158136d427d83a8d4f93e6c0c08c30fa012379453a2046ab068cb51853e8c8b12b81df4c18ee80cfb279d80ce4ba5d65b04

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_az.dll

MD5 f4c8a5f7bc960a03ddf8b74dfae1b060
SHA1 74ee2f8420d86652cb4be3b72dadd52c31ee6689
SHA256 3ccf9900953a871a129280260909acfc20aa23644181e354847fbe6b2e005110
SHA512 c9c1b64a5da33130be847f0f2e5acee2af78ec84df14c873d1413a495c40a84c318435c43b5e17ccb0fe2929cc97350bef882b68632f1a80551c0e79ff2bcdcd

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_as.dll

MD5 7b0f190cfa90f9cfcac3f22644b03559
SHA1 de5aa579ead3696433d5509d922fab6fc4954746
SHA256 68a495ee65652ebb55f856b7a82dde20fdda0b38880019170fa5cbafb336c123
SHA512 62572ed3b1cef8d8aac514c9224c4b44546b4c935ab141eeaa696a69caa88b3525199d75fd2f5edaf15fae07b354a7c5e7df86d50dbc50cc093448640b95fdae

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\msedgeupdateres_ar.dll

MD5 b09436f36b5a4a81a153984bbf3fddfc
SHA1 6939928c6c5cfa89525e728b541568869de2804b
SHA256 b4e66f907dde78b4d4f85c5c44656667b7b0fa0659eb56f7f96d974cb66d4dd0
SHA512 472798b8419b2e6614c72eac27bd3c3a2ac0d93b3a15c992d26d44f1ee3f628406a405df36145bdeeee45b2e96b2def9058869dd2dc857030ae7972e0b0bcf52

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 f87a4644fd6dc581ef7b67062fdb55ba
SHA1 38feeaf764e787bd68c06fe243c6064f130b8eab
SHA256 1c2fd257dfc2c3967f7afc0ee726319cb6eaa0f1db86c34f97d703ce7bdcb5eb
SHA512 1f054a7111c9d7576ca80b3102670786f8d44276d36446c96f1c8f6aa7f51aa4d81edd4cc36a33cbffeba6d5b6b313f5de0e4209f6edbfe291958b2022677125

C:\Program Files (x86)\Microsoft\Temp\EU9A5B.tmp\MicrosoftEdgeUpdateCore.exe

MD5 08e9b96eb44be746d65eae418abeb20b
SHA1 eb86e91462752a1187d73cf678671bbe34d16dad
SHA256 39f7c35da1df0dca19b5bc426f0687ff0f8ae8de3ae997857a4672f1176de161
SHA512 70e08d09ef398eefbace3bce84e6b6c3e55b6caad8886002fd89466e455e6ffecbfca8d233f47de5cd99a5f6805952726676c8545c7d4884209355a48a34d396

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 8acaa43063eae7a931afde4446708109
SHA1 d4018908d5a85776647ecf39f133b5c69980d5fa
SHA256 9ba534fdbce3fb23758400a7ca5e28d56e95d237db6ed88337545424eb46abbe
SHA512 275d22db00143854477b66c3ce810117c3d4991136699030d4c34a2d85214d57e772751f44086a157708c3181d541cb1b340595eb7ccda4025ec808fc9d5dd1a

memory/3796-574-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/1488-575-0x0000000000D60000-0x0000000000D95000-memory.dmp

memory/1488-576-0x0000000074850000-0x0000000074A6F000-memory.dmp

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 5227232a56d5c4c5f86873621ac6cd00
SHA1 8a9d588815aadd352d33bb4d7867a777aa4a7980
SHA256 bef6f7d6cf57f4b67e3bf2687ec29e08c4fc600d89bf2a0eb69728aa1e294c6f
SHA512 ca8a0856527d85c92b8b9bf44f203bb1b754b8cbce840d5333396fea044929bc5f0ac30450545423f26c7952f6ddf7153855f05a3c43d838004ef619b40324ef

memory/1488-604-0x0000000074850000-0x0000000074A6F000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Installer\setup.exe

MD5 365eb1aab5e477760126569b7f72f85a
SHA1 06aa9c213c163b7716644314ea6d3997f882ab06
SHA256 19dc1f8c7901ec057bfaf763d8354a07880ce6fa3093185c64b95d082f8055af
SHA512 0d34bc14ed5328f2ded1c48acc29872a2154db0c4c9072a098266a08c0d0b235705223f988e64e3fd418e9c62338560e33d7f3d9ae933f43da77763e88938888

memory/1488-635-0x0000000000D60000-0x0000000000D95000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State

MD5 f43b41caaf0a047ac73dccb6ea612a69
SHA1 707562bef9c2f8e18ec006cf30e3e5db36f51a70
SHA256 b341684142f1bbc6a6832984c4f086f4f46e25bb6196e1d1533bf85cb2e2a359
SHA512 4a6acd436aa6f49ced3f21d4843c560158a7d8c013798f79969d9c638477a3c62cf6795ca71a19ee7b14e4366e021ece1e7b30322b6e4cf5db7ab7f1fca1d698

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State~RFe58ab20.TMP

MD5 c163a7ab65c81a8e040835894ada2de2
SHA1 47b01571690a9f4ff0f23a41208a0815b33392a1
SHA256 dbbdee17bb9b994ba08629cb7507f979eb7b3a04a7dd49bbb82962469bafe15a
SHA512 b837280d0feb667409665ca46907798286042d436b6417758225a7c9a9c534110f70282baba04fb20081d42becff7f6cdd619ffc936b8e8659d614a44b12cc6b

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/3712-707-0x00007FF980E30000-0x00007FF980E31000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Extension Rules\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State

MD5 b77b6bab26e9085590a6da9f7c2756b7
SHA1 3d6cd097cf0a8e525998fb99245419657a1e5425
SHA256 2ea3a6a8b785c5351dc30d28018d1ce87a96d72265d3fc7423925bb664f45b2f
SHA512 af159c383defe0a3de0eb9777d19deeda362e36bceb86bd24dc734150a8123693dad46f7ba46a97678a0e8ed41e711bd360013b599c19ad5be3512c1c37a275f

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State

MD5 9a74974d18b89cf2bb03f5afeaf0bd08
SHA1 ac28235a4fa6fabd74dbef52522384f2fe51d122
SHA256 bd9016ae8981578b5e8d33528effcaff9c1811eb55fc49e484d25c9feb3d9b55
SHA512 f5d18502981b947d0b8d0c893fa674299fbdc7e0aa4136d58d5460870c133b8c38661d4868e259d32be019427de6b1d0f1f848872e1f26f58d6289843d85757c

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/232-765-0x00007FF980E30000-0x00007FF980E31000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Crashpad\settings.dat

MD5 d0c760f30f0b9b809dbac0c0f6563539
SHA1 8b48d11d8b26425ebf5509960b620fb015954f03
SHA256 da3c51d8afa9d8b4767e88cf18182fe8c416cfaa5c45e186479fba8d54da3dd3
SHA512 04b6989c6eadda86961cbc8af3ef20a5060320f999efcaecb193cdf58033ad0592ecdb6427c36171ed9764642644add5fe887d34c6ab33fc51cfeb13916e5d5b

memory/2864-783-0x0000000000310000-0x0000000000318000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2864-793-0x0000000004C30000-0x0000000004CE2000-memory.dmp

memory/2864-794-0x0000000004CF0000-0x0000000004D82000-memory.dmp

memory/2864-832-0x0000000004C10000-0x0000000004C1A000-memory.dmp

memory/2864-833-0x0000000004F80000-0x0000000004FA6000-memory.dmp

memory/2864-834-0x0000000004C20000-0x0000000004C28000-memory.dmp

memory/2864-835-0x0000000004FB0000-0x0000000004FC6000-memory.dmp

memory/2864-836-0x0000000004FE0000-0x0000000004FE8000-memory.dmp

memory/2864-837-0x0000000005010000-0x000000000501A000-memory.dmp

memory/2864-838-0x0000000005020000-0x000000000502A000-memory.dmp

memory/3796-845-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State

MD5 31ada576f15fc6f621cef217ec86493b
SHA1 abb0e0919c1709f2727142750f55615b1700d79b
SHA256 59a9de26a120ddca3c5e1238be7e18fe3a966c8172593b4f25d52167d251c9ec
SHA512 c51fb16d0f008e844c6a0c00cd5cb34e4d994c5fe6eb92d97eaca102903103d21f0e5b6272b6062879914a7f47e2eab0f8c6cbade534e95a478f6c0f55df199b

memory/3796-865-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 18a89b35e1411643a771a28f91bf5b9c
SHA1 e945d652178ccefac1d7a9c854dff2eb36bba76e
SHA256 4ba783760e5625ce53db5062afbed191d748797f0b387939c224efb7d816b037
SHA512 b9450d4513babdbf6a69c0111a3e0a1768c79df1c03fb8736fca68125ad6114f4501646d28af6f9beefb0de02be063c76d23be0ad19cbcef754878b9107c4faa

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 166bad6cff199375e1536cebe05a51a5
SHA1 8cb04469ef892fe8d99fdba16a32f2bd131d164c
SHA256 c050e3bf3041144f583ef486472fe64b6d825f1cb345e3edbedfd78c7ae64150
SHA512 79dedff43f8dd0d00a84105b5c6ed490031baae9cdd5f04a92ed460f6f77e80eb333ab99825f0814b82af7c7182f55fbb3640659dbd05c69679542212d173f1d

memory/3796-875-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-876-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\96cfe0b6-c404-4d9d-af32-c91c3cc0048b.tmp

MD5 d50ec7fc143d3fa28c21dda52f4bad0e
SHA1 05b06fed123dbb3b28bc3fec078511cb7e725c73
SHA256 4d8578ffb4bc250d6794f5494ba6631390a290c6371753e5e9aef495ca9b6fc7
SHA512 c5ab157ee9a563ea8ea7a233bf096402f50d66dbfa1fd9203f79c01cc6e97f4ca4cfc3711b4c3dd74e5e9dd92ba8842dae14b5f281eee57c1b44fbe411d06697

memory/3796-895-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-896-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-897-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

MD5 6bbb18bb210b0af189f5d76a65f7ad80
SHA1 87b804075e78af64293611a637504273fadfe718
SHA256 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA512 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_212657776\manifest.json

MD5 58d3ca1189df439d0538a75912496bcf
SHA1 99af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256 a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512 afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_212657776\manifest.fingerprint

MD5 0c9218609241dbaa26eba66d5aaf08ab
SHA1 31f1437c07241e5f075268212c11a566ceb514ec
SHA256 52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b
SHA512 5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Network\Network Persistent State

MD5 347a050272c27384edbda69aeaae4505
SHA1 f3d071f2236d5e087a83eb0f469c495d2310bd70
SHA256 6bdae4d63ff62416b62ff4e8cf0c20cea8b1aa3bc215ea69922b8e75538e2aac
SHA512 12f025688eb3dc467e81af253d5f1a81c05f94a8eb3695d6a3cf48a8e944fe27e8d0c6719f6849d5c19371e8c0a0ca9e16f5c7f8e5b49d2126447c1d521c7ef0

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Network\Network Persistent State~RFe59c123.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/3796-945-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_757761954\manifest.json

MD5 178174a0125d4ff3ed5211426f1ea113
SHA1 26f72c5a2f65c767c4edb04d8da62bdadc02e809
SHA256 64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f
SHA512 c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\Filtering Rules

MD5 a97ea939d1b6d363d1a41c4ab55b9ecb
SHA1 3669e6477eddf2521e874269769b69b042620332
SHA256 97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f
SHA512 399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_970142060\manifest.json

MD5 55cf847309615667a4165f3796268958
SHA1 097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA256 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA512 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

memory/3796-1035-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_739130786\manifest.json

MD5 e2e0e30a5061d2e813d389d776cd8ffd
SHA1 90913c06260b62534b42c0e28bac3082cdacd19c
SHA256 7f8c92b4e9da2afa5a089e37797036d18e61e4f02a4885b7887c0b98d464259f
SHA512 000727f5052c846e39c62ae90032db500708e5fec5af24b8cc1f3a9d4102bc7b9be025176f01722a7c72b5e8bf85b0084cab0ebeb00fde03928c4e22869c98cd

