Analysis Overview
SHA256
90cac73a9a048252ede83c7c4d4fdc617337001498a902ddb586c8a0260a5097
Threat Level: Likely malicious
The file Bootstrapper.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Network Share Discovery
Checks whether UAC is enabled
Checks system information in the registry
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 03:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 03:36
Reported
2024-11-04 03:37
Platform
win7-20240903-en
Max time kernel
35s
Max time network
41s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-04 03:36
Reported
2024-11-04 03:39
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\EDGEMITMP_C4DEF.tmp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\luna\Luna.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Network Share Discovery
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751651388092922" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.25\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.25\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{B019EEF0-C45E-464D-81C8-23283376FB2C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B019EEF0-C45E-464D-81C8-23283376FB2C}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.25\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\luna\Luna.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
C:\Users\Admin\AppData\Local\Temp\luna\Luna.exe
luna\Luna.exe
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.25\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUMwNEE0RjctM0ZBMi00ODY5LTg5OEItMDhDNjgyODcyOTQ5fSIgdXNlcmlkPSJ7ODBCRDg1OUYtMkIyMC00OUM4LUI5NTUtMTAzOUQ4OEVCRkIwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezAxNjQzMkYyLUI2OUEtNEMwMS04MDA2LUFFREE5OTA1N0FENX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMjUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4OTk2MzExNzUiIGluc3RhbGxfdGltZV9tcz0iMTQ4MyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{AC04A4F7-3FA2-4869-898B-08C682872949}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUMwNEE0RjctM0ZBMi00ODY5LTg5OEItMDhDNjgyODcyOTQ5fSIgdXNlcmlkPSJ7ODBCRDg1OUYtMkIyMC00OUM4LUI5NTUtMTAzOUQ4OEVCRkIwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTAwMTRCRkYtNkJCOS00MzRELUFEQjQtNjFCRjY4QjkyMjEwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjciIGluc3RhbGxkYXRldGltZT0iMTcyODI5MzQ1NiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY2MTMyODcwMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5MDYzMDQ3NTIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\MicrosoftEdge_X64_130.0.2849.56.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\EDGEMITMP_C4DEF.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\EDGEMITMP_C4DEF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\EDGEMITMP_C4DEF.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\EDGEMITMP_C4DEF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{33944AA4-5786-4D3D-ACA4-A0EFB77E104E}\EDGEMITMP_C4DEF.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.56 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff63d0ed730,0x7ff63d0ed73c,0x7ff63d0ed748
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUMwNEE0RjctM0ZBMi00ODY5LTg5OEItMDhDNjgyODcyOTQ5fSIgdXNlcmlkPSJ7ODBCRDg1OUYtMkIyMC00OUM4LUI5NTUtMTAzOUQ4OEVCRkIwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0E4MjJBMkEyLUM4MTEtNENEQi1BQTEzLURDODhBODVCQ0UxQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzAuMC4yODQ5LjU2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTIwOTMzMzg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDkyMDk3NTcxNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyMDIwNzY0NjMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzM0NmFkOWQxLTc0NmUtNDVjNy04ZmUwLWQ2Yzg3YTczYTI2MT9QMT0xNzMxMjk2MjQwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU55enAzRE9rUmlvN1VxVSUyZm5yZEo3b1NsMzFKcWtUaTI2RlBQR3JoR0ZNVG1SQ0M5Q0J6b3lBaiUyYm10ZDJsWjMxb1NQQkQxV1JEdVFIVXpROW54emdNZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NDkzMzYwMCIgdG90YWw9IjE3NDkzMzYwMCIgZG93bmxvYWRfdGltZV9tcz0iMjAzOTkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjAyMTg4MjUwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTIxNzM5MDUxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg0MTE4OTQwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg4OSIgZG93bmxvYWRfdGltZV9tcz0iMjgxMDQiIGRvd25sb2FkZWQ9IjE3NDkzMzYwMCIgdG90YWw9IjE3NDkzMzYwMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIzODAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --mojo-named-platform-channel-pipe=3172.3680.11943516198914014273
