Analysis Overview
SHA256
1accfe058c211aaca53ea32d814fb68359a0628cd8073eeed8db1dbcb1b6fc01
Threat Level: Likely malicious
The file Epherome_1.0.0-5_x64-setup.exe was found to be: Likely malicious.
Malicious Activity Summary
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
Loads dropped DLL
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Checks installed software on the system
Network Share Discovery
Checks whether UAC is enabled
Checks system information in the registry
Drops file in Program Files directory
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
System policy modification
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 08:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 08:50
Reported
2024-11-17 08:53
Platform
win10v2004-20241007-en
Max time kernel
177s
Max time network
166s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Epherome\Epherome.exe | N/A |
Network Share Discovery
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763071930321496" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Epherome\Epherome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Epherome\Epherome.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe
"C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe"
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5NzBCNTctQUMwOS00NTdGLUFGQTctNjZGOTA1RDJERTdFfSIgdXNlcmlkPSJ7ODVGNTY0NEYtMjYwNS00MTRFLUI0ODMtNEVCODE3NjFERDBFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMUM0MUNEQy02QUVGLTQwRjQtOEVBOS03NzBGRTc0RTEyNjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODMyOTE2MDAyIiBpbnN0YWxsX3RpbWVfbXM9IjU2MyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{52970B57-AC09-457F-AFA7-66F905D2DE7E}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5NzBCNTctQUMwOS00NTdGLUFGQTctNjZGOTA1RDJERTdFfSIgdXNlcmlkPSJ7ODVGNTY0NEYtMjYwNS00MTRFLUI0ODMtNEVCODE3NjFERDBFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MUFCMzE3MTMtOTcxNS00NkUwLTk3MEItOUE2OTFCQzAzOTAzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNDAiIGluc3RhbGxkYXRldGltZT0iMTcyODI5MzM2MSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY2MDczOTE0MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4Mzc2MDM1NDMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7d8772918,0x7ff7d8772924,0x7ff7d8772930
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5NzBCNTctQUMwOS00NTdGLUFGQTctNjZGOTA1RDJERTdFfSIgdXNlcmlkPSJ7ODVGNTY0NEYtMjYwNS00MTRFLUI0ODMtNEVCODE3NjFERDBFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGOTBGRjQyOC01NkIwLTRBMkMtQTE2My1BNzg3ODhFNENGM0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy41MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg1MTUwOTg1MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4NTE2NjYxMDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTM2MjA4OTI1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yNmQzOWY5Yi0wMmUxLTRlMjctODRlMi1iNTRiMjRkYzY4M2U_UDE9MTczMjQzODI0OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1meXhRSGhUNDI4Rk9TVU5mS1NSbSUyZk9XWmRSU0IxNlRjOFdxeDV2R2piMXF0dWhwYm9hN3JCNGtLOHRqanRpQU9GeGZja3h6NEpOc1pXZmdsWHBpMTVBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NjA3ODI0IiB0b3RhbD0iMTc2NjA3ODI0IiBkb3dubG9hZF90aW1lX21zPSIyMTc1MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxMzYzNjUwNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTUyOTI3NzIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NzczMDU2MDk3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTAwMCIgZG93bmxvYWRfdGltZV9tcz0iMjg0NTQiIGRvd25sb2FkZWQ9IjE3NjYwNzgyNCIgdG90YWw9IjE3NjYwNzgyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIwMTMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Users\Admin\AppData\Local\Epherome\Epherome.exe
