Malware Analysis Report

2025-08-10 15:04

Sample ID 241111-m2ds1asjaj
Target Bootstrapper.zip
SHA256 a9e76b770fb8a61f793a61ca6701e1f76ea95282d5a3647d8dfccf1b560f401a
Tags
discovery evasion persistence privilege_escalation trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a9e76b770fb8a61f793a61ca6701e1f76ea95282d5a3647d8dfccf1b560f401a

Threat Level: Likely malicious

The file Bootstrapper.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence privilege_escalation trojan

Event Triggered Execution: Image File Execution Options Injection

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Network Share Discovery

Checks system information in the registry

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Modifies registry class

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-11 10:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-11 10:57

Reported

2024-11-11 11:01

Platform

win7-20240903-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"

C:\Users\Admin\AppData\Local\Temp\7zO4FB62217\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4FB62217\Bootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\7zO4FBE6977\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4FBE6977\Bootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\7zO4FB3E047\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4FB3E047\Bootstrapper.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\7zO4FB62217\Bootstrapper.exe

MD5 f2a6133b7f38fc49f792ae799d1b4750
SHA1 6bef46ddde325f45a0e9ff123112c96bbd47c795
SHA256 37bde6655e1272e159b9c2e3a7eee3f4e9a837c0f04240645d3991d112287f8d
SHA512 f9611bed83b4bce1841868880a42dacb6b8f7e8859be1d85b3c8d3a365a0244566cbfb12294c7b2c82b15d6c0e47095d8246a95d522c3a064a0d8511b2411254

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-11 10:57

Reported

2024-11-11 11:01

Platform

win10v2004-20241007-en

Max time kernel

206s

Max time network

206s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\et.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\fil.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\show_third_party_software_licenses.bat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_id.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_as.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\delegatedWebFeatures.sccd C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_am.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_gl.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\mi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\AdSelectionAttestationsPreloaded\ad-selection-attestations.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\concrt140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\PdfPreview\PdfPreviewHandler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_nl.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_lo.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ja.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\EBWebView\x64\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\am.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\ms.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133757964155095764" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\ = "Microsoft Edge Update CredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2608 wrote to memory of 2168 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe
PID 2608 wrote to memory of 2168 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe
PID 2168 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe
PID 2168 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe
PID 4800 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 4800 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 4800 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 2780 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe
PID 2780 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe
PID 2780 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3588 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3588 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3588 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3588 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3588 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3588 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1384 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1384 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2528 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2528 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2528 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2528 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe
PID 2528 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe
PID 516 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe
PID 516 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe
PID 4424 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe
PID 4424 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe
PID 2528 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2528 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2528 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4800 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4800 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 3052 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 5024 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"

C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe

luna\Luna.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzE3NEJCRUUtM0Y3RS00MThFLUFFQkMtQTc5NzdCODRFRDAzfSIgdXNlcmlkPSJ7MzFGNzM4QTItMzIzQi00QThGLUEzNTktQjk2NUVCNUQyNzA4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezk5NTI0NkFFLTcwRDAtNDYwNC1BRUMyLUJCNEY3RTgwNzA2RX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxODc3NTUxNzciIGluc3RhbGxfdGltZV9tcz0iMTAxMyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{3174BBEE-3F7E-418E-AEBC-A7977B84ED03}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzE3NEJCRUUtM0Y3RS00MThFLUFFQkMtQTc5NzdCODRFRDAzfSIgdXNlcmlkPSJ7MzFGNzM4QTItMzIzQi00QThGLUEzNTktQjk2NUVCNUQyNzA4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MUY1NjI2MDEtRENBNi00RTM5LTg0QTItRDgxRUQzOTlGRDVFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2xoVmkxMlFjazZTbDB1VTFPQjZZMTUyOWJSNmJzZXk0K2N1N2RIeHM2Y2s9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzNSIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkyODQ5IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjU0NTM1MzIwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE5NDM1MzY2MyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1DF69D8-CE5C-4A9A-8C07-0FC918C08A5D}\EDGEMITMP_39E3B.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7cb42d730,0x7ff7cb42d73c,0x7ff7cb42d748

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzE3NEJCRUUtM0Y3RS00MThFLUFFQkMtQTc5NzdCODRFRDAzfSIgdXNlcmlkPSJ7MzFGNzM4QTItMzIzQi00QThGLUEzNTktQjk2NUVCNUQyNzA4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezIxQzM2MTE1LUVDQTctNDM4NS1BNURBLUE2NTdDQzJFMDA0MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzAuMC4yODQ5LjgwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjA1MTUxMjU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTIwNTMyNjUxNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2ODAyMzY1MDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI3Y2I3MjlkLWZmOTQtNGQzNC1hYWU0LTMzODVmYTA5YzQ0Yz9QMT0xNzMxOTI3NDk4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUw1V3hZYWNMYzFTT1d0RGF3YTBqSDVqZmh3V2R0JTJmU1hSaDZTU25udVZQeHZ0WEhMUElzVXNQeVRLOUZGMTZnc0lDcnptbXUzdFBCM1c2RFl0c2JXZFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzUwNzY5MjAiIHRvdGFsPSIxNzUwNzY5MjAiIGRvd25sb2FkX3RpbWVfbXM9IjQwMTE2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY4MDU1MDEyNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2OTUwMTc3MTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzMTI5MzMwMDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MTAiIGRvd25sb2FkX3RpbWVfbXM9IjQ3NDgxIiBkb3dubG9hZGVkPSIxNzUwNzY5MjAiIHRvdGFsPSIxNzUwNzY5MjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYxNzkxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --mojo-named-platform-channel-pipe=4800.3588.13325472416053758480

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=130.0.2849.80 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffc51e24dc0,0x7ffc51e24dcc,0x7ffc51e24dd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1816,i,16454108770190854503,18246563776966377593,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1716,i,16454108770190854503,18246563776966377593,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2260,i,16454108770190854503,18246563776966377593,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2356 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3728,i,16454108770190854503,18246563776966377593,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 2.19.117.90:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 167.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 90.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 113.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 84.201.209.104:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.19.117.104:443 tr.rbxcdn.com tcp
GB 2.19.117.104:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 104.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\Bootstrapper.exe

