Malware Analysis Report

2024-11-16 13:21

Sample ID 240614-dyfnratclg
Target bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa
SHA256 bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa
Tags
upx evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa

Threat Level: Known bad

The file bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa was found to be: Known bad.

Malicious Activity Summary

upx evasion trojan

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

UPX packed file

Checks whether UAC is enabled

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:24

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:24

Reported

2024-06-14 03:27

Platform

win7-20231129-en

Max time kernel

141s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe = "11001" C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe

"C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 cc-api-data.adobe.io udp
US 8.8.8.8:53 cc-api-data.adobe.io udp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
IE 54.228.247.11:443 cc-api-data.adobe.io tcp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
IE 54.228.247.11:443 cc-api-data.adobe.io tcp
IE 54.228.247.11:443 cc-api-data.adobe.io tcp
IE 54.228.247.11:443 cc-api-data.adobe.io tcp
IE 54.228.247.11:443 cc-api-data.adobe.io tcp
IE 54.228.247.11:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 cc-api-data.adobe.io udp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp

Files

memory/2392-0-0x0000000000130000-0x0000000000B4F000-memory.dmp

memory/2392-14-0x0000000000C40000-0x0000000000C41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{9A3D7D50-A93D-4312-9691-F33E7EEF288C}\index.html

MD5 a28ab17b18ff254173dfeef03245efd0
SHA1 c6ce20924565644601d4e0dd0fba9dde8dea5c77
SHA256 886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375
SHA512 9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

C:\Users\Admin\AppData\Local\Temp\{9A3D7D50-A93D-4312-9691-F33E7EEF288C}\CCDInstaller.js

MD5 4b02242ed1b6281db19b4f60c127cc5d
SHA1 69ea4924a273dbb03f31d3c7d6d2cfd2270cad1c
SHA256 9fbf9ff720e09c16da2066b8bab9879a4c83682f687ebe806c5ea78e1eb9467b
SHA512 dd44025147f63e307636424d80405f14a02ad2cc4ad4f80878537b21df7981f546115348711fff6e13483fe6fb04684c079309af28c8ebf43ef83ffe9b49fc1f

memory/2392-31-0x0000000005980000-0x00000000059A0000-memory.dmp

memory/2392-32-0x0000000005980000-0x00000000059A0000-memory.dmp

memory/2392-34-0x0000000005980000-0x00000000059A0000-memory.dmp

memory/2392-33-0x0000000005980000-0x00000000059A0000-memory.dmp

memory/2392-62-0x0000000000130000-0x0000000000B4F000-memory.dmp

memory/2392-63-0x0000000000C40000-0x0000000000C41000-memory.dmp

memory/2392-64-0x0000000005980000-0x00000000059A0000-memory.dmp

memory/2392-66-0x0000000000130000-0x0000000000B4F000-memory.dmp

memory/2392-67-0x0000000000130000-0x0000000000B4F000-memory.dmp

memory/2392-73-0x0000000000130000-0x0000000000B4F000-memory.dmp

memory/2392-76-0x0000000000130000-0x0000000000B4F000-memory.dmp

memory/2392-77-0x0000000000130000-0x0000000000B4F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:24

