Malware Analysis Report

2025-01-18 21:22

Sample ID 240322-1zy8tahe74
Target MicrosoftEdgeSetup.exe
SHA256 f49d99ebc8a856bba424cfcf3086ee88f2e87d8e6aefd74e4f3995ec047f7ec5
Tags
adware discovery evasion persistence spyware stealer trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f49d99ebc8a856bba424cfcf3086ee88f2e87d8e6aefd74e4f3995ec047f7ec5

Threat Level: Shows suspicious behavior

The file MicrosoftEdgeSetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery evasion persistence spyware stealer trojan

Reads user/profile data of web browsers

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Modifies Installed Components in the registry

Sets file execution options in registry

Downloads MZ/PE file

Checks computer location settings

Drops file in System32 directory

Drops file in Program Files directory

Executes dropped EXE

Checks installed software on the system

Checks system information in the registry

Loads dropped DLL

Registers COM server for autorun

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-22 22:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-22 22:05

Reported

2024-03-22 22:11

Platform

win7-20240215-en

Max time kernel

146s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Downloads MZ/PE file

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ro.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\d3dcompiler_47.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\delegatedWebFeatures.sccd C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\delegatedWebFeatures.sccd C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_cy.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_sq.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\ca-Es-VALENCIA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5cc15c26-d320-48d1-9f67-cdc84d7d9e45.tmp C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\identity_proxy\dev.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\EdgeWebView.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\stable.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ca-Es-VALENCIA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\wdag.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\el.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\icudtl.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_nn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\uk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\msedge.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\109.0.1518.140\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\telclient.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\msedge_proxy.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\de.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Trust Protection Lists\Mu\TransparentAdvertisers C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ne.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-02-b0-53-61-f5\WpadDecisionTime = a0441e9fa57cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{90DBBD26-4D1B-4C96-BDC9-0D7C75C3C55A}\22-02-b0-53-61-f5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{90DBBD26-4D1B-4C96-BDC9-0D7C75C3C55A}\22-02-b0-53-61-f5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-02-b0-53-61-f5\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{90DBBD26-4D1B-4C96-BDC9-0D7C75C3C55A}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{90DBBD26-4D1B-4C96-BDC9-0D7C75C3C55A}\WpadDecisionTime = b03bcad7a57cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-02-b0-53-61-f5\WpadDecisionTime = b03bcad7a57cda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{90DBBD26-4D1B-4C96-BDC9-0D7C75C3C55A}\WpadNetworkName = "Network 3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-02-b0-53-61-f5\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{90DBBD26-4D1B-4C96-BDC9-0D7C75C3C55A}\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\runas\ProgrammaticAccessOnly C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0A5F4B64-7FCB-4C1B-8133-CD01DB52BE83}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LoadUserSettings = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2356 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2496 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 476 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2704 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1780 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 1780 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 1780 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 1780 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 2440 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe
PID 2440 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe
PID 2440 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe
PID 1448 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe
PID 1448 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe
PID 1448 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en-us&brand=M100"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzMxNTJFMTMtMThGMy00MjA4LUJDNTctQzFFOEM0RTVEMjFCfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezQ2OUMwNzVDLTlBN0YtNDQxOS1CRTkyLTFBNDIxM0EyMDBBQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yMSIgbGFuZz0iZW4tdXMiIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTk4MjI0MjAwMCIgaW5zdGFsbF90aW1lX21zPSI3NDkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en-us&brand=M100" /installsource taggedmi /sessionid "{33152E13-18F3-4208-BC57-C1E8C4E5D21B}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzMxNTJFMTMtMThGMy00MjA4LUJDNTctQzFFOEM0RTVEMjFCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTA4RDEzNkQtRDVGRC00RDIyLUFERTYtQTM0RDhENUI5MTZFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzYiIGluc3RhbGxkYXRldGltZT0iMTcwNzk4MDc2NiIgb29iZV9pbnN0YWxsX3RpbWU9IjEyODkyMDIxMjk0NjY5Njc2OCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE3MTcxIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxOTg0MTE0MDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6876B0E2-D4D2-4209-AE3A-5D10B6863632}\EDGEMITMP_FC019.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=0 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzMxNTJFMTMtMThGMy00MjA4LUJDNTctQzFFOEM0RTVEMjFCfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0M4OEYzNzkxLUI0REQtNDQ4RC05QUJCLUZGMTcwQTFGOTAzRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9ImVuLXVzIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI1NjYxNTAwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNTY2MTUwMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjkxNjgzODAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MTE3NTAyMTEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VklicFFUcGJyRVdSS1dDUkxsN2k3UkdPcUwxSk5qOWZVM1A5WXZxdDJMTVNnUzZrek53WU5DMU94algzJTJiQXV0SU5taHBoQ0Y3MDFsWUFVbUVRUiUyYk5BJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBkb3dubG9hZF90aW1lX21zPSIzMzQzMSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI5MTY5OTQwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyOTMwNTY2MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIzMDM1MjQyMDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjE3NyIgZG93bmxvYWRfdGltZV9tcz0iMzUwNjkiIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAyNDkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.165 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.140 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xe4,0x7fef664ffa8,0x7fef664ffb8,0x7fef664ffc8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2400 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2616 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2984 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3008 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3092 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3392 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3564 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4164 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1076 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2448 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=2672 --field-trial-handle=1368,i,9553062301931589059,6073644022428925127,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe" --msedge --channel=stable --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge\Application\master_preferences" --create-shortcuts=1 --install-level=0

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 88.221.134.73:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 204.79.197.203:443 ntp.msn.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
N/A 224.0.0.251:5353 udp
US 8.8.4.4:443 dns.google udp

Files

\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdate.exe

MD5 31f9e08922765ba2913632f758bc7423
SHA1 b36b4bf74d6d4b6c8c0e38d9c6b65ec7da2fa9e7
SHA256 c2988c13f66ce033fef65f3af20a00faf555047e710dc6c282c124c848c1eb88
SHA512 13808d6b3cf8f8e645bd421eb3916b12cfcef46ab5f0ce1a0cbda91c4be374d03504ec09d1a5916ff2944cc24135cd46dc5be3e6c72fb599b30a58cf8aad7c57

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdate.dll

MD5 9cb2b82fbdde7133369f0d8618dba139
SHA1 4ac0771b6da4c435ed9ab270e4b87f5720fda0de
SHA256 0aa838b27da61c7bd94e073b35cb5cf1cf0762d74ccc0214d052f7327d52ae06
SHA512 002ffd9938e309693e2b4ffa3e2d3add2046f133e0f219cb5e8f898f55003815f326c98f529fddef9f7653a9a81e3ebb543f8ca034e786b25ae960c3cb2c730f

\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_en.dll

MD5 90afa78198ebd61bb588145b28f6ae28
SHA1 56e954a7a9d086a30c49b3fadb39108ed41008fd
SHA256 900f4de13607028d1e4442d361e7e0b80670c9601cde0a634a12119b13ad1fb1
SHA512 d3d5a80e06f1cdf976cff20ac840eed31034e7e7eb37ce10d58bd7a99c2a3a6db711358e32d77e8248e8f7029aee2b87b37a8ae600810c4b454ee3c08ab723e1

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdateCore.exe

MD5 f5e9477194d0d7c18a7c3529a10f917c
SHA1 17b0f78f7c56a89ddcf2232242de8f13f0cdba18
SHA256 f5c45634efa29acb9dbd1f16880737797171630c3f81fe23aea26f4dfb094323
SHA512 227d890734313d4dbaed48501e6c4cd1f3d1bef403bbab1f65084ead6a32779381bd9d71eab03ca6eed332a7866030eb1fa01fcd1c28a8d7899705dde33446da

memory/2704-111-0x0000000000320000-0x0000000000321000-memory.dmp

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 23a351591308d49bfe2625d302820715
SHA1 4787ceafc8492b09f85a1c8abb7e5d0c07f52e96
SHA256 7610b2c0bf22563e850e185864d9244eee94c853e6595cd18ac59b6d603af651
SHA512 cb266826f6ca3de75968dffebd2a3b480fd3348fa1c0b972851f1008540285cf93158555448446fb8b83f1fbff726221e05a3a18b11da0518ad65283d8eb8247

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 433681ca511d96f96479ac2cca102522
SHA1 321b86c79779e3685b022012a4ccae8b5f3aae19
SHA256 da5f97895efb9698657ea213e6d0cab53ffe6bee32933ca2341406faf64dfcbc
SHA512 7b90a0c624f9500a6aaf39c9244818d128cabc898f5e1e8a28f7a67fafb603b6906610834e172d2762703660dae2cc541d51a5b7478644faa5b6b820b6724188

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_af.dll

MD5 b02f36aca674edfd030906d8aa7d3e11
SHA1 638981c1e6713e1c2ce2f551bf7326a1d48ae3c7
SHA256 962a6ed3be729a924512528f6170fcec6a86bcdc37f89faf8df3e31fb2c9bf21
SHA512 2b5c087c5a1a12e87b6b3ad621b9d5e0380f0a962a727bd261ab1b0ed0a40aa9d7c2500648469758889df598b86e343cb2a3f2d034d07250243a7d1e99dbdfb5

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_am.dll

MD5 9a1b664570e9631e6cedf8c2d662421f
SHA1 d9efd018975d111a08e35fa92b1d8955dc31eb5f
SHA256 52d1f080f3c41c4579603c3cca47b6667472d6b4ed787a3dd7d345ed8b3ac747
SHA512 69d4b33cecc3280ba369dbdf60fae92481e8965d6640a1424ac4d72a2355f3d0c367469f638ea6296c1e508fc906f94a2987eddf9cff3ca13659113cd4c178ef

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_bn-IN.dll

MD5 f7d821198825ff1e2cf321d15e7033b1
SHA1 fce91abf0300084e22521c81f8d194965f25f556
SHA256 3518a0aafab4518df873bfe4e1c9e71e3809e092870acdb12eaacfe52c01e25a
SHA512 85b196fe52121c49dddb552dfdaf3f986160b53a78523760dd94ca08cafc5ba75098a744dc5e605419c9914a111dd207d7d737afb91d73bee7ccf0cf83a8dbfb

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_bn.dll

MD5 a164b4c542d58d702e81e05024d95459
SHA1 e034353f3b1e2afff2ec5c36b36028a94bba9567
SHA256 f332fd86ea630afb90bc9d50925b25bd85037e18f186aa45c047fc179ccd77a4
SHA512 f7f22ae416d949a45887e0f0f6f67f6b9518d8f5a26578365dc1bbe979f731eaacca34a53c1d55947ba9cb99697df6ea628f005701f711afbd73fc356f848893

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ca.dll

MD5 7f21e0d781e6ca29c3912967eb920b33
SHA1 25f8be269cb3a1dd322de909b8d25e22919febcf
SHA256 aa499ed11eb86855c85426158f198b3efb6fcf67c3b484793f34240bb04f049e
SHA512 cdd78c9656aaee68306527e3a81bf6b2bb749b971342c1fe2b45230cc06d97a9ba6e6f6aa4ee50de0d5abf983b0f1d0cad3718162f046e623f2f6dda6ea87200

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 64223294845556ab103ce781a07db647
SHA1 988e53cba0f55e6405df02ac35f8013e79fa839f
SHA256 8ff65e8754d8f33260e75d43c40b8a4b25eb7d42b85ef73ed6d67ea603c513a1
SHA512 58af56f6212b055e350047b641bcf4fccc22012f70e12a4df24d5e2af0964f42ee25cce3d5c8cfb75071bb2e2f9cfde3d3142f2502a1a2cea20fad7e219e0de7

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_cs.dll

MD5 7f14c4c134a48cdba2c41ad653a5fda5
SHA1 a181b6f139b9e999efb74a11b3a966480c706e79
SHA256 6fe845b8e932d1422935eadb0fdbbbcaecdf567778f50f6a10eee72e6ac860e8
SHA512 4cfe470e0039f7452db7dacdd8512c5d873b597a583a35cf6132cef3080b3787f816022b14e067bf699bce2b142be2073dda65e9bbfb81457e8fcd8b1436e02c

