Malware Analysis Report

2025-01-18 22:18

Sample ID 240430-wtymwacf41
Target MicrosoftEdgeSetup.exe
SHA256 202b59a2588c576cb56ed8e4b98d96b70fb57805015c6a63624ac176779a471d
Tags
adware discovery evasion persistence spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

202b59a2588c576cb56ed8e4b98d96b70fb57805015c6a63624ac176779a471d

Threat Level: Likely malicious

The file MicrosoftEdgeSetup.exe was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence spyware stealer trojan

Modifies Installed Components in the registry

Downloads MZ/PE file

Sets file execution options in registry

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Registers COM server for autorun

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Installs/modifies Browser Helper Object

Checks system information in the registry

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

System policy modification

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-30 18:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-30 18:13

Reported

2024-04-30 18:16

Platform

win7-20240221-en

Max time kernel

147s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\ffmpeg.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\beta.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Notifications\SoftLandingAssetDark.gif C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeComRegisterShellARM64.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\is.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\hu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ca.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\sv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\fr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\msedge.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\de.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\psmachine_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\es.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\EdgeWebView.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\ug.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\msedge.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\vcruntime140_1.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\BHO\ie_to_edge_stub.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\ml.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Notifications\SoftLandingAssetLight.gif C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\vccorlib140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\msvcp140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\el.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ne.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\nacl_irt_x86_64.nexe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_pa.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\EBWebView\x64\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\identity_proxy\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\or.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Locales\ru.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{67600140-557A-46D8-8EA8-DB0B52029A34}\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDecision = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDetectedUrl C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDecisionTime = c02f1f2c2a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{67600140-557A-46D8-8EA8-DB0B52029A34}\WpadDecisionTime = 00faf1622a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDecisionTime = 60c1d4262a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{67600140-557A-46D8-8EA8-DB0B52029A34}\WpadDecisionTime = c02f1f2c2a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{67600140-557A-46D8-8EA8-DB0B52029A34}\WpadDecisionReason = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDecisionTime = b0577d6a2a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDecisionTime = 30cdf4662a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b2-32-9f-40-50-8c\WpadDecisionTime = 605cf4202a9bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDAE441E-F0FD-4C2A-8BF7-1451FCDFAE16}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\BHO\\ie_to_edge_bho.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mhtml\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"%1\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\109.0.1518.140\\elevation_service.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\OpenWithProgids\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\DefaultIcon C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 2992 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1748 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1748 wrote to memory of 2080 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 272 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 604 N/A C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 3068 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1068 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 1068 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 1068 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 1068 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe
PID 2228 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe
PID 2228 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe
PID 2228 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe
PID 1964 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe
PID 1964 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe
PID 1964 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTM0N0EwMTItQzU4Mi00M0ZCLThENjYtQzUxM0I5NzhEMDdGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezQ0RkVCMDgzLUE4RUItNDI3My1BMjA0LTMyQjgzMjBFOUQ4NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3My40NSIgbGFuZz0iemgtY24iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAwOTcyNDAwMCIgaW5zdGFsbF90aW1lX21zPSI2NTYiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100" /installsource taggedmi /sessionid "{5347A012-C582-43FB-8D66-C513B978D07F}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTM0N0EwMTItQzU4Mi00M0ZCLThENjYtQzUxM0I5NzhEMDdGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0NCQkM1NDc2LUZFM0ItNDZGNy04NTdDLUQxODg5OENEQTVFNX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMTE3NTIwMDAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{003ED6F7-0B55-4581-AC0E-9E045D116A0F}\EDGEMITMP_1DA7C.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=0 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTM0N0EwMTItQzU4Mi00M0ZCLThENjYtQzUxM0I5NzhEMDdGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezhBQzI5RUYzLUJBMjgtNDU1Ni04M0Y3LTgzMEZFQ0JCREZCOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9InpoLWNuIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIzNzUzODgwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMzc1Mzg4MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjk5NDg2NDAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MTUxMDU2NTMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bE56Y3IxTmFETnIlMmI2bm5kQ2UzV1oyMTlwWTN6amhITVQ3TnQwNzRTVFFPYTJqNkNuOGZpcDI5SlZ0Q0t0MVpRRFNjR2lQYkdRJTJiMW9QbnZ3cEc2RWlRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBkb3dubG9hZF90aW1lX21zPSI2MDIxNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI5OTUwMjAwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIzMDA3ODEyMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIzMTE1NjA4MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjA4NCIgZG93bmxvYWRfdGltZV9tcz0iNjE5NDciIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTA1MzAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.165 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.140 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xe4,0x7fef737ffa8,0x7fef737ffb8,0x7fef737ffc8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=1580 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2224 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2536 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2564 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3000 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3136 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3172 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3304 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3324 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4636 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3208 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2244 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=zh-CN --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4844 --field-trial-handle=1420,i,9897644886265602958,6684737507444137406,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\Installer\setup.exe" --msedge --channel=stable --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge\Application\master_preferences" --create-shortcuts=1 --install-level=0

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 204.79.197.203:443 ntp.msn.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 13.107.6.158:80 edge-http.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
N/A 224.0.0.251:5353 udp
US 8.8.4.4:443 dns.google udp

Files

\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdate.exe

MD5 ae0bd70d0d7e467457b9e39b29f78410
SHA1 b4a549508cbc9f975a191434d4d20ad3c28d5028
SHA256 4d9f16b00bda1db65b68cb486f7ae1bf5b32aedf7fd335e4a8ef2fa087870986
SHA512 cbe2b5ffe647f5318edd9825ea6536d6d14dab66920def0323fb5b4dc03a4f8b6781b9209e5a557ab4d270b3f2b170797e6bd807195c93869367c0a245a3168e

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdate.dll

MD5 6545c51ed0d062d63c7dd5a6f00a32c6
SHA1 b6b7e5f44cb3c11f76a46e18fa7d80be9f6fdbd3
SHA256 f9431d85c0869faf740220f88b2d8db61b53d9fb324da995d938412caaed0f3e
SHA512 c99b0333b4e598fd9cad556a2fd60c725ae4c4ae45d53a45a7e051d106e3e24c401fd8686eb707d8357f01d899734889271ea3fda28bb55b7d35dcd338db7fb2

\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_zh-CN.dll

MD5 2dc0b30b62edcb73193f49affd7ebe4d
SHA1 09a2e2a03268872b733fc42421a678d7e03e0a50
SHA256 50115311dc42f543b0ba74fe9cc3fbefd2d145035099e88c05b2d4090c2ce0da
SHA512 da14338daa44e1c1dee865d630f5ea709e1af2b1e6f20cc8b709eea6fc2a33b5b885ec8f055d3a32cc5694dbb7a47862b6b4b1e9cd3f976f2c0b3b33bf9d3736

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdateCore.exe

MD5 465c5a2eae01ad9cc32ed0c5348fc2dc
SHA1 aaccb9ae7aa82c8ed62a43571596c3a965b658b6
SHA256 ff9b8963958042a650acf2f13a3697e5bb1c5ff2cab55d06166f5527de626021
SHA512 605d9f9d12b981f218d0636912e048d4a76f01c960793ae9f6e1dd59f49c1fc2e615b51d919605d433467bb2fe9b9fa5fdb979432085a88f568b3b4cf876af44

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_af.dll

MD5 fa5578b2efc78389b459ab88b58c9abd
SHA1 980ed1ceab5063849eef96deb26825d66aaec16d
SHA256 79dca4ee4b15d9e599ccd7e12529a8b4d453d51c2b9ecd54d50bb280f0f5be7b
SHA512 a4146ef506737eba5a7c373a51059abe4569d41b7030f75a9fa1228c729fa8465e22f0c2739af2690e9408d76f43c343e4ccdb92e6110505d2655bed5844ab67

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

memory/1984-116-0x0000000000220000-0x0000000000221000-memory.dmp

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 66fcafc9f2f49c19563d76f5337788f1
SHA1 9544b0b23129dccaa43eaa5da4b5b4aa5eedf88d
SHA256 06cfede5f76e1f17f971fa265e318e22fa6d743f0ee5879dfa9b09f5f471f207
SHA512 ae1b4435e866ea4795e370940a8524a1b0bf04941612017831363b735d97184f1a125af9f7aef1e755b1b242419adbe4e5db7473ff090ca87d6669c25b76f14d

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_am.dll

MD5 e59264b8cdedc5590fb6d3abb52569c9
SHA1 2fa3c37ac3c81bbce1d1e2c6b9861b36715eb14f
SHA256 5426cd930a651e304aed15fc8d693dd809f994cb195ca023608317efa7ef69f9
SHA512 3d16943726526929678d7b4d9ab30b291643bf28c93fc010371a68af24f3a169d5da8b3e75413dae8279681092a558eba36ccc6fad177bd9b39a13728d3f3737

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ar.dll

MD5 bcfb450a64ce92040d69e4fb5930762c
SHA1 944a72d0072ea260e8927e6309de6ae4a4796ff6
SHA256 a09fe2478e1662bcab92b41c8ecbe73d6bdeff386f0789c59236588ae2f887b7
SHA512 210a39a25db954636e8da1ed6b1a9e3608f19ac3b154ec9f274694d3fb8617af69abf7516ea00d62a5b100b5121bd7de32ff5afec7632f697dece7d8a201e5ad