Reported

2024-06-14 03:27

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-cy.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-en-gb.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-fr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_2010525872\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_390305934\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-de-1996.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-ml.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-ta.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1700105617\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1307852650\protocols.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1307852650\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-ga.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-hr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1700105617\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-gu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_1531465345\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_2010525872\keys.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-cu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-hy.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_413533959\protocols.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_413533959\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_390305934\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1426161638\crl-set C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-bn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-et.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-or.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-eu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-hi.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-la.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1307852650\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_413533959\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-be.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-da.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-hu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-nb.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-pa.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_2010525872\LICENSE C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1426161638\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-es.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-kn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-und-ethi.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_2010525872\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_390305934\crl-set C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-as.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-bg.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-mn-cyrl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-de-ch-1901.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-te.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_2010525872\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1426161638\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-en-us.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-de-1901.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-mr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-nn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-sl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-pt.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-tk.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1696_1531465345\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe = "11001" C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628090988618459" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\F0BD97B4EC6CD8B71C35631738259CF9F2E54381\Blob = 030000000100000014000000f0bd97b4ec6cd8b71c35631738259cf9f2e543812000000001000000c2050000308205be308203a6a003020102020468512a40300d06092a864886f70d01010d050030818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d33301e170d3138303832303133313834325a170d3235303831383133313834325a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3530820222300d06092a864886f70d01010105000382020f003082020a0282020100cb4b3875558654bf8a751624dc42559ca09eda226d78f582c9b1bec66128aef7bea99ce1b1444ea6aabe9033d9824551ffaf1a01257005978a462cb511e5cdcc44c3c4065f09efe39448cedb169b004da395ba6f4cc79494d9a13c02e4b7471abb273b924b5445b0abe49858c7d10e0989e6462a458c10910d78aa97b4c3baf58f68b2d900bfe001cce3f6a3ff91035048fcb07434825977d2ada2f104436934cb01d9664349bb5b8efbb5b651963b3fe1aea3f66fbe3be54243bc0ba1b14db596131b2ad14b90013131f231691df8f81ec3c1e222bb0e7f1d997e828e3da24dfbe427440f673942a76eb869d8c755d8eb36b3ea62eac77023fa7ad42faa688578c588fe2e91fd779b4b8a2c9c0b89744971d8e772abf25a1432daef6ade8439bff49c0b9f1e1503a27b757003db7719d5a4963e33fba9e0b2c60c4eb8ba20c42413c67fd85102670741b5b8f40170fb0b50a5ff14587d4971c4e37a24e9fedcd7b578e2350fbbd80384aadf3a8b240c63118f5a03f96a4b52d122f3ec6c90820359192a96fcb5