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=130.0.2849.56 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff913814dc0,0x7ff913814dcc,0x7ff913814dd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1768,i,10189420641260730333,9208180443293565245,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1936,i,10189420641260730333,9208180443293565245,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2320,i,10189420641260730333,9208180443293565245,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3500,i,10189420641260730333,9208180443293565245,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 172.169.87.222:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 222.87.169.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.20.12.95:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\luna\Luna.exe
| MD5 | d9bfc478e0441e343eb0d85a73db9406 |
| SHA1 | 1be77a595850a4e077a5d0df99c54b1161246ffd |
| SHA256 | 7c79b002c8e3338bd97d52fe676279b90248aecf8612c3c54b62bf495286e7cc |
| SHA512 | b5756f0cf9d925753f5ed5864ebb2dd31828ada25c557eb720e3cd5df4d71649c2413a3fee605e9dbde3638f6389a5e5c95f528fe561aa5a2101eae418cb598e |
C:\Users\Admin\AppData\Local\Temp\luna\Luna.dll
| MD5 | d3418af778a91c134b8361c10fd16be4 |
| SHA1 | 1654ab09bcc1ef4d168088518adc165e0c6469a4 |
| SHA256 | d21975e541c3838d2f83bf6faf360d7a7417da2106a610489a768b382ad3b91a |
| SHA512 | 128e8741bbe08bb90185d0c1c352572757e2848773ec39f21c8744ce4eb0bf9095ade326174f9164e94f568a00714be8bedc197f36a46c6fb16a880f2c6f9c8d |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | a05c87dd1c5bef14c7c75f48bf4d01ea |
| SHA1 | d71f4a29ba67dc5f5a6cf99091613771d664ee0e |
| SHA256 | 274e12d01e0cae083202df4a809c1c153b02cb3ca121c19c43b0aaa1c3a53a40 |
| SHA512 | f64864193ff892be86462aaea9a019a9085e937d199161536d163bf183f4ba08100d17f2cf962818b106b2c797d1f22b92933e9711273d85d7d08f0d18400222 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 1509ed11b3781e023e9c0a491bfdac80 |
| SHA1 | 2183e8228f0596d6c80927c0df49ddc1101a1219 |
| SHA256 | f626890b39920d9fa35ebcc31d448b75df05fe4a7a424c2b5ceb95c7d61e5d71 |
| SHA512 | 1a9c53ff6906251cba2133d8907401c5f9e8f4f0ac918ae8466c4d21b2f5468bc86a08dbd01527bc0150cebf55737ac3023d564a6d032ac8d526648815662047 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdate.dll
| MD5 | 8a816664389165f11a9e50fe42671657 |
| SHA1 | ae43aba2a512b5139e7dfd034655259bf638c698 |
| SHA256 | 09d9f52e86ddd5fb3391d7dd683c42a9fa9d03a2ceee56b1273ccd42986b4851 |
| SHA512 | a65fcebdbc170ddff5eea916cc92233c5a91d7167b35cd71f2093a43e34020c3813f083d82622ad4f8db8cca30728cbd21f8bdbfd17663273f05de24538d0f7b |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_en.dll
| MD5 | ca40f911aba7884d6840edfa2898843f |
| SHA1 | d99e19aff7a2cea9f2796e10a23dc7938ff20332 |
| SHA256 | 46cca81704cd9cd8a14968f493227691e91d3eda03aa265c38352ccd30c46ac1 |
| SHA512 | 8f591900ae18cd264164fd7022b93eca30c54a8e99a612773da77fe23ce6d54f953cafb936d557d5f3155ebe46187cbd668ef7d38a03d4e33d29ed93ff72e687 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | d16deab532387bb817fcaa50b9bd8972 |
| SHA1 | 2338f86ce086f48fb5c0c340d3fa5d71dd006064 |
| SHA256 | ba27ca798445934d02be72a0faa198539dfa38e922c06bdd93eb3070ee12311b |
| SHA512 | 0574f1fdc21d9c9b82a48d0ec651bb3b02c79bbad4643dbacfc72336200bf1bf8a524a5a0beaa19aad07e616d63b1e2f7c49c2e51e9397b05b5eb1e52d5c8290 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_az.dll
