Analysis Overview
Threat Level: Likely malicious
The file http://wearedevs.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Blocklisted process makes network request
Event Triggered Execution: Image File Execution Options Injection
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Enumerates connected drives
Checks installed software on the system
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 21:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 21:02
Reported
2024-11-03 21:05
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\EDGEMITMP_DFD9B.tmp\setup.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e587f8d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI826A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B49406D8-4171-4801-8E93-CD18B90BD12B} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{B49406D8-4171-4801-8E93-CD18B90BD12B}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{B49406D8-4171-4801-8E93-CD18B90BD12B}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e587f8b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e587f8b.msi | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001a73a27760024bf60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001a73a2770000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001a73a277000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1a73a277000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001a73a27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751413957546007" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B019EEF0-C45E-464D-81C8-23283376FB2C}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1D15A374-D691-4A48-8CF3-F162414FF70F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.25\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D60494B17141084E839DC819BB01DB2\ShortcutsFeature = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B019EEF0-C45E-464D-81C8-23283376FB2C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D60494B17141084E839DC819BB01DB2\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.25\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.25\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wearedevs.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0x8c,0x104,0x7ff99b7acc40,0x7ff99b7acc4c,0x7ff99b7acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1976,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2992,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2996,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3472,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4840,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3480,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5208,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5364,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5540,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5760,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3992,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6224,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6156,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6256,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6568 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\DLL Injector_2.1.0_x86_en-US.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EE3AF1E3A340CF9ECA4E536D018713BA C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4500,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5648,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:1