a65547d536a5cb40f82c540a7c299ae7930080605219166a39a1d2422ed5ec82bf142ba6982434c22e7905c06d5d3dfdb490d9be1ce08e66654e89560a9dfa9e8ac79a27cddb8422fe03e07baa2617881eecef101461a5a8b195dea08d79efe9c691cce12962664011d7402cb4f5427b5751f029d9949eb8c10203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d0500038202010088a44a311d098cd5afdc1e8a06e3c5d34da7f409121e095e77506b7da47e3f817076ddd66bf54e7b897854d8df312dd2ce2021271ff9d35e82bc7a21b15bf137a40cd6fe705c69bff0778308222611a2070b8403b90d65585c688117d7ea05bb469302d799aef52e3f4c7e02db7145771b54e579870a1ea0d83d49d5a64a8a0674ed2e54e82d323a7c8e16618d41613b31464d49451b2978e5f32e046517a6117a7727b7936afbbe2c53ce83c4b7a91c1f819c9c2a88e386b2df837d2898dc9be51d21bf852aeda6c6763a7bc878583829322917155bb33967d67ff6fd13b551ba3348d228e9c8d4ebe4b64cb45b9f5b391edc4178ab98f0028a9868e8155c261aaef6c6e0d534708d3554673f2aa8d6aa59b82db4d0e7b96ea1b6b1b7394c3a41d5ea04a34ebf2664329b1fc878a79129462b7b407e7ae552487e0a47f7aa8c818b9a4ae3ca41ea115f63511232c0489a2b2168c91f84f878b6314bc0f87de85529339ab06f01d21e4ad0412c11c2e9e9735cfdde44d38e6ff73ae73ef49f7ccf9db83065438e472a95c6a4da2684f20eb7ed06f88c93e412e96f09977773eca48456370ed4ed46af1da1c3728999166d3a2c9b2ba6ce350b9ac21088e2d9030aff854c6d513e00953652fb9cbfb23c105421e9fec0eb4bb99b09079bd02b5161b06950353fb0cea0b195d43f9735a3baa49a7fee8e70ac42b36537d4dce5d3 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A\Blob = 030000000100000014000000d1df7f06b769bccb3f4479041ec1f06e9cd3cb1a2000000001000000bb050000308205b73082039fa003020102020476ca52b2300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333735385a180f32303638303830343137333735385a30818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d3330820222300d06092a864886f70d01010105000382020f003082020a028202010090dfd02a09d0606027f209b0e8ac54274167bc8ed7026103fea0dbe60546f0f9d016f3eee89a044a65e801837f2bc39a6687b4792251c0b8cdb4a2497125bd0f63efaced5e12957871b1ce4da36a652dca8014f7cf199767154de23b66e494a13817e1cec62b3c4960c5b368a7b4d2cd3dfeaf520a059663b32030cc4cab21a58ce7a67107cf6d561bd9becd6dd535ab1f4053b987fd730db3323c88da01b2a8c51fe5151dd8b6361c732ad661b908b72c9b664ef29052098306b9660e94a4e5fa00817e36bf3b970b40e9168369bc8b1b9707c4fb66dbacc26a42a0baeed6b9699979b08e5ddf7e1e9de514ea259ce8f93a5189db41c5cac404f8bdf89ccaaa03ad757ecafc2cb1a8c3aa36a47335588156bdafcd0d151e9cb8da2a7c83cb20771b9969604ebd58fd2d05d27fc761fdab1f483b309c1c40051446623ab963405cf2d36767f8d316a8b07a2d4e26fdeb19a4db45d87be38eb4b470634ddc26a803b35a40d4db2285fe54f329463497beb06fd5ef494ca29f9af0a714641f6006c4b0b94106910cc2182b6073f821b62f9efb0aa586b28cfac4813ffde55e6d182c27c702c3242dc2dc4e5a2a034e9714e1bc998179d1c3f483ad27acf63fcf12bdf1ff59982f42166203ac5cea6cc6c2cca1ee9880a585396c77039df58db2de1103da528a310d37a4bff7d10d7664c209adeab040ce39d50d74a791dc292c890203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d050003820201007b879c959437c3b0276212fa721f93d69b4f933960ce69e2bdc29887c11ff8ec9c194dd627c3a0923d7d91679b208db2698cb690c13b8dcc9cedcf00b720f772d77e249e32b6345e3da4ed44090045f40e2c8d7141dc21bc2a3b198e741af7d1e4e502e3dc627f7e02d25bb7720f74eed59818a5400d05a219e5cf664d215f8806d6b54438482421f937159772c813ec086bbf9571b8f8cdc972f769d0548c0fa9a446a595a7e9df14171ac6015b592a16a2ff00efa85d24ed5e9b2cf1a006c453f828e36f5f97b58b5d502eb4df3c250e7acf5dd6120eec466e74fd5046b759e21eb8873f2ba48c3493a9625689d138526c4b63f8cebdd418ceaa560789200d111fdb49aa784dc1056d34c0ae44f5cb728790a1a39df6c5224f3e7ea57b86e5b6b83dd25116c0a9bb0ff39da7a4b482de405c674167088b2713ba2104685fd348568cfa2c0d6221043cc5d409b83c7cee1259d7d404d48bf5156a441196bdbc0ab6a822d5aee19dbe6f9531615ae64d79080d25ffe3a0316c153cec9fffe28f6d2b42b7cc31ce805edd266c51296e44630361e9fdfac26e5fcaf478d2bd21a8aec8b4fa27197eac1db77801f801b18b40c01a1025e6cdea4fad09a4db1297e21f622825137d75022788f7cc236f69671ee9a3c3f64a21592f585babde90734941b080eff15a3b16fa1f746058d40f7ef058a6468697659eb451764aa77ffdc4 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\906CC149415780CFB79F39E1CF449F87CA6D4D16\Blob = 030000000100000014000000906cc149415780cfb79f39e1cf449f87ca6d4d162000000001000000c2050000308205be308203a6a003020102020426eece61300d06092a864886f70d01010d050030818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d34301e170d3138303832303133323030305a170d3235303831383133323030305a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3630820222300d06092a864886f70d01010105000382020f003082020a0282020100cd7b729e27eacd73568391ebde53f29a02180359eefff6eebb76c4209495db9f95eb9c5af5be1f36aa3638010067c85c324eb3ed319d2a25136075ebbc3b8e1b7cd3344b32a8892625421b1458e9fc5c69e317179e0d9e1d3f762d58fdb72e0d58426c12f0013ea1f42d73c99583e6d046a94e92fc5da7f3e49a1dff7ef684f6dd2453a0e899b2db519689f51c201af98dc515f8f13eb87dc9706172bbee5048ddf965d4763860b2ca9e3889f7090789bf85182625a1a8a274b36a5be260dcf95344d22350bec58e434f1290d40d0af3e1edbf3470a78a30dc397441ede657f4f6d76387361aaf44f227b5b8582dfb65fd06af883c1bedb9784eac964eac7cf9b3d3f4cd7b20de9d258fa2da0a737808e0a39779d05274470ccd92b71ed7c23ad665122a85fabc8e7f3e195b8b45d64ba800