| MD5 | 1d92f560471809eea74e20645f189f84 |
| SHA1 | eba6611cbbf97d3149bf1c2827323d6accddbd42 |
| SHA256 | b4a953430a4dc8d5a2b69709c1f6af2e42277df366f5528604734c1d933c212b |
| SHA512 | 589f3ef4a3b21d1959d5b8a70e07e71c6baac6b57468e1a8638beb0d6ebc6a4fe7e1fa60c0a1d255bee769c1b88c265879a01486d7e397750aa8dbaf3987890d |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ar.dll
| MD5 | 96bc228c659fc3b2f09b39aae22a0d08 |
| SHA1 | 0e92c15622a60eceba9451b7262fe430399b4c74 |
| SHA256 | e863afcc91f8eb43808cf936cf3c9eca097740cb65ba50d615171a96c79835a0 |
| SHA512 | a17fe3682c681592c1fe19dada7c02dd809af2f5e7c49abede362e3986610bb1121d86d2beb72a0387c5c32b1fe88f6a3e1208192543ff5a906d430b7c382bb7 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_am.dll
| MD5 | 00dff51bc419ca992c8b00ba6f600911 |
| SHA1 | ce1beb0d9f721493942d37eeaad453cfdc258ab1 |
| SHA256 | bc9c9e5e30d6da8f566ea3d34cb58aebae0751b43106244dbfaf99af88a03e18 |
| SHA512 | 284fe349cac1ea4f359d5aa5fe5942c8ee08073a2a4b95dff01522b7164c324674ab87f153309b8c699280e0d346dda6cf5e5238a95a86d297ff187d4868e0c3 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_af.dll
| MD5 | 606ed68037082cee9216cb2f67766f4e |
| SHA1 | 72a736e0232877318c4faefa7e34c6dfba61e042 |
| SHA256 | 4231acb9cc52694d3a314bd43266cdbfec48ee7f805e278a3cdf458b1550bb90 |
| SHA512 | f159c18eebd3db5bde59f378901dc1a1a34f4770e0467cb29b1d13cdc987aa43d59abed849547347892ec74a729425c0a538386886035101eb766161133ac3da |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_as.dll
| MD5 | f0bb461ccbd972b8890e62c110941324 |
| SHA1 | 528b0b2bc5e67a70bb7a519ccd3110a57c3ced30 |
| SHA256 | 4021b6bf6678eeaca50f787fa653ec5a9b8d9c0d4d0cc0bcc515e19590e659da |
| SHA512 | 808410313f1dd24357bcdd74cc00d282eb712eb3e3326de4f7db23b57512b0256b73f6660e8eff2a92fac124e2b9863e0beeae4a4b7af2faa9f60aaa40f2806d |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 8cda2d501c51f0869a69d5951f2aec5e |
| SHA1 | b5263b1302ac3c9d99a7c7bd655c3fb9829e4a03 |
| SHA256 | 208497513ff0c793e6dc0a9935d73dfc37887c875fe00aff4dfaeb3854054d31 |
| SHA512 | 2dc9dd6299a6b0781879ea1d9fb14ef19c55e372887ac006a658d5d9c3396cf7953a8d93963053173c7c40d4d3d8650f46999cd766edddedd33064a2c15f9c64 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_fil.dll
| MD5 | 4b955978ee33b0f15f27c0ffca0b3202 |
| SHA1 | 3ee61ed1795a1deffe333c524b810f6922b1b4d9 |
| SHA256 | 3024691ddb1e2dd72622dea4e8d30245d3c8274950da53eb28be5a1d27530109 |
| SHA512 | b53b09caddf7b06a2fed7d405faadcbe96c906277a5a34bbc9d7af2e6f76a8ccca39c18187bbdf6905d2d3c1d632c13f365c84413562d14842e6ddc9555e3a11 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_hi.dll
| MD5 | e94561526fb0c7703660857e19e46f25 |
| SHA1 | c47806ed6874dccf39860a35c127266b4693ebed |
| SHA256 | f7ea4781dd38472313b163f252c5fa808f72c966590f490f9c2ef34c74c2038a |
| SHA512 | d804bdcb28ab54011f73db6c1d84a3e243995f395b5c94685bbf7ba02c5246e8416ae706534056f7c2b3ea11215f6fe2b44ce6c8c6a9969a19d0a9f039e1d225 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_lv.dll
| MD5 | d1bcc0d8296b205bd432bd52a92cfbc0 |
| SHA1 | edf621a64b1dd5fdbfc607d0a07ceac09afb293f |
| SHA256 | 24ce2d5027bd0b93c41633e21d3466fe15112f43d4a1926e1a96399a6fda6afc |
| SHA512 | c4150781935fe7b42b7f228e8dfd85f9f63b023ed9580da930f555ce02396e9026c52f1773e9772ced2a2a8f26620ab744b5169a57cd5aefbdf7252b62dea757 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_lt.dll
| MD5 | f1b1a61cd9c993077cbc431e8d7a4275 |
| SHA1 | 61abd9b154d2a55c44ce9b0b17e76b18ff908dcd |
| SHA256 | 9600264f45f3fcc021597033853738c8a4797fe6f2b46d73aef71b7a86d1e8f2 |
| SHA512 | 4efb643624639439c1762cab253e689b2940a0641b1d21fe0634f7a9e9d39071c9231143f4e469f88bded26d514c9ed356a33cc932dec461062616314b7ae0f0 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_lo.dll
| MD5 | 9e59c2ad7ed3d51e1b27f7c60c78e2f3 |
| SHA1 | 0897f8d0e3613bdeaa9409562e0427daae230a33 |
| SHA256 | dc0dee83b4dbf4ba2d206693864e90eb979fe8914d08ee41b31a943f40baf796 |