MD5 f2a6133b7f38fc49f792ae799d1b4750
SHA1 6bef46ddde325f45a0e9ff123112c96bbd47c795
SHA256 37bde6655e1272e159b9c2e3a7eee3f4e9a837c0f04240645d3991d112287f8d
SHA512 f9611bed83b4bce1841868880a42dacb6b8f7e8859be1d85b3c8d3a365a0244566cbfb12294c7b2c82b15d6c0e47095d8246a95d522c3a064a0d8511b2411254

C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.exe

MD5 c6a90ab2a4998038546774d2d88890de
SHA1 024207d467e598a3888b25b4eec2d76f81c970be
SHA256 af32cf284b8bee03c77a4b18173fe89413a1f2f1228ed8d0e9e99e86648da95c
SHA512 b3217e680ee13ed493f10a1cf3acad8d686f60d6d29b769b2e7134879df168e12b38fed5514a37ede77502cd915e9120cc55020b35b80afd88d16d7b143759ff

C:\Users\Admin\AppData\Local\Temp\7zO03A4E397\luna\Luna.dll

MD5 d3418af778a91c134b8361c10fd16be4
SHA1 1654ab09bcc1ef4d168088518adc165e0c6469a4
SHA256 d21975e541c3838d2f83bf6faf360d7a7417da2106a610489a768b382ad3b91a
SHA512 128e8741bbe08bb90185d0c1c352572757e2848773ec39f21c8744ce4eb0bf9095ade326174f9164e94f568a00714be8bedc197f36a46c6fb16a880f2c6f9c8d

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 431a51d6443439e7c3063c36e18e87d6
SHA1 5d704eb554c78f13b7a07c90e14d65f74b590e3a
SHA256 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6
SHA512 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdate.exe

MD5 35a79bd6de650d2c0988674344bf698b
SHA1 a0635c38472f8cc0641ceb39c148383619d221dd
SHA256 a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1
SHA512 afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdate.dll

MD5 39ac5a029f87748e964491b97936d890
SHA1 24777aad794a13d0e7381fc6f32f0e1bcdb1ba80
SHA256 ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc
SHA512 2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_en.dll

MD5 894b6ea4b49fa390bd70167a75f3ff7b
SHA1 4f834ef6567d02f28390d63c8ca9fd3c735b2140
SHA256 a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a
SHA512 9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 c55b37823a672c86bc19099633640eab
SHA1 da5e15d773c794f8b21195e7ad012e0ed1bceb72
SHA256 3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0
SHA512 1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_bg.dll

MD5 4b23c7229eb43740744cfbf48c4242ca
SHA1 4938dcf6239e14db53c8f085d3c477905a9986af
SHA256 a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2
SHA512 4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_cs.dll

MD5 8eff4531519a4b768005b9411d4a5f9c
SHA1 59b354e3f32f0a0da8755c27b903803994f4aa31
SHA256 2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0
SHA512 4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_is.dll

MD5 28064f47523b575c20fc85733cddf487
SHA1 0c5583888be256c8e09a396e333ad158b5f87553
SHA256 0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a
SHA512 d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_iw.dll

MD5 d92167a825c73bd6246483bfa1787c8c
SHA1 0a96d89226f1e694275922e5e2640bca3d7e7020
SHA256 d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019
SHA512 12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_lo.dll

MD5 b0973b4e4407ea116a723bd7c39c1d45
SHA1 011e9126cf2fd3db3f0f810dc1d8e60891ef0695
SHA256 36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a
SHA512 574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_lb.dll

MD5 9c7c3dec8769f8b33aab63a15f642d81
SHA1 41ab17373c388d005b6d39c3ffc9fd5aac1a75cb
SHA256 c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7
SHA512 86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_kok.dll

MD5 f97d285a3ba35b1395d9868e15bce4f1
SHA1 154dfcb8646bdb02b618dddf8a0dc1cbdab2269a
SHA256 33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4
SHA512 bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ko.dll

MD5 6c3abddca78cb3ba9f724bad9fed6165
SHA1 3114daf9295215bbeed0f4bb4e282b46ec1c74ae
SHA256 d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548
SHA512 b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_kn.dll

MD5 1ee9fe48904cb43a9147bf16823b16f1
SHA1 19fd9c0a2a1d919340eefca7956bd84df467b737
SHA256 a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d
SHA512 b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_km.dll

MD5 5ef433fe15a877e530ba0a044486f200
SHA1 db1deb37392e001353f5a098d8686a17fc156b40
SHA256 896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502
SHA512 97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_kk.dll

MD5 d9b956ec540d8b1e528d88d8c5e5fdaa
SHA1 bb967aeba493d9ac0b3889f7bbf9136614080331
SHA256 cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901
SHA512 d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ka.dll

MD5 67eb1378381ad4d1a450bd26fe51f5e3
SHA1 ae0655d07a4d0b049ed258de646199f9004963ce
SHA256 b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9
SHA512 1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ja.dll

MD5 0ff69dde83bf61a768bc63870d687747
SHA1 622714cb8eac68b79021800f28f5874aa23176b5
SHA256 3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7
SHA512 e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_it.dll

MD5 0da1fde56fc0bf63e17a891e99f559f1
SHA1 131d18d7329be3ff21c78a3921b88e910a3d5a68
SHA256 ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec
SHA512 67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_hr.dll

MD5 ca9abf92edc001d3c0cea4c926bd004c
SHA1 740513a325a5c15376f4b1aea402e9c54155ab33
SHA256 d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346
SHA512 7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_hi.dll

MD5 274c267b7ee544d36698b2db119a6929
SHA1 27377267ddc09060254033c4aa9916a60a254956
SHA256 ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f
SHA512 f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_gu.dll