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5876,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5112,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6020 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4612,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4868,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qjk5MjRBQzEtMTYwNC00QUFGLUIyODEtRjhCMURDQ0RCOTI5fSIgdXNlcmlkPSJ7RDNBNzcyM0YtNTQ1QS00QzVGLUE5MkMtRjQyNDI0NEZBQzkzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEMkYyOUZFQi0wOEM4LTQ4MTUtODdBRS1DMUVBNzRBNTdBQ0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjI1IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTA3MTU1MjE4IiBpbnN0YWxsX3RpbWVfbXM9IjExNDEiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B9924AC1-1604-4AAF-B281-F8B1DCCDB929}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qjk5MjRBQzEtMTYwNC00QUFGLUIyODEtRjhCMURDQ0RCOTI5fSIgdXNlcmlkPSJ7RDNBNzcyM0YtNTQ1QS00QzVGLUE5MkMtRjQyNDI0NEZBQzkzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTJDMjU3MjEtMTNGRi00OEMwLThGRDUtQzY2REUxNDVFQjg5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2xoVmkxMlFjazZTbDB1VTFPQjZZMTUyOWJSNmJzZXk0K2N1N2RIeHM2Y2s9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNDAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjYwNzU2NjEwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTUxNTkwNDk4NiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\MicrosoftEdge_X64_130.0.2849.56.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\EDGEMITMP_DFD9B.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\EDGEMITMP_DFD9B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\EDGEMITMP_DFD9B.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\EDGEMITMP_DFD9B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52AEEC4B-4907-443C-AF20-838962ABA7B0}\EDGEMITMP_DFD9B.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.56 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7c1ccd730,0x7ff7c1ccd73c,0x7ff7c1ccd748
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5380,i,16628693287188527084,13716927786323014561,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wearedevs.com | udp |
| US | 198.49.23.144:443 | wearedevs.com | tcp |
| US | 198.49.23.144:80 | wearedevs.com | tcp |
| US | 198.49.23.144:80 | wearedevs.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.7.147:443 | wearedevs.net | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.23.49.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 172.217.16.226:443 | cm.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | cm.g.doubleclick.net | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| GB | 172.217.16.226:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 44.218.171.201:443 | fw.adsafeprotected.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.171.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dllinjector.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| US | 104.21.96.65:443 | dllinjector.net | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | tcp |
| US | 104.21.96.65:443 | dllinjector.net | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| NL | 18.239.50.126:443 | static.adsafeprotected.com | tcp |
| US | 18.233.187.1:443 | dt.adsafeprotected.com | tcp |
| US | 18.233.187.1:443 | dt.adsafeprotected.com | tcp |
| US | 18.233.187.1:443 | dt.adsafeprotected.com | tcp |
| US | 18.233.187.1:443 | dt.adsafeprotected.com | tcp |
| US | 18.233.187.1:443 | dt.adsafeprotected.com | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 65.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.187.233.18.in-addr.arpa | udp |
| US | 104.21.96.65:443 | dllinjector.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 216.58.201.98:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnwrd2.com | udp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | 253.166.67.172.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | ad.atdmt.com | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| GB | 172.217.16.226:443 | cm.g.doubleclick.net | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| GB | 2.22.144.159:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 159.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 52.252.28.242:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 242.28.252.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.22.144.169:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 149.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4004_ZAMQAGLWFROLSSKN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ced6a180a360c6cdcaba39d31f394616 |
| SHA1 | a8218cbf796011743640e0ac0cdab15c69f1bc05 |
| SHA256 | 7aca2f6bf6e105ac29fa7b6bf1b89d7c4b6d925a2797fc74fb2d00a6a7412d6b |