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging

MD5 39bdf35ac4557a2d2a4efdeeb038723e
SHA1 9703ca8af3432b851cb5054036de32f8ba7b083f
SHA256 04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae
SHA512 732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social

MD5 318801ce3611c0d25c65b809dd9b5b3c
SHA1 b9d07f2aa9da1d83180dc24459093e20fe9cf1d8
SHA256 2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03
SHA512 7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other

MD5 09cedaa60eab8c7d7644d81cf792fe76
SHA1 e68e199c88ea96fcb94b720f300f7098b65d1858
SHA256 c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975
SHA512 564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\LICENSE

MD5 5b7baf861a48c045d997992424b5877b
SHA1 2b2bd9a13afe49748abf39faf9eb29ed658f066e
SHA256 44071e0fcffb9a9a32e8fa7010bb18dbc41afd0b176f81bf700b15b638a88a51
SHA512 4820b41aa5ff4d934a583e1f0b93b1512631102bb2dfdb74792a2f0dcf9907da7680c02a5ddd2492a1e6d58cdada3453d9e38bb8deab6ce831ff36a7f8de016c

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting

MD5 3852430540e0356d1ba68f31be011533
SHA1 d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff
SHA256 f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054
SHA512 7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities

MD5 f446eb7054a356d9e803420c8ec41256
SHA1 98a1606a2ba882106177307ae11ec76cfb1a07ee
SHA256 4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640
SHA512 3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining

MD5 4ec1eda0e8a06238ff5bf88569964d59
SHA1 a2e78944fcac34d89385487ccbbfa4d8f078d612
SHA256 696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5
SHA512 c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content

MD5 7b0b4a9aafc18cf64f4d4daf365d2d8d
SHA1 e9ed1ecbec6cccfefe00f9718c93db3d66851494
SHA256 0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43
SHA512 a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics

MD5 01f1f3c305218510ccd9aaa42aee9850
SHA1 fbf3e681409d9fb4d36cba1f865b5995de79118c
SHA256 62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620
SHA512 e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising

MD5 326ddffc1f869b14073a979c0a34d34d
SHA1 df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63
SHA256 d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb
SHA512 3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\TransparentAdvertisers

MD5 57d5a3548911886de2f3bd3172e808ed
SHA1 ca932af3b25f245ce931fbc6cf10299e5fbe35a7
SHA256 d2cd0bef5f45daf490c53e705d6f67dfe12390c72a00efa6f5117432bd8edb8c
SHA512 933194509d305b2a60b38c149ba1d74e142ef15647242b287844d263006d33ffa38b6ea263c89cb821a9277d41f0cfda95a0eda830f3a5ef8df5ba80d3bbc818

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social

MD5 4c817c4cb035841975c6738aa05742d9
SHA1 1d89da38b339cd9a1aadfc824ed8667018817d4e
SHA256 4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6
SHA512 fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other

MD5 cd0395742b85e2b669eaec1d5f15b65b
SHA1 43c81d1c62fc7ff94f9364639c9a46a0747d122e
SHA256 2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707
SHA512 4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\LICENSE

MD5 d32239bcb673463ab874e80d47fae504
SHA1 8624bcdae55baeef00cd11d5dfcfa60f68710a02
SHA256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903
SHA512 7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting

MD5 b46196ad79c9ef6ddacc36b790350ca9
SHA1 3df9069231c232fe8571a4772eb832fbbe376c23
SHA256 a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3
SHA512 61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities

MD5 571c13809cc4efaff6e0b650858b9744
SHA1 83e82a841f1565ad3c395cbc83cb5b0a1e83e132
SHA256 ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b
SHA512 93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining

MD5 16779f9f388a6dbefdcaa33c25db08f6
SHA1 d0bfd4788f04251f4f2ac42be198fb717e0046ae
SHA256 75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639
SHA512 abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content

MD5 97ea4c3bfaadcb4b176e18f536d8b925
SHA1 61f2eae05bf91d437da7a46a85cbaa13d5a7c7af
SHA256 72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554
SHA512 5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions

MD5 108de320dc5348d3b6af1f06a4374407
SHA1 90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b
SHA256 5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53
SHA512 70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics

MD5 da298eacf42b8fd3bf54b5030976159b
SHA1 a976f4f5e2d81f80dc0e8a10595190f35e9d324b
SHA256 3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec
SHA512 5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising

MD5 131857baba78228374284295fcab3d66
SHA1 180e53e0f9f08745f28207d1f7b394455cf41543
SHA256 b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49
SHA512 c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Trust Protection Lists\1.0.0.26\manifest.fingerprint

MD5 fc8af1e27127535b4eea55c8c2285865
SHA1 dc9fb2a8fe358f84f4f2749460ef15507e7ecb07
SHA256 c76f988dee6149c0c21f7f657688a7fcaa20b0dc83881efe14d58d9be3f5236b
SHA512 ec847bd27383c37cd67d9204e5dc55256ca0303c0d7696558de650b569ef8f9eb747603180ae6561f884bbe6eb519a23c18fa4a646c43d58799f01744c2b9de3

memory/3796-1205-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1410943112\manifest.json

MD5 b6911958067e8d96526537faed1bb9ef
SHA1 a47b5be4fe5bc13948f891d8f92917e3a11ebb6e
SHA256 341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648
SHA512 62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set

MD5 d246e8dc614619ad838c649e09969503
SHA1 70b7cf937136e17d8cf325b7212f58cba5975b53
SHA256 9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1
SHA512 736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

memory/3796-1234-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1244-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3164-1245-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1247-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1246-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1251-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1257-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1256-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1255-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1254-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1253-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

memory/3164-1252-0x0000022ADDAA0000-0x0000022ADDAA1000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_741217057\manifest.json

MD5 8062e1b9705b274fd46fcd2dd53efc81
SHA1 61912082d21780e22403555a43408c9a6cafc59a
SHA256 2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35
SHA512 98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb

MD5 d43d041e531dc757a69a90cb657ef437
SHA1 09138b427565bc276cfd3ba9f59b0c8bad78e91d
SHA256 9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb
SHA512 476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\PKIMetadata\13.0.0.0\crs.pb

MD5 981a9155cad975103b6a26acef33a866
SHA1 1965290a94d172c4def1ac7199736c26dccca33e
SHA256 971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d
SHA512 2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

memory/3796-1289-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Preferences

MD5 076aaaf7e64ca02e4b56ed78e33a2aa0
SHA1 6b78af8c6e4e96b533b21e643bf1c10672be1a02
SHA256 247fee16b03b4a28e6853767d7cdabdbb8662df30600845f93b0c2d46217c5c7
SHA512 876921f7869ec6a47b3472e6e4649f824d1b986399809eafbf81da203eee69633f3cc435946b17a940ac42d1ae8832d60fc9a09ebaac3cd3b710cd01c6f71201

memory/3796-1308-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\TrustTokenKeyCommitments\2024.5.3.1\keys.json

MD5 e2e2e3b27dbe8ebb1e5a1689cbada547
SHA1 0f173e6f154e12ce6774b006a4cc42d7a680f7a1
SHA256 0af9be189481b755cecec6901ab03e1f41557760157501f7d57570222db5944a
SHA512 e9c6e2d78df50474ee1fd4c01bf05c135dfc180817ba204fa10fe4d7c0c7560954a905244aed474220dd773645dab7c647ccd53fe82896d70f9177efdf6a85b0

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_180566566\manifest.json

MD5 f484730e3678d8a3d9d2e39ec6e43aa5
SHA1 01567fae3cbd5beaf099f5ccbd0a2f2d39f620ac
SHA256 dfc1e147364cce4708e0d4bad53e46669edc0cfe0fa9c78f773a8d5ee5bb7895
SHA512 ffb55a70258aaf3b6c3de39298cb0cd0700263c6cfb83ca26a798c41082925f2b45d49b23746d7ae971346b94e8f545f72b005b19e6f16b0955623a1313f9e33

memory/3796-1338-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1348-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1390127671\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

memory/3796-1367-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1377-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1378-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\manifest.json

MD5 273755bb7d5cc315c91f47cab6d88db9
SHA1 c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA256 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA512 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2176_1464103025\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

memory/3796-1582-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1592-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1593-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7e2f451eb3836d23007799bc21d5f
SHA1 11a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA512 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b92e9620c59f95a4224feead4664ea58
SHA1 7c6a5a52431d68cead119ddcdec4c471bb3bf7d4
SHA256 40658dfb259ef3c6115742117116eefc92b296c8d0657fa79588cc50e3002d16
SHA512 64b9d3b73f331eee60f4a33171e1bf8a57b98d5e6e026ac73b08c8973874ec6a8a37115390a1fabf0082f9f48968a9132d7ec4f4867fa09d01a935ac0afc3e7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6876cbd342d4d6b236f44f52c50f780f
SHA1 a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256 ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512 dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

memory/3796-1621-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 626b50c710a78231de05aecf7af1701a
SHA1 43fea4dbaa4462cbee1f02bd5e02c95823a3d252
SHA256 92f1f63da08f9f31aca3f60975c0365f73fa04483d1a9ce8781ba590497ff99d
SHA512 0cad1468d6830bfb1c65a3013bddf1923e78158a00ba9d7311b83c84afca89c3043897e22f6be24b4379da28a1b806f7ca5a2c40ea18a1e6cb80bc14990a3fe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d62d5dfce5be442a2a6a98d541d8643
SHA1 dd19e5b54185f5c76f48fad275e8f5613a8c8365
SHA256 72005ef2edc39620e6b6c72c2901a45bfe21ffcde04e1bc800b5f779e08180e8
SHA512 f5cbc3245dd52a959d8d7d8f525b11b1911afe8823ce0c74b2258ac6be6ff5bae45ad4fd49623509652096cc6304e065dd49b915706808b98ce1fe8d10d2f585

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

memory/3796-1780-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35d818c188629cd17049f4debedb4a5d
SHA1 012e9ac4f818c9d30335938aad14d0314103b3b7
SHA256 0121d3c893662b6365aa47cf0df68d5a0996f9ffb8b7f05d1fd7d8df34537632
SHA512 db701f1486a3801a2c1562aaa3a5f1da637e7e6f3d07fd130ba3438fdd0031330cd7ada26ebc1cbe588fcc81edd2722f14bbd6a0299ecd4c675e180dcc341802

memory/3796-1794-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1805-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1c35b06052c4494adbc1762a072045d
SHA1 ac5978c7087ebb41d1908dee400f59a3771b92b2
SHA256 e58f83695546ec031ae4a41f4369e666177d6c83dbd933eb9feaa732b013f9d2
SHA512 7f413e7c04a9be4cd2ac247de40e5b67d6b3cdccd6d678ada19e23d97c035dae307409b09919a6855cfb19c0ae98319e224347ff5f8a5f8fa39eadbdee8f5011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 97f07e182259f3e5f7cf67865bb1d8f0
SHA1 78c49303cb2a9121087a45770389ca1da03cbcdf
SHA256 c3a70f23a2cf331852a818d3f2a0cf7f048753c9b47aa4e7f0fee234c46b226c
SHA512 10056ad3a71ee806a8d8aff04d513a079568bf11799016f76f27c4255be2141a4c2d99c1f46bbfde9c99ba0f8b44e780a92b59f514d3cc1c248ead915c31b5dd

memory/3796-1816-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

memory/3796-1848-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State

MD5 cc6733b5d77b52378074689d0583cb6e
SHA1 2402c4ea182de2e891281fce1108ab10b4fd772d
SHA256 92aa095362b62bd632c1179c7db2efd9d86f5389ff26a13a8776b413680e8cc0
SHA512 faf63287d984d7d311b0685464e682ba3af4a29ea57516538aad6a48cd3574d5f8093b21ecb03c4480b8a628d9d178d2047d0ed3bc72995c6c7470caa0409d56