MD5 bb4a1f9374f1c3e0cbc4788a3ce1d4c5
SHA1 30667d6dbaa689db9a08b42acacdf68435dac46e
SHA256 bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655
SHA512 d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_gl.dll

MD5 31276d0895baff6976c94c549efbb47d
SHA1 4f0fe790cecc28823e6359fb3b78dde13cc17681
SHA256 d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88
SHA512 413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_gd.dll

MD5 d64f47e1971f1e9faba211ca984e550c
SHA1 6f4de57c6f174dd778788b138a9b25cf4725258b
SHA256 75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00
SHA512 722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ga.dll

MD5 3ca8dfe9af49bdde95188002ebd5f227
SHA1 d18d7af889c4d03ea417c09bc56069f3f697c547
SHA256 6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5
SHA512 a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fr-CA.dll

MD5 08b6c8f26644370c6dcbee63e4abf884
SHA1 e4981733831c4d31715cad1749545d21dc29acf2
SHA256 916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8
SHA512 31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fr.dll

MD5 cf3ff14718b5e6125b956d6d9e897196
SHA1 041de2587e03f6c52dba60e9d2459ce33b263eb9
SHA256 d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa
SHA512 551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fil.dll

MD5 20134024ed75deda002dc0839b352f84
SHA1 e67bbd13a320d2b4413b283e165385c44a65ea0d
SHA256 425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76
SHA512 7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fi.dll

MD5 7f47c9b9bc9488754579935209291c55
SHA1 470e590c6f5263a44b95abbd6d0c158fae326d21
SHA256 f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75
SHA512 6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_fa.dll

MD5 ba417f44f7564f1aca70cca9166f3f44
SHA1 d8f064e25038e0076bffcd1a694b58063b7268d7
SHA256 56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703
SHA512 c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_eu.dll

MD5 ed883bbd9e4b3de4db68e356707f3e67
SHA1 e03dde660c15a614442552f8c4d2cc5dd8425fc1
SHA256 168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7
SHA512 ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_et.dll

MD5 6b03eb5b302e72727977f2431ea7f30d
SHA1 ac5cab93d3c28e46f92d2719638c739c680cc452
SHA256 b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137
SHA512 362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_es-419.dll

MD5 bcafbabbfc8f810220b2ebdbb8a76d19
SHA1 58703c8355f996f2ce8ae5fd1ce4dc29318fd414
SHA256 7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7
SHA512 b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_es.dll

MD5 3ccb8eab53a0b4c93507bf2adff6ced5
SHA1 25fa2435e97bd0e1cf986a882ce33e68f961c139
SHA256 8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0
SHA512 4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_en-GB.dll

MD5 39dc20ae50a0e2ba9c55dda91256b3cc
SHA1 464139f11db3fd6ae77502b183c4b59f581d6c7a
SHA256 e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14
SHA512 08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_el.dll

MD5 09cf47260852ff7b2c91c65d127b9314
SHA1 b3d362f3d08f81bd1b719a1c94b54f5f9c9610da
SHA256 eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920
SHA512 114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_de.dll

MD5 ce66ef1a806c21949b75055f81cac760
SHA1 3719e4af114a3c0baceb133d152a02bc6a1fb9f8
SHA256 23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f
SHA512 04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_da.dll

MD5 19a7aee0daf68fdc1a24e3228a8bf439
SHA1 1fc6ce227a11245787c80f3932e2c311de2d44bb
SHA256 409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99
SHA512 0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_cy.dll

MD5 11b92ae8fe94c784480d465a37935766
SHA1 f4ead29d4b20c57bb0e4d16a7488784f61a25972
SHA256 571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161
SHA512 b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 afdafc9f56401b662f42cef830d92b38
SHA1 b56966370ec07cd676e35d93fad001e0f6b3fb8a
SHA256 03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72
SHA512 884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_id.dll

MD5 c80c6530280315158443cd04f89e9169
SHA1 fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d
SHA256 52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de
SHA512 bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_bs.dll

MD5 5e06d311c2e24b94f378c4d3b3deb260
SHA1 ef7df63f63746eb197c21694ebb21cfb86c0b2b8
SHA256 d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65
SHA512 8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_hu.dll

MD5 df2764d7bf9bbc6d4e96301c928566b5
SHA1 1f9adfed63fff6cd144515e8a7fbf8c4131d2f65
SHA256 3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514
SHA512 8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_bn-IN.dll

MD5 1e038b27661b303e15a39a55305e86bb
SHA1 35b48fe72d50406063f9145fea64c57f205f0084
SHA256 385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364
SHA512 13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_bn.dll

MD5 9afe531b6472cf9eb66028e9638584bb
SHA1 6212292867bd59fe376e79988c07f4db8ad26cdc
SHA256 383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812
SHA512 352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_az.dll

MD5 bf510bb9b7639af7da969f77620b480f
SHA1 17a6693a5d6aea1f3fa6f34abc46daf558cac645
SHA256 2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3
SHA512 6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ca.dll

MD5 15ee7526536790bf77317975896542f9
SHA1 365bc54203b490daa0e24a1c9813d5d99c9de720
SHA256 5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e
SHA512 475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_as.dll

MD5 16b0c8a664626da016a95fb46fdc9c0e
SHA1 c674b635cd8927511825847f3d86a5562b4155d7
SHA256 b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255
SHA512 ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_ar.dll

MD5 b4c28669b9d4e56b094af6062f4db065
SHA1 4c492c03138c8a796cf0673866892b9e0c2073ec
SHA256 7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb
SHA512 35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_am.dll

MD5 1903bc250fc269e79c9f7aada2979aff
SHA1 efbf76b1259217c02c138078c56f36b2cb8543ab
SHA256 228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04
SHA512 9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\msedgeupdateres_af.dll

MD5 2a9524cf8afae49394379d9d9be69206
SHA1 e43d4146f8abebbb30831fbd39a39846bfb7eeef
SHA256 e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0
SHA512 a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 1723c5e707061e59d769c492a95d5083
SHA1 3b535b7a0df2f7a4ab5e531956dad9892adfb5e9
SHA256 e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab
SHA512 a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a