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_et.dll

MD5 999504016169d3caedb132c230feacc2
SHA1 a0efc52f4104906ac51da46f24779358a319df8c
SHA256 ec804f7507269d52785b699b4fd18a2d1a3ca7e0956dc15bac034151596b75c6
SHA512 ae3b4b3c38ac6af5dc80238d0e3730ccdfd436dca6daee317b58f92cca22ea51ea2ef720e32f92693d23e8383fefccf9c46c10a148036687f0a7dd8bc844f274

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_es-419.dll

MD5 e393fa3d70aaa6dc5bef5dcd7df4ff9e
SHA1 292fa091659e5954b760e75da9ac9c3d2e4ef1c2
SHA256 f40ad5f9cde0853afd1834d3823bcb2a50cb358eee188b5d7a1d88b751237026
SHA512 b3c879009495975f1603380d10756281ddc5a004474fefbd0fc470741f7f5b59ca8c3603d87f9bed6709a31f8eb04a7d84ca8c10db2c9d4a43487604058a3163

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_eu.dll

MD5 cc332ec84b9dc507745c1833284ad4d4
SHA1 acab1658ed5f20201ade23311f6436da6bc7ed73
SHA256 6533a3d4e7af844763e89e3a4bf2330dc37dd2dfd6176f98720140b1f22a7830
SHA512 5125af4cdefd131d79988296362e92dbed46c7ac70264a9592fbc633ea2527944745c7c3cd475b0117efb0729885b696fa7f90cbdacc04d699d6aed235482259

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_fil.dll

MD5 e448e42312360c764f4eb091472aa469
SHA1 b8afcc1406fcd0041c50ce858883d1a629700537
SHA256 fb31e09bdf7fc834317bd9ddc3376bd1992c3eacde48ee71a133f969e20401f6
SHA512 8af85244d4b24292289feb560e79f69e65dbdbf16ace5cb12fae73371630b71e3bb122bb276debbc7842d8b53b0ea3a12eb89acb51b3c8f39fb45c8337304077

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_fr.dll

MD5 1e41bacb6e221e7db7772bf7a9b9b228
SHA1 5036f8c73029b74b51da93330e5bd6be78998953
SHA256 ecef2e77abe7a1e67ee7e2b1e281ff3f2b1e0cdc4ae1d96ca4e6d25730587efd
SHA512 81bc5de9bf1c392c886b9d83de8e3dd290399c31504ed998a746eb2b3cc2f7c43154854973146a29e9164b2fd6df8e6bae7a63c9288c4dcb7ac9313c18289c9d

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_gl.dll

MD5 64e4a461716700e7f14e7014abe9816d
SHA1 cea6b0612f2dffb7e42d23629d41ffd73cbc63b8
SHA256 9674903cdc0e08f18c8f071ed9fccdb8aa20184c85d48d99e8e90de4f4e33a05
SHA512 f68f902cd1a3e1232401db23ab466e7a38ae09e3324bc91fd6066d19b9246dde068178b73ae5fa6cdecc420b0d3a818f183f46d280f53e8c311b063c029537f3

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_hi.dll

MD5 3a60d0c9d26cd258b08f80daa33b0134
SHA1 ea55affe72494cb0f7145644277270627d68f99f
SHA256 f8647909bbfbe73c0c962eae21c45ca58717f97cfea7dad404fde52367f837b7
SHA512 8e1b6e53020652f391511c8b4e64b8c12bddf5c52f869c8069349c44576520a9529bf120d377c243e5b6dbee0c37a8d9b31a0e4eaf2126b553d485e840027370

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_it.dll

MD5 20af857014bdfa8f869145dc25fdb5e5
SHA1 0d876e9b0abf907b4cdc0767d120504cf2ecfab5
SHA256 13f6f81e6507f2304768922e81ccac99951bec4163cc576f2dc3f65b78cd08cc
SHA512 992443bfe3c101270e1fe5b39d8adaf1990b46e79ea2b285fe848e6632bea2ddc6e2a1523611359518c79b0ea4ad5a228f5d778bdf78872010b67e753866ae72

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_iw.dll

MD5 f2b801a134d0e6016a500e7237f17fc6
SHA1 05135e4f7c5c2ffdf7989c761947c7f482e6f859
SHA256 556146c69e56b62901e3741d606e12e766324651793c26ed75861c172a34fbf0
SHA512 9fd5c3bdd6f6cf4c75869eb0c80f71f00207e3bd0a3cf1ada37ca0916018ad691d93c335faebb919de551ea7e0a0fb8c0ee4b406a573b48f6ce01a21558c555a

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ja.dll

MD5 7bee509a3cb93cb97a3c419ded29b379
SHA1 51b83ac0e624da9dd877894ddb229382c25d479b
SHA256 9c24aa6f46f6bb4127a27efb46279762582909dbbe491c2fa1a621a8d9da2408
SHA512 0f148229fa873878827437177717ca3be23630f62788886f53703484073d282e3204cb86aab49e493bbde2b2638bc1d6b7f05a7290b32e2b6115854774cf995b

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_is.dll

MD5 333f733cabf382e901c99e1d3049f767
SHA1 8c858f0ad0f06f137fbc340f01831a7eccbbbaba
SHA256 15fb8bbde296a384f6c9bf3acf0d8f6860e30d7dbac2c60cb928300d8464d81a
SHA512 81abb4abcca78181956dab1bd8a3b9523cc38f30348675342198f2cf3394fe1366d12f8b61fba7775e8c572c45a23603eca96fe36e693ca2d5f5bee0300101c4

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_id.dll

MD5 ef49bfeb60ee4283650932e4e50de722
SHA1 e592965caf1dd2f894b24a09f2cd14294ece7d84
SHA256 c49adb300b05a792e3b2d0e91d200055886acbbd26b7eaef43722ab3f5c40752
SHA512 0a15abbb7f5e43425a561c91ce775ef6944044f3ea9e1dc60371189c79c4fe1cbe059ad38a7492f8b2342f1ecb5fa3a60e1643793bf9db90c21e64f1eeced079

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_hu.dll

MD5 df6a438814eb75ad639cc572f123924f
SHA1 8aaaba665de347cadd55dce07133265e30d48510
SHA256 416d5ed542c2dc6bb7219d2a76b5729ae835db4b63015a9a998a0eaddeeda1a9
SHA512 02171d854bfc57845e6eb344a48c4aebd653d229ffd94d4ce1d3d76a623503c6a6b104f9323a7afd16bd0a2007a0d544d8e31f52a3e24a3ee0a4a6520f0933db

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ka.dll

MD5 6e590abdacf69c0a95371ac48ab92698
SHA1 f2a4a183010cafedb76c182a6149bbc313ed608e
SHA256 975cb32be3ee396f0a076483206fc6a9f8d3671c439ca5aa3649d7cafc1276db
SHA512 d2cabc0ae33c9ca75f6146d2c7ed3f37df03a2e6b82e7e6180a2a7bbbd32bff4fa157ec1c8d906c48445c79ad58105ac30e0217739ac21beccf13be369f0cdca

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_hr.dll

MD5 cabeca48e04e6bcbe4fcd9231bb70ff1
SHA1 af016512f0bd3a51b38eb22c7aab8ce07a48e9f1
SHA256 fc73ca5d57213643d99432389eb371e13d0217c4718aadf551677667b5f9837b
SHA512 e3d1b7f9a5a4672da70090c2c63fbf1a87a27d127a538c940764b611d3e8952ffe7384bc5e103e7d5b90b216eaa595086a9bc070bc9700c7e450476be17a63e8

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_gu.dll

MD5 2bc86512dd0753e4649fc66d72760498
SHA1 21d7a1ff5c5f54f9aec52b4d6dd6beb72c9988eb
SHA256 01df748e21237a03eb6e9d616cf0ab2cc63272a736c8e6fefb476a2b59be3302
SHA512 aa7cc40847eb65bd67c07261d48c18322d63cd7acd5d230cd93847ee7e94e879ef87e9fb96b4131af7aa45524b3c48a01c3a215bc515a2227223504045cfdc83

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_kk.dll

MD5 2b4883e2c8eb6a1cc0618972ab9022bf
SHA1 90db614ce4217fe3703b87ce8be687e7b244da58
SHA256 2815b85a065bab6aae4af23cf5c8ccb5c8f587b5ac57b9719b2fcc6343d573b8
SHA512 5e86c7028fa5520fee13b29c833d5949b28bf6e803752df71b6abbe9e1fa5b43c9948e6b4956e554cd5461a101824e051e20b6762cbb418f112f938563f05e20

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_gd.dll

MD5 c98c2777d3e3f5b4cdaacfac7b92233e
SHA1 879cb8fb3f292c05aab59a2852daaa089b13cd00
SHA256 1afc654cdc779a78ac66c08f527da746ae99197d2b4a8d23f024afabbe98434e
SHA512 72ad4fd9e2f3b29f937ba0cefe6adeb85edcf26f913b5f4dcf8d7921a7cfd38fa1eef67db7c83e1ebc4714dffcc4adb9dd6ca909b2b7ebaf2827d2b2f90523c1

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ga.dll

MD5 baab875fbcead06d6bfe0eb3325f9d1c
SHA1 7c770a51d93b5651f14a290858fc25a8c5458378
SHA256 e2706880a1ed7cb34faef4ca0f3b2df7aa4e75d869dae74c86d750df8423c1f9
SHA512 994fa0d9f9d02b1320acc5ad336e30451931a52e6a8c48b3b5d9d5179b42c68feaa14fc76cd2ce99f682f1dfad5d8ce21b87a12321fabe504eb9c0844a49fd32

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_km.dll

MD5 19305a2fae65010d305d658338cc4ea4
SHA1 70fd2048440da6d411fd0ab61f441cbb706b3b11
SHA256 27bb6d533b10539f18b9ac37c49d8340ad7bde91e5150981fdd317ef38bb7efb
SHA512 5fa9f71e2d5f2b588935be0c1a91faec745e20992584071052cb7624637b7232fb6e5d60aa79926cf2c3ccca47f95ce494769a679259bbf2d5c98374981c61c9

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_kn.dll

MD5 0b3764cd341edac4f859306f942d816f
SHA1 6728dcb1c38c7fbee72bf1a23084c806cb724499
SHA256 9a7de95fa49e02bc700acc2820cd4099a997988cb57663d2d1e4c2f3c4fe365f
SHA512 147380a455df8a314fc7c4173a8e9c2103b09206f0efebcaf8bea96b56ab72f9ee1f92c89146873adc73761d50103543cbe6dedd7717c7ead821157c1bd111ce

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_fr-CA.dll

MD5 000135745b1756a8a8d3e73140e18ac1
SHA1 2399c903c91bb969794a41d1a5e693e8f33125d9
SHA256 92b4f9d8fb86a8aa24f929d27e76e680923717e29a88ede229abf357eec3a299
SHA512 c0b3484a02888fd6323b6754d76325cbd5b48cbeaaeea91dd2ad8c2a3e74ee51294e7edbbf4725e9b00c7c589750199548444484c5d8d15ed973bb63bc8f0773

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_fi.dll

MD5 3cdfa04a84ba151c6ef1e1711d90b243
SHA1 d306f97bd7a3a6f620994c5c98758034a8899727
SHA256 0a063456432fce42401c8362714e98ec157e9f9e5ed3eebc4d96f9b4a039167a
SHA512 e02ba732feab507c478df22aacf2b8399bdbed4f937cddcde9a3c0dd38cdab0a9c434dcfa8989c1d97fdf1e9efa67b64e9dec631663bc56df0356ca2036e2cd1

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_fa.dll

MD5 cf17425264c5d3e95ec3cc93e0cfd95b
SHA1 132652c83194a66e1820ba805b0cd1060ab7c66a
SHA256 0a394125c397e472932f7bcf40e2f54ca1050e0620d35ca322c6f48d80bdbf4c
SHA512 f7e2408ab5560717252c0536ab652cedbc2cd17a7e6d375d7dcfbd2cd8894b4dcd71f023d2bae35237250e1cbda08385a1484550a07f13901f39e6d75e9f87e7