| SHA512 | dd638fcfb3e88ac75a0da72907a092ebf1a59e25b502b49238883e0c75d867a3995483d0158b3d9468a21eafd7cddb15618d04b2c1f7a74a7ef7f672ce3ec9a6 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_lb.dll
| MD5 | 049e30bba06cdde18071fc033f920d38 |
| SHA1 | db0c1ba648cfbe4d3ef87f43d60d729299631a87 |
| SHA256 | bbc65f7c7c79d52e65cd2ff337fafae167305b6c1bd02be3d94ca7a4f90ff21a |
| SHA512 | 78497e30ff72fdbcc0e20f4884d87e3baa4637153649baf5389da104a80b4b0b784104fbf5ae4f421ed5456ec71d5059f80101be71f010a9097c02021683f14e |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_kok.dll
| MD5 | 5d5f0faebad7a5d96a45a5b2fb6e73e0 |
| SHA1 | c28c0161bc09f395326cd60f47b1ce9a7c715ae7 |
| SHA256 | 99d51c91e47265ed0da3a49ad857a990ffcbfd2fcf46bfba1bd5c8b0835fb233 |
| SHA512 | 03c955408e4eaf8f37251d60b974d11dfb05fe1564e5c00cfed8fbf8d4fba287e29b14f44ff771ef2f39b4abeddbc92996404c11991adac9fe12f4f121ccd469 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ko.dll
| MD5 | b9e5e0332b45f88b6edbe9890ee44bb4 |
| SHA1 | 65431e54912f0524b25f1f58fa06ba16c240b49a |
| SHA256 | 07344ffe17106ac4ffb79197cc5c38be28e2d151a69074b0834a516ff4a93c08 |
| SHA512 | f6c211767e79ed60fc09061fd49ed703aef3462df848be17c6f99ca9779fe3a620c30943aba930385b8c71c52152766d9345b1a30898f1ecb610e8426f4de017 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_kn.dll
| MD5 | 248256b02846eaeb3a5e748cc0396e3f |
| SHA1 | 3d52e14b57522f130ed0e1fea65e2dff9bcb40ae |
| SHA256 | 03615bc00045b318906e8ff83e641618f0078e53ae5ef474272b5473ab7af74b |
| SHA512 | 5d74aa97a803bbe24f829375d4a59ab930ab44e8ea2207a0403d602d5bca157081710b6d2ccf38a0fefbf389bfb331365dbfde50a6a7912eee7ea2cf7cd23cc0 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_km.dll
| MD5 | 7719dc7b4f07156b0fbcf2a2dc4e1284 |
| SHA1 | fce6c08c9cde7f6c73858ee5fd53072e98a5206c |
| SHA256 | 0e1fc00cd8f6ceecbb55b4bf03aa8dea9cde208794f786460eed368aa09ce85b |
| SHA512 | 983e2bafe4d3d529587cf579b764dc29c57ebf66a096989c37dc4f1ea8d20fa0dbaf21544b31f61b24c31232712cee3757a6808a8ecf880ea9eb5495557ecfaa |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_kk.dll
| MD5 | fb821ae01a0b524ae23f63d88c28dfa9 |
| SHA1 | 2991a1a8df7dda6181de0a7867745205a1573f12 |
| SHA256 | ce5bf443d87761c16cda8b2daa428b8dd3a8e4666c2876321544e30aa77b4d49 |
| SHA512 | 3833f01da9be639f7dc061cb959fc3bbdb5dabd83270a88b01c22931dd9fd529ed87af28952c6612bfdb065570ee7f90ab1ef5bf448681bca51f3c2ee42f6818 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ka.dll
| MD5 | e89a55be3f9a5c52e9da183f34671927 |
| SHA1 | 959340cc729c6638bacca31daa9a006402ab9546 |
| SHA256 | 617a1e02a9a28f490e465ed4eeb615ab4ba44ea7d078888a348f0246734e8df0 |
| SHA512 | fddb18f84b3756e9e30bd12383997c4c425bb8343e73dbbde29243ff4f799bc4a84f873eea998b7a4c428ab5e4cf0a11eadb33f18dc225712f822ec96d960a71 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ja.dll
| MD5 | 6652f0bc498b76621ea12beb491f9295 |
| SHA1 | 36254666188cce9c0ce736369bbe38e320f6ec88 |
| SHA256 | 1579afd2bbea04a29c443038636d90b4ed10769910a30e28e1d21a140cc9a5f5 |
| SHA512 | 84a1bfab994c3342b566c5a9533ca24516b45c74cad178c3300023ad082aac26af91bf05344cf0a87fd6c972813952dabf50bb4287b634145c05ffeda2d808ab |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_iw.dll
| MD5 | 239a56ce295fa3b0093668e2c5bea856 |
| SHA1 | 4665f0c7dd0bdc9dd616c64ecef51ff6f678012a |
| SHA256 | 49d076d7ff78b7711166dba8bd5846950b9560492a57501f4d83cc2ed19cee45 |
| SHA512 | 1893a8b26d8e32c285cf129e17699f336296e4fb3c1fcf4104a812580969182352bf69dd0d251f2eb8b5020772adca7a3271df32a263ca132746d860623ce2fb |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_it.dll
| MD5 | 81240b92b58959430e9a180c5e7caefe |
| SHA1 | 812f0f8004c10ab09f1b1618e0455abca66705c8 |
| SHA256 | 5b3a757735e2974c44765787d6f8f0516b086cabecceded190fda6b5aa442b12 |
| SHA512 | 254a0d6d7ed2c0c4b6c0310377ddcb82b5658c622af44deb7c0dac06fbcc80f002aa7d851dcb6b7fc8e517d07f755263d7b6362683d108b7c12dd856b771a923 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_is.dll
| MD5 | 6a5946856b2441e1ec4f20ad09667f8f |
| SHA1 | fbfc953defcbd6f8cdb3027e9837e13d3c75871e |