C:\Program Files (x86)\Microsoft\Temp\EU32D3.tmp\MicrosoftEdgeUpdateCore.exe

MD5 dd30f3ff486b830211df62d20348f86f
SHA1 08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf
SHA256 9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7
SHA512 af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 a3c368cc77929ba0a289d7ba820cb56a
SHA1 80d0eb4a74ebb9274dfd78df5c1b9420cd03b198
SHA256 e0186ae31aaf64c09e7518ef1c909c05b6f0af79704a8f094d1eb88deb8e9e5d
SHA512 f6e1fc0570370e2b50f3e60ec17b494803db482b2828845a142b21f94b2ee4e7fb4f3c785537dd6d6e2d960c62b87770575eaf7aa278245e53488f5aa0632a7c

memory/1384-198-0x00000000000F0000-0x0000000000125000-memory.dmp

memory/1384-199-0x0000000075030000-0x0000000075256000-memory.dmp

memory/1384-206-0x0000000075030000-0x0000000075256000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 9faf86f416bcf73948a4f1aa98baac68
SHA1 3615f7d87cf06976869a3b14639711b2c6308d8c
SHA256 0e4f3ac950bd846672ff3aa43f9d156f2b4c934d4e4129e21c59dad07611ed48
SHA512 6030dc085e81be4e47b051e64d1fc3813ca468e039e06a5d13705a00f1c93e3f91a9541cb5f6cae94cb8eab77047742ea67ba62da2a99b84199ed1529af5cebe

C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe

MD5 b621cf9d3506d2cd18dc516d9570cd9c
SHA1 f90ed12727015e78f07692cbcd9e3c0999a03c3a
SHA256 64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6
SHA512 167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19

memory/1384-260-0x00000000000F0000-0x0000000000125000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State~RFe59f8ed.TMP

MD5 1e63a13d69c864e48a01be09c2b226f1
SHA1 22e876bf7cf0a71241c74eccb2e3053f6ca07044
SHA256 c6fb1e942c70a898012b739903fbd9548227ee5bc58a71f8147daae0a050366a
SHA512 a639ed1fa3d3a06b975e55a1f698bd23e0db762d5ac803e74aee5164f81a33f579421f6a910b3db9bef07853249571dbaa4e06d4cf3a5230f259cfc439a15bd8

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 1fd4abe478ce6b9a1daa1154d6efa9a7
SHA1 2fadc01122aa0ede58bdd2b7cc5e8d732e1235f3
SHA256 7c14d62c628f53ef019600e0793ea4200408f8800c253fbc2db4a3bb93efcb8a
SHA512 be9619b95993b259fe5fb54e3efe5cda6a7f2528790098175e12363f857c5f8990c5f5ed9ae8ed00db85bdc71da55b8790ddde82625f3ec13ff05824f176f083

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 c30041554e31255f1fc876f9475497d9
SHA1 17af32716acc720641f1807998953f38a7339c70
SHA256 15b65ce78120b1cd7b5c9372f3cc44560e9f4c8099663a6cc478984ab5258a72
SHA512 5be46a17e00859f7c71bfdbebc9b9975a36e10e2451929fa6c0bb1406fbe3fcfe14fe3e52a64bdc5ae05fb7d67c5eb13fe1e659fd8bdef1484fd1a42a0627f97

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

memory/3548-392-0x00007FFC716F0000-0x00007FFC716F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/1980-356-0x00007FFC71480000-0x00007FFC71481000-memory.dmp

memory/1980-355-0x00007FFC708B0000-0x00007FFC708B1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 e47688dda53ba8351abcf26a73b3c035
SHA1 cd8e02f2c42c4f261162f5233fa168b89ccd8a7a
SHA256 1d78760154f929c448fa9db48922018bcd80fa27d62435b68131ab83291b97cc
SHA512 1ca99cc10282eb1fcfee17c4276b689819b59f58c540514ab489fbc34011990edfa36c47efd3005c1f3f1bc06cd0153ab69a3ae08af2fae36f77185611f1caf7

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad\settings.dat

MD5 803076a4e795bfc973eaf6ccaa946460
SHA1 7012cdf90b4b913461df85f21aa5108c7ff6522f
SHA256 7919695497c6ec9e6048cdd60c97b23cc11d87aed05cef64fc1f60c31ee208e2
SHA512 63d4497c2111280d869a6b549114dcaadbbb78d397f668aa75ac31e821f5951a2a1ec7f558d096dba8de7932288931f4e77af823c70aef79425c37296d6b331d

memory/4952-289-0x00007FFC716F0000-0x00007FFC716F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 303dee9c100d1cecd9e61a052cd1b900
SHA1 6aee080ff5420ad97715596f2ab1950afbded26f
SHA256 a2a2363dd7f8aada61d19fc8c1e0aa87d25f151a7581cb619ee2a81d3518d6c5
SHA512 5fe4d369dfb4372bcb51ee67da958fb6fabf3456fe0b77aefaf9b909bfac7568eefaf0b87982b549e8c8771a2bc3afb9d145a91bdcde922e36de600d2de76ef4

memory/4952-492-0x00000224E8860000-0x00000224E8975000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 fda0fad18b1b79d7600abe013cba4f9b
SHA1 e1f9b40a5b5251dc5eebd0c3243121ac08de411e
SHA256 cb4ac3b74414c2eb82e5eee14af0dbdabfa9ce93848983c19c878417d1645af6
SHA512 52766fcef859b0d47ef1ffe14ec8306206632622733b8bd11c26840ce0c479f2b742859dd6fc8575e784b17e6c6a13474ea361c3e28fd59eed2be7e1a9adfc7d

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 9c79d2bd2fb8ad1c8a4a700f614629bf
SHA1 d508c69d577201fa7d0e4e1829fb133f341d03d8
SHA256 7a0980f07a55f8fd571cc7c40d01d3ccf15422210bb13005d86583b1cc075109
SHA512 c7039a808eb4a762a99868b7941f1a3837845b0db81ec0ebbe3c3590ab14f50da9943928699ca148122de127d6cb3e8b7432c5d3c94072badfe2a67f087ce3c0