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_kok.dll

MD5 b0993ff03e515e491a2b30344995f46b
SHA1 d4591561bf7ee245a6ee8ef3f10ce59479f46683
SHA256 7df3f55e10eb57e79a10a43c9c839ee4dadad6581b1cb696812636194ab3f97b
SHA512 244f15d811c519e46a1742502b7cd4c956231239a35f064289398d2b9b94807849f0c0243ebd8d7cb0545a212f23d7d0b621e0254987e2cce46879707ef1af04

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_lo.dll

MD5 f341581e529ee7cc558769c1cd23297a
SHA1 88c956c86045cce4a22fc5ecb16e6184b3ed4c59
SHA256 cb5c131a93dd2b77cb0ef5499acc8a0b8d9de15a7193a314452efde262054377
SHA512 196542376cd3ec6352a60c2e523ed240c4e1252a8ceb67d4b5ce27ff62c43e6bc5e7191f90afbd0ab910e325b6092a4c5e445fa021b8b02744bf494c62ed9317

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_lb.dll

MD5 ae1afaba80329dbf7a2d8c9ae899cb31
SHA1 59a3c94260512c89f4fa36605273d0a23ca39681
SHA256 c01f4e503aaf3b9ba81cdd79255cf3073671758f370bf07fbc59081dfbcd8e45
SHA512 7c043fae0aea39b5930e48b2f5eb5a7660da5dc69f288febbac54b3d9b129540c5aa3423fbb77e7c127c6a16bbacb0dfc31f6e3246812a33c1683aecef029acf

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_mk.dll

MD5 699c8fb732043a02378ead6badb69cd1
SHA1 ea9c3bd2eed254ff56dec2cff952a8804ae52ade
SHA256 976be8789d91935bd083691afe245bea0230dc159dc2524c93cea2a78229d2e3
SHA512 9e8f0af3d5a3f2c602f6566d8ad323bc27d182b6ddb26756d7d2dfa9dc2756f3243c258f6de96f50b8525fdd31cb7230cb360d4098492d52fd7b8a0904ea1f11

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_mi.dll

MD5 10cd5ec2455ae2eb80280aa5f3a00ad6
SHA1 fc0ac954970bb33f9e4f372efa3e99fdc9c32a2c
SHA256 9f1f89692559cb6428af5336f29577640015df9fba272dbdf8a44709c9c34496
SHA512 1f5209b4efc1d28e3ddde4e8087565861c31bb31e8535d1086601e0d56594ab5b163db0588c8913f6e710630cfa57c4aaf5f2c94717849cc5c73520bb1135738

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ml.dll

MD5 821fc1cebcf23ef54a7179a966172724
SHA1 1cc6f74fd03f89b17aee368657326c7b61ac4971
SHA256 7795e21a9b66720c1771a90156f0beff5c7bd1318bfcda2309d8f0973f5a8272
SHA512 7ff2f81b6bd0751b6aacc7ece6c937895b09acc13453eae3fe9ac5c0d0c4c9eeb6751bf083d42f0ddf941fa4660832d358b22142ef3bdde697b67eb1da49c832

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_lv.dll

MD5 114b0fdf0183801f36202b4aa52a8c6d
SHA1 25de0a71c950117c332f3cddaa0f8bc4b1e6a90e
SHA256 a8efc8a3399a54ca234bd76247f217576fd8cdc891d1d487e86ba06fef676be0
SHA512 cd16f28783f1707215957c6e545cb8454e8d267a606fc91142c7feb1e8f83a020338d4ae3177779bf31b34324e6d8c35d648442345beb019112d402ffb7a0657

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_lt.dll

MD5 bf5c6d4441d9495cd1b2a982004a026d
SHA1 9d92d96194cae48ede6296aff0244f55bd8ca363
SHA256 9ef68efd2a91caa4b41321215e4d6adda225311e48ac5c2bddc3e3afe379a595
SHA512 a93f651be188a27f90148009c2cc41e194799e3466b1d971f607ee80cda2ee75ce24003d14ae919ab7bfdd14907937aff31672421aed067f381f2480ef3a3a75

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ko.dll

MD5 fc2bf0ff5b72217e0b581be65464836f
SHA1 f3e63c61ee645d8ea1db82188ca9c0a74c2f5f9b
SHA256 d5b610c073a7e96e6ab38fb15218395a94e4526446a1087f8a45f90fc0b25ce6
SHA512 a0de9d8638e89d29dc9b6639ab7e2abeeb710093d6db3b67b0a7290184d0c2200e69ba750f94cec66a4e939687dda65344d6bb020f961fb095444f9c1608462f

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_es.dll

MD5 10bef36b121886cb7468bb209dcc6836
SHA1 8b98619e4d8ade70f1f9008f6183de785b6b4509
SHA256 515f0a0334db3271f84bbb288aac9b907d6c363dc1a9a6447117a7e7c967ad29
SHA512 3b3a06f02d5bf5734b99ee38a249c3232b61f2a5fac837405501bd9cc9c8cbcbbb38dbadf3734a7a6b986a79ef34c7ce63c8c8fdde7d10c8bd916a13eb8f662f

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_en-GB.dll

MD5 38d1b69a1f1e07a99c9df5416b7fc639
SHA1 f46cca601d1cc38ddb8e93f393dbf9be909e49a8
SHA256 952c6fdbcd0d333319e80d415caa91757ce759fb4d8adcff3229b134c5257244
SHA512 9ce6849d6915352e746921b9e7c3222d8e99577c77405ac9d44d33d4b0d70df74bbf06d6ec750d38afa21f2824a081bb74dd271b79ee38015e4b23fdc5d840c7

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_el.dll

MD5 0dbe7ed570d8139edfb03b022abe1b03
SHA1 099e20aeaf984cfa025f017706c694a98f04e2e2
SHA256 77b34e4beb5b9b9110582cf55432dd1c75d1816d5744d56c26617d44b7ba37d0
SHA512 a0667ef377c52467f8c7da6627f9c06786c8134979929a60c8e248a08f44b0bbfbccbc79458db84d9c4e183446acac9e7e18a65ea4b5e8b60ee3a911d8c96a1d

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_de.dll

MD5 79c1cef8c38d0ad8e4eac06c84accebf
SHA1 4092a10acc777d560f255c85b1a1437dd53a7101
SHA256 5f50709f64eb3f03766e7aee5f446e8cadc1737d0f404db73f5dc447c1f77899
SHA512 13cd04233e8af9c194e44d1f322aa29d156fd399717278cde1fbcac8acb1efdc4a004e5e299ff19ce8b423b3cbcf35337c27bc435a777bd60e0bc4e8417aa9c6

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_da.dll

MD5 5666fafa9199b490d2b20cbf2f5395f6
SHA1 1f43b774ef9a8fc218279dd81e437ffeb40966d1
SHA256 e4bd6dc7a20b9053b9dfff7c2c6a8abded5914994d300fd1466c9b271a0bf42f
SHA512 660403a3abe9a4c9ed7a1e54e5e582816c57cf3cc9a69cf67b8794e98989933d90acdea4df9dce222d82dafb92145efacfd30bae93c09193be281dc5ec634502

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_cy.dll

MD5 b2d69e686d4d6401479b2cbeb5c62c77
SHA1 696ddb825bd7f812c11191bb53c2c00d548d4c00
SHA256 40810d25a6f9be67b000ad8228dc20e41e2b0d2223d0ae13878f265fa13bcfde
SHA512 b0d877c0ea2266087b8f464efee9fa54a504ec12215d2e7f3f463081075e7128e2d9437a550773e2b703227ca952e0283f940d3a6e1325aae2784e53fb3e6a29

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_bs.dll

MD5 78bbea4a67479fad54a247e877c213c3
SHA1 800c9ac56787b18fbc010cf0734b4a187d3f4a7f
SHA256 beb02561cdbe2694028c2106b603661d4b7649fb4add685e5314c7c1d27f6252
SHA512 8528525660df61bad32f3492659d412367ac42291be8f018ed1017d47baf205ae95b091616b0ac2b20859b1ccf504068dc4e317e176495e9021b109c97c72bc1

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_bg.dll

MD5 7efa4d227351f5deab462bce9149d40c
SHA1 85cfaed5408724398f9a3584f9737ac24f4993a4
SHA256 b36e0c8bb231ec5597b6a8e86379400d1c3dd2218ec8f401c53538ba7fdbc383
SHA512 88dbf96fbe3b1756799f6dd9f216e26449277f0b692fcedf099ee5b8563ec2b44de967cfaac0ea7baf072992b0e24166986070811c6a752923c6894961ab3f36

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_az.dll

MD5 ef2bdeeade769996349c0a0f4a7c5872
SHA1 8d3944bebeca2cc674b0459c637e125df0621967
SHA256 6d23e6e87ce3e847ed059781bf895c846e5e34e66083f92089cf08b403432a55
SHA512 260d001693a36c7a5db55739d1781bc41b7c76a182d6761229af2723ec223b426b4b4b568544bcd1c97b2415821f2a9514a49c5483f9038438349f7dc31993b8

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_as.dll

MD5 009dce4ff4b372178c28397fce96a59f
SHA1 92277110bc332fe7863beb2ddd4e09fbc55bf81c
SHA256 d333edca46076709ce749e5c55efc888e49120e27c63ffecdf3e78222ea155e5
SHA512 4661f3262e7f002916530cb2c9c70d2de5297ba634ad451d4fb39870a26d1a829082995737b5c0b0911c32a20720862dd753330aeb30e993a882fb4fbb110c43

C:\Program Files (x86)\Microsoft\Temp\EU1620.tmp\msedgeupdateres_ar.dll

MD5 ff770d70c8ba319bd01ca708e2644572
SHA1 6b8c84053f4ae62afdc7002cb3f2e849800dcbb9
SHA256 db673f6e96287e8827ffdea3ae880aebb5f1b2bc5d45bf26be6513629ed12f1b
SHA512 8bdd358dcff62a0e3927202e7bcb85d374a2cc351e940707ed4d2638f4f40b3666c7741345f6c0bcfa75b9b3204c1a821dbb44458fdda95a05b0b6a253890cd1

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 70406e6ce368f36fdff291ea38221b3e
SHA1 ddfae94e048dc7027c9d2a8ad70a70f0f66cf186
SHA256 1bb452c355fffbf6dc48e6404aa38d98ed168ea0786e6415f15c405798e146f0
SHA512 a0a21c925c90a236925764331aa75912e273bb7230fb7f0a0c963104ae90106c375466f4fd2965e356382f6213d7f48e3fdda4780fd5cc7d8d6518b706446877

memory/1408-190-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab257D.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar265E.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9d2dd3237f75212866f4b4bcc310745
SHA1 743cd1d7a0d7e04480468b83b81a3aa6ff06a1f7
SHA256 f8b4f5de16bf5a603c58b5b6c0f7555ed9ab8508f6eafafdc59b81befea35e8f
SHA512 2bf63924331a2e634c9bcfb2d57cc38c95530c95b2485dbf1f8d377e55b309c0362faba5b86d6cd24a565421b6045b9add9012be04e966391c96dc9817c78759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e88654793c3bd486a1ff398bd293daec
SHA1 25ebcbbc251b10abc4b46066f2a7e41099573e2d
SHA256 51d8c3253319243353c6dcf911746989fa5f9dfb231ee53b2fe9027c05fb3893
SHA512 851c5fe69f659e110ee82a429276669edc8268cfc92c358f6a79c291facb14b6ee7d019708e0e57315393a09e2fc52642b5240f07352baf3e36afc21b69980fe

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 542902509d7bde6da1f2c56e6e0cf2e8
SHA1 c77f7a3651edc4cfbd261c35fcc13b80394cb277
SHA256 ed8366b9a22a7881c5bc9e4d8842ef42bb7ab8a5bca731916bdc5edc781c2c39
SHA512 01cc15556f550ae14d143124407804a0d6d778cd5b971a1f796f19a2c01f396b9b3d33244229a682420e9e46bf4fa65d0d26ccb08b14ebaac81568799d2cace7