| SHA256 | 87bd7f25ec81c469aa198add5aa367c9d60bc032a72c550a8d6cab924bfdda0d |
| SHA512 | c5d58902fb7e11a6c47348fd42e8dc1c453eb212a112a7c647271a1fe9f558c07211867718829fb804fd2471ba4209d110f12bc855b93551209e308275fa8de2 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_id.dll
| MD5 | 7954105e73f609a874f876c858cf434d |
| SHA1 | 6e67d7ae24b0c24644edf62ac52f2387e7b9b4e1 |
| SHA256 | 259fde5b72e1c212dafceb43d19151a667ba57334777a9299ab634a89f334cd5 |
| SHA512 | e820f301b0d3305eec1d0b89422c21c98f2ced084f64b7325d3458b2f666ad000907abc56d1a32785fe82b6161034a656eefaaebd247c9d8f9c15de02c33168a |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_hu.dll
| MD5 | effce58c08448542c33e9ec15ebf3924 |
| SHA1 | b7db3a24c1a9b89b1edc393b2bea5386f915d570 |
| SHA256 | e1be6d7cd88c6f1ff12ea7ed7faab9fab781d922876c90a3bc5b6226c4c81444 |
| SHA512 | 7bc88523ea78901c5a379dfdcd44d08e9df993f8659978f2027ec343ccd009ed7da2b0b8ecc7b5ae3386ae96c9be71bb6ce057933cbfb0e25955e4fc5efdbf60 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_hr.dll
| MD5 | a47c80f48a4976df8af4f7e07456d293 |
| SHA1 | 37ac17bec45ef3bb34e2b0a1a4cf349fc4478adc |
| SHA256 | 78a8174e1ad79c16efaa3bd9647991eb461beca02f807574cd65fe40080805a8 |
| SHA512 | aa05c2b9ce08a9381f3e23bed3971e9f1437ad52b65d89120f7a2888ae27a42d292756cf4148ce6deb22d24452e3ce70484688369415e7946ca9fb60a6e37d72 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_gu.dll
| MD5 | 726d91cf324b07baf789b24fc876b290 |
| SHA1 | af41ede5419093d347a53dafee44a3ef365b7fe0 |
| SHA256 | 3462e490e546ec389db25633fbaa2d0d0add6b5a15074145f34b6ed3458cf834 |
| SHA512 | 4abc49b6bcec185f6d3dcdb9f18e820a698d80652d2d41a817f35ab400deb1f117a3562b7c561e50651df64e6a98cc6504e6bb82d8bdd19f863ba2c2122f45fa |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_gl.dll
| MD5 | 29757fad520352af194fece946f1f95d |
| SHA1 | 88c2329c980f8482fb075b0ce435b83011f48df9 |
| SHA256 | 5ca21f2236b52edbec18268b47e7a211ec9fec2a3b414271b4e203a7c9f5cbaa |
| SHA512 | 6858be9cf7a5687eb18c2bc4082f3b3a7f3b10c6d5297ee479808d1ddf65ab536193735d5d502f9d7054ea6bbda5f96035901a2d5dab217b5036f0b0061c35a0 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_gd.dll
| MD5 | 6fa2215894d01a79206869f39f68a98f |
| SHA1 | 55c29578288a2abacdcd65cfbf27728a7309261a |
| SHA256 | c15bb80b79193bb77bc0144b8ff57b16726d558a8498589777871079bd03b7e9 |
| SHA512 | eafba9a395ed00f6f46e2ca678b9fb906ee36ef0b7a0e206b32aba55c83a1280d140654cf7e5f2a87b6293978fdffe7fb13ee4545641a83ae6a8844442096ab6 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ga.dll
| MD5 | 1663e35bc536d1c1163cf00d61e39b3d |
| SHA1 | 46766cd738b39cf810c90f82ffdf703feaa7c880 |
| SHA256 | 79b84100cef382c71f9993f5ba7c423a23b8598c86d5b8ac9520a57231e3ca7d |
| SHA512 | c0c186aa899a449ea4c146e5e4cefe4d3abb532342f1a77fadf9fd0b534f738592ad4912266f69d651f54180063d58fa620ef960c82d7578c53608f5507eddbb |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_fr-CA.dll
| MD5 | 28ff512bb880aac07c8d687ade1ff8bf |
| SHA1 | 1288852773f7a43c4311bc2a1d01e312313dbd6c |
| SHA256 | 8eb5e4878b330e62a1511f5ae50bd34445765331f3fc856ae92df28cdc22eb8f |
| SHA512 | 639df2f17eae8a21ce7cc3b86f645001eaa61de18930505d6e4500a6de656fa99683233e590149cb0412491e7b24f0b46c45e6df03fe228aa83c40828bf41558 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_fr.dll
| MD5 | 4580debe242f7fa38b2d086b0d3770de |
| SHA1 | 2c165f67468eaaae0c0b3fb9eccf747af588250a |
| SHA256 | 59777ab257cc55224a054d3ccfdf6217f28bfa97a59dc04cd92540c1c6935c65 |
| SHA512 | 199f8fd7c05cf14ee6f760dfc8099eb476c88cd8fa5fe2f9c60c12d82c0e0b5fa1700aad910df2b0f580615ffee373136cc826118e160271a59679b646fb32e4 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_fi.dll
| MD5 | f529fe2fed08c665ad34e6788d2440e0 |
| SHA1 | 43c6c32e3a82211443ebef2934ac7879c194f1a8 |
| SHA256 | a64abcff7b54e139a12e87cce7f157c8af6e9df301a0947a2a6967af9b5e27c3 |
| SHA512 | 84dadf95f56f04b4e4f165f2c58caeb627ca760c2467892917496c4bb4b211dddda846a1fca4f677d0dde16fffdbfd0d386eae8c089655db5d70ae0ad790efe3 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_fa.dll