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\d74e9bf8-3697-4ef8-bfdb-1049ded845da.tmp

MD5 06160e8a728e6f0b93c2f82763bde83f
SHA1 3784743eaf5f90bc1cc66772c5069d2291e6173b
SHA256 afb0c2e39bcfb622e3a57e6fbeb08b7ac66b5de3ee3164244935974833f6b5fe
SHA512 32b2c1696c4e5816ac81e233df4d838847251ec4785db7a2a2eb140a8890fdfec52ba2470bdb71c6f23da19f9f8728871743e3649f0b9428e148c6a8608e8c5b

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-11 10:57

Reported

2024-11-11 11:01

Platform

win7-20241023-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe"

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-11 10:57

Reported

2024-11-11 11:00

Platform

win10v2004-20241007-en

Max time kernel

197s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe"

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\vccorlib140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Trust Protection Lists\Sigma\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\psmachine_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\mt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\learning_tools.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\VisualElements\LogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\ca-Es-VALENCIA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_bn-IN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\mip_core.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\mip_protection_sdk.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_mt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\sk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_sr-Cyrl-BA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win10\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\wns_push_client.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\microsoft_shell_integration.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\is.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\130.0.2849.80\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ne.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\notification_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\en-US.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\ka.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\am.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win11\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\he.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\hu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_tt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\edge_feedback\mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ca-Es-VALENCIA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ro.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win11\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\SetupMetrics\5584d54e-aa7a-45cc-8a5d-9f438fe0573a.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_am.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_et.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133757964197367823" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{A6B716CB-028B-404D-B72C-50E153DD68DA} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 964 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe
PID 964 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe
PID 884 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 884 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 884 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 1676 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe
PID 1676 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe
PID 1676 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 1380 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1380 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1380 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1380 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1380 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1380 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1380 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3296 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3296 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2136 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2136 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2136 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2136 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe
PID 2136 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe
PID 2976 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe
PID 2976 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe
PID 4824 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe
PID 4824 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe
PID 2136 wrote to memory of 2000 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2136 wrote to memory of 2000 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2136 wrote to memory of 2000 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 884 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 884 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 4136 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\Luna\Bootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe

luna\Luna.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkZGM0E0ODgtODIyMy00MDQ3LUE3NkMtOEU5QzA0QkVEOTAwfSIgdXNlcmlkPSJ7RjlBNDcwRDYtQTZGOS00NDBDLTlBMEEtOEU5MUFERUY0ODc1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0IxNUZBNzBFLUVDOUMtNDdERC05NDM3LUEyQzVCOUIxN0I2N30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwODA2Njg5ODciIGluc3RhbGxfdGltZV9tcz0iODc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{6FF3A488-8223-4047-A76C-8E9C04BED900}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkZGM0E0ODgtODIyMy00MDQ3LUE3NkMtOEU5QzA0QkVEOTAwfSIgdXNlcmlkPSJ7RjlBNDcwRDYtQTZGOS00NDBDLTlBMEEtOEU5MUFERUY0ODc1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NUEwRDc4RDMtMTIzNi00MjU5LTk0RkMtQkM1MUFFMEZBNDBCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzUiIGluc3RhbGxkYXRldGltZT0iMTcyODI5MzQ0MCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY2MTEwMzk2MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwODY0MTk1OTMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30874BF1-F6DF-4A5A-B4A9-6A33333A1CE4}\EDGEMITMP_ECC08.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7f8b7d730,0x7ff7f8b7d73c,0x7ff7f8b7d748

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkZGM0E0ODgtODIyMy00MDQ3LUE3NkMtOEU5QzA0QkVEOTAwfSIgdXNlcmlkPSJ7RjlBNDcwRDYtQTZGOS00NDBDLTlBMEEtOEU5MUFERUY0ODc1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0VGREQxMDg1LUZBMzQtNDU4RC1BQzUwLTVBNjkyOTBERjdGOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzAuMC4yODQ5LjgwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDk4MTg5NjYxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA5ODIyODI1OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3Mzc0MzU3NDQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI3Y2I3MjlkLWZmOTQtNGQzNC1hYWU0LTMzODVmYTA5YzQ0Yz9QMT0xNzMxOTI3NDg4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVg0enMxYU55Z0xzampuZjRrU1A4JTJiT1Jpemd2SUJOdUd4MjlXV0c5RVhvMTc0YmNWWWtoQlNlYVNLWEppWURzbzVOWlh6RlFlVmtoUWFkZU1uNEZMJTJmZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgZG93bmxvYWRfdGltZV9tcz0iNTY1MDEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NzM3NTI0NDk5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTc1MTM1NDk4OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjM2MjUwNjY5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQzOSIgZG93bmxvYWRfdGltZV9tcz0iNjM5MTIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjExMTUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --mojo-named-platform-channel-pipe=884.1704.5058923603825768599

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=130.0.2849.80 --initial-client-data=0x170,0x174,0x178,0x14c,0x74,0x7fff16724dc0,0x7fff16724dcc,0x7fff16724dd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1780,i,9892706441229161827,7273679599819840980,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1776 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1960,i,9892706441229161827,7273679599819840980,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2304,i,9892706441229161827,7273679599819840980,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3540,i,9892706441229161827,7273679599819840980,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 167.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 113.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.19.117.104:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 104.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.exe

MD5 c6a90ab2a4998038546774d2d88890de
SHA1 024207d467e598a3888b25b4eec2d76f81c970be
SHA256 af32cf284b8bee03c77a4b18173fe89413a1f2f1228ed8d0e9e99e86648da95c
SHA512 b3217e680ee13ed493f10a1cf3acad8d686f60d6d29b769b2e7134879df168e12b38fed5514a37ede77502cd915e9120cc55020b35b80afd88d16d7b143759ff