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 28d2bf18d1f52888bf0bfba9d0e2d9b7
SHA1 3ea2a83bfcf8f08752b54f9cfc72e46225a05fef
SHA256 1f174807019330547aa6fa60d03b473ad664a9069f4d1d297dc73e1982faa5ec
SHA512 d66bcba061ee6ad87f0d439de5fa973876d6b5b4a39570aefd3176e9b440755927196488f33988305ca98b773892311b8283c4a3c67c41f90e20b741319ad6c8

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

memory/2704-831-0x0000000000320000-0x0000000000321000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d29ad6098eb0de91169300265b8e53ce
SHA1 b9a03336d362dbc7220ec4e9a97d8d7915e85997
SHA256 8f4c1a4dc8f24094152056288ef7901f93a0053eb4fdb270cef6863b685ea6dd
SHA512 59e5dbe148451402f8af267ddb54edf6cdd632ee88e9e40a1c1144bca3e182563a0ef9678749cac1b7e5d0bec8b8b48b4335ddbe965c30a826f1addfa77d29ea

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

memory/1408-916-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b279f0295c4e6c704b1995626057f4c
SHA1 0eda1a7e708ec524c7d0170763fd610d75d28059
SHA256 9e66abd15eee3a3425cf0a3a980df8a2bb90c5636e6b3771c16a98d68d1806aa
SHA512 381fb5712ef4d66b61b3ded3646b15acb1adda8db5c185819a4dac8edef208a1882a97cf941c221d4f26864f7bca393a6ebfe05f81aaf8a6acb5df467c293bd3

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 944751efbb28fcd3141668188c93dff3
SHA1 27f977835e66de564caeed1b40f84900e886409e
SHA256 72b8aa2cb79d5d69ec9efe7f66c0a4f5333140c91629af8c6e47d03a58a536c1
SHA512 41aee401b0753802d7f7223c40598660acbc07ab54b2b16bd48f4cea045664c772424e04cabc453946e8bedf1523a6a78eaacd070d5e4261fade9a824f93f1dd

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\109.0.1518.140\MicrosoftEdge_X64_109.0.1518.140.exe

MD5 2351a10f63322e5c3ee8f44f4d0d6bba
SHA1 64012bc2d19c899c466b473f1984800870ec2fda
SHA256 70d496873a0a1ca14ae0a038d25856b2121b1b4b7bad9801ce639b144bac41f8
SHA512 692c0c9b9ed5bc8aaf0c751b9faf60729af79365781b51237e8dd57b57c49459d83dc2c44b093bca4092519d4c9ae712dab8073a7fe63245e405f17164b3c1d2

C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Installer\setup.exe

MD5 3a92a61a6e01c80ecc7d9499abb901b7
SHA1 d89d05802d937f9c71ced14282b8a19623fca7c8
SHA256 b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e
SHA512 3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d

C:\Program Files (x86)\Microsoft\Edge\Temp\source1448_126740316\109.0.1518.140\Installer\msedge_7z.data

MD5 bd70ed26e6e6f3193043ac09c58c6a1c
SHA1 d733a65e17f2851d5116598dd80533efc1656468
SHA256 7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448
SHA512 3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\telclient.dll

MD5 5302ed4cb82bfcddbf6a1a0ca866c649
SHA1 55479d5eb1382010c27bcd1f2007a02220b218e0
SHA256 9cc602a91aec700e4ea01f2afa0caa4ca3a99a9e27751a1da203e2dc190dcb9a
SHA512 51bff0aaa1f243c8f291164c7cb9f0c8d250681e13cf62c26c513164c9399f7dba5b439ce26bcd35f35d1f7ea35ab1d3a4a5bc0b5d3549a0d9bfa10968e48e20

memory/1408-1770-0x0000000000370000-0x0000000000372000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52652905-2634-4a28-8c5d-6736edf6e69f.tmp

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab841ab0be783065b46b981eaf9a388d
SHA1 69fa5819b14e734330565ce9c02e2276fd623c55
SHA256 d4a1e84da2ce91a0a95971dca414d5501f5a530ccb5462d9ea6964508888a294
SHA512 b59643e6402fb7f6479b408692a487420c9e037dac91040e918eec79c4fce823df09731e2ec4a275dc4497a55e261461f63887dc7456c58ca2baad7e87ab6afc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b7023b1b593566a84270711dc43bb38
SHA1 99f5f9ed61f6357c5a47c07fb86ddd80b2389392
SHA256 3537507cd49891e59fe110741d68d853b2ecc76ad2224da7c47d570a095851ec
SHA512 2abbf2fcda59dff1103445eb83d7b2830bf57100863725c99ae87d8034c20178ac05a38e0c77950a8809837db40c022c0c7de2c08bc80851c68bb30b0fe8ce48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c6509f8b98c1d8d426bb8bbfb886a6b
SHA1 09b7f2fd591d1faae90008b457b74c9cd79e0901
SHA256 1a753ce213509f939524bf4cca674b13e5be0e3b70c3bdbb88a6b713c489c76c
SHA512 69ae1124cfd7529e42a3ae68acbfe9120a6b79500436dfc4fba39eae76452226080bcbabc12b9c690480b431cf30d21f28f38cfa33ecf2be063f596ee372f03e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 af9a0a48d5c2855c21a3977d18cc8af1
SHA1 a74edc70a350fe910f368fee5895ad38fa1d2e70
SHA256 992efe5df1185be9f8e47c3d90bd5690f26bd2da361d61f822ef6d92ba464075
SHA512 719dc3fba2e8d58d1c5c8a7a8f3371127b5f2d5adb4761f931fd316edf394621f60f0452d93451447b5291c9b6f1ded46b1efb423d0cfbe253e9561afdae28eb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 ad2260a9e2d3dd3f0bbd0bb0a792c8fb
SHA1 1aa4861ec1f8fbc0adad01653b6f93197492f1b7
SHA256 4ef7370b2233beb41098f4e2c817b6c5ae56af6c1c68d31ede44748a4798ff65
SHA512 7bc49f97c460163f29f7d7ae1ec2411a5340250a66a18225a121644b3493f9f769f425371efb05088632a355d438aca4f1333c283c52787c0f6937df61c9484b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f52a3955512220219c6644f77a749ed1
SHA1 d1ba78bd9323a9984cdbb60843af9cb28247235a
SHA256 34328f42d57195c2ec972f1964d02d7eba15a00f3d804e5300df9399ae3cf2d8
SHA512 80d93ac4d85cfab9513ef603592500cffb26c859b7aef46872a7d9835f74c6f340e8c0e995a23a307633c5c165f436ca1a9312806fe5bb2e65ec30c9f0018020

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3c411cba725b102574734d39e995324
SHA1 f4aab39f6e122c03d966ef4d7b96a11b8909ce07
SHA256 3a750b726c9219df5a737dc9100681b10f8372f6b952c5ef535c08da2dc50325
SHA512 afa94eb25bf370a25ab16fa687734af48b4f84fb45caaf0dc8b09e35681bf493671b1901db0a4a660c17668a13be9e3f503fabfcd6f49bb10e4781eeda9ac98b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56015b667dee504a9c2f60b05a56316e
SHA1 a99c4db9a8d46ed09dc1917956077f8973ecf93a
SHA256 cb9879ff4641ce4a11fc8c53d7e18658722ebf39960d9538c23635fb33c044e9
SHA512 71112cbacbd9c1b4f1372a0d601b6c57ac33bdded6022129ed6802f52cb91502c2daeb9e490b18433ab5e824e0bc6006108e38336473ff559e2c74744b02700f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 132db6a05ef9cbba3e99d05bc22896f3
SHA1 be2934a63fd474a68b0a943e6a8ae7ad5118d9c2
SHA256 54fa2e43c3e0d85b08ab43360ae0af174ff78c842bb3f6f5e755e963fa6f9874
SHA512 8f46fb6ca26140a8b2f9444c515a67c19691c83463161dffd3d5765a3dc65345a181f613099c90af9996f30c79dd40794f176eec3a539604aa83a3c4e5d4bdb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28cc3a7292025db6122f0dd0a53bd3d4
SHA1 5ffbdac0b42fa243896714df6264a878f4e97480
SHA256 ddb14d5d96257534d6e2ed2a7afeff920fb65ca8e91910195b8a8e825ce82bc1
SHA512 85ab17a53062e209fed76c1c779f181810b02dd483670c67370acb4edda8b62737c67fedd3753bf4cfe2b02f01216200fea701d686e2e8a90362083a5ea8b40f

C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\401fbe72-cf6e-41ae-9bf1-046d228df3c9.tmp

MD5 e887b91c3504ec435382ea9cc1e7928d
SHA1 c977be810da32ca9c98c424e57ec7be6ca8e1028
SHA256 ff7e762ca6889894731e4c64745ffb2ca10aacefabdd709050a1d41954fe8d4e
SHA512 c06a88d4dfb93212bb7b9c1694eefa5f741e89b1687d180ec500c2688f2ce864b645cfdb43ac0b448e9811a7a5ab1e06e8bc9960bdad942ebe4b8b4434ae1a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d72b39307c0627422e2fb86400d5cd97
SHA1 156ba0a84110083b5bc87122391a312d354d10dd
SHA256 25bd94e6923a7d2b8b45facd91408b489ca21a630170e3f5fd97cc73c4504048
SHA512 6b7b16c216cbff8f2f24eb749da6f3163f0733bf541f4f9b46cd4f1e92a5db20a6c3a1f377a75af5746d1f6664ef629a5afe4e440e700e0b3dba2331a0325b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81f12838-1a8f-4dba-a3dc-8cdbc983b452.tmp

MD5 22a0fab7f12847acef27f10df7ed30de
SHA1 f46fefafa3139b30a9bf2d18e4b8f492af8ca61f
SHA256 68ddcd6b7a21eeea8cb802c247cfe9cc75f1f62cf41a9ea2fe2ac2990b05bc4d
SHA512 dfa939622773cef3b0bf4b4382ffc6aeed0b838ca1df8be8e6b3009ed12d1351e4b28a31d2d2f4b4966f40373564fec9003987b00892ea9d4a9b6c571bba8a86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1eddca03276f2762c8d6e1e8dcaa8725
SHA1 b57581b2b0f04bc349057d7024541dc369893b99
SHA256 f12ffa544345e6d0ad14591dc112e7b3e221d82f7df247a3dbcbb6b7d8b3b37f
SHA512 64f8caa559eb3c204293bc82533f0c276c8174dd33d7d138db9755742198394cfe6b2ac5b7bf36d396d25784c21437c5db0d8f75f8aa7ea5e4d07caa176d2651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\29972b6f-49e2-4403-befe-28fe58d200de.tmp

MD5 08d407c1cce3cac25666b7e2be60d66c
SHA1 6037d41f6a31a2c2467a5af7e9d574977465ceca
SHA256 0c600439456da390a8d59b597ab047ddb233f5966057b8856e9c36f0338a8397
SHA512 3483d8bdfa6daa29a0c6452855d3353fde01d13202332fcd2ba8a07daa66362f170f4408a67361f01dbff5780068a0390667673bd4cbe95671cc9db00bbe8aba

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-22 22:05

Reported

2024-03-22 22:11

Platform

win10v2004-20240226-en

Max time kernel

90s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_te.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_uk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_as.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_cy.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_sr-Latn-RS.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeComRegisterShellARM64.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\psuser_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_th.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\MicrosoftEdge_X64_123.0.2420.53.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\psmachine.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_nl.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ug.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_bn-IN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ca-Es-VALENCIA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_sr-Cyrl-BA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\EdgeUpdate.dat C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\MSEDGE.PACKED.7Z C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\MicrosoftEdge_X64_123.0.2420.53.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_en.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\SETUP.EX_ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\MicrosoftEdge_X64_123.0.2420.53.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_kk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mi.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_sr-Cyrl-RS.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_el.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_km.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_nn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_sq.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_it.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source5300_229039290\MSEDGE.7z C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\psmachine_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_bs.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lb.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lo.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_sk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_sr.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fr-CA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\NOTICE.TXT C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_et.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_af.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_de.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ELEVATION C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3128 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe
PID 3128 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe
PID 3128 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe
PID 1424 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4832 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4832 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4412 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en-us&brand=M100"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdde3946f8,0x7ffdde394708,0x7ffdde394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdde3946f8,0x7ffdde394708,0x7ffdde394718