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97E4D258-7975-4DDB-833E-26CC65563A27}\EDGEMITMP_D10A7.tmp\SETUP.EX_

MD5 acba8d068b4ad0fb79a424af26103aca
SHA1 cddda10d8d6f495fd331132df3ffee76369833d7
SHA256 597006630d186095a14e003334b1260b4de8a5931b68597e3916ae2129b24336
SHA512 5097fbd09f42582a5cb2cd82dac4eeecb2e5c8e652ebf3601f6eb78b9438fcb4e9afdb4eafb3dca73a837d7536f981c3bd977815bbbf40d03e1837d2b93f529f

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Default\Preferences

MD5 421cc82823526a2ee30dc5958c840eae
SHA1 f46bf3472035b476328df402a4173ddeddacf0bb
SHA256 4025c73eb1aa0ce5e98bbcfec08dec1980f9bc83e441d0292a99fd1d16baf5d4
SHA512 3d53abed6d7fcf055108df03b70217657a6b10298e41f0b553f98e359eb674be25438bef7f5bd0943de4600883ba2af35dfdb122898da27f4435453c19171f77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd2b9361ffcabcfdfe0371eb42b2600f
SHA1 71d500fb296240c5bd25b52b202198affbbf76a1
SHA256 1d08689e99c0626cfeed06ce10c402880b7732873a05567975f6864c8f08312a
SHA512 bc92252eac065d9f60b8ffe5fcac5e0e596d70131b128ba057fb2c8d65e957a165d19ce21654a1499f311bdc240a072fa9e8527641a449ad4038fafbfd25b6d8

memory/3796-1973-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5c826deeac8d2b65cb7cfbdefec08a25
SHA1 c9b911aeceae662fe69c0d567a1c933200167a99
SHA256 e6e3b77605adbcc7b29f57254dfcba21da6a6f928f2f343b333a615df1f54d1b
SHA512 ca6b8b1808d664762e20a204cb7adcce7554644da926c738aaca476fba5d0c8067973318b969197afed0e3cfb772958bd4b26471c933085b03dda2359e0bec05

memory/3796-2154-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a0e80e5bd655a91ec7311368c621da92
SHA1 7997f575af1db4a33671b3ccd5acc5d45bc4879c
SHA256 f2cae638cb133773659900f4e666779d0ab64fe3c3a9317e5ab4341017313fbd
SHA512 75b3962624d1be81c10a200a860b4d37c6e92bf2545bad6f9f80869eaa223164965cebfacebbd965a2872b36aa4d0d391035993dc8df2333ec56f8d2ca1f2eef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d497f.TMP

MD5 a0997d08dfb3a88556588e174065ad97
SHA1 38223092792ce90647ab7500bf28203fa1a8989a
SHA256 a83f73408f1c1f53b93259cfcaff4c6a02966922619866f84c27b30f0dc2a888
SHA512 46e282c16d8df8c79a4e5edb3a065bcc9e13fb5ed43f17391113596434ce5e1593529162e711178b7d0183e7d7a387487e40f1a070db52991ac30a86fbf22234

memory/3796-2251-0x00007FF77A990000-0x00007FF77D986000-memory.dmp

C:\Users\Admin\AppData\Roaming\51887aeb36fc899ae1a9696f022e9c71dacacbcd51f88d65dcdf4f7d1a2d3b97.exe\EBWebView\Local State

MD5 61ea0622276cc605fa0e36033e639f4a
SHA1 032421785ff9dfbc05ffa9522569784a9f8e60fa
SHA256 58a2aaafa985ef1b9021890df84eba39433db4cb5bcff204a6ee7e082244b28f
SHA512 0583eae429504dfe4b7451b17309a1c189eafe6210b9e9f65491187a93297cda50f2c622be20d2f31037f437599bb068cdbc620601ff20273820259c497aa341

C:\Users\Admin\Downloads\Unconfirmed 161934.crdownload

MD5 ddf8230ab47c7c517397ef1c5b1ee2e0
SHA1 4214d7217f353b7b8519ddb768ad238a9afa10f2
SHA256 688de6269eabf44a59a497e26920466976fa26a7d6b4ac4127cacf03da2edcac
SHA512 464dcf2958971a2b38e5e61c746578a88c571d976b5183489e3e8ec05953c51c860bd97e1839ea77faea18defa28da1d19f9d113037e4b7d98e5692ee6488ff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f310dd3bd76934a55f7b200809c7b50
SHA1 f55b97b609fc2fa1bee3b38d104776aacea5fa08
SHA256 4c5e89c191e0c0532d7b2348e0b7a00620078d78a73c81d50f25c8b7a9b12505
SHA512 579c6d26866adfc016ec4ac87d295d10dc1091c0afec2c50ea0ef639d1cd4de861599fe755c20e1cd474a0c377e29336ce18908a5243891987e910eab88b7701

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a5969a89c2c49000436c912f8a83c81
SHA1 9eb3c8527ead2a133dbc158f0355609188d88c37
SHA256 2e8cee06cedf65cb2ad3aa5a4437beec980e27cbc2dbdd62a4ab00d299ea1aa0
SHA512 41935dbad79f9a28ea83a9b992b56e68a92819b0eec119eefa80e9604e34884c1123187bdb195da96baf9b8515815cdea24b6d638e11763cbee27a74f6f3a0a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b26f8abd08ec36bb22f492fc65842e3a
SHA1 e9e492d0a974d6c1ab3a4510e4f98049f7382a30
SHA256 95412895498c54616015d49949b572bd4da691d292aaba07b58fa9271d2e44e8
SHA512 c03cc744f15a1a3813fae08877fd82b860fb91aaa4d652b11c6d2f1e62d8b375caba140b0113a7a0755f0392e5b4ef389eb3401f7bd812ebb6302d4d91b02a67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f5b8c69b012cfbbfe1a9742580f1b107
SHA1 1ec12b9f882a06add39d047d1d577806dfd244f3
SHA256 71156d90091b7f08485ef4779b1d61513a90f057b4a68cfd0307ade99d66e81f
SHA512 9a23d0c59cfe9c1264a1a267e306de72a34a4c3f8fdf4ea3b26e4cdfac4d239ddcabfd30f5f3459190f90c370c544607eb7745d436aab6451f2199bae26b5941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52605e09d743e948b7e75fb6057719b4
SHA1 2cc2a67ab7df1fbd906452cc62e19b44b3d89469
SHA256 e623d60afbfa4d1684025b449cb44d9b0460dd02281a08c4b3cab5cbfbcf84b4
SHA512 445b1d0b929b53e15ddc1159268f196c0ba05d94fd41aa0ce0e3d357982b0307b8f29cf438d7d2e90d9d9c2218082d582cae765c8aad58d72900b594d53a590d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7284654a78c30ba26bb7e71fb6b849b8
SHA1 8853da2ee491cb80285abbf31b6460951ff6650c
SHA256 f3aa3d74e681184389f1cc2d27b1d04a9cc1c8a6735655add10eb453ff4c9034
SHA512 406460ec315a2a852244e8e8c6bc182eec26a15d5f1135fd7f3d82fab97a959fa5ea7ace81f231769c1684a1b7cc14d0fcfb625c466603da8aabaee37eebc34e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

MD5 9dbd87da3046935d74a6026cb0e9bae9
SHA1 11584dbe6847d90c5797d0c2ca6ad4247154ca60
SHA256 381f108010501d81a8442290432434074e74b131a30a5c77a27d1e514a29b45c
SHA512 f2a57a0e86abb96d491f0b1ebc6c1efbbcd3e48f1e03e83b90b049b18c20b62e2d5ad56a35ae219b536a8ddec712072b002296a0d5adffcd573490855fb5ae43

memory/1352-2603-0x0000021FA5150000-0x0000021FA53C4000-memory.dmp

memory/1352-2604-0x0000021FA5820000-0x0000021FA5830000-memory.dmp

memory/1352-2605-0x0000021FA7040000-0x0000021FA7078000-memory.dmp

memory/1352-2606-0x0000021FBF8A0000-0x0000021FBF8C4000-memory.dmp

memory/1352-2607-0x0000021FBFC20000-0x0000021FBFCC2000-memory.dmp

memory/1352-2608-0x0000021FC0040000-0x0000021FC03A8000-memory.dmp

memory/1352-2609-0x0000021FC03B0000-0x0000021FC064C000-memory.dmp

memory/1352-2610-0x0000021FBFB70000-0x0000021FBFBE8000-memory.dmp

memory/1352-2611-0x0000021FBFCD0000-0x0000021FBFD2E000-memory.dmp

memory/1352-2612-0x0000021FBFD30000-0x0000021FBFD90000-memory.dmp

memory/1352-2618-0x0000021FBFBF0000-0x0000021FBFC04000-memory.dmp

memory/1352-2621-0x0000021FC3F70000-0x0000021FC3F7E000-memory.dmp

memory/1352-2622-0x0000021FC4060000-0x0000021FC4068000-memory.dmp

memory/1352-2623-0x0000021FC5950000-0x0000021FC5988000-memory.dmp

memory/1352-2624-0x0000021FC5920000-0x0000021FC592E000-memory.dmp

memory/1352-2625-0x0000021FC6070000-0x0000021FC63A0000-memory.dmp

memory/1352-2626-0x0000021FC63A0000-0x0000021FC656C000-memory.dmp

memory/1352-2627-0x0000021FC6570000-0x0000021FC6782000-memory.dmp

memory/1352-2628-0x0000021FC35E0000-0x0000021FC363C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c7889946963e304e566d0f1e8772306
SHA1 ab36fc8ee6bdf7724817941d618ad3d2535bc0de
SHA256 031b6ba70be6813808564bca8d445abdf68fa95f6f42c3f9f194e4f56d3101d8
SHA512 aba0f7333d34096b59efbf6cf9c80fd11e8f85f6a82e0893a023b37eca53edfc56da3bf23f082f183a9c4836a8c97fcedbcf69a33d7d7805d2e189e20ff06b01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75270c1bc3474bc34db81671ba35a1f6
SHA1 23ee8c1664859a57f2e8153c60090c069f1ef0f6
SHA256 33defaa43e59f5b61d954f2f91c8a54c7ba1a8cdde573ae744baf5e8a0b9df66
SHA512 e6ac999f58cc6898bf5e539dd069b582227386e9345e434cc2a145a5f103089ecb34a9e266635b02725564b32902689f38827d2e328f3c888b4c348d2aa47b7c

memory/1352-2647-0x0000021FC6C90000-0x0000021FC718A000-memory.dmp

memory/1352-2648-0x0000021FC5B00000-0x0000021FC5B78000-memory.dmp

memory/1352-2649-0x0000021FC5C30000-0x0000021FC5CD6000-memory.dmp

memory/1352-2650-0x0000021FC3670000-0x0000021FC3692000-memory.dmp

memory/1352-2652-0x0000021FC5F10000-0x0000021FC5FAC000-memory.dmp

memory/1352-2651-0x0000021FC5BD0000-0x0000021FC5C1C000-memory.dmp

memory/1352-2653-0x0000021FC5E70000-0x0000021FC5EEE000-memory.dmp

memory/1352-2655-0x0000021FC5BB0000-0x0000021FC5BD0000-memory.dmp

memory/1352-2657-0x0000021FC5B80000-0x0000021FC5BA6000-memory.dmp

memory/1352-2656-0x0000021FC5FB0000-0x0000021FC5FEA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 bc94e335f2fea6bf3fa5275e534d8cb3
SHA1 a50937e6b4adaf39d5f543d5973b23057b89f9b6
SHA256 6afb30c057204fcc2050b8278e908ee3aa86711d07c58b86e95b75d3f6be7c21
SHA512 a47dff099e62dc1ff7e0dc0af91923cd81a8c3b52ddc6c0cd413d16ebfe9af86fd2adc614a0f749be3addd9ecbe42a98b764b14c7e008ebd3c4ed78b3d6e96cb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 7d4e2356c78e79ae02074b71093ac606
SHA1 49c163d43318a1e409caa6592b1a8c04c82d9e0d
SHA256 37dae1ac1538dfcb445f51b8f06b99d79b5d325a985863c8bdb6bb4183e23a61
SHA512 56053c33b3928a0f61f15d0ec74d7dd02623357140bc0395cfadcc27a5f8773d95c5db8e112d404f474256d73dd71f326833b3dabbb73f06567af845517827ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7b3a8297d74ea7437e32ab678f66a23
SHA1 12f6db659ab94b0d6fc4801bfa4f08e116ba591d
SHA256 88b0d720813f4bbd28662459938b57d67f3efa6e0934f458dfa65a6662e083fa
SHA512 b19aad5d3eae8f4f6d4b6c1be15116ce6c72681d533c9f42394ca71a6e89540d58bb20fb4ad99b8b399a84cb3c2a0f5bcf935864dde0e6f7e60cf97b2e9fff07