C:\Users\Admin\AppData\Local\Temp\Luna\luna\Luna.dll

MD5 d3418af778a91c134b8361c10fd16be4
SHA1 1654ab09bcc1ef4d168088518adc165e0c6469a4
SHA256 d21975e541c3838d2f83bf6faf360d7a7417da2106a610489a768b382ad3b91a
SHA512 128e8741bbe08bb90185d0c1c352572757e2848773ec39f21c8744ce4eb0bf9095ade326174f9164e94f568a00714be8bedc197f36a46c6fb16a880f2c6f9c8d

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 431a51d6443439e7c3063c36e18e87d6
SHA1 5d704eb554c78f13b7a07c90e14d65f74b590e3a
SHA256 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6
SHA512 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdate.exe

MD5 35a79bd6de650d2c0988674344bf698b
SHA1 a0635c38472f8cc0641ceb39c148383619d221dd
SHA256 a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1
SHA512 afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdate.dll

MD5 39ac5a029f87748e964491b97936d890
SHA1 24777aad794a13d0e7381fc6f32f0e1bcdb1ba80
SHA256 ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc
SHA512 2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_en.dll

MD5 894b6ea4b49fa390bd70167a75f3ff7b
SHA1 4f834ef6567d02f28390d63c8ca9fd3c735b2140
SHA256 a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a
SHA512 9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 c55b37823a672c86bc19099633640eab
SHA1 da5e15d773c794f8b21195e7ad012e0ed1bceb72
SHA256 3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0
SHA512 1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_el.dll

MD5 09cf47260852ff7b2c91c65d127b9314
SHA1 b3d362f3d08f81bd1b719a1c94b54f5f9c9610da
SHA256 eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920
SHA512 114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_gu.dll

MD5 bb4a1f9374f1c3e0cbc4788a3ce1d4c5
SHA1 30667d6dbaa689db9a08b42acacdf68435dac46e
SHA256 bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655
SHA512 d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ko.dll

MD5 6c3abddca78cb3ba9f724bad9fed6165
SHA1 3114daf9295215bbeed0f4bb4e282b46ec1c74ae
SHA256 d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548
SHA512 b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_lv.dll

MD5 0edaf7aa97694524c60369256b17c9f8
SHA1 48a81d2c180b9dbb970dfc381b204c3e0bf11532
SHA256 74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe
SHA512 de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_lt.dll

MD5 883f3e1c963322852aa6ce7177ba11fd
SHA1 3da37835cb54a847e3fa2edec45c4589e2c31561
SHA256 c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5
SHA512 52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_lo.dll

MD5 b0973b4e4407ea116a723bd7c39c1d45
SHA1 011e9126cf2fd3db3f0f810dc1d8e60891ef0695
SHA256 36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a
SHA512 574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_lb.dll

MD5 9c7c3dec8769f8b33aab63a15f642d81
SHA1 41ab17373c388d005b6d39c3ffc9fd5aac1a75cb
SHA256 c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7
SHA512 86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_kok.dll

MD5 f97d285a3ba35b1395d9868e15bce4f1
SHA1 154dfcb8646bdb02b618dddf8a0dc1cbdab2269a
SHA256 33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4
SHA512 bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_kn.dll

MD5 1ee9fe48904cb43a9147bf16823b16f1
SHA1 19fd9c0a2a1d919340eefca7956bd84df467b737
SHA256 a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d
SHA512 b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_km.dll

MD5 5ef433fe15a877e530ba0a044486f200
SHA1 db1deb37392e001353f5a098d8686a17fc156b40
SHA256 896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502
SHA512 97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_kk.dll

MD5 d9b956ec540d8b1e528d88d8c5e5fdaa
SHA1 bb967aeba493d9ac0b3889f7bbf9136614080331
SHA256 cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901
SHA512 d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ka.dll

MD5 67eb1378381ad4d1a450bd26fe51f5e3
SHA1 ae0655d07a4d0b049ed258de646199f9004963ce
SHA256 b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9
SHA512 1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ja.dll

MD5 0ff69dde83bf61a768bc63870d687747
SHA1 622714cb8eac68b79021800f28f5874aa23176b5
SHA256 3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7
SHA512 e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_iw.dll

MD5 d92167a825c73bd6246483bfa1787c8c
SHA1 0a96d89226f1e694275922e5e2640bca3d7e7020
SHA256 d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019
SHA512 12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_it.dll

MD5 0da1fde56fc0bf63e17a891e99f559f1
SHA1 131d18d7329be3ff21c78a3921b88e910a3d5a68
SHA256 ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec
SHA512 67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_is.dll

MD5 28064f47523b575c20fc85733cddf487
SHA1 0c5583888be256c8e09a396e333ad158b5f87553
SHA256 0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a
SHA512 d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_id.dll

MD5 c80c6530280315158443cd04f89e9169
SHA1 fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d
SHA256 52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de
SHA512 bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_hu.dll

MD5 df2764d7bf9bbc6d4e96301c928566b5
SHA1 1f9adfed63fff6cd144515e8a7fbf8c4131d2f65
SHA256 3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514
SHA512 8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_hr.dll

MD5 ca9abf92edc001d3c0cea4c926bd004c
SHA1 740513a325a5c15376f4b1aea402e9c54155ab33
SHA256 d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346
SHA512 7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_hi.dll

MD5 274c267b7ee544d36698b2db119a6929
SHA1 27377267ddc09060254033c4aa9916a60a254956
SHA256 ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f
SHA512 f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_gl.dll

MD5 31276d0895baff6976c94c549efbb47d
SHA1 4f0fe790cecc28823e6359fb3b78dde13cc17681
SHA256 d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88
SHA512 413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_gd.dll

MD5 d64f47e1971f1e9faba211ca984e550c
SHA1 6f4de57c6f174dd778788b138a9b25cf4725258b
SHA256 75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00
SHA512 722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ga.dll