| SHA512 | b0dab8b98cc98b8e37b32ad0c74a61290f5dcca42ccc92894fddfc803bbcf08d3944ba33b0d571a8e2abf746a1ff1a3607693b70c960d1a7d8918d7629fe19a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc9c44652aa46fd199148a5fad92044e |
| SHA1 | f3cfd9a1c8eabb8796ec33c310793d4e2aa03a6c |
| SHA256 | 218f5043d6c09c56df50c5c5f7ce6a966a4bd021640095635d7a3156e916d510 |
| SHA512 | ca254cb48f16d1b9a4c9d331f781c5cd781e4247f4d5b58b652c04ee0e2c52d423b0b518b04365e9ddd228efb3b548e88cf2e229aa8a6ad92fdbf66937299e27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 04d4feadafbf3044b7bad466da2f31eb |
| SHA1 | 7d7f81bb5942b005429d3a3330b0737244516d48 |
| SHA256 | 068112620392c8ea78b0a08447b20968627d0335df868160374dbdc7a8a66c9d |
| SHA512 | 7a89c264ddce3bb58b606972404c3a7afd37e2b9b56275878e156f28c8011fcb28e7febb9d2fe36e3928302ddc498288e01f35334470830a5dbc58bb2679e391 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8636d4473c2a804101a24b14f5d31b5 |
| SHA1 | b46d7dd9daca492445f585b4da7f4dea516167fc |
| SHA256 | 820ef4adf2c169a0ab3aaa063e7de0173f44b656af32bad5487588cb917c8d78 |
| SHA512 | af826e9117318a159dd8473b34dab63c6ca4133a3e4773524996a4f9ddecd7a74db32d108b21e9f061d9ec85f5a2ca2d23da0cf6854b0e164cbe0d70d807ccf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | bec2af13143a7771b0b89cec2ab92b27 |
| SHA1 | 9cd25b2c17a630fd0d6dae4aa80ea510ef4b89b2 |
| SHA256 | 52aa9c3bdb64b5d1c1fe6dbf456fc50da434916b6c7489f3c64a0ea9253408ab |
| SHA512 | 42d00250350982b0d3f26b84f33cc1365c8ab57f830f2f859cf3cdc8ba2879c09249264b1177c4b85de6a2461efe06620668c8d5bb036fde0b0030fa246075b6 |
C:\Users\Admin\Downloads\Unconfirmed 887993.crdownload
| MD5 | 0592ca25cf22e8d5daabacd1130d38f6 |
| SHA1 | 0a59fd8723de4cb9bf6c3272a5db7771e575eff9 |
| SHA256 | 3b8991f1eebfc46988db25fe0ded11c3c08df81ae2ca1baf9103ba8259cafc99 |
| SHA512 | 1be2c9f7ff9fc9cab5e5a784b281585d89070413722cb4584e91d4a4b57e628643871ee672049c32a8b2399c8358f1c6d7df20af1b3c39aa9b669902b71a91cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3fc5986d2a32d5e3c31ed1f992f45b8 |
| SHA1 | a6f890fddfb2be0129576355048a092512a40c0c |
| SHA256 | 5b150480cbdc3a67c5138a1770eb34c1ba9aaaecc695ed8ad7a0eb598a7561f0 |
| SHA512 | cdfeee4c35b0432d10ffea6c8f329a8a77177a191805f8034be6a94189e54dc1349919105bb6d73f7af9eb4d0685247c27d628aa4b99605ce7e7ed629d0d9a34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c663ae5ef15cbc7ff3e72367a9247502 |
| SHA1 | d106b446d0d234c25222ca2652f0b0f822f98ded |
| SHA256 | 248fb9841a074884cb30bcd29db020265b376c26320ab2099684eb5b4272cdd9 |
| SHA512 | 16d7d41fde7b8b5b5d1eea8cfe62dbff99ca270599673be217f9c1bc15595fa099499541be423f00fe712df882d93750aa0b0b81f3454bb3319a12f50745accc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ee30b08a3d98b698c877162619e57d73 |
| SHA1 | a1b1d01629c928778ade6d59ee2b576bd8a6e8ad |
| SHA256 | 782f27ac3bfff2c185fafca0b4f46187ff0a2ccfa132cec6f9e4d0537a7ebb31 |
| SHA512 | 645746ba8af1150edef569a6673a23b1a5dde66c9028ee4029f71b37df65084c832f157d899b526af635e3b2f158b19c1ed35fba3c2aead4e3cf7b73edf8d63d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9d82e7c98e8bfac3e9514de3c124507 |
| SHA1 | 311281a375dd7b6a5e22e9cc9262f43aa332f8ff |
| SHA256 | eb3dbc88ea3e8ce0a690dba9996db6bc2067fd010636af7278e042ccc23014b8 |
| SHA512 | 312aefe2136a3e843ab3946419ed3710c9d80c853132afad296d4e68a7e912e9f50ef9b4d060c3d9198218b4fffa4256a7efad853bd15b219d65c466479b4bcc |
C:\Users\Admin\AppData\Local\Temp\MSI1306.tmp
| MD5 | 4fdd16752561cf585fed1506914d73e0 |
| SHA1 | f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424 |
| SHA256 | aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7 |
| SHA512 | 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a1bfbbbb7c163a1ec35189b45d41aded |
| SHA1 | 04ebb7f55496553c98c318869108c3c3592498e5 |
| SHA256 | e286a20ea0a22684b9a5f5ea19132d918c7ee94e8f2af91ff4da22861df85938 |
| SHA512 | f7f4a79800dd9b05ea52cb196862462f4ca281d20d29a1339f96b62af76f680fe3ca6a8cac45a35bd593370a31c821b65f1b57cc8fc369e2b228882677a9b0fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4bfaa1bf29935620dc1bc2dfd5b69499 |
| SHA1 | 226716d079f9fe82445a82f6abbe8ab426304a54 |