"C:\Users\Admin\AppData\Local\Epherome\Epherome.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=1188.2028.11196430996058002191
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.epherome\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.51 --initial-client-data=0x15c,0x160,0x164,0x138,0x198,0x7ffd366b6070,0x7ffd366b607c,0x7ffd366b6088
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1828,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1860,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1728,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3512,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 172.169.87.222:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 222.87.169.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\StartMenu.dll
| MD5 | d070f3275df715bf3708beff2c6c307d |
| SHA1 | 93d3725801e07303e9727c4369e19fd139e69023 |
| SHA256 | 42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7 |
| SHA512 | fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d |
C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\nsis_tauri_utils.dll
| MD5 | 0ba06473cec3f0e72fc6865d870b6bd9 |
| SHA1 | 16df1d1a5b4d5df3859447279c55be36d4109dfb |
| SHA256 | 2b454443f12806d9e531e18bf19933c0aad1cd8ae397c71b99e814566e6bb5fd |
| SHA512 | 42b3c4ce685afb43b8ba235b29919f7fdbc1997618b74d189817d14d1d80e52ea67f6e614d4097bce6ca53b90d46a6d6a54882cd2ea176134a308b64a2b882cc |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | 431a51d6443439e7c3063c36e18e87d6 |
| SHA1 | 5d704eb554c78f13b7a07c90e14d65f74b590e3a |
| SHA256 | 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6 |
| SHA512 | 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 35a79bd6de650d2c0988674344bf698b |
| SHA1 | a0635c38472f8cc0641ceb39c148383619d221dd |
| SHA256 | a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1 |
| SHA512 | afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdate.dll
| MD5 | 39ac5a029f87748e964491b97936d890 |
| SHA1 | 24777aad794a13d0e7381fc6f32f0e1bcdb1ba80 |
| SHA256 | ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc |
| SHA512 | 2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_en.dll
| MD5 | 894b6ea4b49fa390bd70167a75f3ff7b |
| SHA1 | 4f834ef6567d02f28390d63c8ca9fd3c735b2140 |
| SHA256 | a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a |
| SHA512 | 9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | dd30f3ff486b830211df62d20348f86f |
| SHA1 | 08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf |
| SHA256 | 9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7 |
| SHA512 | af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | c55b37823a672c86bc19099633640eab |
| SHA1 | da5e15d773c794f8b21195e7ad012e0ed1bceb72 |
| SHA256 | 3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0 |
| SHA512 | 1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 1723c5e707061e59d769c492a95d5083 |
| SHA1 | 3b535b7a0df2f7a4ab5e531956dad9892adfb5e9 |
| SHA256 | e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab |
| SHA512 | a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ar.dll
| MD5 | b4c28669b9d4e56b094af6062f4db065 |
| SHA1 | 4c492c03138c8a796cf0673866892b9e0c2073ec |
| SHA256 | 7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb |
| SHA512 | 35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_as.dll
| MD5 | 16b0c8a664626da016a95fb46fdc9c0e |
| SHA1 | c674b635cd8927511825847f3d86a5562b4155d7 |
| SHA256 | b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255 |
| SHA512 | ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_cy.dll