| MD5 | 2462f00c347bfb4c939608285d21dbce |
| SHA1 | 43c236c750492f897c13c1f8bef4d2d011eaf4c3 |
| SHA256 | d171391294443658848e870e01244cd6d3b12cf650fa4e22f2b32dfcd4ca963d |
| SHA512 | 8ca5a7381d8559f82b59df04fd9067670aca48deb39190687791ba8a9fbb4c1f0344a07ea7f23b0d85963e454d1446987fe7cd66b1f14a2b5861f4019c97056a |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_eu.dll
| MD5 | f2457bd665a2474e7e90dd8915ad444c |
| SHA1 | 7ced03f29de9b441d963d23fcc2e19dc3f3f697d |
| SHA256 | 5b5ce990854c315149a3effbc4331153da47925d6a0e3b85741c0b3618e67931 |
| SHA512 | 9562b54bf11d36a97352cac408e73ef274578ea30aaaf211cfdb9ae1a7cf82acbacd731983b14a6a1472f44909b5277c7bbf6cdbade54cdd2f24e3d326355677 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_et.dll
| MD5 | 9385b45b97a6dc4521151c21f319ae8e |
| SHA1 | 39e513b01e8ff7b8c94dc2cb52e20e9bbf8e5e8c |
| SHA256 | 03885d51017cb514bc30da68fd2513c45cb05a97f7421677cb57f27f0669783f |
| SHA512 | 77c003f5c2257e67aa4e06d78d527ba624d264dfd0e8bb434db23d7069aa4e58c88b9af3200af5a77d88b0e2299253e8f132c070925c1fad3fda2336105d73e5 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_es-419.dll
| MD5 | 5b4a8cb162175ade8e56c1d4afce6fd7 |
| SHA1 | eaaca18e5f69f65751cac9daf3371bf5c411be0c |
| SHA256 | fe8b34128ddd26783231283e22d08ad8d5025982498ef4d365d65c43fce6dd7c |
| SHA512 | 2b5ced77b5806ce04d3ce165631f686e516f2560743a8cc7658ddd6b6671479212028390347153e24ec4fc13c1fba63ce83b9a4e3c55a873c901ed896e4ac95c |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_es.dll
| MD5 | a72510382afdb9a146078cb00db8df22 |
| SHA1 | 83b2ca1eb24a39690e0c922398faa6c4be112e88 |
| SHA256 | e7982412e9ffa812641bef2cd2935e4f9ca4f844cb93b9031e7af3971e2cf50e |
| SHA512 | 197c6d6441cb417162d6459715825a9955cfaf8f08a8a3f47ec56bb3c7804f28dc0ecb6d60588fc98fe3b77b1ae4bb9856395d37b04e82a20278417b38fd4c33 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_en-GB.dll
| MD5 | 412f14940f8777054627d1432cef7db7 |
| SHA1 | 4b32bb293684790dff39d970bdd241afee929f4c |
| SHA256 | db617f26678b9b43490b56c9a1f48bbba5ef86ebedf95ca3de3ae04f68b3de1b |
| SHA512 | a3aa40300480019d91e09353979aa52fefe2fbb141d1b5915ff6c8d8368df682dc1e244516bdc86d389c812ba8500ebf6a1c6387472d1c1bbdeb905ba9ffd540 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_el.dll
| MD5 | 051a632cf0947f026c840159c9b6788e |
| SHA1 | c7ae20da32edc05b4fbdaf78fb7c4f30672b2dfb |
| SHA256 | 76a85e756027b2416e7086e45aef7de969988bf17bbb28f922bef5b5f44f4f15 |
| SHA512 | be2c60267c5e2e57c62741c444b8aa8f374bbc3c970d495309e6601d8d5eba74c35897160a11df770e42eff38d41a43c93d9b4ecbcd6e5403af260fd796ce175 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_de.dll
| MD5 | 268e87ce4b23af33164c815b63d416f0 |
| SHA1 | f27d19649b06f66cda9d20fd8491ab3bfc4c4da1 |
| SHA256 | 50bce9a1fdafb8662a9ef7bcc978a13d45f8b3d033078e0570414a7d907863b3 |
| SHA512 | 96ee5bb4839c13bb8ec55e5dcec973f21825734569fdc5ceff2af08d3494da5f1c4d4a3a4bbc473418f849e0d1443582e20c92e080ea13b5b1ec9dcb39183cd3 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_da.dll
| MD5 | b7ea9525f9530a18ed950b1d0a0f441c |
| SHA1 | d98a918ec86e0763c89027c472357a9b9a809ab1 |
| SHA256 | 731aeea1ebed6917807b391f91dea189fc3018d054848b1a7ada0475a1e8e669 |
| SHA512 | e9e64b5627d32f0a7cab8d0b5bc4645cdc59bf65a0b3e2e15775a9dae4097be0356ca31943c92508357ba67bbf954f15428a489425a095091fe286227206df1c |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_cy.dll
| MD5 | 1378af7d3892821f50836e46225e4118 |
| SHA1 | a3b166f0504a1b698e8dd7dac52f84e61354d07d |
| SHA256 | c6f221add2fd4fe61c95d38b758d170a5980792f903d78551b2087d6f9016d3d |
| SHA512 | 8a82c7973f02d9881394d4b9569e65efef77d9722d6936eb5814be95fb59225121efe0851a11520549c152dafa1c5353c3a60b6bed80e78f81e8f3aecf3634f4 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_cs.dll
| MD5 | cbcb2b97100273ae1154453e171810d8 |
| SHA1 | 98d9a1bf4aa6f89e9a87d04bdfd544de2e09cee2 |