| SHA256 | c585b2423207e28b78344e6e3945542021c1e9411caf8d1065ab75a5835650f1 |
| SHA512 | 597d38f9acc250087cf85abe51b887b84b379109eda3e6d8f7c53cae0711f429b59201e3f8cd1985334ba4f343b53dcda8cfce2f5e4768c4f88e7870e6e530ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bcb56416ee6ccaa44cb711031fd1ab0 |
| SHA1 | 3662bfd6ba35ffcc3c1a30253c10c0f6b0c5e3ea |
| SHA256 | 541af61173fb4c30af290a3265eb458c3b7e2f63ffd6378f6d097aabdbca11e3 |
| SHA512 | d1afa967d5823ce0aa0ecb94695f48afa13b0166ac57c0cb0a85a5b2273f398dd4c2aa795d490ba8eafde4307092025830abc7a1b4eee8e3c287f45a0705529b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 961b4e60bee35c1775233af68b08e1bc |
| SHA1 | 871d635638681ed786541da923f3af3b908c397f |
| SHA256 | f9a4c2809d3d4e72610751362f7c0afd0827723f275c4a7a144448ad1e6b11ec |
| SHA512 | 970a591272d53987d1a6a19fcb1a4d43175b2324a9c39f97a391fa958b877b537cb14a8fdd2709d82e955b09e2585f74444af133cbcafc17b12a617af294e8a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a97a52383b688be4_0
| MD5 | 2793657dd1ec41be2685badbafe7eda3 |
| SHA1 | 78c6fd61f9d3c1cc4b750b153233999d728e8259 |
| SHA256 | 7a101a9f5c8a64a0bf6a3afce93122ad6f3e354a4e80127f9a8ab9881367368d |
| SHA512 | 00e1adf8ffd80048d4b768fc4923169f93f508ccc37da752c80a9f6aa2c5797a6be0eeade4a6ade0dc6a556509cbc26358ce0aefa423c398d56f0c89e541ec2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\371d6340e37fa6e1_0
| MD5 | 9e53225d28fb25fae6fbc3b0c01f5d01 |
| SHA1 | a3e4b78061b8d70f2602421033a262e201a9229f |
| SHA256 | 2a3883ed5877057974772bd41005001b7874b020b08c0ae43bc71348563a3b1e |
| SHA512 | 0898b5d9e0cdd76ec384feb38c4cc0ea5652c3825617611f975e860016938cb82383a0fa485aaf8a05679eae5979aaf9f32edd3284bfb8d31e3955d595b3d92e |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Injector\DLL Injector.lnk~RFe5888b3.TMP
| MD5 | 434f83d2fbbbb484c8805818233189a3 |
| SHA1 | fd19b8338c7d553688ec0e5c0057baf3516498e4 |
| SHA256 | 6fb9834d9565c851d7fb0515e3f5140a48a7867b17eadd5e948944ac669f3de8 |
| SHA512 | d5726588f86d7624820c7dcc24256bc0ebf7d99df20e9ff691bc891ab1e646496c71483de3844430995987eef58c9d2e9c6c70f606649568927db9ffc22eb1a0 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Injector\DLL Injector.lnk
| MD5 | 389ffe0a84ac3972174dd0dcf26c450a |
| SHA1 | 304682449dab65d74351904f6e495f7ccde68807 |
| SHA256 | a1f7a01067c94df339fb6ce9f74339905ab13fd6b3ca36c6d9d868c34c8181f7 |
| SHA512 | ad7f7ff0f82d79883fd4bde80b9327ce797b567ca26dd0dc8dc5b014abd38bffff9a65fd6041fc11353a2f8081062a0f8a0c7125bfcc1145439cef04bc388aed |
C:\Program Files (x86)\DLL Injector\DLL Injector.exe
| MD5 | c6eaeae3cab85586271aa8e94a1d3de8 |
| SHA1 | 4b7b23bf9e9e966ffcf21e8306f31765b993ae23 |
| SHA256 | c91c71046f15cc7f5dc4bb4e1e14b5a7a3329ea95954a245c47e181c808a70d2 |
| SHA512 | 6ec08f95e66ec4a00c72a5a257bcfbbacad09b8a2de4168780373e76fef6951dc0a830b2eb129799dea8dbdc30eb10bc73061aeeab4ce8074f3bb6ede9e7cc81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 3a8ad551ebf9122274a160d7a22100ac |
| SHA1 | 1bd2fcd6b86c37a717b387186e510de5c8a2ef2c |
| SHA256 | 4c1ee3e726da9b0dd3dae0c2ba58824daaf0e132d9ede9721a8c7dc190a4c099 |
| SHA512 | 7d6f1986a535b21a45399d13024f28298fd74c4e0e08737b47df6050fdee324ebd7f86b912615287a4cf6d71597ac78805b3aed16c1da0f561c724648ed9e98e |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hy43rio0.a0w.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3336-527-0x000001FD4F320000-0x000001FD4F342000-memory.dmp
\??\Volume{77a2731a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{4a4d9a68-35f4-4ab1-8c7e-c2790798ac46}_OnDiskSnapshotProp
| MD5 | 27b4670d78df58e1580f15aa2276cf98 |
| SHA1 | a040e1703778e5a891591770d827d90b69984c10 |
| SHA256 | e986845847d33530db6a8c870d676a2beeee59f02f0670ba1ee27174a73460b7 |
| SHA512 | bdaf4bc5b6b647bb6060f83ae5ce79b1630981e0cc4e909941022a88e6698323de348c5fd42774752d7da765e560e47e0e1c854addf3781ef373c734efbb0695 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 6440e47ab599ed1453f23a65842982d2 |
| SHA1 | 2d12ff913331eaf0f6b70f56b290c4633c9bc55a |
| SHA256 | 70b6a3cd076c884caa0f17ed8dca00e21b8d32cd1661a09f8b943b8c6992ec10 |