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 a0a6fe642213826a1613a5208a008055
SHA1 e9059ce64a1ee047d299c88a9c64edf61cdc0504
SHA256 f87c42f298612bb4cdaba4d56cbc1fde4856648bb1b771651b985b5d0f163cba
SHA512 bfa27c53eda95fea35e2b732fae85760f4c260999a646d951a7c2c0ad34f1c7af0a8d90916f4f99ba1cb1951801dfee01d0f7f2775e4491519187fa8b9718d5b

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ca.dll

MD5 140f6d23813e344ab06afe865699c0c0
SHA1 527abdec73c8add2f9baf9d8de5c7d454512710d
SHA256 390c60bbf529ffe7174f6e1f7cde2af1455d618f5eb16f6bc3a48cf2bdf51d27
SHA512 b51988055a11eeff7a07b9b97a5055c0e0b8ce60f5a7aca94adcaa62472f63a9620d4f34eae75a772674eaa9e9461d716ba39989c1d6708e3846b92807f6c4f5

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_bs.dll

MD5 0961601651370bc0ad92ae34c745455e
SHA1 25b29bd74f6c5b5d16fb178cd6a53ea981309457
SHA256 5443ff8250092985e0ea1ab213eebff92bf0a40d908051915ead8d1ae0e97a5d
SHA512 d81053a2bb8ebdcbcc8d55671371a71af68c5d2cc309cb92d79dbd20203285846887da7c59453f38cb721fc164768a0b92bfaf62f78eb264acd37142df5f4e5e

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_bn-IN.dll

MD5 aba517fc0076e621244645abfdf2d60f
SHA1 3c1226b3fd9ae38967f8f3fc81d5c8014eab8ff3
SHA256 17e4f7edf396f0b4d8f64b46c5530260558ab0637cafba8c93c8e928c2b6de43
SHA512 5e3e48c8a97d10eac726b964716aa3524388474a7271c03657868fe8f1575ff0bde8911b91f6e874011e0c93581bd7a8d0d2920a140fdb47f37bb0d831befe45

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_bn.dll

MD5 933d66b54eaf05bc5aaab7c681da0b36
SHA1 a86effdbcc468df187d74f5b5e9d42d88e3197d1
SHA256 0e472bcc13ccfa83096e11217fefcb0e5aed3fa7ed8f1bfca7f2b7c151691b06
SHA512 628ca72071bd072bab9f81a10c6ba79a3b9d48c60dda1b58d4245d24841ca1288fb253e9212ff2cf721e366ea0aff0a068b08372a0cdf9279b298825ec8d2086

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_bg.dll

MD5 1820cfa69f244a787a0af9a4935e94a3
SHA1 65dbdda6e072b7f7b60e5740468be3374d5783a9
SHA256 9fbc74077908ad444da57cabe2f070dfb1c4f902b6917ce539cb2728612324b8
SHA512 c7f3d33c0b0a8b0a68ebf7a2e79936b07ba7fd43bacd67dacc549a5856f7fd0495dd8922d0c12e5bcb774d67267c5ee8bad63ca12012c95311cae42d878b42d0

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_az.dll

MD5 75188196b6f7149d5ee776b95ff56ee4
SHA1 ad80c3fbb83d67c96fc4c3276747678d78d71359
SHA256 fddd8aba9fee226a935ace41d0f6707f1fae84d88f703bfa50ae9a13cd22610b
SHA512 08ee04a6a95b5b7c2396dc60dad24f2dcd46259a6318a15596581cf86ca66a47cd7a6685c94a746e88ccacf3f5ae051894dd2eaf2d09f04fde94524fcf63d952

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_as.dll

MD5 ff972d54852866ec3a43f11d7eeebd3e
SHA1 d3aaa7122de308be3fdfe27eaf7e22e0c0a02852
SHA256 b7862bb1d69e0e720db9fc1c498ed30f309dcaba73b304d239c1847441c5fd3d
SHA512 a4141404d4873bbef1a522e63644fdf37c6118a6314624541e367855e7d7bebf4bdf736295857a6e5c28db79ac6f51ff94123fb7119e05a48fbe3ac77505624a

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 1a1ddb1f95ecca9d13139ad436c3fe48
SHA1 bee6baf32a15188f5d64df3df3bacc12dcc56845
SHA256 515a028bfc6dbd7d1aa1819f1ef70dc6382337318f907656f3768d1c66cdd53b
SHA512 6e1bcb85d15a43757e6f3f75fb78cfedc4a8dd099c334415996cac7ea29f7e1577b8152c709192820d2b78b48b6cab7bf4015f741d4f1a2d845c6ec2376e5c54

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_cs.dll

MD5 90d8f09d6e68940399ebb1215c521511
SHA1 06d2a1a3a08cc2bf519ba83dbe08e4f240b60a4a
SHA256 2c27a8c3653aae163bebe05f010a5d73aa47f0b58aad14bd1811b2300fe564dc
SHA512 34cf592dbebf2055451b967d27cae5849896b26ef161bfc07aada6cf7757d39ac8b8fc9c003d3770f72aa046c132280be0646f9ae101e0ec36e3b6d95aa6a89d

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_cy.dll

MD5 cd2d40775ef0773519afcaa17509324e
SHA1 0ccc30932a50991937af5a16bd7ef92787eeb57b
SHA256 a20e03e1c56dd2438c85b52e94f54839596e5352ba4b3a406b2daeab5fd24c0d
SHA512 5d8aab4054c17720f9ea9dc28754efd440c06bf22b31c00c9020418a1ddea7bc9f5db285b2916af2e659c33649549a363af281563dff296275c4c8e2a7faf8d3

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_da.dll

MD5 dd517584ac41b7c185c1258a13143062
SHA1 60da459099559e30908938b742d6f5c1d0f99a4b
SHA256 904481a7bc079a6734dbce692d756952e7ffecebecb2f743568defc19f9f9e1b
SHA512 f96a73ad75e8d9adc01841a3f7a552c3115ff643d1cba669511e17012f892cb352cd77963044029ff7a7243b941e9f29e53a4ec51ba52977d05af20ab6d44779

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_de.dll

MD5 c4ec05491b1585b7a3aa50375f5e4368
SHA1 cb37296d111b4c6d0456e88b94b482de4582161a
SHA256 a1d616c002ae667321cb3d78958877dfa47bdaa83a43d374d8e3628ec6ae18d5
SHA512 6392f6b349804243965b2ab83e80ee9a80627f9acaf5803aade67ab49c78647e3c8983b38fe7d1f55fefa0c90d2ca3b0cedf3d820c32a700eacd747fc4c72401

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_el.dll

MD5 7ed8de68978a390eeda6b9f4145f8fec
SHA1 d4553ca5efd8801608196c81649dcd045e8beacf
SHA256 6ddf0517c8e51150048ee6ac66d5659559ecd4e6c3343245068ea1b8a3350878
SHA512 61806df41a9f2df86c71880be3e5e338ac35dad2a4964856e42a6d821b3d432b4412daa7a849cbbb3cb05228be777948387d90f6a4ed2276c537656098636e71

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_et.dll

MD5 8b51e86ace114d92a5fd2f53269a0785
SHA1 c175ead12ddc50d1df4b9b1687364aabee035a65
SHA256 7b5b4c7eb487f5411c6dda6e7a91501f9473e2fa66dedcce28a12f356b984840
SHA512 96de82a64d420120cc6eaf16d4ca77fd5aef1e848d6b006c2ec0ce5bbbc1ce6fae9fe57de552f3df9dcc59c49f5cdb024097a33c24c10de12c4adb6a5fecee4f

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_fil.dll

MD5 635e9a59fb087047b6521a8c622dc31c
SHA1 9a6b5f14738fe1d11b0bdc52ac86962145a4c852
SHA256 698d85a10bed433032d04d8221b2fec183ee7d944dbcb685ee90d28483084c64
SHA512 cb368f6bcdc85c41adfaf77f4705109a74794b7b99d2ffa2c4af4a7457ebab3777164bcd42c4de2d7c4944460342c8efd8102de6b9e51ee7c193b43205ff5eac

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_fi.dll

MD5 a3ae249b4498363bfc94043e725c5e2f
SHA1 fd1baf19de13def5c9e8dc3d91e57f2ad1a7aca7
SHA256 7c6c0a0ebc9e48da16f54f559f48af5ccdb375dcd914a36cc4662db0b7fe82b1
SHA512 e8d6cd5981e96f7c4897355fe3283c8b3a0da20cead2e1a6bc2dff9f00a6fa7493fe129607c24d9dded9ab86cfb09e090af3038d4f16268d473d417b4dc2dfd6

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_fr.dll

MD5 63167811b5d67909811ab2ea52f69687
SHA1 3c8c954d7e9295a89dd5b347598c55c450575aef
SHA256 cbe59981860ccdba144c645bd1fbb70072643bab98a21e2008e2731daf74ca59
SHA512 c33ba711dacca5219f3029b6d0ac0da2895d4ab9a203e6bb37b39cb9e558a555b9d7244f2b5c026d2a75a01901931830a15358e109215022958d089af0d66bb4

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_fa.dll

MD5 33639788ab5d596a09d2fdf7688ee4cc
SHA1 c6697fdd982c0ebe1559084f81d4e22304cd7184
SHA256 f2763c899c134238e169d0fd09eb8bfdb8fd42b25d0724dbb6a1adf329a7845e
SHA512 7a2998a7f7301671c7dcad8723ff5cd694710848ee1c43c9f06e525489b91a344d369aae45dc1d259c10c1ae083f88de8cdf1b8ce07b5a0d1a99fdfc87cfc21f