| SHA256 | c6b72665d574ba37e7298a78e062bed12708e7c7b99edfad4ca5f1dfcc20b925 |
| SHA512 | 45b24b05879d07178441bcbb1062bf2be810596c6a934c4913c4c6e7e995b5a0345592b960ab77bece26100a03afadfee8824c0cea16c0174010cce5a23f1e63 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 04688fdbe31d266e55142daeb163da3d |
| SHA1 | 472f0404857b2d9209ef47c7e100a7902a0407c1 |
| SHA256 | f5922aca346c9eba86b6cc1035e0f72a1cfe87cec99ea019736412a738fa8cba |
| SHA512 | 1aff7c09b75b5eff7ea101844ce1c681ae22a0473eea5334e51e5b4af137a2133a73dbec4bbbd0f0fd1c412329d3b3e88298e6a4fa20c61e24542e7d2746277f |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_ca.dll
| MD5 | 6a258d3b877f79678312901752a9b357 |
| SHA1 | c5c9a2b3757e44b791587bd8b9676b0c8bcc7d1b |
| SHA256 | ae1120fc76dbef20dbf56dbd7284253547c27d55029f2a170772b7f1bd8651d3 |
| SHA512 | 52371bd55629d8a4daa45a12141a067250d8d7987cc1a7047a3239f56ccb24a868f9613d98908546bcbe63cf751031b18910472be2578b570888681525d73cdd |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_bs.dll
| MD5 | cb09124947b9355f54a25241f2abc507 |
| SHA1 | faafade6af4ec3ac77ceba740191795aafcfce79 |
| SHA256 | c982c2e0917ffed0e63763aae668ff9b5b552c4f5ff6df5e04bd861906b62cad |
| SHA512 | cc3d0a34e191fa3d58fc389f29554898d6ad896357eb89baecf68ebdbf7d715b12e57508fb172394c3e540fcd275b78a859411cffc7b304b9ba5d605e82efbb3 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_bn-IN.dll
| MD5 | 1289424869c0efde5c5d7d81304ed019 |
| SHA1 | 59904fb85b90b373c1e5de9fc1e67a2232082253 |
| SHA256 | 19c114b66308c20fef3955d586740b63e61169d49cd81603e0418b546bf6a25a |
| SHA512 | aae935ed3856fa93f15b1c89ac849d5d397b417e59b7de97a4af1d2c82efe3b5b58b545801fb9ea6de554213ebb373b07f21e880a725ecd14f2947d6264fb5a0 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_bn.dll
| MD5 | ebffb9a8931987a8295709723183f980 |
| SHA1 | 3d3085b39a34210d362149943ae73dc1978314ac |
| SHA256 | a233815225c4cd9eeb0c4225ff6f37127ea68c363aebc4bb47474306746b63c3 |
| SHA512 | 09939fb403d4731eed9fc7023af306663426e76884fba880428312d4fa322bb1fd11b4ef4a7116e5a4d809dc46486f0fed8e84887359e7c69c13eb57d9d9d009 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\msedgeupdateres_bg.dll
| MD5 | 5b17b4ac96d90bf48af3814f82679e13 |
| SHA1 | 0097d33be3c86423002fb418c07172791ea04239 |
| SHA256 | 14a5cd6d9e23888df3314aabd68b44166ce4f5c3a59f492a5194483aa2b0d824 |
| SHA512 | 828e97c92b6864fa713bb5fea48d27c2a31678d271703ec04432a691939c516196b170f9787b12d7350e80d56b0751c108d3333a415669c0263025d6e5553ce9 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUBDE1.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | 6fb9e3cc84490ac01ce63c90bd011d03 |
| SHA1 | 472b6a9f09c7b5eb1d508f2c83468fab1a623261 |
| SHA256 | fdbedb7ffd417839bef8a9fcc69b545adf002739dd6a3f4fe92fd2e5859502ef |
| SHA512 | 3e1bd82154e8c142aaf19c2ef8e2b581c6f5d0697eaab350931e8d39da2b3e01d41be93b2d472a7d88a0279c1f62d8faa4476176ea41b3b5db712256e13338bd |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | b1b3c4b37c7d270fd0f05f75031f53ad |
| SHA1 | ca83281ef3b6030ff9a1471c16f2a25a25c647cf |
| SHA256 | 36ab5fac544be4f4123f552a780f00c91988d5591888931a62a94384d06c3994 |
| SHA512 | a7c54468e00fafe40627b8144a0ea9af5d217a5a570a67d8531c18a9191c8c66ddf9fe8f8af6ddd71caf8e06abdef1628f9a56c2cc5b66b6d734a3e710245a2a |
memory/2824-203-0x00000000004A0000-0x00000000004D5000-memory.dmp
memory/2824-204-0x0000000074950000-0x0000000074B76000-memory.dmp
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 17d24551637dd858a424e40ffa295969 |
| SHA1 | a0659c0a31b4fba1fe6128461d838e3abc4bec4f |
| SHA256 | 58ae0e57f17a91e2aed398291000343e68a7adc5621cc88221ec05ce4d442867 |
| SHA512 | b0fbf0803933e1c13799a4d10854408205fba85fa65d735cd0e5d7541d61ba84a5fa7b95ceb38ecf46d9d46d5e307f062598910758291842ff4d291b2c6c0cc9 |
memory/2824-233-0x0000000074950000-0x0000000074B76000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Installer\setup.exe
| MD5 | 9a98f71bb7812ab88c517ba0d278d4c9 |
| SHA1 | 459b635444042ad0eeb453cdba5078c52ddba161 |