c01723fcdd581a735849065b27867f776f632dc29689813c3546dd430aff9a8c1eb089c75f6f98def0501ec8d52b166449dcf34727ff0cea29f6b0acb082f1bd717fbfac38e710236af5819d7daa9a77ad63ee431be9c77463b85195d99e87dee3aa951c3945f5c992f96a3b6fb3d039dc8b7464095e34ac5426416e76952d491bdcfdd609c382311aa54ba8f7b66957361b07a92332aea9db068ab116434b49a9cf5a1d5c8c66a7387339ee4033f8fdf59d39abaa9aa4cf2c55db94110501fb9509f93d78581d4cb0557a0006570203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d050003820201008619f6a0666ccf6eabc89cd5b0f6cd8261d99616588619df4f53f5b51c8d3a3badad24858be5080febecd663ac6e53df6ac444b1d685818154bebc842df86ebda49f1765e23f2327a86d3d571218c6f96f71662099d9b949d794610f077ae6cd3ed2e3aee9b5d656f965c692f99431765261e683daa8ebce1f262bce655a55bff85aac87ed2ed97db044a8636404f43c0f2dfa4c9a40644252f64e779d2d6cb90449c69904a7526a194b681dac31818b00af6785b1f9e1d2e62d855e4c51914b9c6d22ac6e5c83cd13323a5c067cdcc39b70f1e393b13347bdce41861ebf2ff24df58b8c636f6f9a4311274c5272d03b66e25545327bc1ec5f2007d96907cb2c50a67bf1542a09a631890ac406a184823b2abd5752644a5a616997d57b8dc585496faf6431784ef43eb2be1fcb8f1405bd9e7406c4154799e397c9908e7ae5ff6ab3d0c21207808163067ee444e9976db68ed64a39007883124da499cc620af19fead4a604d40b40ff9df973a8971b55ec8736de30600a61c562a7afa773dbf451d1fd4304d059bdbcb060c50ecc4d11ef1afb3d89d019185c2a7b39d986699840501beb9c273bc52dd98b287184c4c7d284bbd25b2056f692144c3988f66702043e6ebf4b2cdd2b946ee4ec1428a758298da469437ce7c1ff6b59d7b35a4c2906bb4514d54d7238467f753edddbcf3102a4b8076193354b77c9ac8369f1b43e C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\BF89E52F8D681360E6B84941BD2F9BC0093309F6 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\CTLs C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\F0BD97B4EC6CD8B71C35631738259CF9F2E54381 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\BF89E52F8D681360E6B84941BD2F9BC0093309F6\Blob = 030000000100000014000000bf89e52f8d681360e6b84941bd2f9bc0093309f62000000001000000bb050000308205b73082039fa0030201020204732d29e8300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333735395a180f32303638303830343137333735395a30818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d3430820222300d06092a864886f70d01010105000382020f003082020a0282020100c5abb3c132dad58917d5d16297afc9c5e022b1be4f882f223d84017d6d1f3f7876ab3b3c788f110ec61fe379a9702ab2998ec6b2e8308fdb5a46610d348e7cd9227ce402f53b2a9345213ee9b0d3142775abe8d383e69273ee31e8cc51e9f66295675150c0e3157c0728d3c86caaeb6dfe909eef2d6f840f15507d7ca5806ed40df2be5d8cb8228b4b346ba751c24eced6b9c9339c45ee07656781442b8d2a17edfe15766f0aa9857a4946cb47ded9ec7f92e90f296c239f2e5301ec06a6dc5dc8be6d145b00989a115a2eab58a0f749190e2c998a61ceac167891884c4894ed1a566377f6fdcc4c0045c94df65e2be0dae2212ef46422e3de99e6da1521880a57512b54c0c76b4d1cd9b796f6bcc9dd6a20e505bf0e4a3e268a2e9cfa5383908edd33f23b3d65ca10b0609d688526fde9dba3dc018e0eed03fcbd9ada0384b058686480f0c619071e482ecbdf587235f51b1188bbcd439f8758bc7d4af861ec39611533ee33e13bff0e906da1ef4442d69faaea5a4aae1e1a8c63532b3dc872e9d21ce802d36952809d38002d730dacc0bcd0bdd788d488bd9318abe329059ad05361098e0ac732e0639de0478b468b82340d23b1d4408138ed8c047be37694177ef9c5e65a2edc1fdb2ecd73c04e4d410b7ec9a12c11d663c3c432060702c2bc7bda4ea59d9a411143a84d6169d1093071e2c4cc5c830fb8b0fff80db73e870203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d05000382020100272f889a5f788763bb583ba95f4c6f86fade551d804b4069f6a28739a4c8a81c853b962de2a84bc86f3de07a283422405d4292192c680dd243697ff4cd83c1f2aed3a3f9ed9e55c8ccc24fd0028c78d466d8b1917557bbdb795d6f9ef8154046a779d8d68c015d08f328f89d4abbddf0bffff26bdfe409b8848da044042c11d9f3a897eadba9e854dacf7d70b04f94cc5ac1dae67ca5d7a0442285b4fb4c5af585a0fcd0cf886d813174b3c270db0bdde7ece0b70fd068baccf567d48f5449575292a0edd7852599e71eaa1eeef5aea019cf2e24ed33e2c91bb2f99479997bd308f3070f467f8bad82981160dbf36464b42f3a489ec00754767363a7936341027b89cd0fdaaab18fe8030c510586058dedf095d441a26e410ab59452bded91b9d81ba7d40f484391b4b9420cb95dade6898ff21f591e85bdf6fded1dd6fd76e40571d1b49bb3e950cf12fab0dc23eab4cb6079592cc75a932e69a073bbb3dfd02b6a5911ab23f099ddca6506750cdf887e188330511d51cb04ece4dca3e6267eff5eb9cff97f23d7a2d80b78b9d486379a4e9db5ecbf1e4cb21da6c961940d316751015db0aa4dd7782a8327989c9ce73910411df92f87716217543aad1010ba5b45a3951b00e8214f0cb098ffc870cac50d57402f80e7571fa971735b8ed0de3636fb05b7eae4d6a97060a2c0da34704268222efe7f343fac6cd7efd77e2ac7 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\SystemCertificates\AdobeCertStore C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\CRLs C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\906CC149415780CFB79F39E1CF449F87CA6D4D16 C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1888 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1888 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1888 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1888 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1696 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 1796 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe