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_eu.dll

MD5 8a3bd0c8f91564d3be5696756e05969d
SHA1 5388d1afb06786bfd4907b7580f763810d07d4dc
SHA256 a8d60b8d17da26931755bdca16c486f03a5423d368f64eb164b22a7839bb17bd
SHA512 4ec41f8e7c945f583d35ce61e58cb84d97fd8fddd31619c9ded8da7b90a4bfd5bc41c350d15bee2d7ca430ac69f04df980d67a5b931e5e1adc4fcf5ea2afe8b9

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_es-419.dll

MD5 7e8d44be65ac66ce05fb0bae2ba06f59
SHA1 f7341452313b2e38c0212b1ed499912d210fd315
SHA256 564c505c5f3617b2ccbffafff9f81771055b6edccce22917fa0bf553386a3749
SHA512 59417deaed339aa61f19336f307f2a5f5057f7ee18a13f1c8b4055e0bf0b8ee15bba6b15233aff239a7dc9b1fedc4a993fa8f4fbf9d76393f930c6ab2f52da85

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_fr-CA.dll

MD5 1a743785d82759aeb4d8cd84f163e515
SHA1 55949bb303ce5285bfba2603df34249fead59a6d
SHA256 e73749cb09eee8f9b6b62e0aca144ddb73b35c89c06432f5f24c8a3ad609e731
SHA512 6f90905195914560db4050514e496978964501173f13b0d6df499e8659bb53681e19669be4d5b0a6467a2beeca88ac9512edd17558b7ff75580d15bbdc59b540

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_es.dll

MD5 4c3382b9bb276730ac626a30904420f6
SHA1 622af5199231a82a88fc70af89474f55af5fc2ed
SHA256 430a568d7d001f4dbd4c3473838146542f06e8b7a0e8a8f41dec5de94feb9f84
SHA512 1248bf0a772a7ad2264dfc3ddc6d0ffd278c83c335c8a4a1468ddee742fb6a0fa033ffd40bdd135c2604ce35c12f882951cdfd6ea728709ed287294e5fc149ec

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_en-GB.dll

MD5 f0a758482ae88ee848215489129ec7bc
SHA1 d1298f7e6e60f4a2c11a61c137200665aabdb3ad
SHA256 2d76f0bf2669c672d1fa6c46417e65ac9a160a01d11990804ca40d3a3d9dbe76
SHA512 0ec2be7863d2a7f187e831529ab959ffb9c90b4d90d45ad86a9e3522d77af86c12eef4bf9a5cdfadb7957e3e8fd8fd3841f4c301865b823bfaf99e1b55182bfd

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_en.dll

MD5 dde9aacccb335e8a14bc4c0f2ac28eab
SHA1 8dfd19ecafda06c7e760e8fc17cc1dc43b9f3508
SHA256 c701a69236db5927f925a7d2d9845ca22cd59e03e83bfaabe5c4db35d373c056
SHA512 37de0760864b0e25277664ef8d8c4ac0df1f90ec6caa37f6e527be3b6af7a977b58453d26095fdede13ea9383166a9e60e9e0fdb9d8856eb54632a2943c1fada

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ga.dll

MD5 aa92c3750a7c959d96701e389be062a5
SHA1 1dcdfaa8b19ca5606864db6e6b81d8ab3ce55d16
SHA256 7b1597017f98a23571d37718ca774fd2510cebbaf25f702635043a3146d1b6b0
SHA512 44c2f8123050bf37b89e1ad43996be8694d12b1528d1bbe0fb5af0af2251af1a4ec0e91cc42aae3ede3c06feba8ee947fa5ef25d6969342903f8163fae637315

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_gd.dll

MD5 89b440abe50e070b0dbb1089c215dbb9
SHA1 085cc73e258062989d525d2a27f3b4edb3d48c65
SHA256 b25f58082c09e3db22708401fca30fdf97040c3a11279089233db78705a3a04e
SHA512 90b17788b9b279ea262dfde5391e68752e2d384ff9c0c05ff7d83ac78aef17fd664e48aec2256145e5e8baba02a187d5479685b2259d6178a77ad48aaeb5835e

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_gl.dll

MD5 2d1a8303693967e2b5ccffe10ee463fc
SHA1 efc19774f17b5c629930c63616cced53ed718159
SHA256 cf8d95b6f78b1c406996ed4187b28b2610067535896bc58669da41feddadd368
SHA512 527e4b5f61a90395bc274939cc1257379e443d088b48372bde7b3145cabb56632613134551b281ee4af5f2b2464231d798afec02aa9d75d9afefffb0d401e840

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_gu.dll

MD5 d05fb9b71ba0ff3961dd8c8eb7e2eb1b
SHA1 5057cfb73182875db3460c22685629455cfc7023
SHA256 2492a3f35b6900a335a87676e6204ec1b9434673de5df1572f83dabc37a21cf6
SHA512 fff4e4da7f6438c6dd3dd90f7c6cce6f14626963c3cfaafd42c3514337af7af0c8bea4d8fde3c56d530df5a082bfa9fd7f8a40a10eee922589c7c50a8d58361f

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_hi.dll

MD5 84df8de6696f3f10f447b93c65558118
SHA1 cea711a6b101dec540982f70aa06a2c2aa892f86
SHA256 9aaaba5205230485c3659ee74c2ba69041540e5d62fd39f185e6759c97f7325a
SHA512 d7d0944f1d691e40f7fc35e59b199288e914fbb4a3ee90052ff2adbe11f9fd8e0c4090d0b4b7eef7e0ae39514030848311d48f5dfaf61d075ba18981d029b04d

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_hr.dll

MD5 a6c4791612c26968b22b8124ee069e6f
SHA1 01724391167f0224c1d901b8a0f6ed1fef2e00b9
SHA256 ea1af73bd97429ed2ed3650cdc10b5c6f9296a5102821d4b69e7c0d41d9f0dd7
SHA512 1e6a801727af933683fa2f253f5fd9932257db94cfe08106ce8b1e82b2dc6b36f34fe103c7f01a28039ecd54d84647902c348a6c7cb162efdc89d88930bd7c20

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_hu.dll

MD5 523dab9f0691b5f9f748c2d28a690eb2
SHA1 26f3563ca6ad6add621bd84e8421822c5ebb2758
SHA256 6484b275195ce3b13cb31d75a4c0d2fd675a1be892440b59bd404eb0dd077e43
SHA512 fd5e0b330ad84076de13fc6a4c9abbeb8264ae5e3dd8fa03b7634d6dd20e309fc6b4ffba48f6a36e29f9ac1d5e7d818d12cdd0f31ebfc88903fce31e97feeea6

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_id.dll

MD5 5f3bb745fbf228f814ff7da6889a4e56
SHA1 368959b8ee12237971e7792c9e9aa113f52b2fca
SHA256 534915e0673f9bcf5dbd0a651f69065708c53e64de1a12656e3a2ae7bf4fa09f
SHA512 1d837500cdf4a317312b1c895c079c2252c7b9abd806e7ee99b89fc840e410ad781fab688858fd7a8b9c48f7bd786019f412eaa831af54bb35d942fae0742456

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_kk.dll

MD5 783d82190e727cd2d6600f72db389fdc
SHA1 f53add9827ba99297735195213af4da12b8cb933
SHA256 da5b10fe628749034d226129c727fced827550431369ce01770ba56953e7bbfe
SHA512 22ddec82074265e2d6a0c9ffe5213a3d8f375ad79bb28f46ea84ac18aab95cd75882fd8579e0f1d4c2fdfc31e8ffad895b49afbdaf90ba9b4dea0b26294543bf

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ka.dll

MD5 7a165e5128da3f8bd3a09ff89fad2302
SHA1 2a1c54a9892a76b61b35e34c9f06c9c1d85a407f
SHA256 854cb557a42f1f1747cf7ebf74700ee68e6cae3082495399cb1b970963e7e37c
SHA512 b6dc4d705558dfd7da72e7d57300c6acd5a6049a8a78d1431d932a8bb7095727f68f84a3a32cbec1e70817a138b4f55305127ed8e0c64c6d4ae82f5a0e706e17

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ja.dll

MD5 41146ae997baa8384ee4e5f7a8dd2a56
SHA1 77154fcab91e9ba5f093758198cf679d1ef6272f
SHA256 a965fc9103a427f73388f3cc627cf40adb34d913845487b2e01566f19c6a874c
SHA512 7a3c1fe5babcb4d9d1c70d82779a5f2a1d243be3ac26da357de662a30282f8cbdfaf2c10edd984ab3f0b37ad05b79a0660bd1cb1ff4b2c11da1167d48c39f5b7

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_iw.dll

MD5 7385c983777668a6e390dd462172c480
SHA1 af0ec0d86a60d33e6cf3d4d5929a2bae46fd0c3b
SHA256 4f465cee1dc3aa3b134744121aac07fccb1505e62bd946ae8637567c81c122b3
SHA512 ac3b69ca4e25cba580bd4ce384b500c1c96b24502b893ae1da9268e5afb23c141d19192da15123c8639a4f2a8a7ffb3fbd6d595fd845eeaf4dec4b8b26774c30