| MD5 | 11b92ae8fe94c784480d465a37935766 |
| SHA1 | f4ead29d4b20c57bb0e4d16a7488784f61a25972 |
| SHA256 | 571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161 |
| SHA512 | b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fr-CA.dll
| MD5 | 08b6c8f26644370c6dcbee63e4abf884 |
| SHA1 | e4981733831c4d31715cad1749545d21dc29acf2 |
| SHA256 | 916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8 |
| SHA512 | 31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_hu.dll
| MD5 | df2764d7bf9bbc6d4e96301c928566b5 |
| SHA1 | 1f9adfed63fff6cd144515e8a7fbf8c4131d2f65 |
| SHA256 | 3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514 |
| SHA512 | 8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lv.dll
| MD5 | 0edaf7aa97694524c60369256b17c9f8 |
| SHA1 | 48a81d2c180b9dbb970dfc381b204c3e0bf11532 |
| SHA256 | 74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe |
| SHA512 | de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lt.dll
| MD5 | 883f3e1c963322852aa6ce7177ba11fd |
| SHA1 | 3da37835cb54a847e3fa2edec45c4589e2c31561 |
| SHA256 | c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5 |
| SHA512 | 52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lo.dll
| MD5 | b0973b4e4407ea116a723bd7c39c1d45 |
| SHA1 | 011e9126cf2fd3db3f0f810dc1d8e60891ef0695 |
| SHA256 | 36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a |
| SHA512 | 574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lb.dll
| MD5 | 9c7c3dec8769f8b33aab63a15f642d81 |
| SHA1 | 41ab17373c388d005b6d39c3ffc9fd5aac1a75cb |
| SHA256 | c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7 |
| SHA512 | 86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_kok.dll
| MD5 | f97d285a3ba35b1395d9868e15bce4f1 |
| SHA1 | 154dfcb8646bdb02b618dddf8a0dc1cbdab2269a |
| SHA256 | 33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4 |
| SHA512 | bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ko.dll
| MD5 | 6c3abddca78cb3ba9f724bad9fed6165 |
| SHA1 | 3114daf9295215bbeed0f4bb4e282b46ec1c74ae |
| SHA256 | d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548 |
| SHA512 | b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_kn.dll
| MD5 | 1ee9fe48904cb43a9147bf16823b16f1 |
| SHA1 | 19fd9c0a2a1d919340eefca7956bd84df467b737 |
| SHA256 | a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d |
| SHA512 | b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_km.dll
| MD5 | 5ef433fe15a877e530ba0a044486f200 |
| SHA1 | db1deb37392e001353f5a098d8686a17fc156b40 |
| SHA256 | 896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502 |
| SHA512 | 97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_kk.dll
| MD5 | d9b956ec540d8b1e528d88d8c5e5fdaa |
| SHA1 | bb967aeba493d9ac0b3889f7bbf9136614080331 |
| SHA256 | cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901 |
| SHA512 | d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ka.dll
| MD5 | 67eb1378381ad4d1a450bd26fe51f5e3 |
| SHA1 | ae0655d07a4d0b049ed258de646199f9004963ce |
| SHA256 | b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9 |
| SHA512 | 1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ja.dll
| MD5 | 0ff69dde83bf61a768bc63870d687747 |
| SHA1 | 622714cb8eac68b79021800f28f5874aa23176b5 |
| SHA256 | 3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7 |
| SHA512 | e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_iw.dll
| MD5 | d92167a825c73bd6246483bfa1787c8c |
| SHA1 | 0a96d89226f1e694275922e5e2640bca3d7e7020 |
| SHA256 | d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019 |
| SHA512 | 12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_it.dll