| SHA512 | 6bdd1c089ef2b5d3b34349d6cc022790562db965ea5fc82da79bbc04429aad19f56ace2875add74f8c3c622db4e9349e94226baa5e623969275dbe97f838a64a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0cd12c46fed7cd6dfe66aaceb9e37e6d |
| SHA1 | 34b1e796191bf5f1213092e6a1413c701a28bd2e |
| SHA256 | d85aa8cd19ee27b63431fb7cc99a7419a8d952eeab74050fc09bcaaf4c6f511b |
| SHA512 | 4d7d0e74354749228a3ce13e22014fdaf15294b93c51edc08a6ff6d963a1283140274bc924003cc9ff51f2c53f52e98436bfe1e593ee53b66b0427c48d7b7045 |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | a05c87dd1c5bef14c7c75f48bf4d01ea |
| SHA1 | d71f4a29ba67dc5f5a6cf99091613771d664ee0e |
| SHA256 | 274e12d01e0cae083202df4a809c1c153b02cb3ca121c19c43b0aaa1c3a53a40 |
| SHA512 | f64864193ff892be86462aaea9a019a9085e937d199161536d163bf183f4ba08100d17f2cf962818b106b2c797d1f22b92933e9711273d85d7d08f0d18400222 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8f8ffcbcf90e41485bdba59e17312e0d |
| SHA1 | d14d27aa50eb7945d0f97b7d7f363e36aab86f40 |
| SHA256 | ae9a313312d9b4365301f021d5a8f53fb1c7c48ed5070f8931013541b5ea5961 |
| SHA512 | e05006c5401741597a5697674d8754de6ba4bee2bb963fd852a1db25fc872df232988b18b029cc47736a72dcd7429179a7a62506e1ad84321a3a8734aa84eca7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 73ab708139800a925167654533e64490 |
| SHA1 | 8663b534f54256d5fdae67baf5ae0d6b012862bc |
| SHA256 | cf2258e82e9a584591d5b5938e0b3f57b257ed53b4d9fa48d749eedcdbacdd44 |
| SHA512 | 535f54721fe4d3d95ba43845929519af1c660cbfd2154c70b9807de4d33f1d8e4e12e5025e1b963116b4d1f485de7b4b022e0adc6da5ceda18e08da11153454f |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 1509ed11b3781e023e9c0a491bfdac80 |
| SHA1 | 2183e8228f0596d6c80927c0df49ddc1101a1219 |
| SHA256 | f626890b39920d9fa35ebcc31d448b75df05fe4a7a424c2b5ceb95c7d61e5d71 |
| SHA512 | 1a9c53ff6906251cba2133d8907401c5f9e8f4f0ac918ae8466c4d21b2f5468bc86a08dbd01527bc0150cebf55737ac3023d564a6d032ac8d526648815662047 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdate.dll
| MD5 | 8a816664389165f11a9e50fe42671657 |
| SHA1 | ae43aba2a512b5139e7dfd034655259bf638c698 |
| SHA256 | 09d9f52e86ddd5fb3391d7dd683c42a9fa9d03a2ceee56b1273ccd42986b4851 |
| SHA512 | a65fcebdbc170ddff5eea916cc92233c5a91d7167b35cd71f2093a43e34020c3813f083d82622ad4f8db8cca30728cbd21f8bdbfd17663273f05de24538d0f7b |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_en.dll
| MD5 | ca40f911aba7884d6840edfa2898843f |
| SHA1 | d99e19aff7a2cea9f2796e10a23dc7938ff20332 |
| SHA256 | 46cca81704cd9cd8a14968f493227691e91d3eda03aa265c38352ccd30c46ac1 |
| SHA512 | 8f591900ae18cd264164fd7022b93eca30c54a8e99a612773da77fe23ce6d54f953cafb936d557d5f3155ebe46187cbd668ef7d38a03d4e33d29ed93ff72e687 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | 6fb9e3cc84490ac01ce63c90bd011d03 |
| SHA1 | 472b6a9f09c7b5eb1d508f2c83468fab1a623261 |
| SHA256 | fdbedb7ffd417839bef8a9fcc69b545adf002739dd6a3f4fe92fd2e5859502ef |
| SHA512 | 3e1bd82154e8c142aaf19c2ef8e2b581c6f5d0697eaab350931e8d39da2b3e01d41be93b2d472a7d88a0279c1f62d8faa4476176ea41b3b5db712256e13338bd |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 8cda2d501c51f0869a69d5951f2aec5e |
| SHA1 | b5263b1302ac3c9d99a7c7bd655c3fb9829e4a03 |
| SHA256 | 208497513ff0c793e6dc0a9935d73dfc37887c875fe00aff4dfaeb3854054d31 |
| SHA512 | 2dc9dd6299a6b0781879ea1d9fb14ef19c55e372887ac006a658d5d9c3396cf7953a8d93963053173c7c40d4d3d8650f46999cd766edddedd33064a2c15f9c64 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | d16deab532387bb817fcaa50b9bd8972 |
| SHA1 | 2338f86ce086f48fb5c0c340d3fa5d71dd006064 |
| SHA256 | ba27ca798445934d02be72a0faa198539dfa38e922c06bdd93eb3070ee12311b |
| SHA512 | 0574f1fdc21d9c9b82a48d0ec651bb3b02c79bbad4643dbacfc72336200bf1bf8a524a5a0beaa19aad07e616d63b1e2f7c49c2e51e9397b05b5eb1e52d5c8290 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_af.dll
| MD5 | 606ed68037082cee9216cb2f67766f4e |
| SHA1 | 72a736e0232877318c4faefa7e34c6dfba61e042 |
| SHA256 | 4231acb9cc52694d3a314bd43266cdbfec48ee7f805e278a3cdf458b1550bb90 |
| SHA512 | f159c18eebd3db5bde59f378901dc1a1a34f4770e0467cb29b1d13cdc987aa43d59abed849547347892ec74a729425c0a538386886035101eb766161133ac3da |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_am.dll