"C:\Users\Admin\AppData\Local\Temp\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1888.4836.16270784622811462434

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1888.4836.13456381168572047550

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x160,0x164,0x168,0x15c,0x138,0x7ff919e64ef8,0x7ff919e64f04,0x7ff919e64f10

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x15c,0x160,0x164,0x13c,0x16c,0x7ff919e64ef8,0x7ff919e64f04,0x7ff919e64f10

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2032,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2028,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2020,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2024,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3624,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3780,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1200,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4692,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1028 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2256,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2112,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4932,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4740,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4820,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4916,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4756,i,5597574510788882714,9366050251368274339,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView" --webview-exe-name=bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe --webview-exe-version=2.13.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4500,i,4601929976867296636,1381465156457542472,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 cdn-ffc.oobesaas.adobe.com udp
US 8.8.8.8:53 client.messaging.adobe.com udp
US 8.8.8.8:53 client.messaging.adobe.com udp
US 18.239.208.37:443 cdn-ffc.oobesaas.adobe.com tcp
US 8.8.8.8:53 lcs-cops.adobe.io udp
US 18.239.208.82:443 client.messaging.adobe.com tcp
US 18.239.208.82:443 client.messaging.adobe.com tcp
IE 54.228.247.11:443 lcs-cops.adobe.io tcp
US 8.8.8.8:53 cc-api-data.adobe.io udp
IE 34.246.54.182:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 37.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 resources.licenses.adobe.com udp
IE 34.246.54.182:443 cc-api-data.adobe.io tcp
US 18.239.211.139:443 resources.licenses.adobe.com tcp
US 8.8.8.8:53 ims-na1.adobelogin.com udp
US 8.8.8.8:53 ims-na1.adobelogin.com udp
US 8.8.8.8:53 ims-na1.adobelogin.com udp
US 172.66.0.163:443 ims-na1.adobelogin.com tcp
US 172.66.0.163:443 ims-na1.adobelogin.com tcp
US 8.8.8.8:53 auth.services.adobe.com udp
US 8.8.8.8:53 auth.services.adobe.com udp
US 8.8.8.8:53 auth.services.adobe.com udp
US 104.18.32.77:443 auth.services.adobe.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 11.247.228.54.in-addr.arpa udp
US 8.8.8.8:53 139.211.239.18.in-addr.arpa udp
US 8.8.8.8:53 182.54.246.34.in-addr.arpa udp
US 8.8.8.8:53 163.0.66.172.in-addr.arpa udp
US 8.8.8.8:53 77.32.18.104.in-addr.arpa udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 use.typekit.net udp
IE 52.16.115.188:443 dpm.demdex.net tcp
US 2.22.144.70:443 use.typekit.net tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 sstats.adobe.com udp
US 8.8.8.8:53 sstats.adobe.com udp
US 8.8.8.8:53 server.messaging.adobe.com udp
US 8.8.8.8:53 server.messaging.adobe.com udp
US 34.193.5.54:443 server.messaging.adobe.com tcp
IE 66.235.152.225:443 sstats.adobe.com tcp
US 2.22.144.70:443 use.typekit.net tcp
US 8.8.4.4:443 dns.google udp
US 18.239.208.32:443 tcp
US 2.22.144.106:443 tcp
US 34.193.5.54:443 server.messaging.adobe.com tcp
US 8.8.8.8:53 188.115.16.52.in-addr.arpa udp
US 8.8.8.8:53 70.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 54.5.193.34.in-addr.arpa udp
US 8.8.8.8:53 32.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 106.144.22.2.in-addr.arpa udp
IE 34.246.54.182:443 cc-api-data.adobe.io tcp
IE 34.246.54.182:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 204.79.197.239:443 tcp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 204.79.197.239:443 tcp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

memory/1888-0-0x0000000000BC0000-0x00000000015DF000-memory.dmp

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Crashpad\settings.dat

MD5 d46e67e932fca202e5518c39a50d60a4
SHA1 3f14b3c39cfd705dabde1344259577b9062ec3aa
SHA256 5af4641d2ff4cf5bd94243276eb6fa8c88e4a48b264aafcd3ce4f989935673cf
SHA512 17970697ffd0f09efe4824763cce9db8de9ad2d4e666bcf3070bf9b4a0e4890e982a053253e5327885fa7bfcffdf315f62f56494519617ae74fb596be7060760

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Crashpad\settings.dat

MD5 291c4fa96273b4c26c675882423fc106
SHA1 ca45a2307181cbf88746f8c9c73ee125ea9d32e7
SHA256 3f7455a54afea3ae148c0998db488b7a92ce27406fa0c196244bebb7142437a3
SHA512 3c4b2971102a7d18129c7da8bf39fa3b7370ff88b144ff08c4ac31ccd45974cbee9e1877f8eee84192ff76f51545b0ffed5661a7f03e95bdb947bc5a453e75b8

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Local State

MD5 a79045acfddad14a23141faf9ab27423
SHA1 355fa3dd4c44c27b109f3ef391c39a36f5e50d73
SHA256 1023d8cf71eaa62403be65dbbca84d4270d072368481f4f681d9caaede84faae
SHA512 4736151e770c281b0f5ddafa7bb08e5c9b441cc02e260e5607e682a8dde0bbe6f915e421bb5f14a4de48fa90f7ed9c0b53d89405bfd7f528f056bba182b9ccbc

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Local State~RFe572e82.TMP

MD5 35f8910c4d3304fee24dae37fec8c7b7
SHA1 d0a36e09ca47780b3a1f7766a6671a77a477cefe
SHA256 d83a601ad129af7860f89a6251ea7cd96a99feeecdf9bb6509b69f69a467d02f
SHA512 7e0d444f33d98689f97afe86e25f0c9a1b953b0c0f2fc83ca4c504b0931a64ea8da5f9607894c8e584a87ce4552e1d3ab7210fdcdb64dbcf2042da0c77593696

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Local State

MD5 0a626f304f6ff21095abcb4398519edd
SHA1 137c597676d162ebf280bf2af3f3fd09d3bde52e
SHA256 18ac19e6270c4001b231cf28bcc8a71fb770a522e3c05cca9442f92b64f7bf33
SHA512 f2588a841f3fa27bed3746f76e4734fd4d6a217ee8b5ee229fe3eda43c8f41c964026386d7697dbc0a120855dcf069a94ace9e379f4f763bdaba15116731eb4d