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7749611733895433492,16744754527299477968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7749611733895433492,16744754527299477968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0Q3NTE1RjktQTE3Mi00MTdFLUFCNjEtQzREMkNEMTIxMDIwfSIgdXNlcmlkPSJ7N0E2QjA2MzEtRjY5QS00RjIzLUE4RDItOUY2RjhDRjc0Q0REfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0Q3MjEzMTY3LTk0QzYtNDMyNi05QUU0LUYwQTMzQTdCNzYwQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xODUuMjEiIGxhbmc9ImVuLXVzIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4NDQyMjM3MTQiIGluc3RhbGxfdGltZV9tcz0iMzEwOCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en-us&brand=M100" /installsource taggedmi /sessionid "{3D7515F9-A172-417E-AB61-C4D2CD121020}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0Q3NTE1RjktQTE3Mi00MTdFLUFCNjEtQzREMkNEMTIxMDIwfSIgdXNlcmlkPSJ7N0E2QjA2MzEtRjY5QS00RjIzLUE4RDItOUY2RjhDRjc0Q0REfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjNBRDY5NUItQTkyNS00MjYwLTgwQjMtQjA5RTc3Mjg5MEFDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtEVjBqSS9LRGx4aEh1ZTFMOUtSR0djcU9oZjNIM2gzYWNTckVhblFLZmdRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjUiIGluc3RhbGxkYXRldGltZT0iMTcwODk1NzgxMCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzUzNDU4OTQyMDY1OTQ5NyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE2OTE1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODY2MTYzNjIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv jBwIq+zC/kqpWApWQ2izsA.0.2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\MicrosoftEdge_X64_123.0.2420.53.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\MicrosoftEdge_X64_123.0.2420.53.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\MicrosoftEdge_X64_123.0.2420.53.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F1AAE36-35BA-414B-8845-26C66976895C}\EDGEMITMP_EB4E5.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.53 --initial-client-data=0x240,0x244,0x248,0x120,0x24c,0x7ff7266cbaf8,0x7ff7266cbb04,0x7ff7266cbb10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4267737351226772664,2528706839366462411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
GB 92.123.128.175:443 www.bing.com tcp
US 8.8.8.8:53 135.47.7.20.in-addr.arpa udp
GB 92.123.128.175:443 www.bing.com tcp
US 8.8.8.8:53 175.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
IT 95.140.230.192:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.154:443 r.bing.com tcp
GB 92.123.128.154:443 r.bing.com tcp
GB 92.123.128.136:443 th.bing.com tcp
GB 92.123.128.136:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 154.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 136.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 192.230.140.95.in-addr.arpa udp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 104.21.95.69:443 youareanidiot.cc tcp
US 104.21.95.69:443 youareanidiot.cc tcp
US 8.8.8.8:53 69.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youareanidiot.cc udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.134.90:443 aefd.nelreports.net tcp
GB 88.221.134.90:443 aefd.nelreports.net udp
US 8.8.8.8:53 90.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 mist0090.github.io udp
US 185.199.108.153:443 mist0090.github.io tcp
US 185.199.108.153:443 mist0090.github.io tcp
US 8.8.8.8:53 153.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse3.mm.bing.net udp
NL 142.251.36.46:443 www.youtube.com tcp
NL 142.251.36.46:443 www.youtube.com tcp
NL 142.251.36.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr1---sn-aigl6nsk.googlevideo.com udp
NL 142.251.39.118:443 i.ytimg.com tcp
NL 142.251.39.118:443 i.ytimg.com tcp
GB 74.125.105.102:443 rr1---sn-aigl6nsk.googlevideo.com tcp
GB 74.125.105.102:443 rr1---sn-aigl6nsk.googlevideo.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 118.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 102.105.125.74.in-addr.arpa udp
NL 142.251.39.118:443 i.ytimg.com udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
GB 74.125.105.102:443 rr1---sn-aigl6nsk.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hnekn7k.googlevideo.com udp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 72.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
NL 142.250.179.198:443 static.doubleclick.net tcp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.64.52.20.in-addr.arpa udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 142.250.179.193:443 yt3.ggpht.com udp
GB 88.221.134.90:443 aefd.nelreports.net udp
US 8.8.8.8:53 theuselessweb.site udp
US 67.205.14.247:443 theuselessweb.site tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 play.google.com udp
US 8.8.8.8:53 247.14.205.67.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp

Files

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdate.exe

MD5 31f9e08922765ba2913632f758bc7423
SHA1 b36b4bf74d6d4b6c8c0e38d9c6b65ec7da2fa9e7
SHA256 c2988c13f66ce033fef65f3af20a00faf555047e710dc6c282c124c848c1eb88
SHA512 13808d6b3cf8f8e645bd421eb3916b12cfcef46ab5f0ce1a0cbda91c4be374d03504ec09d1a5916ff2944cc24135cd46dc5be3e6c72fb599b30a58cf8aad7c57

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdate.dll

MD5 9cb2b82fbdde7133369f0d8618dba139
SHA1 4ac0771b6da4c435ed9ab270e4b87f5720fda0de
SHA256 0aa838b27da61c7bd94e073b35cb5cf1cf0762d74ccc0214d052f7327d52ae06
SHA512 002ffd9938e309693e2b4ffa3e2d3add2046f133e0f219cb5e8f898f55003815f326c98f529fddef9f7653a9a81e3ebb543f8ca034e786b25ae960c3cb2c730f

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_en.dll

MD5 90afa78198ebd61bb588145b28f6ae28
SHA1 56e954a7a9d086a30c49b3fadb39108ed41008fd
SHA256 900f4de13607028d1e4442d361e7e0b80670c9601cde0a634a12119b13ad1fb1
SHA512 d3d5a80e06f1cdf976cff20ac840eed31034e7e7eb37ce10d58bd7a99c2a3a6db711358e32d77e8248e8f7029aee2b87b37a8ae600810c4b454ee3c08ab723e1

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateCore.exe

MD5 f5e9477194d0d7c18a7c3529a10f917c
SHA1 17b0f78f7c56a89ddcf2232242de8f13f0cdba18
SHA256 f5c45634efa29acb9dbd1f16880737797171630c3f81fe23aea26f4dfb094323
SHA512 227d890734313d4dbaed48501e6c4cd1f3d1bef403bbab1f65084ead6a32779381bd9d71eab03ca6eed332a7866030eb1fa01fcd1c28a8d7899705dde33446da

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_am.dll

MD5 9a1b664570e9631e6cedf8c2d662421f
SHA1 d9efd018975d111a08e35fa92b1d8955dc31eb5f
SHA256 52d1f080f3c41c4579603c3cca47b6667472d6b4ed787a3dd7d345ed8b3ac747
SHA512 69d4b33cecc3280ba369dbdf60fae92481e8965d6640a1424ac4d72a2355f3d0c367469f638ea6296c1e508fc906f94a2987eddf9cff3ca13659113cd4c178ef

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_bg.dll

MD5 7efa4d227351f5deab462bce9149d40c
SHA1 85cfaed5408724398f9a3584f9737ac24f4993a4
SHA256 b36e0c8bb231ec5597b6a8e86379400d1c3dd2218ec8f401c53538ba7fdbc383
SHA512 88dbf96fbe3b1756799f6dd9f216e26449277f0b692fcedf099ee5b8563ec2b44de967cfaac0ea7baf072992b0e24166986070811c6a752923c6894961ab3f36

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 64223294845556ab103ce781a07db647
SHA1 988e53cba0f55e6405df02ac35f8013e79fa839f
SHA256 8ff65e8754d8f33260e75d43c40b8a4b25eb7d42b85ef73ed6d67ea603c513a1
SHA512 58af56f6212b055e350047b641bcf4fccc22012f70e12a4df24d5e2af0964f42ee25cce3d5c8cfb75071bb2e2f9cfde3d3142f2502a1a2cea20fad7e219e0de7

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_da.dll

MD5 5666fafa9199b490d2b20cbf2f5395f6
SHA1 1f43b774ef9a8fc218279dd81e437ffeb40966d1
SHA256 e4bd6dc7a20b9053b9dfff7c2c6a8abded5914994d300fd1466c9b271a0bf42f
SHA512 660403a3abe9a4c9ed7a1e54e5e582816c57cf3cc9a69cf67b8794e98989933d90acdea4df9dce222d82dafb92145efacfd30bae93c09193be281dc5ec634502

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mt.dll

MD5 f14f8f20b0a851f6fc387d4871f3d078
SHA1 68111340e7d0b60177d9503c6cd683178e0e3b37
SHA256 c564ad9f8ac54c15cd8854992a3fd51e629aad344e295b7c27b1b8a2352b499c
SHA512 4d2c3f3098d4cf94f48ee6253279dad1e1bd88cbe56b5b1abe2ec99693bf47cea1ae07561e46a8ff75a23c156cf9c297e9ff2311eb204dfbcfbffbd67a583cb9

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ms.dll

MD5 bd908b4e55e0734e0c385b275969a8cf
SHA1 44d9bc7ce298105e02f127cbcb56348f2166aea2
SHA256 aeae3ab23602fe3a16a37542333e9e9fafbe9a9b5bd75a8160f6a6e6693051f5
SHA512 d0fd2f2c5a8e6fc46c820f9a9a7495621568372096a9eaad205e6819bc445803d678a9241f2365d77995e579d40eaa377e60915a11a1439683944ea490f8306c

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mr.dll

MD5 c522b1f946733d1f98287e7cdfb7be85
SHA1 b73900227cf47832275183e4fe34cd323d60fa8c
SHA256 bc7d941dd7ea8641320b8219fc023e38cf21b2e0e8e90d7b2a0f230a62582dde
SHA512 53ad9ce365ab86e54dd769c6b33d157fc0380af228a972076b24738615799a1128ae19fde353beb46bc847b68bb528b83945ddf0d08c622877d37a98594b1fc0

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ml.dll

MD5 821fc1cebcf23ef54a7179a966172724
SHA1 1cc6f74fd03f89b17aee368657326c7b61ac4971
SHA256 7795e21a9b66720c1771a90156f0beff5c7bd1318bfcda2309d8f0973f5a8272
SHA512 7ff2f81b6bd0751b6aacc7ece6c937895b09acc13453eae3fe9ac5c0d0c4c9eeb6751bf083d42f0ddf941fa4660832d358b22142ef3bdde697b67eb1da49c832

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mk.dll

MD5 699c8fb732043a02378ead6badb69cd1
SHA1 ea9c3bd2eed254ff56dec2cff952a8804ae52ade
SHA256 976be8789d91935bd083691afe245bea0230dc159dc2524c93cea2a78229d2e3
SHA512 9e8f0af3d5a3f2c602f6566d8ad323bc27d182b6ddb26756d7d2dfa9dc2756f3243c258f6de96f50b8525fdd31cb7230cb360d4098492d52fd7b8a0904ea1f11

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_mi.dll

MD5 10cd5ec2455ae2eb80280aa5f3a00ad6
SHA1 fc0ac954970bb33f9e4f372efa3e99fdc9c32a2c
SHA256 9f1f89692559cb6428af5336f29577640015df9fba272dbdf8a44709c9c34496
SHA512 1f5209b4efc1d28e3ddde4e8087565861c31bb31e8535d1086601e0d56594ab5b163db0588c8913f6e710630cfa57c4aaf5f2c94717849cc5c73520bb1135738

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lv.dll

MD5 114b0fdf0183801f36202b4aa52a8c6d
SHA1 25de0a71c950117c332f3cddaa0f8bc4b1e6a90e
SHA256 a8efc8a3399a54ca234bd76247f217576fd8cdc891d1d487e86ba06fef676be0
SHA512 cd16f28783f1707215957c6e545cb8454e8d267a606fc91142c7feb1e8f83a020338d4ae3177779bf31b34324e6d8c35d648442345beb019112d402ffb7a0657