| MD5 | 00dff51bc419ca992c8b00ba6f600911 |
| SHA1 | ce1beb0d9f721493942d37eeaad453cfdc258ab1 |
| SHA256 | bc9c9e5e30d6da8f566ea3d34cb58aebae0751b43106244dbfaf99af88a03e18 |
| SHA512 | 284fe349cac1ea4f359d5aa5fe5942c8ee08073a2a4b95dff01522b7164c324674ab87f153309b8c699280e0d346dda6cf5e5238a95a86d297ff187d4868e0c3 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_ar.dll
| MD5 | 96bc228c659fc3b2f09b39aae22a0d08 |
| SHA1 | 0e92c15622a60eceba9451b7262fe430399b4c74 |
| SHA256 | e863afcc91f8eb43808cf936cf3c9eca097740cb65ba50d615171a96c79835a0 |
| SHA512 | a17fe3682c681592c1fe19dada7c02dd809af2f5e7c49abede362e3986610bb1121d86d2beb72a0387c5c32b1fe88f6a3e1208192543ff5a906d430b7c382bb7 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_as.dll
| MD5 | f0bb461ccbd972b8890e62c110941324 |
| SHA1 | 528b0b2bc5e67a70bb7a519ccd3110a57c3ced30 |
| SHA256 | 4021b6bf6678eeaca50f787fa653ec5a9b8d9c0d4d0cc0bcc515e19590e659da |
| SHA512 | 808410313f1dd24357bcdd74cc00d282eb712eb3e3326de4f7db23b57512b0256b73f6660e8eff2a92fac124e2b9863e0beeae4a4b7af2faa9f60aaa40f2806d |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_az.dll
| MD5 | 1d92f560471809eea74e20645f189f84 |
| SHA1 | eba6611cbbf97d3149bf1c2827323d6accddbd42 |
| SHA256 | b4a953430a4dc8d5a2b69709c1f6af2e42277df366f5528604734c1d933c212b |
| SHA512 | 589f3ef4a3b21d1959d5b8a70e07e71c6baac6b57468e1a8638beb0d6ebc6a4fe7e1fa60c0a1d255bee769c1b88c265879a01486d7e397750aa8dbaf3987890d |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_bg.dll
| MD5 | 5b17b4ac96d90bf48af3814f82679e13 |
| SHA1 | 0097d33be3c86423002fb418c07172791ea04239 |
| SHA256 | 14a5cd6d9e23888df3314aabd68b44166ce4f5c3a59f492a5194483aa2b0d824 |
| SHA512 | 828e97c92b6864fa713bb5fea48d27c2a31678d271703ec04432a691939c516196b170f9787b12d7350e80d56b0751c108d3333a415669c0263025d6e5553ce9 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_bn.dll
| MD5 | ebffb9a8931987a8295709723183f980 |
| SHA1 | 3d3085b39a34210d362149943ae73dc1978314ac |
| SHA256 | a233815225c4cd9eeb0c4225ff6f37127ea68c363aebc4bb47474306746b63c3 |
| SHA512 | 09939fb403d4731eed9fc7023af306663426e76884fba880428312d4fa322bb1fd11b4ef4a7116e5a4d809dc46486f0fed8e84887359e7c69c13eb57d9d9d009 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_bn-IN.dll
| MD5 | 1289424869c0efde5c5d7d81304ed019 |
| SHA1 | 59904fb85b90b373c1e5de9fc1e67a2232082253 |
| SHA256 | 19c114b66308c20fef3955d586740b63e61169d49cd81603e0418b546bf6a25a |
| SHA512 | aae935ed3856fa93f15b1c89ac849d5d397b417e59b7de97a4af1d2c82efe3b5b58b545801fb9ea6de554213ebb373b07f21e880a725ecd14f2947d6264fb5a0 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_bs.dll
| MD5 | cb09124947b9355f54a25241f2abc507 |
| SHA1 | faafade6af4ec3ac77ceba740191795aafcfce79 |
| SHA256 | c982c2e0917ffed0e63763aae668ff9b5b552c4f5ff6df5e04bd861906b62cad |
| SHA512 | cc3d0a34e191fa3d58fc389f29554898d6ad896357eb89baecf68ebdbf7d715b12e57508fb172394c3e540fcd275b78a859411cffc7b304b9ba5d605e82efbb3 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_ca.dll
| MD5 | 6a258d3b877f79678312901752a9b357 |
| SHA1 | c5c9a2b3757e44b791587bd8b9676b0c8bcc7d1b |
| SHA256 | ae1120fc76dbef20dbf56dbd7284253547c27d55029f2a170772b7f1bd8651d3 |
| SHA512 | 52371bd55629d8a4daa45a12141a067250d8d7987cc1a7047a3239f56ccb24a868f9613d98908546bcbe63cf751031b18910472be2578b570888681525d73cdd |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 04688fdbe31d266e55142daeb163da3d |
| SHA1 | 472f0404857b2d9209ef47c7e100a7902a0407c1 |
| SHA256 | f5922aca346c9eba86b6cc1035e0f72a1cfe87cec99ea019736412a738fa8cba |
| SHA512 | 1aff7c09b75b5eff7ea101844ce1c681ae22a0473eea5334e51e5b4af137a2133a73dbec4bbbd0f0fd1c412329d3b3e88298e6a4fa20c61e24542e7d2746277f |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_cs.dll
| MD5 | cbcb2b97100273ae1154453e171810d8 |
| SHA1 | 98d9a1bf4aa6f89e9a87d04bdfd544de2e09cee2 |
| SHA256 | c6b72665d574ba37e7298a78e062bed12708e7c7b99edfad4ca5f1dfcc20b925 |
| SHA512 | 45b24b05879d07178441bcbb1062bf2be810596c6a934c4913c4c6e7e995b5a0345592b960ab77bece26100a03afadfee8824c0cea16c0174010cce5a23f1e63 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_cy.dll