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_it.dll

MD5 d2fbd4f80876839038c9c49fd545ed4f
SHA1 acc0fda636ff6f38a1b80a935242d98591f40031
SHA256 d932b0ec0f8a3980309dd93cef9c6e88cd98166715f87f42741f83e5e657a4d2
SHA512 ef0a00b362ba9d52863b260f5aeda6ac45164c29276d0c34b69338df6daed2cab2e093d186e79652c8f585c5d074224efaa748eb2d1ce973ea824a8cd291e4bf

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_is.dll

MD5 9d2ea90d056a0d4f8d75295070a67ed2
SHA1 77be93c75be719558e91aadfcd2fae5baf98fcfe
SHA256 fa796186a9159cb162ea36e92c57ec9e721d443e20e5547b5749f34510f0f837
SHA512 500f739c0cab903d1ca1a358728df0c7c105fad7ac88cff0425032640ebdc9cb87656593836e6694eb91513963a49399b4186ae34b0da1bcb6142816a0abd9bf

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_km.dll

MD5 71c061fef2688bf3153a6ef49354b830
SHA1 207abd05b91ebdc3ccc631ed3e688a01770c51b9
SHA256 1b8fe3a54e66fec65686a1ed5167c5aa117f041f876050c45371e97bd3c0267f
SHA512 78870b1de78bac9edf0620ac1ffbbad78d5122d14eb4c55591bb693e1f1298bde7c30dd99f7db863f9a73b353010f682e478001654a6761be521d89aa81ef5bb

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_kn.dll

MD5 c81d6cd31972fbffad85134b1fb99c5d
SHA1 d0f37ecc4364b5d1511b2aa34a0befe5567c8f63
SHA256 943619e952268b6582580648f5d49efee05e59c78fb201e3733903c76e95414d
SHA512 3e18b092cd04fc64641cf526af40178416662f449e6517a1e38a278ebe57ad7990ba5ecefe3d1242ace545628cc37bec06cad19612dd79f2f131ad92884fdc17

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_ko.dll

MD5 de28bd6e9ce5820077805f4b467fbf6d
SHA1 df0ba96a12898d9c1b9a4e56be72f3433685d238
SHA256 d7fbdda10145194aadbed1e8d94d678405747654e08aa148c1c004b3df710ec7
SHA512 82a17ed87669b8d75d33a07a8ff224da188ef3ee4ef13aa5f829661f61a8d5affc899e865683f537853261fe9fa98e43474c0530c893e438c19c1b14b524eb8e

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_kok.dll

MD5 509b2e222a850888e3191b37e5daf5fe
SHA1 dc9f2b1788f1575e2db40b37c279c8aca4ac5d1e
SHA256 fc197b296e528eb307e4c2b0cc804a01081d269f2195f222daa7598f423a4a6a
SHA512 41b51244e7f12721cc663cd421a08678ea702d87a874d6df61e754c34a540c7a67af4ef9ac69d25f1b312b76749cf21497898facf23017cdf1c6e152a5752f3a

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_lb.dll

MD5 71e838eccf2045a7687535dcb7f75908
SHA1 760ee5ac1653b13f11a795c9b835cc12207672c4
SHA256 5c2c590f7b2564c633b479cd3c69cb23f4864e7be903c0b69da426914f6afdb1
SHA512 ced3fac25a95fbe63f5e04bc722feefcc4adcaf4c3b787263658eead49e89569ba13e3d6e90a2217460a2b3199647e6bb1890cb0c57dee7b48c5e3b59df9a61d

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_lo.dll

MD5 51e5ca96d76123d22cc329939f990008
SHA1 5a0543d5ef5d97b50ff001c60d79d3edbdcbf045
SHA256 e56dc7eafe6f357344a85f3caba25ca48ccca9d8688fbda29dcd28a3c9abfb93
SHA512 fa35b400ade971c9788fb7430fc0663618d1c1b7276b91062fb73649d873f65dd294aa80747b90a0abdc7c99bbf75f1a4ba7eded7ddf3b15e0d6ed667351f3db

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_lt.dll

MD5 abffc1e1a834ce30c50f44b40ce22729
SHA1 486ca416677f2d83d4a82bb8d145c3de9d154092
SHA256 8c63cf6a17a3f3c0eee8e3fd805def558dc03b2d1498551b1ce68e62f3ff473f
SHA512 5ec863008a55f6fa959cae10fe3f57314a5555c310f25c0651a1f93c3222b83586d1305895742f797d6c8e1140b88bc94720501d20926631f8e133138a064bc7

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_lv.dll

MD5 ace8c066152f4323cb5d2e60639a0dcb
SHA1 b73280d119dc79058eb21f4bdbb79dd2df6470a8
SHA256 a30a91190e7b5c150f0364895e8f6bed0a360944265548860a0b9e0b8e09aa36
SHA512 76b474eb827f62399cf501ad313bd55b2b9109de102f1ea5047b4b7f45269061e466bb5c8334ddf0dbe7dd58394ea9f6c14143302961f3fcdbf0c7beeabec48b

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_mk.dll

MD5 4ed9fe5c7b44fe0c53118edbe40ac779
SHA1 9ba9c0442a67284d4cc15c9ac28d5bccfd4bc41f
SHA256 8bf0122ee2e34e027fe847775f8e6e6466490b25cdc1bd03e09128808428d106
SHA512 331997335322ea08d1d3601afa656e1d180da71faa99640299c58cc58a28a98bfaa96a75877b421565fe032432d9a57490ce985879674410a277cf6720f9156b

C:\Program Files (x86)\Microsoft\Temp\EU24CF.tmp\msedgeupdateres_mi.dll

MD5 184a07e2da03ad52fc101b519c1a6c83
SHA1 57cc7bb16668ccdee1c4716d26e0a07e41bf66a8
SHA256 d9b47367f0ee695912353c1b0d161795963292a3314f6cbccd3b2a2d7c588a49
SHA512 634bc609e2fdb598813546cb8e433dd312d3bf1327e3d0ff56013d6839783c16943f18d9a25274c13497fa97914ab7953dd84fcddbbceadb807a854fd6fd7efe

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 6a668b242441a65317cf526f3a71fec3
SHA1 20afd083102aa4905dfbfe6c849248c689b5351c
SHA256 0c1eb36dbf6cc83a2abcf7556f6acfbac788f4cfded366a5173fe24e652adf72
SHA512 d9e233350abc85969b7f3d264c6d7cd71d505a256b2d611ced05f7b6ccf1cf6bec2ef6f6c03cf69e674282f105ea2221df673bc3a52788c30722f0d88e090662

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3395.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40c6dd6f251cd4bbce2e3bc4bad01e43
SHA1 8c22be0057bfa2d2d980ce51a149e1ddf21e0ae6
SHA256 68b4a3161c7d5408e9e9045dafef2ddfe59b6f682e374a33e47cc22767c6404c
SHA512 5f6ad9e993c6cd5b451d4c66aad2713fa9e0105e5338ff1dc6f118c63ac9aeb6bb259c5279a113a269bb147afe4f957e3f9dbcef535c84d4789d437e0fe2fbcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e5b1828d3e2e9f27b916337b54eb7f4
SHA1 c63e1215db57f1d3eb2a06e5c7cf8ac32e328eb5
SHA256 90a9f1d5f9f31afaf9e7839979fc77d0609cc172d5797a3fda9c530770fc6c8a
SHA512 65ed524227310b4995d5b130c7864a3cd528b0caef99ef37212d64444354ad32e57d33e315156627c23b06de94d8a77f1302ceaad5cbf3b69b3637b0414cbf2a

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6997f0b4064612e4fff904a71b92a0cb
SHA1 7a8598f0c3b83bb5f66a743cde8a567f17f1ec98
SHA256 f189671abe55818bfad9ea689603b41e1072d64ca515a830b534d9be083a3b97
SHA512 ba7266b8efa492bfc1702ea29ba01c561fb668c65e9890f8bc9fc62c2544e53b90ac449e694da525fd9bebdf26e7498281c6618f690fded673068a53691fc2d0

memory/1984-580-0x0000000000D30000-0x0000000000D65000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 43e5f3c9bd8c0a1e9298a583e0737066
SHA1 2c33f12351d4cf40f0e6de622b7e4ff6d5d6c4f7
SHA256 f3ea5e9c52cd903f9f81c072d46561048228250f76fc9958f5ecc0af65ea9bc8
SHA512 fb45aeebecd720c35982cca65d9b908ecfe04771346c13f11d1e7ba03e966d0b470cf61a965423624b1699ed6f8ae2d4c7ab03715e974a60c0d56f20ea995435

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd0ae25c2b2f8234993808f0596655d9
SHA1 1de98ff06e4be5b6581de9ea53644bede8034320
SHA256 09f9efa7d1257f105ea1c7c1084da405d0fc1f823233d241f942597500a0a8c2
SHA512 84519ed787de962e323bfecb12bcb22d668fcd8d5e717072ebff9a5c3fb152e13de8d20abebfeb099336f6256d338a0d8da61d88f363db04a298c8ade4fffdbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a1e513afe2866d4ca26cd4ce7361c14
SHA1 05d9a9d6bb1e82e42e3024000a1794043369ebcc
SHA256 237d8022351984f80de043655ac6db68e089a098c98140ee6d5debe63cacd891
SHA512 d3f4872a9c55c6447e89faf1774f32972ae04980f6058822e23755d9c339bb49aac9894b04d590845353d183ed584dedfb0817f70285354d0a19d3a6343192ce

memory/1984-1044-0x0000000000220000-0x0000000000221000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\109.0.1518.140\MicrosoftEdge_X64_109.0.1518.140.exe