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0474a75d4c0557035fa187d1a25fc896
SHA1 5cbeb60c985f704d333797189a46e46b950000d2
SHA256 6cb7c839a9ec94271bbcb293ce73f3a98c5c9cfeda18cf093da2adf7691439f1
SHA512 e8b4585532d5389d492d64df83e289211e6e68c8e52a125a4fcca87598f2c42c823893b7aee338004d81a62cd3690588832e9f3942cc126a10f6bc594ceb35df

memory/1352-2740-0x0000021FC6890000-0x0000021FC6906000-memory.dmp

memory/1352-2741-0x0000021FC5A70000-0x0000021FC5A8E000-memory.dmp

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517efac85db7042e2b9ae54b76f4e58d_66fe4e29-79d4-4cb9-9cf5-50b32d670a91

MD5 4f786152087be2421780544897125bbc
SHA1 1465783d441a6f6a81911d45a1a37717a67f75e1
SHA256 c7615ebd18ae705138de2779645a691e95be66508896269c01cd075faf8f2ff9
SHA512 5d74be14e8cf3b2b65aaee70c69502a528ae5a0a524bec6122b1ed44a7c1c53f64fe40edbc764908bbae8baffd732967ed1f5cf0ae508f9777ea7fe8a038f118

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 4f3d01bc9b5702909f83ef4d7d5abea3
SHA1 3bdddc19bcf9cbfc0147a5394df7c68cdd6a84e9
SHA256 93ef01e8cb3d1da05718623d0a3ec20a90ba86b07a294792ac2664eccccbbac2
SHA512 953227129e778e0669f0b673044f983ba38e8673e64d2819ffaec8eb819692d991f1ffd8b7fa9747710f7096bc466a68dabede24dcbee5c4b7e149e35d4596ac

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 ccf94162e59496cd228b03a14c4e43dd
SHA1 6800d19aea2117c488276a90570e6fc52775208c
SHA256 e097886212c0447473d5a170eb7e9e297cab09bd3b036b135da1ee3c72aff402
SHA512 1e8d31405e5ba634b14c8fd4d5d0727a57585188b8e4fbded6cba0492d6cbf9a004bcd4928bf464d2ed73b46f68bc36ff2c1424500433df72c65a2c67a2869e4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 d2eda2be4626f08ef228203b70ea281d
SHA1 5da98b6c6114376ada2762c8c515f183eb2d3bb9
SHA256 fe427d5539ff881a787b74254b294e6693ae4111e59e99607cb571b11901a5ce
SHA512 efbcf332ba5e0f295f238daa7cab4288d082a32cb116002cd084f870f7285acf8a768d2693d87b2ff615e086783aeacf7384207fa6d39ecdad7c46633d40037d

memory/1352-2818-0x0000021FC5A60000-0x0000021FC5A68000-memory.dmp

memory/1352-2819-0x0000021FC5A90000-0x0000021FC5A98000-memory.dmp

memory/1352-2820-0x0000021FC5AA0000-0x0000021FC5AA8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 45d2347cf5f3a2937391276956b28b7b
SHA1 dfede0233fa232fe250b36318e604cacd66ee904
SHA256 ca314fedaf4b85e945ae50709406318412d6bef3b8e6c4f7c7bab1e19b43b90f
SHA512 456d659c2ef3de53452333dfbadbe377b58e4d4c8ee735be2911b81fcce415a96089a55de44a7125e1a007a4d5463637c40e5b4c206cb6ee55eef5a0691e3c1d

memory/1352-2830-0x0000021FC7320000-0x0000021FC74A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 e682d6b745f13c2d2d928b63fcd17956
SHA1 079339a71a0784e2c65b0a7bb462266ec3e449cf
SHA256 9ef94448507090090220c52622579b8f50909469c0c877a39cb66597bc280b17
SHA512 1e2e1ea02d86e4816020d0586277c9ecd493c4b24330dd88409d3830bc7c57f38f6777e0803d6d598f311cad72fa369a08d907452716bc5c433f0524dc3795c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f1062fc19ded12b9673d5a133dacc0b
SHA1 7c08bc6c60043803f13e22bb015c2dd988a68754
SHA256 2739190820b853c20cb038eb1d9a96dd603d3317bfec256dbed1c1b53a2f4ebe
SHA512 b92d847c5177e7d34312404de4e8091667fe9e60845cd3f75130280d4768987be95df10740218b7c5496b1ef7c2944dcb864421492430896ff2eb156961ac73b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 218668c90b8dbe347fea61a5dc445708
SHA1 c79794eafa53921c5372bec763b54d39656c62de
SHA256 73523b2e997e7a32d4540d55ef6af0533f2d5cfc7551a48a72cb73f1c206456f
SHA512 8067d78f1ceb1d12610384c15eca5e3bf973a648968eaa439536409afd464e4bac323e78eb2cd62eb1f9d921d450faf14376fadbb5d427861a95f9efaed0498f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 30c1770702ae4b6e8bf2a0c2e3dc6543
SHA1 b83d0d2bc308cbdd72f3b16e55b480625b1e055d
SHA256 ee618b628a2b3fd809d32023cd9bc4b004eb3e5e20903788f3475f5752629ab7
SHA512 30c99bf33e308fca72bc770f8ddceeb5f28bdeb7399611dd4f3972a29cdf023fd8d14a86e498f47f120e24ef77e897e262365e4b9d2a81ff0e49395474d44d45

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 6182665b0fcd17b28ec4b771c3491431
SHA1 dc33759cafbe97f8daac89a629fa373a3ba94dc5
SHA256 2f715a82bbe4500135036fb3024cf1278285d9e7a3be5de71fa5425e6ff3e1e6
SHA512 dfeb237bca7458b9676935ba3558e3beec1a81e8c2387dae6c1b7e55d433f7030c8aa0162b230f6e8d951af6b40453764f6286bd290e0776ff377719aecec6f4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 bfafd6c9c3fe97e56c8ab889cf5b32bc
SHA1 11c03665456b9582320a737f5278245bae21c5b6
SHA256 1d28b1412af44015f4a992b38c5ad4f810520138e4749dcade45023a8c519033
SHA512 ae9a5714326a7769a6adb41d9b16868c2a016f8be0efdcea4dc5592af7c3971188ded5621e32bb98f522cd11d6c98fccc06618015c657d998db6c6e49cf804de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7803bd3677eb3e63e07c0697cc3c76c0
SHA1 e3c8417103283f96a9e8eacedebe1bfb6fb2fba2
SHA256 278c6d141b8d0661c5de4ecceb1ed1629b9feaef2a27468a1590ac4c731128ad
SHA512 3194e2b2f4523a96b98881a66b63da64a84b63b10846181d560f775cb0888cdeef3ed166e17d6eb2d6fbdfeaad496aaaca5101cca83111483774207f2eba0188

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 b89cf9a81483140f18424578daae3e2c
SHA1 86d713f8cb49c4e59626c45923428f344e2029b4
SHA256 f829e27b20868724cc8747e13d623ae7958cdc3750c56caeb02dff9eaf4672e7
SHA512 ff17bb8b59f1ed56d7da99af2d308bbf15568182372a0a608f4fd89672aa411c25e424ef53fc0f6aa0fc1221a3d466030866c1c8bc29ee5a18be2e6a8da3a730

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0e045ec79072013d85f988a3cd45348c
SHA1 59051781fdbc1fd3ab6197b0207227d3f082cf02
SHA256 aca7fb8fa4c358a96342cbfa38c40eb19dcd984a84b457a391fe1374e2dac965
SHA512 14a4a7d81e84a58c6d58152e4746572bd53a8180b1395d203a085b00a72fa35692c5bd49654921d7c20a45cd21c58cf6acfbde01c4670c14915fe7285d52b97e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4dfe9a21ddc8c4935cfbb3d5555aeb8
SHA1 da9dd8ad0efed13b32d8c10feb19e9a26a14167d
SHA256 5d77132649ea609adecc19e22f43330fb1fe17c32b1ff08ff71430466704da2b
SHA512 22c661101922307099243fcf7e1e2faa73fc8d51d497b56352c768f3ba2d4dbae5bda52eed762d896b71a5c8e299328769ad2fa161413c8783520814c734151a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e58c72dcc0e5d79ab684cd1edbc8cb36
SHA1 c273d47f1610ce9571ff3fb2f4aa24c714f08b24
SHA256 9c19750ded5fd4d83cae89ed00217c912c369a92cd5b99e574ae9936ac0ec038
SHA512 2cdd11d92d968f7d4eadec07d8b6795c89b1db98cec5e4852a2df0df42fd0ef6c2e3a07df03cc80a886a2539ab01c4349a354e26bb2a1582dc3fe395cdfaa29f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3445219bd062616b00f3a3a586c7a74b
SHA1 8be3102b185fa5834eb97ce5069fd2e0c02aff45
SHA256 fb4b5e1b3383ebc12f3f66c981298265f1741bdfe69f5e7b317bd90df8c6b4e1
SHA512 defe2d97418733c99c4a63b421bacdfe549b6dc398da7eece88e097823ab85e2c82f5fb7c403687b049a8ef33f637c65f5ad35a8a343dcaac82af02b51fc9101

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackme.log

MD5 3c54acffe4b0f144d057aebec0a773e2
SHA1 e9a0ab8240803d74df9f5112e38faab74e372cf9
SHA256 4e5741f6b0b163fbdd5f763de536a386e4029a1a4c005d633bf8e87c6f4e436f
SHA512 2f72b854ef1a41bb5bed0794a5ca68d7ced56f08f0069c670f3b57e38de01967e3ea0a840d0ec51a4a57aed41606b2afc446c06f4c36924b8eeb160333e1ade4

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackme.log

MD5 72dd31d5d7590ed46c79a7dcb74f828e
SHA1 acfb710b2839850077beb44af53b96f389016159
SHA256 5b02f2e8c392de2dd281096f77acd9da3b5daabe00684621a438346b8d56e531
SHA512 ce249a87f3b126082d1368f1d37a773690758312be3e10f76add79d058d132992ae26455b3cdf6174eac63cb21ffac9b036b5b776129f41cae06514f5c18d2c9

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\unhackme.log

MD5 5610c88d04b6b27529c698719f985f61
SHA1 b6718726b9f3981e3c9ed5e74350819f85bfcc97
SHA256 eb996042c49fa54cc7fadb5cdd58021533376ba29edf175c5b119ed9ddbd61db
SHA512 2f5883492afd9394b0e14f7e06d3a8ed9bb916d7ccc9bbfa6e907903a0fb3590c56a688749ba39754e9513276042e0b02ae64e2ff11b606f0c076a13f4685b31

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\reanimator.ini

MD5 3924e1eacbcc34f28d5a52f1c1f9ad80
SHA1 75e8dbc57bdc2d97df4f18cb6c0a7eeaec6080bf
SHA256 55f07bd86521bc7286bba62fe0a572025fe1913312221e43c3e7ea8385ab151f
SHA512 aaf1ff608673f3b4739caa8e3b6a2eb8053d209da0847c703ff9df60241b194087c5f76246c389b526f1ca63495dabbe50337468c939eee143d4430f25c9588a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 9b3c4fb46f9945eddfefd80f02ed300a
SHA1 d7805f064ff8bfd3c00b45f83e6dd3a8ea509ec2
SHA256 832f96802f7b958126ae7c0b290f428240067d54c05747a26f7f9eade709abe4
SHA512 7e4b36a564acbf4d0519db6b49e87faa2e52b654dee13bd04aff7d762159355b4fc6fdd6c227138d70b13b31af72acd9785ea67ddbdc9ef50220d861bf235294