| MD5 | 1378af7d3892821f50836e46225e4118 |
| SHA1 | a3b166f0504a1b698e8dd7dac52f84e61354d07d |
| SHA256 | c6f221add2fd4fe61c95d38b758d170a5980792f903d78551b2087d6f9016d3d |
| SHA512 | 8a82c7973f02d9881394d4b9569e65efef77d9722d6936eb5814be95fb59225121efe0851a11520549c152dafa1c5353c3a60b6bed80e78f81e8f3aecf3634f4 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_de.dll
| MD5 | 268e87ce4b23af33164c815b63d416f0 |
| SHA1 | f27d19649b06f66cda9d20fd8491ab3bfc4c4da1 |
| SHA256 | 50bce9a1fdafb8662a9ef7bcc978a13d45f8b3d033078e0570414a7d907863b3 |
| SHA512 | 96ee5bb4839c13bb8ec55e5dcec973f21825734569fdc5ceff2af08d3494da5f1c4d4a3a4bbc473418f849e0d1443582e20c92e080ea13b5b1ec9dcb39183cd3 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_da.dll
| MD5 | b7ea9525f9530a18ed950b1d0a0f441c |
| SHA1 | d98a918ec86e0763c89027c472357a9b9a809ab1 |
| SHA256 | 731aeea1ebed6917807b391f91dea189fc3018d054848b1a7ada0475a1e8e669 |
| SHA512 | e9e64b5627d32f0a7cab8d0b5bc4645cdc59bf65a0b3e2e15775a9dae4097be0356ca31943c92508357ba67bbf954f15428a489425a095091fe286227206df1c |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_en-GB.dll
| MD5 | 412f14940f8777054627d1432cef7db7 |
| SHA1 | 4b32bb293684790dff39d970bdd241afee929f4c |
| SHA256 | db617f26678b9b43490b56c9a1f48bbba5ef86ebedf95ca3de3ae04f68b3de1b |
| SHA512 | a3aa40300480019d91e09353979aa52fefe2fbb141d1b5915ff6c8d8368df682dc1e244516bdc86d389c812ba8500ebf6a1c6387472d1c1bbdeb905ba9ffd540 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_es-419.dll
| MD5 | 5b4a8cb162175ade8e56c1d4afce6fd7 |
| SHA1 | eaaca18e5f69f65751cac9daf3371bf5c411be0c |
| SHA256 | fe8b34128ddd26783231283e22d08ad8d5025982498ef4d365d65c43fce6dd7c |
| SHA512 | 2b5ced77b5806ce04d3ce165631f686e516f2560743a8cc7658ddd6b6671479212028390347153e24ec4fc13c1fba63ce83b9a4e3c55a873c901ed896e4ac95c |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_es.dll
| MD5 | a72510382afdb9a146078cb00db8df22 |
| SHA1 | 83b2ca1eb24a39690e0c922398faa6c4be112e88 |
| SHA256 | e7982412e9ffa812641bef2cd2935e4f9ca4f844cb93b9031e7af3971e2cf50e |
| SHA512 | 197c6d6441cb417162d6459715825a9955cfaf8f08a8a3f47ec56bb3c7804f28dc0ecb6d60588fc98fe3b77b1ae4bb9856395d37b04e82a20278417b38fd4c33 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_eu.dll
| MD5 | f2457bd665a2474e7e90dd8915ad444c |
| SHA1 | 7ced03f29de9b441d963d23fcc2e19dc3f3f697d |
| SHA256 | 5b5ce990854c315149a3effbc4331153da47925d6a0e3b85741c0b3618e67931 |
| SHA512 | 9562b54bf11d36a97352cac408e73ef274578ea30aaaf211cfdb9ae1a7cf82acbacd731983b14a6a1472f44909b5277c7bbf6cdbade54cdd2f24e3d326355677 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_et.dll
| MD5 | 9385b45b97a6dc4521151c21f319ae8e |
| SHA1 | 39e513b01e8ff7b8c94dc2cb52e20e9bbf8e5e8c |
| SHA256 | 03885d51017cb514bc30da68fd2513c45cb05a97f7421677cb57f27f0669783f |
| SHA512 | 77c003f5c2257e67aa4e06d78d527ba624d264dfd0e8bb434db23d7069aa4e58c88b9af3200af5a77d88b0e2299253e8f132c070925c1fad3fda2336105d73e5 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_fil.dll
| MD5 | 4b955978ee33b0f15f27c0ffca0b3202 |
| SHA1 | 3ee61ed1795a1deffe333c524b810f6922b1b4d9 |
| SHA256 | 3024691ddb1e2dd72622dea4e8d30245d3c8274950da53eb28be5a1d27530109 |
| SHA512 | b53b09caddf7b06a2fed7d405faadcbe96c906277a5a34bbc9d7af2e6f76a8ccca39c18187bbdf6905d2d3c1d632c13f365c84413562d14842e6ddc9555e3a11 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_fa.dll
| MD5 | 2462f00c347bfb4c939608285d21dbce |
| SHA1 | 43c236c750492f897c13c1f8bef4d2d011eaf4c3 |
| SHA256 | d171391294443658848e870e01244cd6d3b12cf650fa4e22f2b32dfcd4ca963d |
| SHA512 | 8ca5a7381d8559f82b59df04fd9067670aca48deb39190687791ba8a9fbb4c1f0344a07ea7f23b0d85963e454d1446987fe7cd66b1f14a2b5861f4019c97056a |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_el.dll
| MD5 | 051a632cf0947f026c840159c9b6788e |
| SHA1 | c7ae20da32edc05b4fbdaf78fb7c4f30672b2dfb |
| SHA256 | 76a85e756027b2416e7086e45aef7de969988bf17bbb28f922bef5b5f44f4f15 |
| SHA512 | be2c60267c5e2e57c62741c444b8aa8f374bbc3c970d495309e6601d8d5eba74c35897160a11df770e42eff38d41a43c93d9b4ecbcd6e5403af260fd796ce175 |
C:\Program Files (x86)\Microsoft\Temp\EUA524.tmp\msedgeupdateres_fi.dll