MD5 2351a10f63322e5c3ee8f44f4d0d6bba
SHA1 64012bc2d19c899c466b473f1984800870ec2fda
SHA256 70d496873a0a1ca14ae0a038d25856b2121b1b4b7bad9801ce639b144bac41f8
SHA512 692c0c9b9ed5bc8aaf0c751b9faf60729af79365781b51237e8dd57b57c49459d83dc2c44b093bca4092519d4c9ae712dab8073a7fe63245e405f17164b3c1d2

C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Installer\setup.exe

MD5 3a92a61a6e01c80ecc7d9499abb901b7
SHA1 d89d05802d937f9c71ced14282b8a19623fca7c8
SHA256 b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e
SHA512 3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d

C:\Program Files (x86)\Microsoft\Edge\Temp\source1964_1330260376\109.0.1518.140\Installer\msedge_7z.data

MD5 bd70ed26e6e6f3193043ac09c58c6a1c
SHA1 d733a65e17f2851d5116598dd80533efc1656468
SHA256 7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448
SHA512 3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.140\telclient.dll

MD5 5302ed4cb82bfcddbf6a1a0ca866c649
SHA1 55479d5eb1382010c27bcd1f2007a02220b218e0
SHA256 9cc602a91aec700e4ea01f2afa0caa4ca3a99a9e27751a1da203e2dc190dcb9a
SHA512 51bff0aaa1f243c8f291164c7cb9f0c8d250681e13cf62c26c513164c9399f7dba5b439ce26bcd35f35d1f7ea35ab1d3a4a5bc0b5d3549a0d9bfa10968e48e20

memory/604-1695-0x00000000004E0000-0x00000000004E2000-memory.dmp

memory/1984-1700-0x0000000000D30000-0x0000000000D65000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77da1a.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9b38857-223a-402d-a739-288e2de36197.tmp

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 504546531dc0d1e06c6359d36098b0b1
SHA1 e305a248709c2b11db66f03b3c0f385c5ac3e617
SHA256 dae4c0489861d11bbe8e1e8a2d10d369433cbcfb31af4eac25261f9d8349ff2f
SHA512 12fc90b64978855546786ed6bd21d6475bd0c0d637a496d0a43f10fca5e937a35ffee7aad9fb8b709c66b954bd2a2addd52faadbfe738f452cf8a60d3c27f1ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 474a2668b40034a9ce4e92e821627547
SHA1 90c3ab53f2a39ed4b607d77e7f552520401eb909
SHA256 6054cec6600620f08f1809f3bc07a3dbba8806bbd3b53a840f48b3eb80dbec69
SHA512 877bafacb60b9bf7948656589b519010ede845e4053a80edbb16460d0e231b5585f85cd9aca1e775e7c2dd666d19da5903ed12215f78500cf47a0a6cffd5d6ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99be80b7a408e72fd025d2b427ae685e
SHA1 300e9f78c6b4991a616d707bf15e86dba6a470a1
SHA256 16556d96a736eb9bf23215e2cb1b2a4ce373d332d5f189d110a4d03d1e8d103c
SHA512 c3a57280a8daa1094769d869f6db93055d7ad3f45f3a68a87ad4f9325e693998564e8043d6875267517ec38ef94d18756207ab943906c69a79c6c971246c3331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 479b1c6284e5f5c7786c99c1f3b6d93c
SHA1 7903c86f3e37377cfaa76b4f9984679d0d4e8ff7
SHA256 187c8b68b506aadefe1bf82d669c325078d6a057e1495f93a1f9707c6503f93e
SHA512 58d98af4c67dce3a58714690bbb3a21c3e3396f51cd04d7b00aba7fe58b00409c25042d3dd819df178ec9e90d9aeffd18e7c012a0c6db3f241e7a8947ac9464b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9ad5786765b5d1629684be3011c5455d
SHA1 28278e814ca0da1492c9e5b001c8e43ebea11278
SHA256 7bb5030cab048f5adb9ecf1e0f14ac7d2bd8fc1b2eb8e70ccc274f65b7c5ef60
SHA512 cd6b164f19bacc44e3218f2c029821a8c18297ac43f22a13b05012dbab1a78f6742d09c0fef63b81483418f6286679800e276de36e77f7c93f4ea26a8b5f63d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32dc80d8b7bbafc0771f24030085360e
SHA1 690cf98844f9f56661ad2b6e2d94de2caf88f4c5
SHA256 387b228d86acac090bd2b2e87d3f95df313efab99308b66b0db752b6534e3624
SHA512 87944f853defdfe4c4dabf4afab8b4be7499ab37338687495ef1533d1df9323d8f7419133ecf1d64b820e1294f77feb92c3baf393e236a3f3ece8517f17182a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b7836e185ba0adfa0d4819c797a4fbd
SHA1 7e8cd4941b54dc66ed45eaff4c4ccaf95bb1c01a
SHA256 7aa7e8dfce4a0d5607166d3c1dc3bfb6f6cffe5f993056d18dd4a5f8c806ac0a
SHA512 0404104a68d7ee69b2448725b362d358d1bd87b78ba12d8e4dd05971dc39b7128b93e071486bc84adfce541e6bafde7e9f861df5de3f2e26d7a56cc5e4a73b4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccad2d28c3ce18d1630363395c59205a
SHA1 f139b135e200393e33729d62428381b57a5a4796
SHA256 23a29fb3a24a2202e0ffd3959ef0c2e1a539f2714131323a698fd5182251e400
SHA512 9e0b5e254cafb8226addd55eb80629beedceebeff608225b45d319b77721446b7baa47df7e70b1459f5439a0bef5db58c4ad0c6dbdcf26078a8bbfb2c0b6ebe3

C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b445fad8-c17d-4c50-9a84-1a14e9da20e7.tmp

MD5 e887b91c3504ec435382ea9cc1e7928d
SHA1 c977be810da32ca9c98c424e57ec7be6ca8e1028
SHA256 ff7e762ca6889894731e4c64745ffb2ca10aacefabdd709050a1d41954fe8d4e
SHA512 c06a88d4dfb93212bb7b9c1694eefa5f741e89b1687d180ec500c2688f2ce864b645cfdb43ac0b448e9811a7a5ab1e06e8bc9960bdad942ebe4b8b4434ae1a0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f32f7ab0c278b7eb928652f1878bf060
SHA1 17f166a1a0bedd2ab55f29e03f563bf596b07c64
SHA256 ea441ad9539fcb4a2b19fc89e0c3b10c124ddb40451be5b3e709a7a235b8de1c
SHA512 f0efbe61aa7418a0021f0d57d59aced2ebeb01bb4032076201efae2cdd6a13c330ed15a829d15edffbd0f4b056b78be69c6979ea79834acfde0ee1744d89b102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e78ccedeaa2534ce3fec9138b81c748c
SHA1 2010373fc38d1fda357455d260604a2b24caf28f
SHA256 b85a5d58db407f9369b023ca9bf25a2299152b2eee9c089a5207f2a67a613529
SHA512 96abbfb6ff94e98d731c5f18ec5e54926ae5e68ca726eb1a10d8873f02d3916d4029ce4be28894b63147347a3ecec68ee736afa002349ae8005deb73cdf1cf3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fcfbcfea-6ff0-4f85-bd43-6ede8458b67b.tmp

MD5 5bfad356fe3fc44f1785aa1df7f160eb
SHA1 cac78c5144da9ebbbb2051354b96ce35e1ca26ec
SHA256 1f00eac0301a39f2d14e2921b6dd9a085017130efdedf11bbb80a930c5ef6742
SHA512 1f5278268b23c224b90c05352e90bde4ca53660141103d5f2401619599d72ff173fd16cc1ce56338f7e509b32f53dae8d3a658257c025f8f63f82f8b898a6d99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b565bac5a3ab03092723d3ce0d2c201d
SHA1 121cec58c356cc750857a7daa0e6a53cedaba9ef
SHA256 a9fed44a7f4eef66d9cdc8eb00a83576dbe9b0b0aff59de7a915c9b892be9f5c
SHA512 c447fccfbb2a823509e5a2b7950eb558005c378313468f299119c815b653b3e2954d15b465700857d5ab4c6cd8de4f8d4ce3fde9b43616973fd699a416753626