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Local State~RFe572e82.TMP

MD5 c6f23eac6e25fd4984984370af746ede
SHA1 6256f69bab41ca95080edcf3e145944f3bb95efb
SHA256 5b8da458705c116eb335d3cecd4a22f6f98255ddf2304cfdaac5f67ef41835a7
SHA512 ebb1753b07e3311e3e9c6171ad4ee997a2e6da0b5db1568fb7a8cdc6b2c285f9e40687c1dde60b9384b0730f4ffcdf2550b3229631305149bb6f223bb24f3589

memory/1012-66-0x00007FF9363B0000-0x00007FF9363B1000-memory.dmp

\??\pipe\crashpad_1696_XYPYXIOFELSQUZBY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Crashpad\settings.dat

MD5 5a4f15fc31b3c1e93d04edfddd9442e1
SHA1 108276ba2439e2c4cea03840f0e84a0b7a6f49f4
SHA256 a07d2f6476ed39db35c21cacd7bdc0a0e34c9a1e6f7aad06e16914e6c50de573
SHA512 ff64a65ff931e771baed029c5e7ceacd3fe8f60ded941671eef52fdef61dfc980563d2ce379676666bcba06c1612885b5b8966a9c9fe052e66088d06d7cad693

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Crashpad\settings.dat

MD5 dfd30e8b96ba526bc22fbdaa0ae2b877
SHA1 4e17a8370250c12e8c7a8ab44f1766e3ea5f2c67
SHA256 09bfb330c47f8b51c8b1a7f4326e0e9315822390c26330bd232ec407b4ea3a1d
SHA512 044e951c5f40f699d32ace96029af72786f68db300d81c714d2d2994848f6cc2570be44bf2be0d79317248ad9ee961a14b18f936da68239f6e68f3fc3ff13bc8

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Local State

MD5 3aadfceb436a37834975fe2a70511f27
SHA1 422f04f9d0dc570ab8becc55069f46197a670872
SHA256 b12a1386e854e3ccc5ead1abfdfc7eebd01c3f51c9f131eda8cb09edf5984d0b
SHA512 ab6081048de8a3683ed52c5485e15bd810bf5afbbdfc3354a8d5d2a2b8d673a6b0b9e0dcb6acdc9758bb3f68e64fb17a5328b232cd4d742bef843ef8a5a87f4b

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Local State

MD5 6964ec60db70469f220ea8363890616d
SHA1 949f46abdaf3b5cd18c28f08a2c3323ffeb801f0
SHA256 12e610703886cd514570dc59068ec25be60ea658ea1095f190e76189bef05c02
SHA512 ccd53e413fa132eb1a8f98fbd855e62549ae70f7195338bf1a733e4d4592cbc0903ab18a4dd09c9778d5fbb9b032d2e1c8e4f9bd8c3b91fb14546af2bdba4a84

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Extension Rules\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Local State

MD5 af1d7e5d5c0c1fd9448d6bba4ecd8061
SHA1 7c54b8dd72dbf2a35f3073fe34fc6324186367ee
SHA256 c9391cd80d45f492ebc611a4b9feb162c8dce6062e348f73f053ecd3c16e4f43
SHA512 4127562245f075483d9e540a3ce015d0066d4ff5a115b68f58260046180ff5d1972defad6ed08ab1efe495606d956842fdf90288a0083a60e54717f307fe8d94

memory/960-161-0x00007FF936760000-0x00007FF936761000-memory.dmp

memory/960-160-0x00007FF936B00000-0x00007FF936B01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Local State

MD5 40f069f0bf909d2594968aeb7dd9365a
SHA1 3cf6285e258521254bea5e7752c2c7693cf8914f
SHA256 479b6c008935770b2eee8dc94cbcdf9bfed0027a243af9582209b97b87135603
SHA512 c68089a985bf0ba5ae5403eabed1cda770069303aa62a8fe0eec6304a624db560b327b79b2b1dce5df6900255462e515eef3a9b00719526a3280658d107954df

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Shared Dictionary\cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

memory/2740-298-0x00007FF9363B0000-0x00007FF9363B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\index.html

MD5 a28ab17b18ff254173dfeef03245efd0
SHA1 c6ce20924565644601d4e0dd0fba9dde8dea5c77
SHA256 886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375
SHA512 9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\CCDInstaller.js

MD5 4b02242ed1b6281db19b4f60c127cc5d
SHA1 69ea4924a273dbb03f31d3c7d6d2cfd2270cad1c
SHA256 9fbf9ff720e09c16da2066b8bab9879a4c83682f687ebe806c5ea78e1eb9467b
SHA512 dd44025147f63e307636424d80405f14a02ad2cc4ad4f80878537b21df7981f546115348711fff6e13483fe6fb04684c079309af28c8ebf43ef83ffe9b49fc1f

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\index.css

MD5 714e04a1f8fb3331bbafa9e43d6def10
SHA1 0091f5fc5cb5df898499c8078a9ad3aa5a7d2db5
SHA256 86281e1af2459d957e514edda85b86797beaa231cfaa55e877a6a10f5506f5a1
SHA512 990aa9eb87a62cee43499bda0d9cc2060c223493ff9b565c323f54aaec97ad8a935ebcd3868003f90d17518af28159cc435d94d4a2e441d399110f53a13589e5

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Cache\Cache_Data\data_1

MD5 259e7ed5fb3c6c90533b963da5b2fc1b
SHA1 df90eabda434ca50828abb039b4f80b7f051ec77
SHA256 35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09
SHA512 9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\SmartScreen\local\uriCache_