| MD5 | 0da1fde56fc0bf63e17a891e99f559f1 |
| SHA1 | 131d18d7329be3ff21c78a3921b88e910a3d5a68 |
| SHA256 | ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec |
| SHA512 | 67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_is.dll
| MD5 | 28064f47523b575c20fc85733cddf487 |
| SHA1 | 0c5583888be256c8e09a396e333ad158b5f87553 |
| SHA256 | 0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a |
| SHA512 | d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_id.dll
| MD5 | c80c6530280315158443cd04f89e9169 |
| SHA1 | fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d |
| SHA256 | 52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de |
| SHA512 | bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_hr.dll
| MD5 | ca9abf92edc001d3c0cea4c926bd004c |
| SHA1 | 740513a325a5c15376f4b1aea402e9c54155ab33 |
| SHA256 | d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346 |
| SHA512 | 7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_hi.dll
| MD5 | 274c267b7ee544d36698b2db119a6929 |
| SHA1 | 27377267ddc09060254033c4aa9916a60a254956 |
| SHA256 | ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f |
| SHA512 | f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_gu.dll
| MD5 | bb4a1f9374f1c3e0cbc4788a3ce1d4c5 |
| SHA1 | 30667d6dbaa689db9a08b42acacdf68435dac46e |
| SHA256 | bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655 |
| SHA512 | d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_gl.dll
| MD5 | 31276d0895baff6976c94c549efbb47d |
| SHA1 | 4f0fe790cecc28823e6359fb3b78dde13cc17681 |
| SHA256 | d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88 |
| SHA512 | 413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_gd.dll
| MD5 | d64f47e1971f1e9faba211ca984e550c |
| SHA1 | 6f4de57c6f174dd778788b138a9b25cf4725258b |
| SHA256 | 75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00 |
| SHA512 | 722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ga.dll
| MD5 | 3ca8dfe9af49bdde95188002ebd5f227 |
| SHA1 | d18d7af889c4d03ea417c09bc56069f3f697c547 |
| SHA256 | 6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5 |
| SHA512 | a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fr.dll
| MD5 | cf3ff14718b5e6125b956d6d9e897196 |
| SHA1 | 041de2587e03f6c52dba60e9d2459ce33b263eb9 |
| SHA256 | d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa |
| SHA512 | 551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fil.dll
| MD5 | 20134024ed75deda002dc0839b352f84 |
| SHA1 | e67bbd13a320d2b4413b283e165385c44a65ea0d |
| SHA256 | 425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76 |
| SHA512 | 7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fi.dll
| MD5 | 7f47c9b9bc9488754579935209291c55 |
| SHA1 | 470e590c6f5263a44b95abbd6d0c158fae326d21 |
| SHA256 | f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75 |
| SHA512 | 6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fa.dll
| MD5 | ba417f44f7564f1aca70cca9166f3f44 |
| SHA1 | d8f064e25038e0076bffcd1a694b58063b7268d7 |
| SHA256 | 56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703 |
| SHA512 | c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_eu.dll
| MD5 | ed883bbd9e4b3de4db68e356707f3e67 |
| SHA1 | e03dde660c15a614442552f8c4d2cc5dd8425fc1 |
| SHA256 | 168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7 |
| SHA512 | ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_et.dll
| MD5 | 6b03eb5b302e72727977f2431ea7f30d |
| SHA1 | ac5cab93d3c28e46f92d2719638c739c680cc452 |
| SHA256 | b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137 |
| SHA512 | 362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_es-419.dll