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-30 18:13

Reported

2024-04-30 18:16

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\elevation_service.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_sr-Cyrl-BA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\win11\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_or.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\win11\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\show_third_party_software_licenses.bat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\fr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\he.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\EdgeWebView.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\resources.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Notifications\SoftLandingAssetLight.gif C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\de.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_proxy\win11\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\EdgeUpdate.dat C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_kok.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\sr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_en.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ka.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Notifications\SoftLandingAssetDark.gif C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_kk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\tt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_th.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\sv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\ne.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Mu\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\el.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_it.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\cookie_exporter.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589745011555560" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\ = "Update3COMClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\Version = "1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationName = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1160 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe
PID 1160 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe
PID 1160 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1440 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1440 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1440 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1440 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1440 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1440 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1436 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1436 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4312 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4312 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4312 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4312 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe
PID 4312 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe
PID 3040 wrote to memory of 3912 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 3040 wrote to memory of 3912 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 3912 wrote to memory of 1700 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 3912 wrote to memory of 1700 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 3912 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 3912 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 4980 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 4980 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe
PID 3912 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
PID 3912 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
PID 2204 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
PID 2204 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
PID 4312 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4312 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4312 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4224 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4224 wrote to memory of 4900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA0MjgxMzktOTBFMS00NkUzLUIzRDQtMjRGNzg3NDQ2NjYwfSIgdXNlcmlkPSJ7MkIxNDM5QkUtNUNFRS00MTE2LThCMEEtODNFNkI3RUUxODcyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezlBNzk1RkRELTBBQzctNDFGNC05NTUwLUU5N0Y1NTI0QTE0OX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE3My40NSIgbGFuZz0iemgtY24iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDUyOTI2MTkwNyIgaW5zdGFsbF90aW1lX21zPSI1MTUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100" /installsource taggedmi /sessionid "{10428139-90E1-46E3-B3D4-24F787446660}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA0MjgxMzktOTBFMS00NkUzLUIzRDQtMjRGNzg3NDQ2NjYwfSIgdXNlcmlkPSJ7MkIxNDM5QkUtNUNFRS00MTE2LThCMEEtODNFNkI3RUUxODcyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0E3QkMwOEVBLTRFREMtNDhDNi04MTNBLUFCRjE0NEE3RTZDRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDUzMzMyNDMwNyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff76a1f88c0,0x7ff76a1f88cc,0x7ff76a1f88d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F2E2B9FE-AF27-4A7E-B9F0-60597506B041}\EDGEMITMP_88D19.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x22c,0x230,0x234,0xe4,0x238,0x7ff76a1f88c0,0x7ff76a1f88cc,0x7ff76a1f88d8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff76ea588c0,0x7ff76ea588cc,0x7ff76ea588d8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA0MjgxMzktOTBFMS00NkUzLUIzRDQtMjRGNzg3NDQ2NjYwfSIgdXNlcmlkPSJ7MkIxNDM5QkUtNUNFRS00MTE2LThCMEEtODNFNkI3RUUxODcyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezA1MzNCOTkwLTc4OUYtNDlDRS1CMTFELUExQTI3MDczQUNCQX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSJ6aC1jbiIgYnJhbmQ9Ik0xMDAiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iNCIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU4NjEzNzc1MDU3MDYwMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NTQwMzU1NzU1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDU0MDM1NTc1NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MTE0NDk0MjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTA1NjE5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWolMmJlRzF6SnZkZnI1cFlEYmlDSlJHc05Oc1pBSGZQZVdmOGY4aXdrMVBWbE04MmFMWmhSeEJTcTJ4c1RCU3VFZE1GRkF6ZURLbTI4ZTMlMmJnUlFqa1RDZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgZG93bmxvYWRfdGltZV9tcz0iMjA4MjkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODExNjA1ODI3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDgyNTE5OTcxMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI4NDg4NjkxOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM3NSIgZG93bmxvYWRfdGltZV9tcz0iMjcxMjUiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDU5MzgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x254,0x258,0x25c,0x250,0x264,0x7ff99be5ceb8,0x7ff99be5cec4,0x7ff99be5ced0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2304,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2356,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=3008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3492,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3496,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4728,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5336,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5316,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5456,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5536,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6056,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6056,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6772,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6980,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6536,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7008,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6632,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7052,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7296,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6904,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=588,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7508,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=2128,i,5274897007256715898,9717730768060739933,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
NL 104.97.14.91:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 91.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
DE 2.16.6.15:443 res.cdn.office.net tcp
DE 2.16.6.15:443 res.cdn.office.net tcp
DE 2.16.6.15:443 res.cdn.office.net tcp
DE 2.16.6.15:443 res.cdn.office.net tcp
DE 2.16.6.15:443 res.cdn.office.net tcp
DE 2.16.6.15:443 res.cdn.office.net tcp
GB 20.58.112.186:443 nav.smartscreen.microsoft.com tcp
GB 20.58.112.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 smartscreen.microsoft.com udp
GB 20.58.112.186:443 smartscreen.microsoft.com tcp
GB 20.58.112.186:443 smartscreen.microsoft.com tcp
GB 20.58.112.186:443 smartscreen.microsoft.com tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 186.112.58.20.in-addr.arpa udp
US 8.8.8.8:53 15.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
GB 20.58.112.186:443 smartscreen.microsoft.com tcp
GB 20.58.112.186:443 smartscreen.microsoft.com tcp
GB 20.58.112.186:443 smartscreen.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.3:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 2.16.106.135:443 assets.msn.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 104.97.14.88:443 bzib.nelreports.net tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 2.16.106.135:443 assets.msn.com tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 135.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
NL 23.62.61.129:443 www.bing.com tcp
IE 68.219.88.97:443 c.msn.com tcp
US 204.79.197.237:443 c.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
GB 18.245.143.4:443 sb.scorecardresearch.com tcp
NL 104.110.191.144:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.16:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 4.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 144.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 fra1-ib.adnxs.com udp
US 8.8.8.8:53 fra1-ib.adnxs.com udp
US 8.8.8.8:53 dcdn.adnxs.com udp
US 8.8.8.8:53 dcdn.adnxs.com udp
US 23.53.112.216:443 dcdn.adnxs.com tcp
DE 37.252.173.215:443 fra1-ib.adnxs.com tcp
NL 23.62.61.129:443 www.bing.com udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 137.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 23.220.112.155:443 ecn.dev.virtualearth.net tcp
NL 23.62.61.129:443 r.bing.com udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 216.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 219.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 155.112.220.23.in-addr.arpa udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 104.110.191.144:443 img-s-msn-com.akamaized.net tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
NL 104.97.14.34:443 deff.nelreports.net tcp
NL 104.97.14.34:443 deff.nelreports.net tcp
NL 104.97.14.34:443 deff.nelreports.net tcp
US 8.8.8.8:53 34.14.97.104.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdate.exe

MD5 ae0bd70d0d7e467457b9e39b29f78410
SHA1 b4a549508cbc9f975a191434d4d20ad3c28d5028
SHA256 4d9f16b00bda1db65b68cb486f7ae1bf5b32aedf7fd335e4a8ef2fa087870986
SHA512 cbe2b5ffe647f5318edd9825ea6536d6d14dab66920def0323fb5b4dc03a4f8b6781b9209e5a557ab4d270b3f2b170797e6bd807195c93869367c0a245a3168e

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdate.dll

MD5 6545c51ed0d062d63c7dd5a6f00a32c6
SHA1 b6b7e5f44cb3c11f76a46e18fa7d80be9f6fdbd3
SHA256 f9431d85c0869faf740220f88b2d8db61b53d9fb324da995d938412caaed0f3e
SHA512 c99b0333b4e598fd9cad556a2fd60c725ae4c4ae45d53a45a7e051d106e3e24c401fd8686eb707d8357f01d899734889271ea3fda28bb55b7d35dcd338db7fb2

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_zh-cn.dll

MD5 2dc0b30b62edcb73193f49affd7ebe4d
SHA1 09a2e2a03268872b733fc42421a678d7e03e0a50
SHA256 50115311dc42f543b0ba74fe9cc3fbefd2d145035099e88c05b2d4090c2ce0da
SHA512 da14338daa44e1c1dee865d630f5ea709e1af2b1e6f20cc8b709eea6fc2a33b5b885ec8f055d3a32cc5694dbb7a47862b6b4b1e9cd3f976f2c0b3b33bf9d3736

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdateCore.exe

MD5 465c5a2eae01ad9cc32ed0c5348fc2dc
SHA1 aaccb9ae7aa82c8ed62a43571596c3a965b658b6
SHA256 ff9b8963958042a650acf2f13a3697e5bb1c5ff2cab55d06166f5527de626021
SHA512 605d9f9d12b981f218d0636912e048d4a76f01c960793ae9f6e1dd59f49c1fc2e615b51d919605d433467bb2fe9b9fa5fdb979432085a88f568b3b4cf876af44

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 66fcafc9f2f49c19563d76f5337788f1
SHA1 9544b0b23129dccaa43eaa5da4b5b4aa5eedf88d
SHA256 06cfede5f76e1f17f971fa265e318e22fa6d743f0ee5879dfa9b09f5f471f207
SHA512 ae1b4435e866ea4795e370940a8524a1b0bf04941612017831363b735d97184f1a125af9f7aef1e755b1b242419adbe4e5db7473ff090ca87d6669c25b76f14d

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_af.dll

MD5 fa5578b2efc78389b459ab88b58c9abd
SHA1 980ed1ceab5063849eef96deb26825d66aaec16d
SHA256 79dca4ee4b15d9e599ccd7e12529a8b4d453d51c2b9ecd54d50bb280f0f5be7b
SHA512 a4146ef506737eba5a7c373a51059abe4569d41b7030f75a9fa1228c729fa8465e22f0c2739af2690e9408d76f43c343e4ccdb92e6110505d2655bed5844ab67

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_am.dll

MD5 e59264b8cdedc5590fb6d3abb52569c9
SHA1 2fa3c37ac3c81bbce1d1e2c6b9861b36715eb14f
SHA256 5426cd930a651e304aed15fc8d693dd809f994cb195ca023608317efa7ef69f9
SHA512 3d16943726526929678d7b4d9ab30b291643bf28c93fc010371a68af24f3a169d5da8b3e75413dae8279681092a558eba36ccc6fad177bd9b39a13728d3f3737