MD5 3ca8dfe9af49bdde95188002ebd5f227
SHA1 d18d7af889c4d03ea417c09bc56069f3f697c547
SHA256 6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5
SHA512 a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fr-CA.dll

MD5 08b6c8f26644370c6dcbee63e4abf884
SHA1 e4981733831c4d31715cad1749545d21dc29acf2
SHA256 916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8
SHA512 31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fr.dll

MD5 cf3ff14718b5e6125b956d6d9e897196
SHA1 041de2587e03f6c52dba60e9d2459ce33b263eb9
SHA256 d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa
SHA512 551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fil.dll

MD5 20134024ed75deda002dc0839b352f84
SHA1 e67bbd13a320d2b4413b283e165385c44a65ea0d
SHA256 425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76
SHA512 7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fi.dll

MD5 7f47c9b9bc9488754579935209291c55
SHA1 470e590c6f5263a44b95abbd6d0c158fae326d21
SHA256 f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75
SHA512 6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_fa.dll

MD5 ba417f44f7564f1aca70cca9166f3f44
SHA1 d8f064e25038e0076bffcd1a694b58063b7268d7
SHA256 56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703
SHA512 c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_eu.dll

MD5 ed883bbd9e4b3de4db68e356707f3e67
SHA1 e03dde660c15a614442552f8c4d2cc5dd8425fc1
SHA256 168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7
SHA512 ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_et.dll

MD5 6b03eb5b302e72727977f2431ea7f30d
SHA1 ac5cab93d3c28e46f92d2719638c739c680cc452
SHA256 b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137
SHA512 362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_es-419.dll

MD5 bcafbabbfc8f810220b2ebdbb8a76d19
SHA1 58703c8355f996f2ce8ae5fd1ce4dc29318fd414
SHA256 7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7
SHA512 b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_es.dll

MD5 3ccb8eab53a0b4c93507bf2adff6ced5
SHA1 25fa2435e97bd0e1cf986a882ce33e68f961c139
SHA256 8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0
SHA512 4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_en-GB.dll

MD5 39dc20ae50a0e2ba9c55dda91256b3cc
SHA1 464139f11db3fd6ae77502b183c4b59f581d6c7a
SHA256 e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14
SHA512 08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_de.dll

MD5 ce66ef1a806c21949b75055f81cac760
SHA1 3719e4af114a3c0baceb133d152a02bc6a1fb9f8
SHA256 23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f
SHA512 04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_da.dll

MD5 19a7aee0daf68fdc1a24e3228a8bf439
SHA1 1fc6ce227a11245787c80f3932e2c311de2d44bb
SHA256 409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99
SHA512 0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_cy.dll

MD5 11b92ae8fe94c784480d465a37935766
SHA1 f4ead29d4b20c57bb0e4d16a7488784f61a25972
SHA256 571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161
SHA512 b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_cs.dll

MD5 8eff4531519a4b768005b9411d4a5f9c
SHA1 59b354e3f32f0a0da8755c27b903803994f4aa31
SHA256 2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0
SHA512 4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 afdafc9f56401b662f42cef830d92b38
SHA1 b56966370ec07cd676e35d93fad001e0f6b3fb8a
SHA256 03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72
SHA512 884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ca.dll

MD5 15ee7526536790bf77317975896542f9
SHA1 365bc54203b490daa0e24a1c9813d5d99c9de720
SHA256 5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e
SHA512 475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_bs.dll

MD5 5e06d311c2e24b94f378c4d3b3deb260
SHA1 ef7df63f63746eb197c21694ebb21cfb86c0b2b8
SHA256 d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65
SHA512 8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_bn-IN.dll

MD5 1e038b27661b303e15a39a55305e86bb
SHA1 35b48fe72d50406063f9145fea64c57f205f0084
SHA256 385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364
SHA512 13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_bn.dll

MD5 9afe531b6472cf9eb66028e9638584bb
SHA1 6212292867bd59fe376e79988c07f4db8ad26cdc
SHA256 383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812
SHA512 352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_bg.dll

MD5 4b23c7229eb43740744cfbf48c4242ca
SHA1 4938dcf6239e14db53c8f085d3c477905a9986af
SHA256 a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2
SHA512 4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_az.dll

MD5 bf510bb9b7639af7da969f77620b480f
SHA1 17a6693a5d6aea1f3fa6f34abc46daf558cac645
SHA256 2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3
SHA512 6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_as.dll

MD5 16b0c8a664626da016a95fb46fdc9c0e
SHA1 c674b635cd8927511825847f3d86a5562b4155d7
SHA256 b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255
SHA512 ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_ar.dll

MD5 b4c28669b9d4e56b094af6062f4db065
SHA1 4c492c03138c8a796cf0673866892b9e0c2073ec
SHA256 7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb
SHA512 35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_am.dll

MD5 1903bc250fc269e79c9f7aada2979aff
SHA1 efbf76b1259217c02c138078c56f36b2cb8543ab
SHA256 228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04
SHA512 9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\msedgeupdateres_af.dll

MD5 2a9524cf8afae49394379d9d9be69206
SHA1 e43d4146f8abebbb30831fbd39a39846bfb7eeef
SHA256 e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0
SHA512 a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 1723c5e707061e59d769c492a95d5083
SHA1 3b535b7a0df2f7a4ab5e531956dad9892adfb5e9
SHA256 e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab
SHA512 a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUB75.tmp\MicrosoftEdgeUpdateCore.exe