MD5 47d41a980668e9bfae197488d6d56feb
SHA1 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d
SHA256 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43
SHA512 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 f579dc099552c6fffc15db50cb863d8f
SHA1 cd89041e3f6bbd96215706759aafd16405e7e499
SHA256 177f44ad60f119735dff963f89cbf5d203a26bfd597f040a4f6f64dfc951b30a
SHA512 c58437ed97e189ef7603a76e8ef573edd7e93373f7a4b1a316adb935348d7ff9676a4262e07f3c7164955ced2b98b93ace55920394a8048876e62085a249623e

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\ExtensionActivityComp

MD5 b4658f0ac4d1a96ff23e9edd0de90b1e
SHA1 752b065125d6fd91e8eba3fcbcb32ae2d1d1c1f9
SHA256 8f6bc4d06d8f3f8424d8856fbcd03034a61cb4170f409973dabfefec21d5ae7f
SHA512 4a35569e6334f50d8c879f4985fdcb43f9e4e0927bb6f133360ae541de1e41cc9024d551b33d2114f97a53a07837e62dca24e2a45b9d7b47b1642a384d6e5bd1

memory/1888-417-0x0000000000BC0000-0x00000000015DF000-memory.dmp

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\19b0cd5a-2d36-46ad-adab-44f1c427202e.tmp

MD5 8c0970b0b063bfc00371bf301628676a
SHA1 fd84a8974ff31ef20ba740f8882e7b2fc854b7a2
SHA256 23b4780453b9610f7b5650ce77fd608be2fdd93c163ac2b855bd71d5eb5ae653
SHA512 00b9744e9bc60a3ffec39d6f7d437b48f241afbd7a27097de408da423e2e59c71575d3afd2e48de9991d7c1dbacdb72f35b419abd20357743b1d842f65bab2e5

memory/4960-452-0x000002378C200000-0x000002378C230000-memory.dmp

memory/960-453-0x0000025CCECF0000-0x0000025CCED20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5791d0.TMP

MD5 71e7dd8bf008d00134b142d8b36a0383
SHA1 41c18498f2eca74539b353fd6de964d3c7a2a32c
SHA256 6d35ac81cc83ad812e5ea8a8d6a45032c3db4d10ad8121c994382d9446e6a6fa
SHA512 835ea29264912dab2fc6d3c4a43aa0ad43f95819272aaf9a7cc7b26282c14973fa4e8684cf135ba03c5f5184d953076eae33c537bf7fa098c9b9d7c0f6d6f3d0

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 987eca0995d7c6d17f5c5fd6cb423d96
SHA1 ff48ee98acc9c01ca0212f7204f2c174bda6b726
SHA256 f49abdcf7a9038dd1fad663265476525eb21451c46298719b65c0db6e956a7e7
SHA512 26547fde2cfdc9a162049f5a87db07266aeb828bc893717c47cd200c51301f2aa181fd72891546118bcd37c8ab47b9ccf40f93dcd3977d59756be2f36a8d3968

memory/1888-470-0x0000000000BC0000-0x00000000015DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\04e963c1-8642-490c-ac28-a8610b5f013d.tmp

MD5 90ae380fbde8c7a8dfd671f20dc7bd60
SHA1 a5b540a0a91016c5a621d7a3a18ae3e951dd0c40
SHA256 bf09ac1720367722458635bdae958f3abf977611c196b553cbfd9e09464eba1c
SHA512 3da052863b5fcc1904855e318ea4e89ae623569faf30aca4dd46c3d6dcc523f053a45006d287a0e4960b1e7d4e862c60e1b8246b06a8147e16f7612fd2c5e70a

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\70e31de3-4555-4d3c-86a1-81162468c083.tmp

MD5 c6422bd9c0d2cc0e7623738a5fbd05a4
SHA1 11ebedd7916b0b674b3a717508eba837c345dd2a
SHA256 aea5bab47efa8e9836cf295778cdc2bdae5081b7675309e8319aee8337eeaf3d
SHA512 cba396a77cb13852f1e053b994fc6b2bd8b481c3b765cdb91bc8efa3f7a109b9ef9d5c4e0458d6d783e9889de0ad2f14fe6d994782459b1db2f2756ad416c62f

memory/4956-567-0x000001A2CC4B0000-0x000001A2CC4E0000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_413533959\protocols.json

MD5 6bbb18bb210b0af189f5d76a65f7ad80
SHA1 87b804075e78af64293611a637504273fadfe718
SHA256 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA512 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

memory/3764-599-0x00000227CEBA0000-0x00000227CEBD0000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_413533959\manifest.json

MD5 58d3ca1189df439d0538a75912496bcf
SHA1 99af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256 a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512 afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_413533959\manifest.fingerprint

MD5 0c9218609241dbaa26eba66d5aaf08ab
SHA1 31f1437c07241e5f075268212c11a566ceb514ec
SHA256 52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b
SHA512 5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\Network\Network Persistent State