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_bg.dll

MD5 1820cfa69f244a787a0af9a4935e94a3
SHA1 65dbdda6e072b7f7b60e5740468be3374d5783a9
SHA256 9fbc74077908ad444da57cabe2f070dfb1c4f902b6917ce539cb2728612324b8
SHA512 c7f3d33c0b0a8b0a68ebf7a2e79936b07ba7fd43bacd67dacc549a5856f7fd0495dd8922d0c12e5bcb774d67267c5ee8bad63ca12012c95311cae42d878b42d0

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 1a1ddb1f95ecca9d13139ad436c3fe48
SHA1 bee6baf32a15188f5d64df3df3bacc12dcc56845
SHA256 515a028bfc6dbd7d1aa1819f1ef70dc6382337318f907656f3768d1c66cdd53b
SHA512 6e1bcb85d15a43757e6f3f75fb78cfedc4a8dd099c334415996cac7ea29f7e1577b8152c709192820d2b78b48b6cab7bf4015f741d4f1a2d845c6ec2376e5c54

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_cy.dll

MD5 cd2d40775ef0773519afcaa17509324e
SHA1 0ccc30932a50991937af5a16bd7ef92787eeb57b
SHA256 a20e03e1c56dd2438c85b52e94f54839596e5352ba4b3a406b2daeab5fd24c0d
SHA512 5d8aab4054c17720f9ea9dc28754efd440c06bf22b31c00c9020418a1ddea7bc9f5db285b2916af2e659c33649549a363af281563dff296275c4c8e2a7faf8d3

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_en-GB.dll

MD5 f0a758482ae88ee848215489129ec7bc
SHA1 d1298f7e6e60f4a2c11a61c137200665aabdb3ad
SHA256 2d76f0bf2669c672d1fa6c46417e65ac9a160a01d11990804ca40d3a3d9dbe76
SHA512 0ec2be7863d2a7f187e831529ab959ffb9c90b4d90d45ad86a9e3522d77af86c12eef4bf9a5cdfadb7957e3e8fd8fd3841f4c301865b823bfaf99e1b55182bfd

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_fi.dll

MD5 a3ae249b4498363bfc94043e725c5e2f
SHA1 fd1baf19de13def5c9e8dc3d91e57f2ad1a7aca7
SHA256 7c6c0a0ebc9e48da16f54f559f48af5ccdb375dcd914a36cc4662db0b7fe82b1
SHA512 e8d6cd5981e96f7c4897355fe3283c8b3a0da20cead2e1a6bc2dff9f00a6fa7493fe129607c24d9dded9ab86cfb09e090af3038d4f16268d473d417b4dc2dfd6

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ga.dll

MD5 aa92c3750a7c959d96701e389be062a5
SHA1 1dcdfaa8b19ca5606864db6e6b81d8ab3ce55d16
SHA256 7b1597017f98a23571d37718ca774fd2510cebbaf25f702635043a3146d1b6b0
SHA512 44c2f8123050bf37b89e1ad43996be8694d12b1528d1bbe0fb5af0af2251af1a4ec0e91cc42aae3ede3c06feba8ee947fa5ef25d6969342903f8163fae637315

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_hr.dll

MD5 a6c4791612c26968b22b8124ee069e6f
SHA1 01724391167f0224c1d901b8a0f6ed1fef2e00b9
SHA256 ea1af73bd97429ed2ed3650cdc10b5c6f9296a5102821d4b69e7c0d41d9f0dd7
SHA512 1e6a801727af933683fa2f253f5fd9932257db94cfe08106ce8b1e82b2dc6b36f34fe103c7f01a28039ecd54d84647902c348a6c7cb162efdc89d88930bd7c20

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_kk.dll

MD5 783d82190e727cd2d6600f72db389fdc
SHA1 f53add9827ba99297735195213af4da12b8cb933
SHA256 da5b10fe628749034d226129c727fced827550431369ce01770ba56953e7bbfe
SHA512 22ddec82074265e2d6a0c9ffe5213a3d8f375ad79bb28f46ea84ac18aab95cd75882fd8579e0f1d4c2fdfc31e8ffad895b49afbdaf90ba9b4dea0b26294543bf

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_lo.dll

MD5 51e5ca96d76123d22cc329939f990008
SHA1 5a0543d5ef5d97b50ff001c60d79d3edbdcbf045
SHA256 e56dc7eafe6f357344a85f3caba25ca48ccca9d8688fbda29dcd28a3c9abfb93
SHA512 fa35b400ade971c9788fb7430fc0663618d1c1b7276b91062fb73649d873f65dd294aa80747b90a0abdc7c99bbf75f1a4ba7eded7ddf3b15e0d6ed667351f3db

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_mi.dll

MD5 184a07e2da03ad52fc101b519c1a6c83
SHA1 57cc7bb16668ccdee1c4716d26e0a07e41bf66a8
SHA256 d9b47367f0ee695912353c1b0d161795963292a3314f6cbccd3b2a2d7c588a49
SHA512 634bc609e2fdb598813546cb8e433dd312d3bf1327e3d0ff56013d6839783c16943f18d9a25274c13497fa97914ab7953dd84fcddbbceadb807a854fd6fd7efe

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ms.dll

MD5 f67091c7f22cf6a7ea6d8eccdfbe86f1
SHA1 0592ce994a60924bd43cffcf479db955809de6c8
SHA256 30c42df9cbc097e58fc96eb99a731a5df3e74bb8724d865794384b30216f17d0
SHA512 f85ef183ab67c0a962c873afeb6474bad6dd0d5b7b2ad33db8aca9d04bfa45bc1f2ba4d6dd5e2326fa29bfe4b927a5930cc36845ceaf87ad1141c016fb95fba8

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_mr.dll

MD5 2982e89d8f012b375b4970af2b2a6b59
SHA1 2c57560d344c15fca7a34c66ccf61e928c7c2d7a
SHA256 136e72e33bec44270b9a8180638f44ab0f3d45a5eddd4f091dd09366e8a10220
SHA512 29725306d61e5d616efefc0b6dc9f6f42b8ddde0789600f642013d7642a99bc5979816ae4dbe95410c85e051c7f098b9bef07ad978da66d177cbf1e1ee918843

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ml.dll

MD5 0fc425bf483d7c62b3fc448fb0651686
SHA1 f16045bf6b79db0aacdcdba60f96f2224cb8011b
SHA256 10e4e32ae85ad27b9a4d9df458c5bdd39f221e2f10cfc4d17c2ed1774f65bfc1
SHA512 5ee067f76e97c2d679c9a0817a94a2b76f5705be494e17d5c35d2df3197c996d55491bb4b8563b9815cace94af54a5e76b6bfc944e58d74c464b8aeffc9fb022

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_mk.dll

MD5 4ed9fe5c7b44fe0c53118edbe40ac779
SHA1 9ba9c0442a67284d4cc15c9ac28d5bccfd4bc41f
SHA256 8bf0122ee2e34e027fe847775f8e6e6466490b25cdc1bd03e09128808428d106
SHA512 331997335322ea08d1d3601afa656e1d180da71faa99640299c58cc58a28a98bfaa96a75877b421565fe032432d9a57490ce985879674410a277cf6720f9156b

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_lv.dll

MD5 ace8c066152f4323cb5d2e60639a0dcb
SHA1 b73280d119dc79058eb21f4bdbb79dd2df6470a8
SHA256 a30a91190e7b5c150f0364895e8f6bed0a360944265548860a0b9e0b8e09aa36
SHA512 76b474eb827f62399cf501ad313bd55b2b9109de102f1ea5047b4b7f45269061e466bb5c8334ddf0dbe7dd58394ea9f6c14143302961f3fcdbf0c7beeabec48b

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_lt.dll

MD5 abffc1e1a834ce30c50f44b40ce22729
SHA1 486ca416677f2d83d4a82bb8d145c3de9d154092
SHA256 8c63cf6a17a3f3c0eee8e3fd805def558dc03b2d1498551b1ce68e62f3ff473f
SHA512 5ec863008a55f6fa959cae10fe3f57314a5555c310f25c0651a1f93c3222b83586d1305895742f797d6c8e1140b88bc94720501d20926631f8e133138a064bc7

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_lb.dll

MD5 71e838eccf2045a7687535dcb7f75908
SHA1 760ee5ac1653b13f11a795c9b835cc12207672c4
SHA256 5c2c590f7b2564c633b479cd3c69cb23f4864e7be903c0b69da426914f6afdb1
SHA512 ced3fac25a95fbe63f5e04bc722feefcc4adcaf4c3b787263658eead49e89569ba13e3d6e90a2217460a2b3199647e6bb1890cb0c57dee7b48c5e3b59df9a61d

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_kok.dll

MD5 509b2e222a850888e3191b37e5daf5fe
SHA1 dc9f2b1788f1575e2db40b37c279c8aca4ac5d1e
SHA256 fc197b296e528eb307e4c2b0cc804a01081d269f2195f222daa7598f423a4a6a
SHA512 41b51244e7f12721cc663cd421a08678ea702d87a874d6df61e754c34a540c7a67af4ef9ac69d25f1b312b76749cf21497898facf23017cdf1c6e152a5752f3a