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lt.dll

MD5 bf5c6d4441d9495cd1b2a982004a026d
SHA1 9d92d96194cae48ede6296aff0244f55bd8ca363
SHA256 9ef68efd2a91caa4b41321215e4d6adda225311e48ac5c2bddc3e3afe379a595
SHA512 a93f651be188a27f90148009c2cc41e194799e3466b1d971f607ee80cda2ee75ce24003d14ae919ab7bfdd14907937aff31672421aed067f381f2480ef3a3a75

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lo.dll

MD5 f341581e529ee7cc558769c1cd23297a
SHA1 88c956c86045cce4a22fc5ecb16e6184b3ed4c59
SHA256 cb5c131a93dd2b77cb0ef5499acc8a0b8d9de15a7193a314452efde262054377
SHA512 196542376cd3ec6352a60c2e523ed240c4e1252a8ceb67d4b5ce27ff62c43e6bc5e7191f90afbd0ab910e325b6092a4c5e445fa021b8b02744bf494c62ed9317

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_lb.dll

MD5 ae1afaba80329dbf7a2d8c9ae899cb31
SHA1 59a3c94260512c89f4fa36605273d0a23ca39681
SHA256 c01f4e503aaf3b9ba81cdd79255cf3073671758f370bf07fbc59081dfbcd8e45
SHA512 7c043fae0aea39b5930e48b2f5eb5a7660da5dc69f288febbac54b3d9b129540c5aa3423fbb77e7c127c6a16bbacb0dfc31f6e3246812a33c1683aecef029acf

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_kok.dll

MD5 b0993ff03e515e491a2b30344995f46b
SHA1 d4591561bf7ee245a6ee8ef3f10ce59479f46683
SHA256 7df3f55e10eb57e79a10a43c9c839ee4dadad6581b1cb696812636194ab3f97b
SHA512 244f15d811c519e46a1742502b7cd4c956231239a35f064289398d2b9b94807849f0c0243ebd8d7cb0545a212f23d7d0b621e0254987e2cce46879707ef1af04

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ko.dll

MD5 fc2bf0ff5b72217e0b581be65464836f
SHA1 f3e63c61ee645d8ea1db82188ca9c0a74c2f5f9b
SHA256 d5b610c073a7e96e6ab38fb15218395a94e4526446a1087f8a45f90fc0b25ce6
SHA512 a0de9d8638e89d29dc9b6639ab7e2abeeb710093d6db3b67b0a7290184d0c2200e69ba750f94cec66a4e939687dda65344d6bb020f961fb095444f9c1608462f

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_kn.dll

MD5 0b3764cd341edac4f859306f942d816f
SHA1 6728dcb1c38c7fbee72bf1a23084c806cb724499
SHA256 9a7de95fa49e02bc700acc2820cd4099a997988cb57663d2d1e4c2f3c4fe365f
SHA512 147380a455df8a314fc7c4173a8e9c2103b09206f0efebcaf8bea96b56ab72f9ee1f92c89146873adc73761d50103543cbe6dedd7717c7ead821157c1bd111ce

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_km.dll

MD5 19305a2fae65010d305d658338cc4ea4
SHA1 70fd2048440da6d411fd0ab61f441cbb706b3b11
SHA256 27bb6d533b10539f18b9ac37c49d8340ad7bde91e5150981fdd317ef38bb7efb
SHA512 5fa9f71e2d5f2b588935be0c1a91faec745e20992584071052cb7624637b7232fb6e5d60aa79926cf2c3ccca47f95ce494769a679259bbf2d5c98374981c61c9

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_kk.dll

MD5 2b4883e2c8eb6a1cc0618972ab9022bf
SHA1 90db614ce4217fe3703b87ce8be687e7b244da58
SHA256 2815b85a065bab6aae4af23cf5c8ccb5c8f587b5ac57b9719b2fcc6343d573b8
SHA512 5e86c7028fa5520fee13b29c833d5949b28bf6e803752df71b6abbe9e1fa5b43c9948e6b4956e554cd5461a101824e051e20b6762cbb418f112f938563f05e20

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ka.dll

MD5 6e590abdacf69c0a95371ac48ab92698
SHA1 f2a4a183010cafedb76c182a6149bbc313ed608e
SHA256 975cb32be3ee396f0a076483206fc6a9f8d3671c439ca5aa3649d7cafc1276db
SHA512 d2cabc0ae33c9ca75f6146d2c7ed3f37df03a2e6b82e7e6180a2a7bbbd32bff4fa157ec1c8d906c48445c79ad58105ac30e0217739ac21beccf13be369f0cdca

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ja.dll

MD5 7bee509a3cb93cb97a3c419ded29b379
SHA1 51b83ac0e624da9dd877894ddb229382c25d479b
SHA256 9c24aa6f46f6bb4127a27efb46279762582909dbbe491c2fa1a621a8d9da2408
SHA512 0f148229fa873878827437177717ca3be23630f62788886f53703484073d282e3204cb86aab49e493bbde2b2638bc1d6b7f05a7290b32e2b6115854774cf995b

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_iw.dll

MD5 f2b801a134d0e6016a500e7237f17fc6
SHA1 05135e4f7c5c2ffdf7989c761947c7f482e6f859
SHA256 556146c69e56b62901e3741d606e12e766324651793c26ed75861c172a34fbf0
SHA512 9fd5c3bdd6f6cf4c75869eb0c80f71f00207e3bd0a3cf1ada37ca0916018ad691d93c335faebb919de551ea7e0a0fb8c0ee4b406a573b48f6ce01a21558c555a

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_it.dll

MD5 20af857014bdfa8f869145dc25fdb5e5
SHA1 0d876e9b0abf907b4cdc0767d120504cf2ecfab5
SHA256 13f6f81e6507f2304768922e81ccac99951bec4163cc576f2dc3f65b78cd08cc
SHA512 992443bfe3c101270e1fe5b39d8adaf1990b46e79ea2b285fe848e6632bea2ddc6e2a1523611359518c79b0ea4ad5a228f5d778bdf78872010b67e753866ae72

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_is.dll

MD5 333f733cabf382e901c99e1d3049f767
SHA1 8c858f0ad0f06f137fbc340f01831a7eccbbbaba
SHA256 15fb8bbde296a384f6c9bf3acf0d8f6860e30d7dbac2c60cb928300d8464d81a
SHA512 81abb4abcca78181956dab1bd8a3b9523cc38f30348675342198f2cf3394fe1366d12f8b61fba7775e8c572c45a23603eca96fe36e693ca2d5f5bee0300101c4

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_id.dll

MD5 ef49bfeb60ee4283650932e4e50de722
SHA1 e592965caf1dd2f894b24a09f2cd14294ece7d84
SHA256 c49adb300b05a792e3b2d0e91d200055886acbbd26b7eaef43722ab3f5c40752
SHA512 0a15abbb7f5e43425a561c91ce775ef6944044f3ea9e1dc60371189c79c4fe1cbe059ad38a7492f8b2342f1ecb5fa3a60e1643793bf9db90c21e64f1eeced079

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_hu.dll

MD5 df6a438814eb75ad639cc572f123924f
SHA1 8aaaba665de347cadd55dce07133265e30d48510
SHA256 416d5ed542c2dc6bb7219d2a76b5729ae835db4b63015a9a998a0eaddeeda1a9
SHA512 02171d854bfc57845e6eb344a48c4aebd653d229ffd94d4ce1d3d76a623503c6a6b104f9323a7afd16bd0a2007a0d544d8e31f52a3e24a3ee0a4a6520f0933db

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_hr.dll

MD5 cabeca48e04e6bcbe4fcd9231bb70ff1
SHA1 af016512f0bd3a51b38eb22c7aab8ce07a48e9f1
SHA256 fc73ca5d57213643d99432389eb371e13d0217c4718aadf551677667b5f9837b
SHA512 e3d1b7f9a5a4672da70090c2c63fbf1a87a27d127a538c940764b611d3e8952ffe7384bc5e103e7d5b90b216eaa595086a9bc070bc9700c7e450476be17a63e8

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_hi.dll

MD5 3a60d0c9d26cd258b08f80daa33b0134
SHA1 ea55affe72494cb0f7145644277270627d68f99f
SHA256 f8647909bbfbe73c0c962eae21c45ca58717f97cfea7dad404fde52367f837b7
SHA512 8e1b6e53020652f391511c8b4e64b8c12bddf5c52f869c8069349c44576520a9529bf120d377c243e5b6dbee0c37a8d9b31a0e4eaf2126b553d485e840027370

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_gl.dll

MD5 64e4a461716700e7f14e7014abe9816d
SHA1 cea6b0612f2dffb7e42d23629d41ffd73cbc63b8
SHA256 9674903cdc0e08f18c8f071ed9fccdb8aa20184c85d48d99e8e90de4f4e33a05
SHA512 f68f902cd1a3e1232401db23ab466e7a38ae09e3324bc91fd6066d19b9246dde068178b73ae5fa6cdecc420b0d3a818f183f46d280f53e8c311b063c029537f3

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_gd.dll

MD5 c98c2777d3e3f5b4cdaacfac7b92233e
SHA1 879cb8fb3f292c05aab59a2852daaa089b13cd00
SHA256 1afc654cdc779a78ac66c08f527da746ae99197d2b4a8d23f024afabbe98434e
SHA512 72ad4fd9e2f3b29f937ba0cefe6adeb85edcf26f913b5f4dcf8d7921a7cfd38fa1eef67db7c83e1ebc4714dffcc4adb9dd6ca909b2b7ebaf2827d2b2f90523c1

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ga.dll

MD5 baab875fbcead06d6bfe0eb3325f9d1c
SHA1 7c770a51d93b5651f14a290858fc25a8c5458378
SHA256 e2706880a1ed7cb34faef4ca0f3b2df7aa4e75d869dae74c86d750df8423c1f9
SHA512 994fa0d9f9d02b1320acc5ad336e30451931a52e6a8c48b3b5d9d5179b42c68feaa14fc76cd2ce99f682f1dfad5d8ce21b87a12321fabe504eb9c0844a49fd32

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fr-CA.dll

MD5 000135745b1756a8a8d3e73140e18ac1
SHA1 2399c903c91bb969794a41d1a5e693e8f33125d9
SHA256 92b4f9d8fb86a8aa24f929d27e76e680923717e29a88ede229abf357eec3a299
SHA512 c0b3484a02888fd6323b6754d76325cbd5b48cbeaaeea91dd2ad8c2a3e74ee51294e7edbbf4725e9b00c7c589750199548444484c5d8d15ed973bb63bc8f0773

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fr.dll

MD5 1e41bacb6e221e7db7772bf7a9b9b228
SHA1 5036f8c73029b74b51da93330e5bd6be78998953
SHA256 ecef2e77abe7a1e67ee7e2b1e281ff3f2b1e0cdc4ae1d96ca4e6d25730587efd
SHA512 81bc5de9bf1c392c886b9d83de8e3dd290399c31504ed998a746eb2b3cc2f7c43154854973146a29e9164b2fd6df8e6bae7a63c9288c4dcb7ac9313c18289c9d

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fil.dll

MD5 e448e42312360c764f4eb091472aa469
SHA1 b8afcc1406fcd0041c50ce858883d1a629700537
SHA256 fb31e09bdf7fc834317bd9ddc3376bd1992c3eacde48ee71a133f969e20401f6
SHA512 8af85244d4b24292289feb560e79f69e65dbdbf16ace5cb12fae73371630b71e3bb122bb276debbc7842d8b53b0ea3a12eb89acb51b3c8f39fb45c8337304077

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fi.dll

MD5 3cdfa04a84ba151c6ef1e1711d90b243
SHA1 d306f97bd7a3a6f620994c5c98758034a8899727
SHA256 0a063456432fce42401c8362714e98ec157e9f9e5ed3eebc4d96f9b4a039167a
SHA512 e02ba732feab507c478df22aacf2b8399bdbed4f937cddcde9a3c0dd38cdab0a9c434dcfa8989c1d97fdf1e9efa67b64e9dec631663bc56df0356ca2036e2cd1