MD5 dd30f3ff486b830211df62d20348f86f
SHA1 08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf
SHA256 9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7
SHA512 af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 90ba6ae2a83d692b75cf741e1287a240
SHA1 aa8ad85f0f12bf81a3f87bfd09851b073efed7a5
SHA256 08c358dbceff3b775030fbc21dab4e94cd7451639d27d47926c6e32aa77b6a90
SHA512 805de2a87f7d49663ce710f268928fdfcb21219a41d4066b6efee761b3bf1ac6a2cb54242483ff1f7b52255ccaba32783f4dc8588e12702993c306f43228f9ec

memory/3296-203-0x0000000000E40000-0x0000000000E75000-memory.dmp

memory/3296-204-0x0000000075330000-0x0000000075556000-memory.dmp

memory/3296-211-0x0000000075330000-0x0000000075556000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 468c5175ceb4de27de333268f0a6c4e4
SHA1 97cecc93d0aee6a08317e83a4ec7cb68d353fe9f
SHA256 540aa6237adddca132ba8fe196c97d13c64f3e2d301389c9c2d40a57be3459ed
SHA512 cc32918c82e3af464b7835c5f5cb95174218fec88fa020eee4205f74d9d3f05fa8ff348449375945abaad4b363662f26895d1f1fd5b688439d33118480d4ec8c

C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe

MD5 b621cf9d3506d2cd18dc516d9570cd9c
SHA1 f90ed12727015e78f07692cbcd9e3c0999a03c3a
SHA256 64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6
SHA512 167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19

memory/3296-268-0x0000000000E40000-0x0000000000E75000-memory.dmp

memory/3408-297-0x00007FFF35270000-0x00007FFF35271000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\bbd8034c-b28a-4c05-b89f-1c2dc09de9ee.tmp

MD5 a1c250ee5454b59326cdd9e84f5990b1
SHA1 5622a1fe8692c03dc513c99e5a0b4885e37119ee
SHA256 cedfb91f9fea62466f1a5cbdbdf8fd60822928bb69583d18732daadb3006efce
SHA512 a66e52e42c01cd274398af41da5b0dc465ecdd126d22cb6546dcc2117031973a3d955cfe47a51f6f44834871cb842d8c099a08536d6994b26fc40ef11e2b2037

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 a60c07e4645fee6ded4dd012c06ed6c0
SHA1 6c1a4414b86ed27f7026a9c32e042740eb85c29b
SHA256 0b0361cfe6eb7be279321cf7337857cec0cb1de29a306ab78d9e0194afc6a65d
SHA512 3f097889ce9acfaa77cece70883bd3e88c25b1be87d6b4fad34f57ad7e25dd728ec83b9858ba8f8137cd6142ef26e704e6b8a23b0c7688744388a0400263e70c

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 88cdb6abe68e5cd65cfadd13806925c5
SHA1 710eb8c00de78bba86df742852dee26ee36590db
SHA256 c2ee58e0b2a8ce81c1ad7ae084b894faf91b18272787bbbd19c91b810ed43e32
SHA512 bc868e6a76d346047c223237a7f88c2e1d63c3994ad943c0257ec215d4655004246e9030e5a0fb075b4a268843d53cc9a0cfb062d455e48a80790794b9c08388

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/2856-315-0x00007FFF35FD0000-0x00007FFF35FD1000-memory.dmp

memory/2856-314-0x00007FFF345E0000-0x00007FFF345E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad\settings.dat

MD5 11eb65d711f8347ee9bff7d1b74b8e6c
SHA1 0a29cfa84ffc11c7f9eccd33f8a1da7a60454a83
SHA256 dc4d56b57bd5cfb3218daba1dbf3185e70c51f1b15b0aa1898e17b47531b007a
SHA512 47360f88f102f22acea9be32e3e5471ccc05af24776b0f803ed5fb2c97c53da462138c42e4968f72688efc39aec415485003f2adbd94ee4bb31cce9bbb41200d

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State~RFe5a0cc3.TMP

MD5 ea0362a34d8089e5e6a8cffcd19b1863
SHA1 576ea091192df1bc7c261283ccbe2888ac886a74
SHA256 ed4e8f47de4d52d543f6ba10ab8a844f8670977fc0f7f4103972c3b36d876555
SHA512 4d37aff333f9fa39249b9e88ca160351c8f7c133bf7d70acfb9d7d08c1b40ade7df49a81ba31cfc70607aa5f5903e8022ac6603992391c8e5e6129fe15792cd2

memory/3080-378-0x00007FFF35270000-0x00007FFF35271000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 0231a8bbdd2bfe877e2fa88404d34067
SHA1 612dc0e199244277fefb494c6708f8d003c57cdb
SHA256 dc5ab7452b3a8e7610bc773b47a555a66b22fbd082cfa18469fb78b0448e7479
SHA512 e69c7302417bdd4ea200b15293cfe67f2f2ea06205bd8343ae961ce523e97a8b7a4efec1fe375723ab46c797d09a93f2f80730b53c81979d89679fbfae5e3d89

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 aaf65fe365e297ad03c0ad3d80ca75b4
SHA1 dc4e7d0fc996755c172aeb0a1cb100e489df461d
SHA256 0f18c20d2990e66d4f5af8d42ca8e8349448a2ae1983b8c32805578b32455931
SHA512 5dea0c2b6f800623a3c92ee6c140c1adae435ac0e901d3885a10213865909c7a3e4b3f243695bd955309e015ee4518b6e9dfb6237265ea8e0324518111696f11

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5a782f.TMP

MD5 b71bb3da0f3bc4552cde0fa832504ddc
SHA1 6a6a2517e0f6e6087881c53674d0ab5c9913f8f6
SHA256 6a5a6cb33b944dbe7c3b4cb99697c7dfd0da9f5b45c2c1582552d524cbc6424f
SHA512 ef67b275a8d727ee30aa24fbfbb388c00589adcc4092fb33c80b1b3bde3a426d4af62bb199653a42f168e78a5b69a28fe69c4e9e74e1ee8b9f78bcef08822a9c

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\e13a9fbf-697a-4e05-bfbf-037d8115045a.tmp

MD5 828d64c39f4abc18a423dad4a2159d2c
SHA1 cb2c465d455ca1bbf848a3c78c22a7cb3357ae74
SHA256 63bce66613410e6226e005c078dd2adc50de304f8d865ccc5b92e70c526aaaef
SHA512 cd872f3851e191de90e1859871f2ed444d19ff7c9d3cbd53ce84229f551c484389d1bb740be598232f8847352d07b35125fee05320b5bc8107b2f1ba7882c9d4