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 e5b8caf2e02cd93bce48d3fef102f78c
SHA1 68989fb79b6f0418753adb8e67febffe9c75529a
SHA256 669bb6a96e440e5f49b69538dd5e56c6d0c7f66ed88940f20c17bf1822c5cd42
SHA512 fdefcb142993909fff4143d4c9be11b242de5bef2917b282f1de9a8ef329e28c79227f9fd5eaba80b587d61825fc2831f47a23b96d30cf7f957ace080adfbf80

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 f180619decba991305128f507dace2ea
SHA1 92263e821d5f71d3e1676fdd4d18f5b30ad64b41
SHA256 94a0ca9ea9c18007db569880873fa47d3c9e2b5cdd0371fe389eff37d8e53430
SHA512 92689c608610f27aacbcc4e267b8e8b16e08cf4375fc07320f9618028d83496649f8710635c6852ca652f2af68f6255b89a646168c91fb2326d03b74c55e3172

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 62422e08cae704e12c86f89c4a2bdbf8
SHA1 fe411e0332e045b6e9bd84eb8e934de6fe8ae109
SHA256 71210d04259164a160b26b4f7a33009bc33684f8ad223d8726b4390aae07d74c
SHA512 bb47d9ef852221d933220b3798d571ea4a960bafbc06a17731f4ebca4f167a10d0656c4811b6e737eb4f63430c8de2831321e8b4abdf9af55975dd379a4b75c1

memory/1352-3649-0x0000021FC93B0000-0x0000021FC98D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 1e277f34b73f14873c8a8eb3b6e2326f
SHA1 d373eccd80ab84feca9c3f0bd043830577975028
SHA256 048b790620839eee1c274f65121670f5a6bb1a99727a42a776b5505dc5b38d09
SHA512 6c59c4416caa39de7e2015fa69681a18d559569cb0c8608558384e8bb2e09a80fadd0b35757c502e4541e6778018b487d622c6e51f1ab682a4258a94d0c6d202

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 b0ccb191bbc6b7fefc6980809b1f24a1
SHA1 5c55ce44d23030cf434d3d424e9483473f6bfe46
SHA256 2194bf5ee217e013e9a7c769a6fd44dd8272b4e08650a81fc50b61b9c3944ba5
SHA512 7e8d290a297251f285fcdf41d8baab35ab35cb8e0d982506c55d791c8f428f6ce724a7fa6e509505decdd3e4ac7fec6294b46a6c5c29baf0a5e26ff25f35b341

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 752c217d410556e2fac2e8445b20ee80
SHA1 732630a5c8d3c68b5896ebe2f0dc71634b87e332
SHA256 0a9fd7d0abb2c6284d3da292a53e9f5f8b529f663610c55b8486096824466ade
SHA512 873e57efcfd084c29d86f15676d13ca2cbc8380cbb97ffd2eb2a5f2a53bc013071ec3bde1668d90221ef5d6a328564a73f88e97ef5a15d2b8b8ff20c48295fe9

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\@[email protected]

MD5 004bc502e8a0ab7dddb5c2c67e1cdfee
SHA1 655550c2861180f3b0ba33b92d86c1db0462d0d3
SHA256 f817079ae7de02290eaa218cdf82475ea6fc481a699b37584d44b0ed86abd454
SHA512 c57d17de54e66f3f5a55c58e751bb1453cdba903bd8bcc3ba2c74b4006c595fbab581382b49a163aa0ea674cf2c2b11dd95562da8c469d61342ae669410395c6

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\@[email protected]

MD5 fe09ba17cb6646d81511512610f3d9d2
SHA1 6b8d43826f58b5ecd6efbd7241650fb2ad8364b8
SHA256 eaee934470901dc17b848442abfa82b0f76736c42626927c14ac5d8db99f5b12
SHA512 1909d2d1696c4b32fdc1f2ef6e1436318cd1b37c2464a67854aad7bee3ba90aac659847584d2c82c34b7281814f4edd41d0e0c390b60750512c3747ba4540821

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\wu.log

MD5 1f96ce935485a30b7d746b74cc9abe1f
SHA1 2f171d3b21132d5461e41e4bc5a448014cf9a261
SHA256 9cc5f296fd2a32264cc49a341221a0cf34ba885580eb307678f7a03d2d8c288e
SHA512 9f06007e4f3a2bc91c7ee401cb41f2478af0c4185006b839d707ee7a70005bc4a872edf07102570ff9839fbc0ce0caf9dfa5a772eeb4897e3196cfca71fe1612

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\wu.log

MD5 52b2d44667002721b4ff499696c7a19a
SHA1 1b332922a3250722ccfa151bac927f71e622fdd0
SHA256 873282e23aeb04aff5825784159f9ffd2229f7e465c1eef8bfd1c60d4569d2ef
SHA512 6259435e7e249cd7eb85d3b5f723b1021a586b05459821927d9f009b4439b777f74f260c19d81b7f58271eb1dc78e1afcdb51b1907b82f918812a3e7ecac291d

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\wu.log

MD5 771f51561ec19b030c26bfbce2dfabd2
SHA1 ca9d2cc75a3bfc83074b39229fde857d0744fb92
SHA256 d9b84270971f3265d412039765d3fa59b9d2115519f1d1a7884f01a27ffa3700
SHA512 44d10f4b64ac458acfd4538e89376d5ed35bd369c1a8709deaafbc84864f5b550d90b41667986ea085a8cf077a6c83ee27d080bd5a0a4066121cd73391a70a54

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\wu.log

MD5 557301a530e661b1ef41f6e911b27ddb
SHA1 fa9706bfb16bd329562e15962853678e4057ddaf
SHA256 d04db39ffb518e3c037d1e36de318a23814a7d989bb205c3a1ab8c821922afa1
SHA512 b2ea5521083d8a0437bb9ab6b9ae037f1d5d836d1b68cd2887a2952c788464c1dcfb6dcefaebb4ba0fd144fb9c3ae7fd5eece5bda7ea8f29cc71c921200a2b63

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\dbs.ini

MD5 f80d87797cc79d84b56d0cf0a171dae6
SHA1 1ac7ee9db795cd0c0e6bd00df404c2f41966bbcb
SHA256 20a5a25f74b037b6e3a2966b288320350fce210eee20c56a345c91ddce8b6d9d
SHA512 24ef830e306d51909dfcbc5e98c9b39259dae216709e1ed768e15802246802e059e98f99a2abaed6ce1af7903104632dfae4157c4bc395eaf6796234b96847fc

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\dbs.zip

MD5 ebf46c652ff1b68e82145e8503bb47ec
SHA1 899a6f2e7a726f6e005ed0363fc3917c2934e542
SHA256 355c191b0c49d592dd409cda1bcffa59cb430b7cdd01f7df948374da0303806d
SHA512 4b65ab9da76eea9d0a7c971c661bd1dbc2a877c52debdb43dbc40c3da77e97c56e051ed88115bb36216bb30e674e57c1ae7401753fa9920a3d53053a84b33db0

C:\Users\Admin\Downloads\Unhackme 16-20240603T151242Z-001\Unhackme 16\dbs.db

MD5 c6470c526b746c0bc54d9b371253ecc0
SHA1 f7f0bf326ecaa10c00b2a75fc76be3c4d48e7019
SHA256 d7e649254ed693f3028b2e4d87e4e9537eac12b4a50ff4c66edf209797ba3812
SHA512 917d5a9749e82a19ec49f3c6d8f82add49300b2da1a81533a8ff757163b7e5ec691814044330344699af8d0d45962d2c2134638ac2f302dbfc191e181ee85705

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 cfe3fe6e96beb3decd43168049ae4adc
SHA1 3bbc22d5ef2a11cf3ad68f5a7e7a1864839b0676
SHA256 05834d41f632f6cf2b83870a3a203241bcd56c64fe7d2ef62844ead7190cdab4
SHA512 ff7cde247aa29353c810ff0e3656598e536bf09d8ce1315d0ea11de4746eb5e1f7b498bcb0d91565be5801f1b3df5aab4f6a2e0397adb5d9a86f900a16e64c0a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 ff4cad1ce0a546896db55fd18f165080
SHA1 1e279c90f4222de3d2826e7ae0e130f7f137559b
SHA256 ed144c143bb46174cf3068ed508c9146b4a03c38d2575f5978ada171f2673e90
SHA512 04cac1312f0b52218fbc30252b139e57ca84239cd19182916941b84346777a4264e2ba3640614d451acb049725a96ecb7de8190964f69d73aa38174081d011a4

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 0d27056d244d3296e940bab59de3ee01
SHA1 174a54b368347c2b312f6eb2cfaa9d1bd03903f9
SHA256 1fac57936598a9eff5067ce645441ccf9dbcf7a374e91d45c91c1c174d9471ee
SHA512 7ea497fdd411a6dd7edc5fab4875a1a8eb6b9809c266ebc67581f7f737cbdcd045f4356f5020d4eb30c9f37bb57665331b9479ba4fc7fd849f38f5def94030d4

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 16270d7df5f5dee43ca22fe72dd26310
SHA1 77d9f3962934d6ffc027cbaed699615234bcd72d
SHA256 4beb468d338cdac481e3767e33abe9649b51f5c327dc1f72dbcb1b1ea1cd917b
SHA512 02750cc6e01597621f7a3c728edf5750390cbb5b53319aaa48257ca20cc1818aaa2b509e66074f846abc759f4f4c6ad364e0283322f521d8f5ae75a06f9ec51a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 c609ea058d5822b8ec20f9f4b47a508d
SHA1 17bcf99721dfaf218ac3613a621d4510a7d7c416
SHA256 f3b403b0e8ba512d20ef9705f70b1b12bcfe3d8326c2cff812bbacc2441ae727
SHA512 3cba8606fb5de1b9ce41d9515dd4b8b5bb1b9b30e769816b52ba78d1fd93b4435a00ea26047f26674ed625de54b779f07c9758638867086df1060ed29fee54e9

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 1e8e224dccf0d6f0d1d30e98e16ab7c4
SHA1 ddbbb092d5fb280d9920f83348165373426a862c
SHA256 d4d51beb11899ced2d15a299644db0a16a9601e6848a03c0205d7c2364fcc146
SHA512 773868ed333bdc5fa0e8a566dc97b8df9511b16c3f6636cd717ebe294b13c3aabdc372d23ae262aa006d7d2b29679efcc39b6c3a300c4affb033494ddf2ae89b

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 e4dcd8c0ee45bcea38f4269701770587
SHA1 bb07cf8cbd0fe8e87bedb1770a50ad49f6650b27
SHA256 5595470e50df3e0f25724aa109cc4c58669863a74137de6abeb1e10294275052
SHA512 26ec18321e0486d668469fd5996fe2e44d954c036c7e422284cecdaca1fd302afcef5d13a1ea42d6651d5c8cdb955ca47f5497956a8ac4b1d1e336132b0ebc38

C:\Users\Admin\AppData\Local\UnHackMe\rr2log.txt

MD5 da13a77c98052f9b109b5c31710b0896
SHA1 c56060adc35637e4f0ae7880dd8cf4831f2b0d10
SHA256 16ad28782552f83e8d24a52ef288d4ff13c2cc974e206f885ce1bef976effa1d
SHA512 0174073a63fe9821b1b5195974d1403059d17df4e4da30c5500b746435ef5b75d63e7b0ecbc0fe9a56640e24152ade54503f38d92a3fd049fdd8056a841cb156