| MD5 | bcafbabbfc8f810220b2ebdbb8a76d19 |
| SHA1 | 58703c8355f996f2ce8ae5fd1ce4dc29318fd414 |
| SHA256 | 7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7 |
| SHA512 | b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_es.dll
| MD5 | 3ccb8eab53a0b4c93507bf2adff6ced5 |
| SHA1 | 25fa2435e97bd0e1cf986a882ce33e68f961c139 |
| SHA256 | 8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0 |
| SHA512 | 4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_en-GB.dll
| MD5 | 39dc20ae50a0e2ba9c55dda91256b3cc |
| SHA1 | 464139f11db3fd6ae77502b183c4b59f581d6c7a |
| SHA256 | e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14 |
| SHA512 | 08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_el.dll
| MD5 | 09cf47260852ff7b2c91c65d127b9314 |
| SHA1 | b3d362f3d08f81bd1b719a1c94b54f5f9c9610da |
| SHA256 | eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920 |
| SHA512 | 114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_de.dll
| MD5 | ce66ef1a806c21949b75055f81cac760 |
| SHA1 | 3719e4af114a3c0baceb133d152a02bc6a1fb9f8 |
| SHA256 | 23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f |
| SHA512 | 04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_da.dll
| MD5 | 19a7aee0daf68fdc1a24e3228a8bf439 |
| SHA1 | 1fc6ce227a11245787c80f3932e2c311de2d44bb |
| SHA256 | 409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99 |
| SHA512 | 0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_cs.dll
| MD5 | 8eff4531519a4b768005b9411d4a5f9c |
| SHA1 | 59b354e3f32f0a0da8755c27b903803994f4aa31 |
| SHA256 | 2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0 |
| SHA512 | 4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | afdafc9f56401b662f42cef830d92b38 |
| SHA1 | b56966370ec07cd676e35d93fad001e0f6b3fb8a |
| SHA256 | 03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72 |
| SHA512 | 884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ca.dll
| MD5 | 15ee7526536790bf77317975896542f9 |
| SHA1 | 365bc54203b490daa0e24a1c9813d5d99c9de720 |
| SHA256 | 5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e |
| SHA512 | 475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bs.dll
| MD5 | 5e06d311c2e24b94f378c4d3b3deb260 |
| SHA1 | ef7df63f63746eb197c21694ebb21cfb86c0b2b8 |
| SHA256 | d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65 |
| SHA512 | 8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bn-IN.dll
| MD5 | 1e038b27661b303e15a39a55305e86bb |
| SHA1 | 35b48fe72d50406063f9145fea64c57f205f0084 |
| SHA256 | 385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364 |
| SHA512 | 13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bn.dll
| MD5 | 9afe531b6472cf9eb66028e9638584bb |
| SHA1 | 6212292867bd59fe376e79988c07f4db8ad26cdc |
| SHA256 | 383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812 |
| SHA512 | 352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bg.dll
| MD5 | 4b23c7229eb43740744cfbf48c4242ca |
| SHA1 | 4938dcf6239e14db53c8f085d3c477905a9986af |
| SHA256 | a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2 |
| SHA512 | 4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_az.dll
| MD5 | bf510bb9b7639af7da969f77620b480f |
| SHA1 | 17a6693a5d6aea1f3fa6f34abc46daf558cac645 |
| SHA256 | 2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3 |
| SHA512 | 6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_af.dll
| MD5 | 2a9524cf8afae49394379d9d9be69206 |
| SHA1 | e43d4146f8abebbb30831fbd39a39846bfb7eeef |
| SHA256 | e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0 |
| SHA512 | a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_am.dll
| MD5 | 1903bc250fc269e79c9f7aada2979aff |