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_fa.dll

MD5 cf17425264c5d3e95ec3cc93e0cfd95b
SHA1 132652c83194a66e1820ba805b0cd1060ab7c66a
SHA256 0a394125c397e472932f7bcf40e2f54ca1050e0620d35ca322c6f48d80bdbf4c
SHA512 f7e2408ab5560717252c0536ab652cedbc2cd17a7e6d375d7dcfbd2cd8894b4dcd71f023d2bae35237250e1cbda08385a1484550a07f13901f39e6d75e9f87e7

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_eu.dll

MD5 cc332ec84b9dc507745c1833284ad4d4
SHA1 acab1658ed5f20201ade23311f6436da6bc7ed73
SHA256 6533a3d4e7af844763e89e3a4bf2330dc37dd2dfd6176f98720140b1f22a7830
SHA512 5125af4cdefd131d79988296362e92dbed46c7ac70264a9592fbc633ea2527944745c7c3cd475b0117efb0729885b696fa7f90cbdacc04d699d6aed235482259

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_et.dll

MD5 999504016169d3caedb132c230feacc2
SHA1 a0efc52f4104906ac51da46f24779358a319df8c
SHA256 ec804f7507269d52785b699b4fd18a2d1a3ca7e0956dc15bac034151596b75c6
SHA512 ae3b4b3c38ac6af5dc80238d0e3730ccdfd436dca6daee317b58f92cca22ea51ea2ef720e32f92693d23e8383fefccf9c46c10a148036687f0a7dd8bc844f274

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_es-419.dll

MD5 e393fa3d70aaa6dc5bef5dcd7df4ff9e
SHA1 292fa091659e5954b760e75da9ac9c3d2e4ef1c2
SHA256 f40ad5f9cde0853afd1834d3823bcb2a50cb358eee188b5d7a1d88b751237026
SHA512 b3c879009495975f1603380d10756281ddc5a004474fefbd0fc470741f7f5b59ca8c3603d87f9bed6709a31f8eb04a7d84ca8c10db2c9d4a43487604058a3163

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_es.dll

MD5 10bef36b121886cb7468bb209dcc6836
SHA1 8b98619e4d8ade70f1f9008f6183de785b6b4509
SHA256 515f0a0334db3271f84bbb288aac9b907d6c363dc1a9a6447117a7e7c967ad29
SHA512 3b3a06f02d5bf5734b99ee38a249c3232b61f2a5fac837405501bd9cc9c8cbcbbb38dbadf3734a7a6b986a79ef34c7ce63c8c8fdde7d10c8bd916a13eb8f662f

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_en-GB.dll

MD5 38d1b69a1f1e07a99c9df5416b7fc639
SHA1 f46cca601d1cc38ddb8e93f393dbf9be909e49a8
SHA256 952c6fdbcd0d333319e80d415caa91757ce759fb4d8adcff3229b134c5257244
SHA512 9ce6849d6915352e746921b9e7c3222d8e99577c77405ac9d44d33d4b0d70df74bbf06d6ec750d38afa21f2824a081bb74dd271b79ee38015e4b23fdc5d840c7

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_el.dll

MD5 0dbe7ed570d8139edfb03b022abe1b03
SHA1 099e20aeaf984cfa025f017706c694a98f04e2e2
SHA256 77b34e4beb5b9b9110582cf55432dd1c75d1816d5744d56c26617d44b7ba37d0
SHA512 a0667ef377c52467f8c7da6627f9c06786c8134979929a60c8e248a08f44b0bbfbccbc79458db84d9c4e183446acac9e7e18a65ea4b5e8b60ee3a911d8c96a1d

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_de.dll

MD5 79c1cef8c38d0ad8e4eac06c84accebf
SHA1 4092a10acc777d560f255c85b1a1437dd53a7101
SHA256 5f50709f64eb3f03766e7aee5f446e8cadc1737d0f404db73f5dc447c1f77899
SHA512 13cd04233e8af9c194e44d1f322aa29d156fd399717278cde1fbcac8acb1efdc4a004e5e299ff19ce8b423b3cbcf35337c27bc435a777bd60e0bc4e8417aa9c6

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_cy.dll

MD5 b2d69e686d4d6401479b2cbeb5c62c77
SHA1 696ddb825bd7f812c11191bb53c2c00d548d4c00
SHA256 40810d25a6f9be67b000ad8228dc20e41e2b0d2223d0ae13878f265fa13bcfde
SHA512 b0d877c0ea2266087b8f464efee9fa54a504ec12215d2e7f3f463081075e7128e2d9437a550773e2b703227ca952e0283f940d3a6e1325aae2784e53fb3e6a29

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_cs.dll

MD5 7f14c4c134a48cdba2c41ad653a5fda5
SHA1 a181b6f139b9e999efb74a11b3a966480c706e79
SHA256 6fe845b8e932d1422935eadb0fdbbbcaecdf567778f50f6a10eee72e6ac860e8
SHA512 4cfe470e0039f7452db7dacdd8512c5d873b597a583a35cf6132cef3080b3787f816022b14e067bf699bce2b142be2073dda65e9bbfb81457e8fcd8b1436e02c

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_gu.dll

MD5 2bc86512dd0753e4649fc66d72760498
SHA1 21d7a1ff5c5f54f9aec52b4d6dd6beb72c9988eb
SHA256 01df748e21237a03eb6e9d616cf0ab2cc63272a736c8e6fefb476a2b59be3302
SHA512 aa7cc40847eb65bd67c07261d48c18322d63cd7acd5d230cd93847ee7e94e879ef87e9fb96b4131af7aa45524b3c48a01c3a215bc515a2227223504045cfdc83

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ca.dll

MD5 7f21e0d781e6ca29c3912967eb920b33
SHA1 25f8be269cb3a1dd322de909b8d25e22919febcf
SHA256 aa499ed11eb86855c85426158f198b3efb6fcf67c3b484793f34240bb04f049e
SHA512 cdd78c9656aaee68306527e3a81bf6b2bb749b971342c1fe2b45230cc06d97a9ba6e6f6aa4ee50de0d5abf983b0f1d0cad3718162f046e623f2f6dda6ea87200

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_bs.dll

MD5 78bbea4a67479fad54a247e877c213c3
SHA1 800c9ac56787b18fbc010cf0734b4a187d3f4a7f
SHA256 beb02561cdbe2694028c2106b603661d4b7649fb4add685e5314c7c1d27f6252
SHA512 8528525660df61bad32f3492659d412367ac42291be8f018ed1017d47baf205ae95b091616b0ac2b20859b1ccf504068dc4e317e176495e9021b109c97c72bc1

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_bn-IN.dll

MD5 f7d821198825ff1e2cf321d15e7033b1
SHA1 fce91abf0300084e22521c81f8d194965f25f556
SHA256 3518a0aafab4518df873bfe4e1c9e71e3809e092870acdb12eaacfe52c01e25a
SHA512 85b196fe52121c49dddb552dfdaf3f986160b53a78523760dd94ca08cafc5ba75098a744dc5e605419c9914a111dd207d7d737afb91d73bee7ccf0cf83a8dbfb

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_bn.dll

MD5 a164b4c542d58d702e81e05024d95459
SHA1 e034353f3b1e2afff2ec5c36b36028a94bba9567
SHA256 f332fd86ea630afb90bc9d50925b25bd85037e18f186aa45c047fc179ccd77a4
SHA512 f7f22ae416d949a45887e0f0f6f67f6b9518d8f5a26578365dc1bbe979f731eaacca34a53c1d55947ba9cb99697df6ea628f005701f711afbd73fc356f848893

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_az.dll

MD5 ef2bdeeade769996349c0a0f4a7c5872
SHA1 8d3944bebeca2cc674b0459c637e125df0621967
SHA256 6d23e6e87ce3e847ed059781bf895c846e5e34e66083f92089cf08b403432a55
SHA512 260d001693a36c7a5db55739d1781bc41b7c76a182d6761229af2723ec223b426b4b4b568544bcd1c97b2415821f2a9514a49c5483f9038438349f7dc31993b8

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_as.dll

MD5 009dce4ff4b372178c28397fce96a59f
SHA1 92277110bc332fe7863beb2ddd4e09fbc55bf81c
SHA256 d333edca46076709ce749e5c55efc888e49120e27c63ffecdf3e78222ea155e5
SHA512 4661f3262e7f002916530cb2c9c70d2de5297ba634ad451d4fb39870a26d1a829082995737b5c0b0911c32a20720862dd753330aeb30e993a882fb4fbb110c43

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_ar.dll

MD5 ff770d70c8ba319bd01ca708e2644572
SHA1 6b8c84053f4ae62afdc7002cb3f2e849800dcbb9
SHA256 db673f6e96287e8827ffdea3ae880aebb5f1b2bc5d45bf26be6513629ed12f1b
SHA512 8bdd358dcff62a0e3927202e7bcb85d374a2cc351e940707ed4d2638f4f40b3666c7741345f6c0bcfa75b9b3204c1a821dbb44458fdda95a05b0b6a253890cd1

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\msedgeupdateres_af.dll

MD5 b02f36aca674edfd030906d8aa7d3e11
SHA1 638981c1e6713e1c2ce2f551bf7326a1d48ae3c7
SHA256 962a6ed3be729a924512528f6170fcec6a86bcdc37f89faf8df3e31fb2c9bf21
SHA512 2b5c087c5a1a12e87b6b3ad621b9d5e0380f0a962a727bd261ab1b0ed0a40aa9d7c2500648469758889df598b86e343cb2a3f2d034d07250243a7d1e99dbdfb5

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 433681ca511d96f96479ac2cca102522
SHA1 321b86c79779e3685b022012a4ccae8b5f3aae19
SHA256 da5f97895efb9698657ea213e6d0cab53ffe6bee32933ca2341406faf64dfcbc
SHA512 7b90a0c624f9500a6aaf39c9244818d128cabc898f5e1e8a28f7a67fafb603b6906610834e172d2762703660dae2cc541d51a5b7478644faa5b6b820b6724188

C:\Program Files (x86)\Microsoft\Temp\EU9182.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 23a351591308d49bfe2625d302820715
SHA1 4787ceafc8492b09f85a1c8abb7e5d0c07f52e96
SHA256 7610b2c0bf22563e850e185864d9244eee94c853e6595cd18ac59b6d603af651
SHA512 cb266826f6ca3de75968dffebd2a3b480fd3348fa1c0b972851f1008540285cf93158555448446fb8b83f1fbff726221e05a3a18b11da0518ad65283d8eb8247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a774512b00820b61a51258335097b2c9
SHA1 38c28d1ea3907a1af6c0443255ab610dd9285095
SHA256 01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512 ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fd7944a4ff1be37517983ffaf5700b11
SHA1 c4287796d78e00969af85b7e16a2d04230961240
SHA256 b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA512 28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3502550df2b3e6440e055429ea16a6f6
SHA1 e8e36b341e726880dc02570165d43b8fd22b660a
SHA256 e19f188cfc6827b9e72c47d63aa9e29c2a6ddd943d22db1cd7c52128bf6cabc9
SHA512 30af106332d88708d9f703fefb80248dace02f260d15f7011b1c1f81127bc0ee3c9b09c10bd4415f8fe3d08f42aba9e52ebb510f847338a8370d7ca196fa0966

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a04a050b41902e482536ae3a826bb51e
SHA1 c9c48b668375ab08a95bbda48ed1f26941b7d252
SHA256 7e84c8d7eff2906b7970b30eac09ecb1e33fa5a447f7ccb8e19245cc68bf742c
SHA512 be2429010cf59462b13b78b45c29a57fe5ea7cc83b7512bea2f161cc241fa170c9d581b206459ef94448f256f090ce1afad0dfe913213e47753476f7d1212221