MD5 75ad241bc81224195f620e20abcad795
SHA1 ee4b68e146b88c8b3c128a837611f006e512bab3
SHA256 27c739561615160aaec0e7ed7f318ddb661114fd768ee1f72dcccbe4e82ea588
SHA512 d47860e196e7b0a406bbda570f28058ad5c36d6991b3523074345e144e093a9e81416ca2f147ca3210932d591351ebd2f3fd5335b55087d091815b5476ebd1b5

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Network\Network Persistent State

MD5 b2fd6bbcb55a4f9974f33266a0fcef72
SHA1 d111a41224a64cd58e85cdfaa25295992434986e
SHA256 550c14d1d2a46998aabb52b7e9c8a5adb83591f8b5b3e787a8580b1294786710
SHA512 e2f880b41fcd576d7de17ad6c7cc21d7d625e51eb4af1f95d59362cf447f2a3ffd3bf43d5f660be69f2511119a0b43e337d5fdca752ba1246af41d62bd317899

memory/3484-650-0x000001F1BE9B0000-0x000001F1BE9E0000-memory.dmp

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set

MD5 d246e8dc614619ad838c649e09969503
SHA1 70b7cf937136e17d8cf325b7212f58cba5975b53
SHA256 9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1
SHA512 736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1426161638\manifest.fingerprint

MD5 33fc4bf1927352bc1845acdde3a6ba63
SHA1 63ac2f004ac10198e729e9ccf55f6ac4f7f3c622
SHA256 4ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113
SHA512 7e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1

C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1426161638\manifest.json

MD5 b6911958067e8d96526537faed1bb9ef
SHA1 a47b5be4fe5bc13948f891d8f92917e3a11ebb6e
SHA256 341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648
SHA512 62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

memory/4560-672-0x00000144B1730000-0x00000144B1760000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

memory/4448-758-0x000001CA4D370000-0x000001CA4D3A0000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_452963919\manifest.json

MD5 273755bb7d5cc315c91f47cab6d88db9
SHA1 c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA256 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA512 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

C:\Program Files\chrome_Unpacker_BeginUnzipping1796_2010525872\manifest.json

MD5 9f334804d984c140e3eb9644171ce6de
SHA1 3f24cca85f25517e9ee9cc6bfcee4f10169f5376
SHA256 4fe9e95540546ad31adbe93bc4780aeb381acc9c769422a8f8aec9a1a5376c79
SHA512 dec0efd18a63abf3368ccd0122d4d461b68c92c20961416c22f28c5b9d85d8f06779436b1b992e315fe649557f65e51512a74e7642a5a5dcbba9a69c6317ef8d

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\TrustTokenKeyCommitments\2024.6.12.1\keys.json

MD5 2d4de461500a8828a8f9f788973c891b
SHA1 044b9052a3e463dde9d8d8a3fdb56085fcc4c6f6
SHA256 53a6e5dc368a54486f7580bdefeef06cd8c940f4e697343d774a59f679422320
SHA512 4a21c8baa20d899f45a0b6e545bf3d6d07b2421c5e5ccb547a8554734b8a51457a953c67afb9897a0baaf3e6d3c69d05e9f698b590b0f522d1a6d8e6109c2011

memory/4348-936-0x000001B29EBB0000-0x000001B29EBE0000-memory.dmp

memory/1888-938-0x0000000000BC0000-0x00000000015DF000-memory.dmp

memory/1864-959-0x000001B533900000-0x000001B533901000-memory.dmp

memory/1864-963-0x000001B533900000-0x000001B533901000-memory.dmp

memory/1864-961-0x000001B533900000-0x000001B533901000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{1764A3F8-9A59-4F23-AA02-EE002DEA29B1}\EBWebView\Default\Preferences

MD5 61263db69b0ae816d47120301fe7cc8e
SHA1 85086950cf9f293173a8d6a335f81e5b31dbe437
SHA256 04f9c643fc2a20a97f1f7872f94982b7ba06ce7b9be6926ad676ae5fe99c7641
SHA512 07d65ac62ff75f2b8eda3883711ae23fe9347dd5a1c5503219d25567cf7a719aaa77ed74dc428c237c899908cff2ee57161a56cd4cb9d15c052141d6bf7ee1d1

C:\Users\Admin\AppData\Local\Adobe\webview2\bd0b1b6be92a323c3c8af59c14cd5d499258e16f083b607ac783dfae5ae082aa.exe\EBWebView\Default\Preferences

MD5 5b79581f7ff0c830c4f9735def4b5b8b
SHA1 c00681acfc288d0e98962d6cd378a6687b84fc17
SHA256 bfab35eec5de53312d4c658468125c95edbf2b99eef9740ed778ee427a38ff45
SHA512 aeb0ca022f829e6e6a5562d1400743f805ad0c615802c4f722e9a255529052076db987e724aa7543ec4153c8abc53264ece996956b10b89ba853196501075c84

C:\Program Files\chrome_Unpacker_BeginUnzipping1696_1531465345\manifest.json

MD5 55cf847309615667a4165f3796268958
SHA1 097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA256 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA512 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

C:\Program Files\chrome_Unpacker_BeginUnzipping1796_1700105617\manifest.fingerprint

MD5 7ce55ac0d7683657fd051e573ad06e30
SHA1 3bc51fbc6155c4e9d1439587e1c739995054cc52
SHA256 138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790
SHA512 f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2