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 f396e3fdb0977efc4e0d2f0e551d2840
SHA1 66a3fce837192c80712774b8d59050a6725c8d31
SHA256 35a09343fb7e08c727fd9e436dd62b0ce31d6a1382e7932859d4847b5aeebe21
SHA512 7d4afa0e6c93b4480c01e40bdc490a3578038fd6e58120ab05d033e2f8c51140776e7035a7fc2a40236e870751f2e1d3a8b6be3536d7a44e1780071bf8c9edbb

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 4cb5eb366e9a8997d75203bdceb27073
SHA1 6c8dbb5491cdd4d39a1f04d07afd196f2264fa33
SHA256 7929991e2b3bd43aaadd77639ef92f64df15887d1d57c831bac0ad0f0e8833c9
SHA512 dd4295ce57c1dcc4d8c076a512e32b94a7f79c955039738e2a5a2e45a5b1d3011d788c07ea34c43052087bcf18423d594cc2ecc46993f376af5a99656b173e51

memory/1352-6355-0x0000021FC7830000-0x0000021FC79F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 fa5222e9ed3065841af7547c637bf49d
SHA1 0290a980cd2f2303b6cbf54ee31f07a2d431f642
SHA256 c16c69008ce31617c3d51dcfae6868eea963f150cf515c67ce6ddf0b6d19eab8
SHA512 68c94b0aefcef7bfca449ced8c18fc95cfbd380bd5cdbc964d7c257f80b444062c957d01ed508b2d969ac5d212d4afa4db11f9021e814bf3aab5740668ae1dc8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 7f3879af2a5f946df4bb563991877b4a
SHA1 e9f8e3146b449b61551ce6938784ed47bfec651c
SHA256 6d807d5b652d68dbbdcfee9922d2435bdf5207b1437669f5dee492afff816b62
SHA512 de509fe374cbe473ac3901da27687c85fbf93b9583cfe1fdd3dfe93a053cb0f402b095c3a0a130821a64377a4aa182a1a8a5814f1060d589a7144ed4e018d723

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 cc2b7fed62270dd215f9f1e009129bdc
SHA1 36cabb501ce09f6797b16c88d5206ce719295a2e
SHA256 27eb8e5567c5c7bc371af08847ffeec1d5ebe62cb40ad9721219da8091639b30
SHA512 b9888b7b6496e39ee81472b33e7d4dda4702f9a5c0ea321350975b976182dc4cda48d9d41958a6ee4109d5e7a2efd69fce98700f0a90ed7b647bbb395e652b21

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 bc239c586e6c0775dc5ea8f02a34f620
SHA1 a5476a97559791d3081717b560eac15cd73cdb29
SHA256 35253ec1451d387591f218cd8c8b3ef8a0a2809f23407ca34350610c7da433bf
SHA512 43a8415aa0d4f785c899b5e2e093f056e771048ba744b09481e03667f92a0fd399971322e2e2f4ba3e6827a2ef357794afe10029d395ad349c88ba9cdec2e15a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 e681271661be8f76704c9a394cf36d38
SHA1 f0e2de69b8126aad3ad656a660d393ab982b2439
SHA256 5240fd2a858b1edf2f9cfcb91f8447769b4a103018ca3f3005a6c6d3989a8c10
SHA512 70beffcb1056d9d94d5625ba4a5e6bd619cf6bde81985dc402d3468989506114013fa71b0ccb9f10b155850b2a7de9f500fa963fd209a3d11737a2d64c79e459

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 e1bc3384e389df2e2e94d70113c4363d
SHA1 90442e4a08951885eed1ea59b6518adefa7c1352
SHA256 253408bab8efdb9d42f71b311230b1d109ef01886189fd4c7cfa810c6a320fa6
SHA512 79cb4e630ccd3d2dbdb058e8a747b08ee40d775ac16e9b1c448de9a02fc8748fb92991388d5a24e56455083e3c4e3390c01f538c7d834c9f3997951ba482de7e

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 567de0be79dd38250e18e926cbe5cd12
SHA1 c09e4f2926b6b24ae069484ae636f87f234992fb
SHA256 1fed6306f38a320aee53814b4827f7fc2f845e333a9ade712d7d2ba3a79450af
SHA512 6a1b55d1013b891c1f774ba08111cdb60538b425d2f2e04a60667de1f13e91ef0d36cb1ff89c7f3df97777e6f2bc66306ef2045f67f369abdb19d162b56b5cf2

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 cc948e3f3413ce04c31f2f3c20118c50
SHA1 c7dac478aa93993ff8839a6eaae3f1d88fdccdbf
SHA256 461e90566bb97833ddc6c0f434c478c983c86c090aded3cc99bef3853d8aee91
SHA512 6dc5545124ac75e862500ffda27e9292ac5552f21bd9e2d803acf082b86d061514d725615489cfc31e7cd15d8d6c2821b3af88f21b806f4b9d998d4237edec71

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 6a4859776a194e3639c82349bff6cee3
SHA1 80d0d4a07456c942808b1fbb0cc7b74f0ab572f3
SHA256 874bf5e5c211c6a09261cceff51ef91c8ba9c39b4da7fe5f60bdf1395489701f
SHA512 034cd5a190d9a3a4bb4e973678b1711a876c6427bb1f97c673f513236d2e7a0e099dd1c6836993bc9bba062885437ce726fb517defb9a646165f720fef04bacd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 4a63a94c988ae47f734f6c896ad80b78
SHA1 1d632c8976424078040b08350c512934b0485ebf
SHA256 5399f2f081a60bcf02d18273bab480f39278cd19587584637912d1d2b915cdfa
SHA512 c9ee1ec7d4914cff3011498c028f09db3bf880c6849bc13254e87d9e05da3008fc05a19d617ecee60a0ab299ac42b9f59665f04245f276e0d32d366eb8712ecf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 7cac631524efb4686437c2f19e6c3ca3
SHA1 0b8c671da56a0cb1cdf54268e2cd468b2b72847d
SHA256 29aff0b9e6ca3dede62dc6e99faa76fed085a6ba09e562f56147a84057a9bce9
SHA512 3cb7816375f6ab0d4a27d45f9155269a178cf1332fd2bd6eba4eb076557908986d37bd8b9e65c1556da33c71ae585d2d0af80bc1df3090b309411a6b99ac97c1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 92277970c24f1f29269d6f04f278cd6f
SHA1 ad30f792b01679ed71b7285f17ea65dbd387a1a2
SHA256 f7a583e5fe48533d397683b97be4b3a3e61ed911a1206f6089649ad7608a0501
SHA512 ecf5d8b02052eadfeb899e1e236f41ae7ac0766b0484d2bf48c22183bab1809a142543a4dbb95c18614ceb3f7ccd43f56bef328f784712edc32a15d5dd163431

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\A217C683499597E218CA6DEC9D2F0CDB.ico

MD5 09a4fceb45042104c106c72eddd31509
SHA1 2179e7925b4c79a3a202ac829d08192f946d5384
SHA256 ef03c05005a229a1ae3af029d807337d1459a1cb82e668b11aecd349ecd09460
SHA512 e7bc8f497bd327066aeef4ce8764860921a2380ad1e1066d024ca34e91d9853d14f6202a975528171db7a1088a3fe21de6106f5584e979fc07caec482b4d3f43

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 cb420def51c1afa1ee86ea10a92debab
SHA1 9638258c65ddf330aedd945f56b1a9acdd761d21
SHA256 62dd5f314279ffff9b2fb5ddf3f72013cf62140321fa65e09e297e8d27529459
SHA512 2085095624e9892727ac34ddf2ca0c5e7d80ab81324abd26ca0596c25fab10dd74ff11bcbcc390468d73c444a9d507f2ff93b58c2319bc8aadf207b1ed8e1ca0

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 f40d3bb1fcd8ccdd303dc37fce598a3d
SHA1 e9bcb4e2af51db08e4d5092c7fa7fe29a41566e8
SHA256 c7efa0c12328be0363beb5cdebcfdbf990ceb6cb7263487ff83675b063a1a771
SHA512 98262390649682fa7a8d2cceadff28fff48cd93d4eee9aa748e4f16ec771397340dce709dcacf489d54211b677bb320edd966810f2f81e6686a9a2fbb0265820

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0021f64a52583bcdbfbe056359d2cf0a
SHA1 87622931823ac1d7cfaeedd40b2beea0c76f27df
SHA256 8ae21effc0bf3bf19bdad17c75e5ca49652615df87b55f9b243e7f08c02b7798
SHA512 fbf684c17614480d425b9137d07754e60ceed63d8e3f9f86dd2ff12f517ca2f9c244ea0a0bb734cb4dc5d0a8c3e4d57dc6919361dae9c62897118c5aacd57420

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 8002443e704ab2165391ed2db36a908c
SHA1 e007b7b04357f406abc3f59d2d65c83885c2b6c1
SHA256 749a55ea150cdf3c306b1d16c5a9929d1fedc1f7ccebdd4bf9ea1374d20f7a93
SHA512 d43db9f57489d560d6d7ea077781d58c738b151d8aa33234c010c28807989c65f2ef9208089bf4b70565aed8afe9e97638e93106bb88bed8f21f83349327d996

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 4ebae7f338a4d348ec1b6bc73c879adc
SHA1 27005edfde2988b07ca2a7af826361b4eb1aa723
SHA256 01b2e7cc8969adc7158a3ebcdfe3c64ee724d0b58d6c339f16beb515e944beb2
SHA512 19ffbd4023930263e9fb890ea1ba59ad5cf7a519fce6d638663a85dc566a2b81e1116b3545d162f1a76e41f1c0c122e232269421b1bed71d27418bf1aab5bbb5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 e91ca6a91e3adc69e2741b59f783b9e5
SHA1 ea661eb6e414bb9427ca9a342f978478103468d0
SHA256 46b8f6ca0bd1aef2f9969a1d30e944364aa3b1fc9e43d70c76b68773c03da6a3
SHA512 c9c7721f09e62cf2df507aec3bc1727b657089c4c6c6439b56ae6840f6fc14b9ccb039bbb0bb7bbac17e6269460d05021f9981abef24e9125d1ff880d3335e4a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 10593008cccd2f2cff4a94d7da18154e
SHA1 44289ae8d6d5ceeede7bd0ca6f0e7f521555fdc5
SHA256 923f91253aba7c6b20e9974f759681696ab62280c79114b1d0519b66fcd31c26
SHA512 c157573ed2fff95d55b3db63457d61386ce2bf7a29c26241c3a260ee91fc3c2c6ce9ad7de717762a33d06c45e9c916b1b8eab4184736961a8e5d2cbeb8dd2d2c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 192487dfbcfd558c41b97a3c0f8e515e
SHA1 5836c40e3abf5dfbc0e2cb99c38dfbed6f9b1c03
SHA256 a4d5d5878542e720602c25a364bd2c34a8ea906af89c65af0f30773ffa850325
SHA512 4c11ab322011380e4e99d48e17aa5c2db8397dd26cb025dbdbbe890c625f0bd326ac43be515bb13c38c543694d65d93b1f53a6e312e628fbd51d2225fcba4c0e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0143d0cef1935350d65245d4adf590ab
SHA1 d9c8147885656ba6217e9a612d4cb02a4ef85078
SHA256 c5d2bcabca86a9fe96a4f801299524f628d9807e2065153114d3190c93e6aca1
SHA512 8d5e6c0462e73a139b9399f0e44254b5750d1014ccb04faf4b93742fcce16bf750f056b81ab413fd725ad23d865c8d424ff4df362805e0c19a2212f376e60dde

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\Microsoft.VC90.CRT\README_ENU.txt

MD5 a14f24c16fe9cb910dbd2aea9e14dc32
SHA1 b682064e84334beee3049975e0581a26e05cd4a2
SHA256 89f4a0ff447b833ac81e59c5c653d303377c4264060305808f6ff7f674070fa3
SHA512 eaca2b45801932daf2eb746df4e529f737d961628b578cd759d4074bf3b78a69da25dc9902519da458231ea871910ed6d22123468ebd90c77ce74a8afac84140