| MD5 | f529fe2fed08c665ad34e6788d2440e0 |
| SHA1 | 43c6c32e3a82211443ebef2934ac7879c194f1a8 |
| SHA256 | a64abcff7b54e139a12e87cce7f157c8af6e9df301a0947a2a6967af9b5e27c3 |
| SHA512 | 84dadf95f56f04b4e4f165f2c58caeb627ca760c2467892917496c4bb4b211dddda846a1fca4f677d0dde16fffdbfd0d386eae8c089655db5d70ae0ad790efe3 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | f2cfe5e8c8cb99cb534d8a5ce067736a |
| SHA1 | c10267632de8df48ec89c876244ae9b5e974509b |
| SHA256 | fea8f9b7127a7108f87fbebbcef10d598ba60d65750d8a330f83db1ebe457df3 |
| SHA512 | 033dc6c3a7e765ea104ffa4e6574a44fe6e4157edf187ba583044929e9afba18a2a4afd167b44f016d1d113c63a57408b3d628aaf1cf861d707ff4bfa8361c84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b52006c5a15b27b9ea614a1fead3f7a2 |
| SHA1 | 7b60c63679a1e522c7fecb5fd8deda1ce0994769 |
| SHA256 | 76e7455b7d2fb09ee0f11fd5a1fbdfb16c3f1c28b0178c6647eeb4a7f0819263 |
| SHA512 | 2179a5302ac819ff873139b0ddc2d75e2cbeefc24d7b69e053afe8128a8759247b282095d30d300ec9213aee93f858d4f79872a76566f1fd63edd4ad3510aaf6 |
memory/2580-744-0x0000000000F80000-0x0000000000FB5000-memory.dmp
memory/2580-745-0x0000000073DD0000-0x0000000073FF6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8df9933137c14e1ea7115dfddab5bbc8 |
| SHA1 | af2d4649463ae95a9171de00b487a125a514cd86 |
| SHA256 | 30f2c5df9eb6bb35dd4cf42180d400a993327a4f613b54d7dd6dc1ff66fc8fbf |
| SHA512 | 8bd5b6f5a1d8e1405d5d87a909cf8528ecf57a8e088602435c4e17e9bfc42393f3fdeae80ed1bd58e817f8aa82c15cc176657f9611f2fd12566667935e14da54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abcb8adae22dbc79a21d4f762b4e929c |
| SHA1 | 3012b83d035608e2d51f1f258ff2a2e6d362bb46 |
| SHA256 | d63ca9de82448666db03cc8c2ebe019ead1f915b8c72f559eabf2ce269afca77 |
| SHA512 | 896cbf31af87e349d0c0ef7719444eb40a3acd48b9c401e93746ba1d2109c463e0cfe3392ddeafb1d3f39d276a55722392831bd2268a99e74e6ada4a40c82c7e |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 7dad6327ee04e59e9f95e960bd2e2531 |
| SHA1 | 961264a48e1c384e328bcbf4a2573bbb41eaa90b |
| SHA256 | 90c937784dedfa6609255ab9b42a08ebb8f119159a4a9e79d62e72b0c2932871 |
| SHA512 | 9c41a5253a779ed74f9d4f4bd838a7e70133cabb22543b3ca14517f4c8e45451c55e9758998f28922646730a5f557054be1116047a4ebe87f823484a57869a4e |
memory/2580-794-0x0000000073DD0000-0x0000000073FF6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f66977ff6c8ffff70ca0069ded22c32c |
| SHA1 | c641ee671a189fa227ba40b50f91a760d13d09df |
| SHA256 | 4400ed6587e1ffe9bb9bed52c7d6e3cc066c788a37b3b0d9aeebd3f5eb23a418 |
| SHA512 | 2e5c9f3053509f0156cb0fb0d3578fcbb5735454a60f7f242226128f2a8b999de9d5a7e5e8952db3894460d38ea952dee68485ad18f54a640744550fc8431c52 |
C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Installer\setup.exe
| MD5 | 9a98f71bb7812ab88c517ba0d278d4c9 |
| SHA1 | 459b635444042ad0eeb453cdba5078c52ddba161 |
| SHA256 | 273f8406a9622ddd0e92762837af4598770b5efe6aa8a999da809e77b7b7882f |
| SHA512 | 5685717b2192b477b5c5708687462aa2d23999f565a43b7d67388f48eb9a3d33d9a3da54474ce632a0aee1bc4de8a6172a818239033d4a035f045e15947868f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61476d8f478bd57c8d0a05df649d05f6 |
| SHA1 | 85d978d0e16bf3f604af58f8c4e5c56019de2cf2 |
| SHA256 | 1dc7338bddf22a74aadfb01983207e1b3046dfa60e5e2a91c5031a7d456231a1 |
| SHA512 | fb96dcac94396e39726685e653d214d55f3b7f83c6780684f0a73f016026fc1ed407162b371362026601d39fd89ab80e6c135386568b641dee692f4c39fe6b46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a5bb90ab10f78ffb9e6566dea9976e1c |
| SHA1 | b72238ac0e02c47abfbb59c0fd88809fe208a1fd |
| SHA256 | 95a993c650de05f3cb16a62ff62079fd066cd83e95b9dcd5894efdb18fe4b981 |
| SHA512 | 8bded2a36bb5565edbd71362c000392010d5975b06a3e17dd5291fb29f641c05596452ebc032a54fa695a7e8f7138d9a8938ce3e7ef3e6911687aaf8ccdadd37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23fc549ec2c76a1b3d7819a39875b88d |
| SHA1 | c8a27f82694e396d2a441a82267db52deeed320b |
| SHA256 | 8f0da8107f8b532c1358d4d7200f0179c6f34d66a1e3cf6cf7c71ecb9b594bf6 |
| SHA512 | 70fde4a93fcc8971206f711ba06d3e9e0be15c8a9669138aef632e87568ee4d4b30e79164ca6464b3dcfad5b5639ff796ddc1f6d94e6c2df021cbe6f1f0fa613 |