| SHA1 | efbf76b1259217c02c138078c56f36b2cb8543ab |
| SHA256 | 228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04 |
| SHA512 | 9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538 |
C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | e5b7394a73c9081d0ecf69763038d170 |
| SHA1 | d8eb184df8502aec696403689e044f617fd700f6 |
| SHA256 | 562d22c0e033ed3f483c392ac158884785940254e692f1e9a0d5939f201060a4 |
| SHA512 | bb9a724bcdbcb74f5d8e288a222809eb0e464f30e237e6e10f27047d278daa7015e37187bd770c1de5b609d049867cea6712fec41c0e4b259ff43effdd9b78b2 |
memory/3320-210-0x0000000000690000-0x00000000006C5000-memory.dmp
memory/3320-211-0x00000000735B0000-0x00000000737D6000-memory.dmp
memory/3320-217-0x00000000735B0000-0x00000000737D6000-memory.dmp
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | a4dc4af4e9e731509fd452129667e3e1 |
| SHA1 | d865b86165eb7428acaa817ab64543e200cf0810 |
| SHA256 | a533804f73e860681eea27f465ac878bab43395b6887bbce90b293e0e4021524 |
| SHA512 | edbb1ddfe2c577303468613569ed7b076ad3062984b189c8f627c98791b638e05128a604e61ea829c636e6a745f7ae392528a8cf912094f0743d0260c8a46acb |
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Installer\setup.exe
| MD5 | e8ecc691b6b345c25ea749591911d934 |
| SHA1 | b54f8b8ece5c4221c4180edfdef39df38a36ba21 |
| SHA256 | e226aafcb47b85afe8962b885921dd982bbeb356ddd1c66e5a6f42be80dd052a |
| SHA512 | 9364268b3e7333a6d52e3ab1eedb15c9cee98d5139be0708790275ef05abba12f32c2a39546b4c81f799d7ee662d5f705af9de28b0fca12a64c72ebcccd4f066 |
memory/3320-269-0x0000000000690000-0x00000000006C5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epherome\Epherome.lnk~RFe5922a1.TMP
| MD5 | b50603a6ce58d999997bfd7d33da271d |
| SHA1 | 073c71f68985ba9c40dfaf231e394f6c09f74ed2 |
| SHA256 | c3e8a922effd97f4c30c7ef914965fe504b15a8241c20fc2cbe180f9224311e1 |
| SHA512 | a6ab7473e9bb0933afff34d479bbd7af1b4cb53cf17c0104214119b8f527cc61eaf1bb1a8ab8b0eb35ff8ccc6512aa9f6b92165c7beb46f84109bbe18c508606 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epherome\Epherome.lnk
| MD5 | f015f4ed19a7b0a55c929cab79b09952 |
| SHA1 | df8df2a7bbb2bd4fb7bf3d1de8ca4ee571be11d2 |
| SHA256 | 57706a9991502c5c3dca463eb10d5b2556d050c12ae212be5c5f378adcec4e5f |
| SHA512 | a3c9d8b4ae9f85a06a8ebef60fdde0fce085d4f0874184b522b51b5c26b49b29de109a342cef374462e87e9906eb9726ec2fce23f95f46643a1dbb3816e6b689 |
C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\Desktop\Epherome.lnk
| MD5 | 5a04aeb047f1a7160233ac2d6dfe16d4 |
| SHA1 | 5dac84d5b4186350d98af1502c6de22601fbc950 |
| SHA256 | 76876aad6e179cadb4ad80b0e2ab55fa082ddea78198447d322a20edf2b4c844 |
| SHA512 | 777eb0d506941eb15ae0b4af97d3106a34d8bf0e25b5fea2614ac9adbb01e4c831c925d4ac3a8dad84f107358a0fa1d68a76003d40270b37db161861625608fd |
C:\Users\Admin\Desktop\Epherome.lnk~RFe59e073.TMP
| MD5 | 501a21a42f745ce518b396663877430f |
| SHA1 | 81b17c5055fb50fff1c0876cc77ddcca22ab1959 |
| SHA256 | 158a4e17258b7a1fc5e4481960f7b24f2206fa012cfba12b9c3ee7d2e4757eab |
| SHA512 | 21ff3a31dd016e98648b9b1809fa71c75b59bbdd316571cf127fc6e3b83b7c9f0ae9ede7ffda7143bc99d9a369db2a431a4dae1b0b4c52a82de5873b5f434f68 |
C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\ApplicationID.dll
| MD5 | 91c2e2f34b5bba068e9a6178e13a4e5c |
| SHA1 | affcac00894c9afd152e55d0bff7899349edcd6c |
| SHA256 | f6851dcbf0a39edecd8a46564bc455e5273736c3dbcb02b954c201c79ccdf117 |
| SHA512 | ce7f629bc0e6e10eca9d671513062f353d8d47666df58c9ad7cc7f767df520b75b2da1f9d6551eae86c738455919463ec89a0c3dc2a8366fa021e6fa6e292000 |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State
| MD5 | 02443ec0557050cae37d5c42cd7a1dff |