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EntityFramework.xml

MD5 a4cd6107b5949af9dbefceb181d32261
SHA1 ac293ccd971b946ebef5ca14dadebef727e363a9
SHA256 71106ae99d2b0a98c3d1a73d5a557edf06f149ef679d63de12a1d852cb71b2c4
SHA512 3a65b8195ef7eebe561096b1d2e657ac25122e60f9a1d13051bd2593cc2044aedf84bd133b48169f4561e7cdc485d44a7c17763c8776a9d71ed765efe16fb055

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EntityFramework.SqlServerCompact.xml

MD5 7722c2ee048ced26b956b97570a5e6d3
SHA1 34984befdb6de139af927abe9a10a47af29edccb
SHA256 2c54b1a0e04c55a6152900cc2a5128a108619c7c4f7beb0c10d0e509da4ee7e7
SHA512 805b5aab3e27a894cf9fedfc09b30f756dac431a6ae9c42ce3b673d6e7261fe4f94812c49e98f5f4f827fa1187d3302ecd988494dcaece930e5da87c6789235d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EntityFramework.SqlServer.xml

MD5 24202fc18d310d70304865679523e122
SHA1 f3577795f8f17edf8435bf6aed553f06968f36e3
SHA256 772985d6b7588cf78af0865ba64583e4659982870b01ca909e4a11f4e64c5c58
SHA512 dc2c5241bddb9d7965c9b6030ae01a8012279d0f8749f452abc213ea02c4772242b64eefa5f780ebc668560759db631fcd9ae149e530d06d0a5e076e995d9db3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Reporting.xml

MD5 b3393a5827609ba8883d5a0737e5c589
SHA1 e6b5cdf179da9d35ffe4eb48c1ee39da8fca6820
SHA256 c8800509bfe780bf580d113bdcd732ac8a48074728dda1cd4750548ddd75608d
SHA512 91796d977966305315f10aa7966415abe10f6b790694cdada4eab2f6284eb8b88ffcedc94087ce2f8f28749647589d891ae01ab4b8b3bee29e34dd5167ca2624

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Extractor.pdb

MD5 511e3d6bff347f0c7aa6142ee17735df
SHA1 ddb48c8ce7b224b5b37d14ab9c05e55852422544
SHA256 29d8c2a58937b1d41c399986e07903def9ee055cb47ce339dbd8d3a41fe94e33
SHA512 d101ff7eb801c441d072db76d885e1391ce4a2b0c772d198d0bf0f9d29b90d0d20e3ed96ecf6817fd10c220119f136274a5de4204bfd4ef0afee47c5c9b698a0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.DAL.pdb

MD5 b86b34fccd8f76d9499d028a50b39a12
SHA1 178212edd37c24bf362cdab2ec2943d0eb84908c
SHA256 374a6764d3ebcc41dc893bdf7b36ca46ba9fcd8187169174d70a9d5952bdbbb3
SHA512 76b91bf8b033b695997d63ab5fb6aa301663dcecb2bc8fa1e3a5452e2830409953e63f077521fdc5a5e19ee85e88bec9f2d7670e48803ed87f88ab8928fa519a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.COT.Login.pdb

MD5 7d8e60e2323bedcb37c4720ef38dc802
SHA1 b4df4ef9c6204fc1635e5b737e28a38b841c94cb
SHA256 df181e16b380b8213684ef0745942304b806b2a896035c754efe3a990f9bf24d
SHA512 fa08e700f510c103774956f91b21d241972d28e38557d9d90a1862ce55f4026539029d60aff550c4ef9621f025a01c13d5a9ff04c29d5c8e192ad94416f7180f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Newtonsoft.Json.xml

MD5 bd7c6ace526a1d8ee7ea0b90eefb87bd
SHA1 c6a17d9b2588bc9d3b40ca0b1687c5c94678b8a1
SHA256 919f7b81315558c1c102fae1b6c21363708c3ecedc0a9007f8a25c97bad73c9c
SHA512 ed67b7995a8a3c8d3fb04c8d722b8640e676afa9dc8a15a3d1182a766480689da62b024abb58e4feae484578fde165ae3d303749837f84244ce411eba1e607cd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\buildScript.bat

MD5 f25771c5a6f4b8507abf636cbf91067b
SHA1 6a21c7cb3d54daea9215d240c0fc20c09f4e3021
SHA256 398cb84d4db969cb28220842c20d5ed55bb4c574a4de26f8ab4ce34abe801948
SHA512 b1d01d9ac178d49af59643b0dbc9f9a794b0bf2c889a106e5fbac5f858b1dec1f5aeb982fe4083aaa5dbf4cba503051fb6d2c855c2b5cc72528ccd42c025ef0c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

MD5 a806c2a878ebcaa97f095e204ad23527
SHA1 83eb34d7ced2b9dc71dbb849aa21ea78ec45a78c
SHA256 6b737568e1a12ab56ea091427b691b0fb5391997ebbdc4353c4abdd2786e110b
SHA512 52149492ed4ff37115cb8d16203be2419b692074824ede86647cbc1b9caa46d23e04c9c9d8979e512ee09933d46f69b7b384678e05b74abedb81bb9ab6917263

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

MD5 53213fc8c2cb0d6f77ca6cbd40fff22c
SHA1 d8ba81ed6586825835b76e9d566077466ee41a85
SHA256 03d0776812368478ce60e8160ec3c6938782db1832f5cb53b7842e5840f9dbc5
SHA512 e3ced32a2eabfd0028ec16e62687573d86c0112b2b1d965f1f9d0bb5557cef5fdf5233e87fe73be621a52affe4ce53bedf958558aa899646fa390f4541cf11eb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Extractor.exe.config

MD5 a9e07cc45416dbff9943056f01d1e5ec
SHA1 ba72bebe100a5626a31fb01ff52efd8d56d90f3d
SHA256 a3beb5b22c38e768622c7156d428733bc4ac6434a711fb4dc792f2b90a016446
SHA512 2c4746d3f09574625d36db73eaa346d452907a73ec2d574a2386e920ef2b26e1ed7d24583d53fcbec687624f0dc8a0c7fd6fb8691bf46a985e6328d747cc4ded

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.DAL.dll.config

MD5 d1985e3dbab7e9054ea42c328d8918d9
SHA1 222fadb53a15be77a8ff23de4183b36b9b78be2f
SHA256 1061ed6e8c6884e7b5c76dcf29a6066abce04bcc09cc72e3e50b8dc731faed8b
SHA512 df8bedc359835dafa1c09f2fb6e6e07e4704d5b72a453951f603f6024f7deadaae4c6e00058602cc78fbe0758fd321790f4c1d2a8e42fa814fea01ab16985b3b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Core.dll.config

MD5 37087dce345d62e8d5abd1523aa5de88
SHA1 6dc76c43bc356103c181d0c8d50982789302436e
SHA256 e6036d748d44973566311eba833032d0b3ec1a44d1e59d3a495c99f33305ba61
SHA512 e0d8b5b4f72cfc3c5fe2eba389f52fa6f09be36b06d046010260eb2c2d253cd1b83194cc2ebd15fd229e680ac325a3e444588bc0bed495c030f012898e3d0425

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Extractor.exe

MD5 117aeb87a2fbbcab6d1d7a300548c464
SHA1 2536d1e69c0a8b18151852d0fcf1285044970127
SHA256 48dfd3888d4c6c9f7bc9ebf73ed86f9c5b08c65568dc0b38526e7aaea3e8841a
SHA512 0373ad92cb995fc8ecd924451bd846b12a67d168ac9a8ec7eec8176f5674ddddf82fc4bb8f8f275e2058f3e24b52af969dd2eac8b9a66263ba3eb8c190468e04

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdapt86.exe

MD5 b1cefaa4a55b73e0bcc5be8d408ffda2
SHA1 24969110a7d157807e3c88add049ac5a2f9773fa
SHA256 6cac0e48787466f544d89ad916d147b90a02bff531f28bba25815b9fa6145786
SHA512 e871cbb13602dc55bf4b0d2a0273505e7c27a36997177230182416b291e5eb9bf0f40352f1127f4132723995aa4f7b95231dba44a536b1a04f53b64011d89c32

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Common.dll.config

MD5 87ce7c2cd621a9e6afbe3fa17afd939b
SHA1 6beb13a09ad4f352321a563995bd3530204148c4
SHA256 3f45928db6057c3985ffc3223e3a5b3c01d3cd1ea574094a7cbe9052c9f825c3
SHA512 c526aee4b3b760ace39a14f2e39361009ac809bee1cf1470537763a41566d09ecc6d67c56e3e286651f9ba3a9ccd9a71dfb0fa34ff6703a3307fe56b68f70b90

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Valkyrie.WebApiProvider.pdb

MD5 791531f7fe4b424ae50d871aa456a6b7
SHA1 2921d9f5630703d4df5557948ef46f1823946156
SHA256 56a1d75ac5557ccc1d12294dc75dae7cd12193bdea8e21f972673cf01d23f907
SHA512 1b51bd31ce96ce3328ed3710299ac38ba8f502173032e9ed48674cb2a54b4a5d9aef701218b8131e0ef1e65d3a6b11e69d20390286d551932fc03f82e16864df

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Reporting.pdb

MD5 0621be69509255799b5c375a45565109
SHA1 0feb8b70a0e7720c13daabeeb3aa54d57498759a
SHA256 56c036083dd4b94fa5ed81b5ca233101b05b0621d47bf131563b3fe7b984d57f
SHA512 15be7ecee1a790c8d97097edceb6c8540c05846dde13cd03016dfcc7a677211f360de230433d30e5f2cb5380e9592982fb43c73d4d14bd86178b1403d2986638

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\sqlcecompact40.dll

MD5 f17cd1165921937eb5ae4f0814c7b5f6
SHA1 65546a12f3819b4a1d3000aa5c1ae3fb28c2ccde
SHA256 6b67f5d6633bc2a1f19f7b4debcefa6fca3773803098f5bb2a47cedf86fe9bce
SHA512 c1d8455a1e68bbe15e2dff7429fc021df0716bc36ea978987eadc83ecf61f31e8b8804db4d43e20dbe48da0575f3ba1448d135a152dfe56bdfed156b439c0c79

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\sqlceqp40.dll

MD5 fc5791c1e3b7b78ca6eb69f2a9af713a
SHA1 17d3465759311299308139fab0a201cfbbf1b616
SHA256 e1651f6823a71a361dbfa782186570c1dd6817f1bab28463f8e769af5b7eec40
SHA512 f0da025e4d675ae5ebd05f2272cfe9cd8a1813407314ec6307a28c20420424741e2ec2587fb38ec933aceee1c2bc7af0ef7d4e404e9d63197c6c4d2328c04537

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\sqlceme40.dll

MD5 52aa877f046ca5ba70fd0cd2b4d2b9ea
SHA1 8ba6af731bb41f93adea4d369b0e0fcc9cbc3cea
SHA256 d732dd087ca8d1b06f12886dc1817bb4b6dde5ccbfe1c80e2b6ca2380ee1bd86
SHA512 f6677de8105832692cfdb33a52ab2847e44c83b6bfaaaa8d7ef671618807fc047be4eb87577165d156da55d8121e2bf9523751eed1de02d8892343a33adfae5c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\sqlceer40EN.dll

MD5 52111aa73b19336b45e13619b722da68
SHA1 174ca2f9dd358c5ca409af70d1d92b3854594f01
SHA256 77f877bc71c0cb48845d9df22ea7d3abc06b52956bd352ac35aba3f89c5fefe7
SHA512 dd6b4461add43cbaaf2b5eb779d5bf210a65ec4f5097e1d809cda5fa77401450dd83053b5e9ed9f8a98a5faff1a4bf625dab782558a0c1f0ab36401b426da461

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\sqlcese40.dll

MD5 969057d94759d19a07aa8bbb2aba1740
SHA1 e16e42c24c732da8657239f5e69ac357710301cd
SHA256 f5557c96b52f8c0f1d374c12bb62981bd8342f224e56ae8688a419731c374173
SHA512 20c75664c449e2b8e7f2e4b890a0e2b3913920bfb380b093b96a5df336f9d40c0e138bc95021b65d9e77bfe1b7ee2bb35719c44d013dd7990b7a14a9098b8d3d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\sqlcecompact40.dll