| SHA256 | 273f8406a9622ddd0e92762837af4598770b5efe6aa8a999da809e77b7b7882f |
| SHA512 | 5685717b2192b477b5c5708687462aa2d23999f565a43b7d67388f48eb9a3d33d9a3da54474ce632a0aee1bc4de8a6172a818239033d4a035f045e15947868f3 |
memory/2824-262-0x00000000004A0000-0x00000000004D5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
| MD5 | add04e3554113120df086f5de4bd6ae5 |
| SHA1 | f49c202157dd3de00b4eb4e8de72c7e5d7886d34 |
| SHA256 | 6349695e7c03958d884f7bc017ae250d5603b2698afdc68613dea18ae6c4b33b |
| SHA512 | fa9c57b598c4554cd934f397cfea8881ad17889f0ababc718fcc34c32c0e4733d014b1d4ea8d79d8753c3afc3f163b6195a2950adb632e2f3c89100e847a7060 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State~RFe594184.TMP
| MD5 | b54265f195a25bd4b375961bd1204641 |
| SHA1 | 1e36a2e28777e14e16a700c7241f03b25a846851 |
| SHA256 | fabcf3d7e333e6262f410a0b128ebb62e3ca4abc1f4433657a2aa7bce58ef4bb |
| SHA512 | c0f865778069f63ea5088683afda4b45989568eafe98b3d990593fdc6d7334b7b76ff3a19640b1743e7d9b7312450d476ba10e91e703a12e6372ce61eeda9377 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
| MD5 | 833c342afb9e9fc8785a0a20462f4a00 |
| SHA1 | ed8f08d851c03789530603a10ffd1bf88b099989 |
| SHA256 | 1fdd3b62e0a8040595b6e1f130ae38a177c4d18543a2a9fa6ee806bb6612bab9 |
| SHA512 | cfa360a4d744ce391d24ae7127d7a812e42c86b904762b0be7b58361bd525c336f1d4a301776f785c7ee08440a549e678aa7217dab17a988189605e2d1169466 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Extension Rules\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
| MD5 | a763a546915f951ddf52d49850cf2066 |
| SHA1 | 0e9d4d698e16c99be40657cb138fcac092e6b582 |
| SHA256 | 62f1080cbf8cac3c194378b1173361fe85b63de3f547e20151d19bf887b63457 |
| SHA512 | 3bdf4fe192dd7404e52e73494cc1be6a353eed2433c0386d6edcb294fedb35982d0b8a9c4accebb53ba2a0c4f017b41954143ef05910c0268ea3f65fc6aadbcc |
memory/3836-321-0x00007FF932670000-0x00007FF932671000-memory.dmp
memory/3836-320-0x00007FF933790000-0x00007FF933791000-memory.dmp
memory/4852-319-0x00007FF9321C0000-0x00007FF9321C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad\settings.dat
| MD5 | d1e7bbbc9284abf1c484f4a56723dcbb |
| SHA1 | 0be066db3d7c6596a9f0e6fafc335541c4b847ec |
| SHA256 | 956560773290b7445f6d0fd3bec2bf43864317d6d91771c188860764f11fb27f |
| SHA512 | b3f7d86d7cfb493453a0db44a74f62695c15627fa6d2977fb98abf7f0b797f896176261748ea5ae9a351ee752a1d958fb3df680abdf462e24351a46bd566b55a |
memory/2428-356-0x00007FF9321C0000-0x00007FF9321C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GraphiteDawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
| MD5 | f4cea4fd9b2d334a98458e44457fc573 |
| SHA1 | f1004a86899ee77124c9980f15187631ff582839 |
| SHA256 | 024ef6f44ac789528dd1d4ea4ae9d694d8a396cc8875c0d091e0e740f9de9726 |
| SHA512 | 528c86457c75e48c20cfa4a6cbc22ee169a6c3a1a6716ccc6b4f14586fc64a24179c899164d859a751817274b70bb017ebf499a02a04edae13458c5d0d1d141e |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 830035bc0b7296a5f22e329eda79616d |
| SHA1 | c731a814efe44592357b955f5fd554b0fc43964c |
| SHA256 | f5a255a46bae6bb46bcc83626b0804cceb1c33bec4b8a28dd5e2e764737b1416 |
| SHA512 | 004447f569ea2de032969653a4e3f583cad79097653ef288ad9d99908d4296d8a6bfde1adeccbf706e4e6b3ee52ab86a2dd265edcc7a63010a85cead158067b2 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c0739dbc83228eea47ad0da10b90038 |
| SHA1 | 968e793248d9c0f9385093ce5a6cb40561a5b208 |
| SHA256 | 55dadba59d1f83c7aba0c280557b9d534ac880e525478aa879f78b15a84c9a9a |
| SHA512 | fab80e25e180e1ffd7e6bc8f8fd46918d3688a43db23d07f2488a5d9b1b5f309d34bb179a2e7c00db7db48f2abb1dcb5dbf1cb726ee321f8546443f29dbb8597 |
C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\a1b417ce-13a9-4fc0-8932-9226c3d9b9db.tmp
| MD5 | 36c67258dff63944807d071ec92f220f |
| SHA1 | b2db4ca93af3bac381d65e6da5b2b55abb43aaaa |
| SHA256 | d45c580d0f8484fc46fcb73ea1654af6ea22f3c4fa1a349bf0ccfacf82011b06 |
| SHA512 | f5ac083550a84da86cfc478bddfa2fd763718d0c8b444f70d5fc2fd3623599fe4fa2d6c65c381d5d05b7a7da587c0abf4d6c70294e6a70aecd595aa5f50c783f |