| SHA1 | f3aef351db81e8b474148dd9f89a806b70bbb963 |
| SHA256 | 817d91e939fde06fb7921d4b8181fef0f034544b205c655553252988f6519256 |
| SHA512 | 2fcb51e191fabfb0fe116c70ee10764fa823b58164ecc7e87b572ca6788be0b6596ea01499aa06d9a62d780f684de7402f2438563537d70cdbe34305c8e88f6f |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State
| MD5 | 5b46b5e41b730a51b36b18222bcf1051 |
| SHA1 | 915867fad74b950ce737212edb3aed3524b3c7bb |
| SHA256 | e661d6f7ee032ba4c96cac909b322c8679a7768e21a422f35e73979f7df3cc3c |
| SHA512 | b4bdc1869379e03647237a12f16bc34964838ca0b4012804cfd846d7ef4a98e74ee6e767911062b3b14ca83651c72df5f4ee90b5353f1d95853116953115efb3 |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State
| MD5 | 9867a4c6745fc0e8ff9b5d5c98c11fac |
| SHA1 | bc7943d8f6c13b9749119b452de1b68d8a7504fe |
| SHA256 | caa108cb86ed4d3f1f4c7fd0bab0fffb914dac93eb66467554f39634569c3880 |
| SHA512 | 28b56613162b4e1d63ca8baf328142fb9d2e845fb8495c2dcc6f176a04988f06ffe8fa7f81e673cf72c447ab9ff94f2c1ec1b6d6a7528dc41792107dc31eca82 |
memory/4780-428-0x00007FFD52730000-0x00007FFD52731000-memory.dmp
memory/4520-429-0x00007FFD52A00000-0x00007FFD52A01000-memory.dmp
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Crashpad\settings.dat
| MD5 | 05fe04f3c3441c017e78c27e9c680d7b |
| SHA1 | d7160755fae5f345f21a5b3387c4dd08bca1d73e |
| SHA256 | da3d8dbf05256be545e30543fc0cb97db090fbeb7d5b035f4224b47c15b4a864 |
| SHA512 | 4702cc9221fa8541adf94739d23ffb51151ca242eab0d7d095ba3c5b32d5770cd138227f46ed156889c97f8c5bac87929791fc8dcfef0af97722a2555dfb32ad |
memory/3744-350-0x00007FFD52730000-0x00007FFD52731000-memory.dmp
memory/4520-430-0x00007FFD52000000-0x00007FFD52001000-memory.dmp
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Site Characteristics Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State~RFe59e3de.TMP
| MD5 | 064368f3f354a7636860901cf4f7e3a7 |
| SHA1 | 5bbbd3b84ce6c1a7469f5c905aafa46e82d60f69 |
| SHA256 | d4378b2051399309f426b2939f70758e63a23d63dd0e3b97a66dbf724fc29d84 |
| SHA512 | 9f8e02a75436a7efa7c7658098e9d21a21f0e15a8b052a1437799c85b74f70a7fab116ee21b3f768eff4fe34314860ce82a7ea8e375304e4f6d6c84f90e7381b |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State
| MD5 | b226b47d7726472e92f2a559da6d11b3 |
| SHA1 | d39c1bb1541c3510b285f10e3d63643de35db28d |
| SHA256 | 8013dc3495adb77a9a4f72a668d060abcda30aee17c0b1adde7ec2b034757eba |
| SHA512 | 922dbca14da1a1bbb78e826be1d0b7e7c9e55768a6a266fb215498059b790b017fd796c0c6cbb184aced7d6d0ef64672ae292f7f3f769b0f260714a073730c1e |
C:\Users\Admin\AppData\Roaming\com.epherome\config.json
| MD5 | b27aeae7f63d3cc4d5d967fe868e4405 |
| SHA1 | a06edcc7a7f1124ca8e2a44b2212db0889b7bc11 |
| SHA256 | cc2d250dc3eba4b7dd8bcbdeacab30f013a4524276a47901d66fa4717abe2e4b |
| SHA512 | 81c9aec41f0eecac70b72b0b73bdabdc3f0fbbf14727aa2adfe0985aec9a99bd70d81e68d912221013ef29ee6f2b486fa0fe9cee048727303342623831ac2b7a |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d674002ec1b6213d61b98c9e9d9b9b82 |
| SHA1 | 2e4031c41c9e47d44f56367e8b9fef342e3a6e15 |
| SHA256 | 5fe08f2346b6c7eddc1fee9fb2d644e0fd98a3e232aa1786212e2392ee788fa1 |
| SHA512 | e5b0baad1b73630345bcea8db07715ad2bd13d3b10ce9432f5d40d20e722bb2e8f6027a3d9057804d7c627c252b0f2c4eebe5c0e715249bbdbcc25fc40e1abab |
C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 01c2f9038383d173f0360a35d682fee5 |
| SHA1 | 85327012c3caca2cd717183b07e707286193cfc1 |
| SHA256 | 176d21af58783edc3d883ad133388cc8a1f20837b6e9e206ac3da779867faefa |
| SHA512 | 6e0032d40f7400f98bf8bb82d3289a6d3aa8cd4efd0d3596b2f3ed79bff7714232628dac83701865eb03641f5d92431faf6ab3111c22db907dea1827aa10e426 |