MD5 399f220514cb4165788cb97daedfb0ca
SHA1 2c8334674de0ea6faa848ff535d169ecc14fa55f
SHA256 0a18c87437cf7e17d99f2320e39441e769094151375ecc02fb149ec3cdcb90ed
SHA512 78e36f1cbc63cc33881102844d73b5af12c79ca1f2c222427c9c907fe05da909d3b5215b6c2590f957fe065c1c280a2cf037037b9218ba218329fafb639636f6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\sqlceca40.dll

MD5 659c0b5b0ced4bdd4a85ecbff154c7a8
SHA1 09762a5478a2bc30deed9564f7f07bd9657cf0ef
SHA256 574016cfe70009ae69bb959a510fa2a7607807f04cf9e3d7d940a72b172b5e0b
SHA512 92d9bb08ef151ef82b878041a99d57fa48df449c635bb608bdf3d30239ed541d520df127f6dc7a3a18b9f82a69249e8243ead9a355cf5b62fa91aa42ed84dac5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\sqlceca40.dll

MD5 d7176e6944c2c4404af8a7ab35d9c93a
SHA1 66d6c7f67098212fd5ba33e516a3dc9e6fe1730e
SHA256 fc2d651ff0ac080074460a3fd9fdd6088274f0a2131d3970f4b7c882e866e445
SHA512 a15fc9165407d64517d0c8fe43dbcb4e66b9697fe65ae68aa5b6a29f55ddce50e0f4271337c017b93e37c420ac78e2cf0abcf1062ae50dec299567601a18afbf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\Microsoft.VC90.CRT\msvcr90.dll

MD5 7538050656fe5d63cb4b80349dd1cfe3
SHA1 f825c40fee87cc9952a61c8c34e9f6eee8da742d
SHA256 e16bc9b66642151de612ee045c2810ca6146975015bd9679a354567f56da2099
SHA512 843e22630254d222dfd12166c701f6cd1dca4a8dc216c7a8c9c0ab1afc90189cfa8b6499bbc46408008a1d985394eb8a660b1fa1991059a65c09e8d6481a3af8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Reporting.dll

MD5 3f16d24b8df2ad4d03e9515454634aec
SHA1 6ce54fe7188f79b7ab619f44e0ca25681b815d09
SHA256 8ba65871c53ea3f2277585b272ee2628634c0a1f19d06e11792625a4c9f0194f
SHA512 3ae1c4513502eedcaa1341248f5d2c2acd6c2e98671a6cf146e6455d386cb1ce1bc05bf6a3a8405d6eb83816e3af9c617856f6863d56e4b10075a56d5738a324

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.Input.dll

MD5 da6ed879f9d59005266a29cb84a52b3a
SHA1 d8497cae764560f15713716879e24f3beab2ba7b
SHA256 17c64f62f05c28fe3520a0237161762436b8efe1d1d7bc5d4fb149b356a61d21
SHA512 24f8e01ec28e91d0b0e45b586db76519cac85e9fc37617474c0b4c0831f65db48fb1114ec646204cf654a0ea6a8ae16dddf361ce0de539c8a55be880b0e7a01c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Zip.dll

MD5 99e54a027f5b438950d9bcd1728c6b0e
SHA1 b04deb4b4e93866972979cbf2e9024460767d442
SHA256 c3f585408a9fa5d2f3b7fdb5ea9c28aba1cfecc2562da01722a7da2aab55bc3c
SHA512 ef82a5be2ec71d69470da37bcd8f88fdd4ed2193e39d10c0b50c6e0548de1fcda12976b1d7ca28307a9dd05af67ab4e8d0c651cc9ba4b09e8c55dd766a1a5ab0

memory/5188-8480-0x000001B6ED9C0000-0x000001B6ED9E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 304fafaa821969c0399ec3ba0b03cc82
SHA1 03341009c68d3ec098ce7858e1a33993a29bb6a0
SHA256 9acb0810898a2617b100b07bfd51da3580227c2b5a4152588b0c4422198e1224
SHA512 1f0d40e474591132f10cfc42b0bfcdbf9565ff2f0553a4db227cc3bda7d9b22c4fd3d4f9ae6db1c139ff3c0761ac5cfa2efb44a0ddaecb413bb0900597b63089

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 37ab08dabe41ce805ce0013b5aa84c36
SHA1 e8c904fcbd2f8dc3b94f761031bb7c50678c0e59
SHA256 9992bed17a8e1366ffbc8ba77bc4280f8cc9e490e7ce676eaac110b6065be7ee
SHA512 fa87dc0f01360098f0e3ec6fd94eb4f2fe937277830980083c06ef9806783d1538a4f9a072c3655c02b0c85ce20411cd998025098830a85d65af87aa8de80892

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 a9fd1ad246f85efff8338ff408a990ec
SHA1 2b5764ca5f498c439ec5c402762288ca57f0de4b
SHA256 405db0211d72c8c43c95ef3886ce843aa38f2e9cef7e151973f1db3f99e4d5b6
SHA512 da3f627f1810fe9cb13b5be3bc30275af6ed8567c093dc92fd7735622084ca5f235c60cc04ad4a013c28f775c4bd2cf12a12534f1616d77446d3395fc3572e57

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 c1bebfec2db8ba53fe47677dbfe3a78b
SHA1 f08cf24ae6d798d9d3b9bba3aef046d5983c83e0
SHA256 50c806fa4d06e3af66842c793d8bd679c1bca8c05b02e4dcb139914f33a5bb84
SHA512 f79ea51f0fa1996b970bc4b76b734965d93f703114dfac543b6e43496ff4b15ad973f97e1af651c0afacfbe41e27307d184e9f9f0a2e3a568dfea4138e2a34b7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 cc497606e0522627c8ce6f18aa31e77c
SHA1 eeb2caaf26cf327b69a8f93d5251054b1b49ac83
SHA256 710e116993479f229f220b21add7a1696ac02303948a7c82e23a5c84cb81fbd7
SHA512 1be2fe659f47de26eca96f57db356e21a37cb124ce2ff3a51e9db8a82efec3775e86f8ed3c69a1c96054614ed76033a60dafa8b7d2dead9693c6b997a98675dc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 07927a30c3dc4b357477d47cb75364d5
SHA1 092bb749623c599c88144fec4639f75539e844da
SHA256 b46d5612dcdfb4750395f0f956f88f338cf294aa9abbe18bb13745a7c84b7c76
SHA512 d4630e4c25ae77bbfd8c75e9f4385ad803bce5296d2021fafad9ac7d10fc952c5f4078bafc91f67c4e7543c902b2c4b0e3e9726051d97bf1f8dbc16849792d60

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 ff2a8c466567643f076f15f5e4b2dbca
SHA1 e85b0fc6c1f7d3966bb64d807ff93a1f2ae6bdc8
SHA256 baa619356afc82944961c94d99dc6a2493a55a9f2f7cb399e3458c57b11dd8cd
SHA512 94834dbcf31f6d7efd45aea0a6a6f69b0902d90521cccd0a0f7dd67dadc5fceb7dd969c23cbfd6316a65b842f57c6be1f50953d8b80944fa2f7a6fcbf283db16

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 8906e51b7696af8afcd810d9940a2196
SHA1 a7b05574550051ea258fc52d2bfdbc4649fed1cc
SHA256 251c99f28270a6c77aa6a52ce8a566598608edabda4ee0591297d6d6efe28c9d
SHA512 1416ca493d6a9053864dd74cd46504b42802e76a5756e81d8e31acf052354626c5777fdf9d64755613a8043acdfe38cb776deea8057cf6cffa53bb0cc788fb11

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 9ee4bb1f01467dd155b000be54675b2a
SHA1 19f02ee114c471a99f9b510e232e74161b85bc15
SHA256 cf83ba103d666fe31f89b39667f3f7b48031df414d1d42a7864b973b83559f48
SHA512 63b9a3f4416d281de83429171d3e1804b67a81b809177dfa8b9be3e1d33697ece627e040edb40f79dad8889bbdd0018f586b7976f79a4f068d73b2df092e6d53

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 2e5e6d6f115d7af70860ca4bc48cef47
SHA1 652bdff16f6878010f4ec3c6947f65d5c4d1cceb
SHA256 d4c96ba57a4e97c71a1dbc26d3f9c6a06743bce32c1c0c695769b27027648e70
SHA512 d7d8536cb501a7a3d807047801e557705171ebc45380c0da33cc4e1c12522c249a4b98669eaecd56017aede28410535a5fa8cb3f8c78f185877e3858eb40ba91

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 66808d2a8a013d5de4bc2bb25fdd5acd
SHA1 2ac1f5c02cae2d9daaed36150509d11332b11739
SHA256 ae514c2ecaed37725ca92389c129aa0066c74afae7bd68df419c3d5252b265ed
SHA512 3ced58ec422348ecd9322d9a56e25070dcaacc06dad81ce0a8b5de46765080f7daa1b94ea317c391581d40bbf8b07853fa91219929a9177304af994924bed1bf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 53c3d4a5eeb6d6f169f300dec2142861
SHA1 b04e73d7fc77cf51c447b32d42fc1cfdfcdb8637
SHA256 9f52ec65322d1c6e3074ed0ee527e623e9c0db90e2ad6f0260f1cba5874fc64c
SHA512 085a771a66995b027756d8f45bbd2754ee0b309cd869028e97f519485eda7d999848b28ce6cd0e9cffdd81a820ab4fd5391ef888867c676a63741497138c1908

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 35a8f7406188a8f5cb584c1dd0043b4a
SHA1 7a0b4415403cfe8b738560b85521ce19ef56d80e
SHA256 22e8831420b128c9a8491bdf36a3c2c6d7bfe8e457c38bfd9b0802db6d9bb4be
SHA512 e848f38743c98046c7205986283b849aa161df4b79add7696408d73fef61f580dcca5b57a776525925d66b05ae2c1a211c9e4e0ecd9ad34756ec7d15b43d081b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Documents.Fixed.dll

MD5 aadfccaee394be81d28bd3096ecc585a
SHA1 66c7edd13df3129e4d188a8acdd1cf29cdefccbb
SHA256 00ac3169284891a885c352c05d54dc8e3b422002fec32874b352d6ef3f5facb5
SHA512 e0ac3db823a3b3176ab0180fe93f79518cdc30693d7be6b29244783efec4c59b3ec02122ae08a37dd1b22655ded0a41627720f26d0ab9b7840f3c9b02e941fe2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\tvl.txt

MD5 94e5c1970e3503f5faff2c2ceb1825c3
SHA1 5a8b973e199baf00ebaf7365b6fe2a8b9ff5857f
SHA256 1705cd90edcc3cce89d4a6508a249ae782380dbd1fae3b1082855bdb76bb2da9
SHA512 96d5e652a6626f3ee040c921ff8c1f2cf445fecba0ff1c1271fec62e546de5d01837f238f7b75cb39b7dbe3282314474eb0b2758ddd1a24908045fc4c675bb86

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Documents.Core.dll

MD5 7fb64cb114c7f39d886a482b6c1d88ec
SHA1 6f8eb5daf68a1f2b053fdb4d66c84a01f4756fb1
SHA256 781934a7b18b5c94bd4b52f3d44e3a5874dec398f7347672e1c92f1f09591f46
SHA512 f91a82f6ad9e00b865d08182e01f299a28d741c30d94499b3804593974608feca5840dd541e0fc8b813f745622ac73c60ad0d6c718bce0ec1df7642d54463b5b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\trl.txt

MD5 c937ad57d0fd3b0f6511c6b266a23f99
SHA1 493a509fb0d2a091b7a19f31dc3fb53a117cdee6
SHA256 3936fbe3a8b2e118a7b1899460080cbff90111d102f5b441013045156d513f3b
SHA512 02606b4e2730299b38540c95c7665bcbcb46abeb2fa736a93cdd6855b62569a17ee5e769b524b73de71a64bb2d59adcf8ab027edf192cd7d3bbe34edbf234da7