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 e363074a2c070fa29cb7ee77bdbc63dc
SHA1 0e5f69e68b6e64665ec96c0a47748efd55c4349e
SHA256 9f262140858272fcbf99f50ee02b2a7d8b3e44584af13b62f42b916899213559
SHA512 9c45f30f182ed396b94a720ae9af14772cd66e483ecb82c3166756920e34a4bd4d87587535ed1898f4656e3b5aef5570786cee08cecd8e6440887b5148d8cb5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a1213097e2f58912c2a1727dd1b3f70
SHA1 8d3ab445fc3a499f2de2e6ce0ce1739b5ee6ac8b
SHA256 41c787298313ca56d54bc38ecea11f42f1a1ace3958c207211f872cc344c7684
SHA512 80cf21d669387bc96bdd54546a10ea7a4aa8a1d3e4ced911abe3d1f2842251a4f38bf599649b7a403e9e5497f9527b015cbe7b72a48e3d84317bc9083501007e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 243daf8c8f5466c6be732f9c6dbef822
SHA1 9e52178a650f7dc628014b20c91c80a9b7d03c0f
SHA256 08636116a415c1a1c013c81b939b0d5a53182c7f9583f7ab5f808e48d1cdc554
SHA512 8b9dbed8e54a28103ff0c756f737af6d90206f380b6791eb9f0592ca34c022bd805f12546ad9eecd0d8c38f651aa7670efe62b6d14bab1f742010514bed553a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a937f99917758171a0cd7be9a0d3932c
SHA1 00cbd71194e741468151228c04da0b8d13066517
SHA256 bcb825966f2e7898430dcce37f9d0ad7698fa396eb1e4d31af2261df607b0aff
SHA512 e9147dfa49a6a427639b860e2f14b8a9eb3884b804fbc1797a7de453047d99266cbf8878fe8aee82a7294758b171c20de0121ce939768a91f2dc6e1862391483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1c3dcc4365417a05f8e948a59f820d1
SHA1 b531fb3097595eea2eb00eba5725e2699d2d9766
SHA256 8d86716b75a69176798eb651d34611d60770cc0232558e1f016fadc1fc6ccfd6
SHA512 3a78635588b913ec09ad25973a00f374a03ccf43ccfa594918f935ebdfb76c90212ffcefdcb18f4ce44fbe5c78424c564c0f34992073fca0edbccc06318b07f0

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\123.0.2420.53\MicrosoftEdge_X64_123.0.2420.53.exe

MD5 c643505e32873499264f017040bc5849
SHA1 9c11465f3b152eb4f1790fe29443af93ef1ad801
SHA256 28a1d1f6b0b4dbcd3f0c1f6e6bdc55e99655faa8f3f9d7cd31782caa50a9ea09
SHA512 2eb306ddf7d2ab2598d91ae11fac8f6e13415af6b9757b85d45051dccd9bfc0d5da1dc3085d89f3c139a777d7469f3a46aabe638dc5ed9ff519e4c1878353c58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72927667b5715f1f9a778f3006b1ea20
SHA1 03d1c21d00216486e14cea0d640bbc77c19cf0ee
SHA256 f5ffaeacc44d300546bb74a173f06e598ea3b60d5412dca6339d876c6c8de798
SHA512 b1fb3e31fba495ff5929b90ee1db2fe5fbf5c6aefd0cda418d63dfc2a1ac9abc4c93a7268074a55918eedcb5bab0b0c226910b5b6380164f7feeb6df060302b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a0f.TMP

MD5 2af1a39027f23ee6c3b971626daf9459
SHA1 8c7c14e868be0906cdf6d3970938aac59ac0f241
SHA256 483a11183d1ca93714bd0b0b4f27e0a72cfe02a4eeaa85aa5a135713c27c9f4f
SHA512 06bf22129df4ca9849c4fe5e13a97a5709961aaa10ef7130dd711cd0394112ec2a086e538eb21bf90b6fbcdcf50e7cb9cad361caeec42bbcf96723b3691609fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29367d65ab0072ec67a9ea36ea129505
SHA1 d54bb737fe8cef1485e05d96633b72dc25d3cf3b
SHA256 e67966c423da88acb4fe6f99916f23ed5d2a3e2ec4c23de37a9eece23a2e0ce1
SHA512 e2356d422e16716a881e9014c2a3f6adb6e75e6ed28c0d65ee1123f6383a5d14e5d669b0549d021041e20bcdf3e43a9d0858908e5085895f2e348072fb606baf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 db71a245c61c9df886088c53e11929cd
SHA1 a28432c28e4dbaaa2121e5c8d2caf9d9081a4737
SHA256 54eb81b779b0cd41cc2d2b424bb2ecf1ee159a64ea436ebecc8159ec304fadd7
SHA512 c90a7c55db8fb44e29f17aa67d6675a8e40fc723e6a2a020481e5da5ad221747d347be0ae36813df93bdd85726d776cbac11085eb44a49c0b5ea1eb7fc665a05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 9901c48297a339c554e405b4fefe7407
SHA1 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e
SHA256 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2
SHA512 b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 9475922acb0721bb4b2d677528934dbb
SHA1 5fa3c44af18ddc969f38efa7103284d3e2dc9876
SHA256 44a5c69c085de67817f8a5e33e4d7d475b41eac46aec7ca876d43ef3b76e22f9
SHA512 9864edd55d0fc0568b7303842b0e0566d181b2db88a5332bd374428c18cba3a924b7db7a6759bbcc6fe9c278e06011147b7c1f103761b6abd13d950dabd8e07f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78096d13fc9209d4f602ec4ae297317d
SHA1 7411823403ec6eba8f7fb195ef8fd754ce12b15d
SHA256 6f6e05bbb16794c90b53416cc43f7094f28e2dc6d8aaa3d0b7b373f4a7dca32d
SHA512 47b9d5a0756e29fb9281344658028633d5bbf477b1a12251434a9ac934b95c962ee6c509b3b512de9e7c0e82b4c9b44a855a286ae86b702b038469f71e9d3fd3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f2a9ffbfc35241666d8e41ccf73f877c
SHA1 c23cb0251b40f2a0ecfe55ab025f8878cce2659c
SHA256 d50edb14a3daf16878b824651f1d8ae2aa6b1a6dca5d85fd62f32fee8c40c698
SHA512 1c3138ad0beb0f220a610be795bb01c9fd674b2bdbbe84b7c65afe15e20b85e86921c23f704a37fa289ec08a6308adee1286a44ddf181c380539a44e9ec10acd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d086aa88137470bcb8d64c8c5897a5e3
SHA1 6f1047707778dea02079926c07d00003d3b79990
SHA256 b35bcabeff2e0bfe42b3304bd0a87f8df620c242c2e1a153254a48187fab20cd
SHA512 5f2c15f493199d310b89da788d8cb7c08bdf4c61031fc8efa9e0f823e8c95db2e5b6cffa73c04c938da91dc6f1188b95a5c50f51f72145e26b36dfc4814f033c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ae2e9a4c33453f8642ef87ae4f9d9cb
SHA1 493c2a115fca959baab157cf2eac1331c3f0c3af
SHA256 fefd5cfa8d3b50e385aff5e8ef8ff55fb2582b4d60cfecc368211ec59dbaae2e
SHA512 0bb086b901a4391c4baa4930b8fd247e2cbf8397217de07f16b2d7388a3b846c731c27fabc786e8628f67724b2201fe8e5dc42ccce8eba85c980f7069300d42c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2380c8a0456b27ac96c66e4e82dad28e
SHA1 c185a6a5456d77f37b51c6fac33a040f3edc9f14
SHA256 5ad774e10342c06d684b73a3ffe01e73c7bcb5bc769c0cedf27132aff6f02241
SHA512 f1c5b7e39464e9c439ba48f65e7ab9f00dd6e39921b136a18870829d716a5da850413508a1cb170b540910763d9a8309a20241c38da7ec5c7419c5b1ebea744e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a9b43c4d6897ff3646f46a8d263427d0
SHA1 a63a165145b8d22acafbff10e5dee8d96e7a94c2
SHA256 51bd4c9f441ec0c2e354f135ce3059d8af8a062a0bbed0b2ec213fc066b0820b
SHA512 b1f62ce357bcbf5fc588f6cf3b93248aefee55484dbe3c43622270c42e3766c72550f359a2c4aead05efb39e2cbe3ed60641eb937a61a04e937fa9569dad3242

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e9033aec59393e3b1989d1ff29e2a991
SHA1 f969c82d2066de749bc75d927d81be7dabe5b3ec
SHA256 952971af2a40a89d6a6f8a06c6936cc1101ad5bcdc0caab495b0a82047451fca
SHA512 25888abc8fb51f802d606b887974de3d894f2f4bb1e29f360f3e5fffc5d45ac7c23d982ff142126763acad34c768f5aeb997a60ed9d5e382e26b5977db1054d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 86b5628071d43d6004d25f1c2c94d8ca
SHA1 bf0d61a4591d07c73fa993d07fe07f414ccb7c60
SHA256 9d191c309119f25ef8ca23310ee9b62839f93bf1897150f74c38464752532762
SHA512 cd377238f784b1829ff256530ceaaa95dcb242aa05384b5b3f6c44c7b351d3d1c041ea4905564acef5b700026fac56c935d7c90519b38f00ab6fae4e10c59f50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 116a2f6fa5f1ec19dbbdae0018db3e19
SHA1 c8a77a1dc4f56e8e715d799c5cabf423f63bc8d0
SHA256 555f223756fa7c634ec33bf2ef72f442ad0dde5f4b8ca09443344df447477f13
SHA512 88a0189615cefd8ca99d5248243960c744a50438dd3660e72a4e6b1884db83bf6c8381a4f076b2c913995cb18ca2aec6aaf0869d057083fd281bdc914def34b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1e5ca62708d4f105fc643d906827f647
SHA1 d20e54f0da7af361ea5caf0a023d50b67ecb290d
SHA256 83d55db626de620acfabe3c1cf4d7c02b129745b0fc428a3afdae06cd431e8ff
SHA512 fcc7a39148eabb8377335b7988a706191b06edf0d6e2df5373dede5a398559f47982eddd1eac8734a4169c84616f97a97bdafa6b9816e3940f7f50c7cfc23164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 16d41cdcc56c743bb275c38c1f0e57db
SHA1 b89a94a77c0c6a3960d0e245c73c405f832b0a0f
SHA256 b43a16c714f188f2d15859aa2000eed7beb84ed8268d47d26d07e6078010eca9
SHA512 4bc80c0f1b95a1eb5aad2aaf62b050222f24c64e9a90dd5651f91d99e0d8f9625c531ca4ea63e9119bdbc50f78df2b68a7567b6df05885e422e5d6f21ae5c7f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 97493413b06c4fded506e5f1ce7cadda
SHA1 e1de33607e5553f2151a739cb1cdf7af4ba06b96
SHA256 0d19b5aa47a5dfd7da1f967cdefe772e7273b021621040b2e1ada074c5f1792d
SHA512 2c083394c1570d45df306397f6d7cf85c310d6b206394ffd630e4e2159f1282ac7999b5d728765bd071355b740057029f7fec6d5a61d36199148cb86cc90963a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b001c55f56f1847b53367f56ad3e34fd
SHA1 a32e70dc158e0073350830dee469ef2fb7ce8be6
SHA256 16f272f69246df155e8d97cce21bd4e3804588bb23f52d405f89d925c67d1d44
SHA512 348d795af8855d90e9e24df919ab53995ea9ed774093a43f78e6bb3793ac09d37563ab1071a861e938e8db69ee882e5925c5a8cd5e9ed856fed0d0d7c9e1e1d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a279bfc7cdbabd28d19aed29a1580a11
SHA1 149dbb30d30beddd71106a1302fd81532697351a
SHA256 18c8b8ec53703e4ccbba4a88ed042564db163262d31a589292dce25e3beb1952
SHA512 a22be7867eb69df4d368b954be311ffe8a9d4644ecb1fc1f7e539b5aa6b5490c7678662bbd74809530ebe9b65f9a6680ec7482a30912c9652ce7882de9f1133b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff393737740216801aef5ca1d486c428
SHA1 db4f0ef6983d869b2eeab60b86c9956ad3167005
SHA256 f3f23d8521283e606875acd18e467434b5d37acd19e9bbc4decb40428774a866
SHA512 428e8559fea6326c1395500f13552ddc1b9f59530e84d94f21c3ae2a67fb34c707ad36f17b28334f5a5c318c66f9ebe3ce5f3277450fdaedca19f0034a6234d0