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ko.dll

MD5 de28bd6e9ce5820077805f4b467fbf6d
SHA1 df0ba96a12898d9c1b9a4e56be72f3433685d238
SHA256 d7fbdda10145194aadbed1e8d94d678405747654e08aa148c1c004b3df710ec7
SHA512 82a17ed87669b8d75d33a07a8ff224da188ef3ee4ef13aa5f829661f61a8d5affc899e865683f537853261fe9fa98e43474c0530c893e438c19c1b14b524eb8e

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_kn.dll

MD5 c81d6cd31972fbffad85134b1fb99c5d
SHA1 d0f37ecc4364b5d1511b2aa34a0befe5567c8f63
SHA256 943619e952268b6582580648f5d49efee05e59c78fb201e3733903c76e95414d
SHA512 3e18b092cd04fc64641cf526af40178416662f449e6517a1e38a278ebe57ad7990ba5ecefe3d1242ace545628cc37bec06cad19612dd79f2f131ad92884fdc17

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_km.dll

MD5 71c061fef2688bf3153a6ef49354b830
SHA1 207abd05b91ebdc3ccc631ed3e688a01770c51b9
SHA256 1b8fe3a54e66fec65686a1ed5167c5aa117f041f876050c45371e97bd3c0267f
SHA512 78870b1de78bac9edf0620ac1ffbbad78d5122d14eb4c55591bb693e1f1298bde7c30dd99f7db863f9a73b353010f682e478001654a6761be521d89aa81ef5bb

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ka.dll

MD5 7a165e5128da3f8bd3a09ff89fad2302
SHA1 2a1c54a9892a76b61b35e34c9f06c9c1d85a407f
SHA256 854cb557a42f1f1747cf7ebf74700ee68e6cae3082495399cb1b970963e7e37c
SHA512 b6dc4d705558dfd7da72e7d57300c6acd5a6049a8a78d1431d932a8bb7095727f68f84a3a32cbec1e70817a138b4f55305127ed8e0c64c6d4ae82f5a0e706e17

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ja.dll

MD5 41146ae997baa8384ee4e5f7a8dd2a56
SHA1 77154fcab91e9ba5f093758198cf679d1ef6272f
SHA256 a965fc9103a427f73388f3cc627cf40adb34d913845487b2e01566f19c6a874c
SHA512 7a3c1fe5babcb4d9d1c70d82779a5f2a1d243be3ac26da357de662a30282f8cbdfaf2c10edd984ab3f0b37ad05b79a0660bd1cb1ff4b2c11da1167d48c39f5b7

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_iw.dll

MD5 7385c983777668a6e390dd462172c480
SHA1 af0ec0d86a60d33e6cf3d4d5929a2bae46fd0c3b
SHA256 4f465cee1dc3aa3b134744121aac07fccb1505e62bd946ae8637567c81c122b3
SHA512 ac3b69ca4e25cba580bd4ce384b500c1c96b24502b893ae1da9268e5afb23c141d19192da15123c8639a4f2a8a7ffb3fbd6d595fd845eeaf4dec4b8b26774c30

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_it.dll

MD5 d2fbd4f80876839038c9c49fd545ed4f
SHA1 acc0fda636ff6f38a1b80a935242d98591f40031
SHA256 d932b0ec0f8a3980309dd93cef9c6e88cd98166715f87f42741f83e5e657a4d2
SHA512 ef0a00b362ba9d52863b260f5aeda6ac45164c29276d0c34b69338df6daed2cab2e093d186e79652c8f585c5d074224efaa748eb2d1ce973ea824a8cd291e4bf

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_is.dll

MD5 9d2ea90d056a0d4f8d75295070a67ed2
SHA1 77be93c75be719558e91aadfcd2fae5baf98fcfe
SHA256 fa796186a9159cb162ea36e92c57ec9e721d443e20e5547b5749f34510f0f837
SHA512 500f739c0cab903d1ca1a358728df0c7c105fad7ac88cff0425032640ebdc9cb87656593836e6694eb91513963a49399b4186ae34b0da1bcb6142816a0abd9bf

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_id.dll

MD5 5f3bb745fbf228f814ff7da6889a4e56
SHA1 368959b8ee12237971e7792c9e9aa113f52b2fca
SHA256 534915e0673f9bcf5dbd0a651f69065708c53e64de1a12656e3a2ae7bf4fa09f
SHA512 1d837500cdf4a317312b1c895c079c2252c7b9abd806e7ee99b89fc840e410ad781fab688858fd7a8b9c48f7bd786019f412eaa831af54bb35d942fae0742456

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_hu.dll

MD5 523dab9f0691b5f9f748c2d28a690eb2
SHA1 26f3563ca6ad6add621bd84e8421822c5ebb2758
SHA256 6484b275195ce3b13cb31d75a4c0d2fd675a1be892440b59bd404eb0dd077e43
SHA512 fd5e0b330ad84076de13fc6a4c9abbeb8264ae5e3dd8fa03b7634d6dd20e309fc6b4ffba48f6a36e29f9ac1d5e7d818d12cdd0f31ebfc88903fce31e97feeea6

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_hi.dll

MD5 84df8de6696f3f10f447b93c65558118
SHA1 cea711a6b101dec540982f70aa06a2c2aa892f86
SHA256 9aaaba5205230485c3659ee74c2ba69041540e5d62fd39f185e6759c97f7325a
SHA512 d7d0944f1d691e40f7fc35e59b199288e914fbb4a3ee90052ff2adbe11f9fd8e0c4090d0b4b7eef7e0ae39514030848311d48f5dfaf61d075ba18981d029b04d

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_gu.dll

MD5 d05fb9b71ba0ff3961dd8c8eb7e2eb1b
SHA1 5057cfb73182875db3460c22685629455cfc7023
SHA256 2492a3f35b6900a335a87676e6204ec1b9434673de5df1572f83dabc37a21cf6
SHA512 fff4e4da7f6438c6dd3dd90f7c6cce6f14626963c3cfaafd42c3514337af7af0c8bea4d8fde3c56d530df5a082bfa9fd7f8a40a10eee922589c7c50a8d58361f

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_gl.dll

MD5 2d1a8303693967e2b5ccffe10ee463fc
SHA1 efc19774f17b5c629930c63616cced53ed718159
SHA256 cf8d95b6f78b1c406996ed4187b28b2610067535896bc58669da41feddadd368
SHA512 527e4b5f61a90395bc274939cc1257379e443d088b48372bde7b3145cabb56632613134551b281ee4af5f2b2464231d798afec02aa9d75d9afefffb0d401e840

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_gd.dll

MD5 89b440abe50e070b0dbb1089c215dbb9
SHA1 085cc73e258062989d525d2a27f3b4edb3d48c65
SHA256 b25f58082c09e3db22708401fca30fdf97040c3a11279089233db78705a3a04e
SHA512 90b17788b9b279ea262dfde5391e68752e2d384ff9c0c05ff7d83ac78aef17fd664e48aec2256145e5e8baba02a187d5479685b2259d6178a77ad48aaeb5835e

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_fr-CA.dll

MD5 1a743785d82759aeb4d8cd84f163e515
SHA1 55949bb303ce5285bfba2603df34249fead59a6d
SHA256 e73749cb09eee8f9b6b62e0aca144ddb73b35c89c06432f5f24c8a3ad609e731
SHA512 6f90905195914560db4050514e496978964501173f13b0d6df499e8659bb53681e19669be4d5b0a6467a2beeca88ac9512edd17558b7ff75580d15bbdc59b540

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_fr.dll

MD5 63167811b5d67909811ab2ea52f69687
SHA1 3c8c954d7e9295a89dd5b347598c55c450575aef
SHA256 cbe59981860ccdba144c645bd1fbb70072643bab98a21e2008e2731daf74ca59
SHA512 c33ba711dacca5219f3029b6d0ac0da2895d4ab9a203e6bb37b39cb9e558a555b9d7244f2b5c026d2a75a01901931830a15358e109215022958d089af0d66bb4

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_fil.dll

MD5 635e9a59fb087047b6521a8c622dc31c
SHA1 9a6b5f14738fe1d11b0bdc52ac86962145a4c852
SHA256 698d85a10bed433032d04d8221b2fec183ee7d944dbcb685ee90d28483084c64
SHA512 cb368f6bcdc85c41adfaf77f4705109a74794b7b99d2ffa2c4af4a7457ebab3777164bcd42c4de2d7c4944460342c8efd8102de6b9e51ee7c193b43205ff5eac

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_fa.dll

MD5 33639788ab5d596a09d2fdf7688ee4cc
SHA1 c6697fdd982c0ebe1559084f81d4e22304cd7184
SHA256 f2763c899c134238e169d0fd09eb8bfdb8fd42b25d0724dbb6a1adf329a7845e
SHA512 7a2998a7f7301671c7dcad8723ff5cd694710848ee1c43c9f06e525489b91a344d369aae45dc1d259c10c1ae083f88de8cdf1b8ce07b5a0d1a99fdfc87cfc21f

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_eu.dll

MD5 8a3bd0c8f91564d3be5696756e05969d
SHA1 5388d1afb06786bfd4907b7580f763810d07d4dc
SHA256 a8d60b8d17da26931755bdca16c486f03a5423d368f64eb164b22a7839bb17bd
SHA512 4ec41f8e7c945f583d35ce61e58cb84d97fd8fddd31619c9ded8da7b90a4bfd5bc41c350d15bee2d7ca430ac69f04df980d67a5b931e5e1adc4fcf5ea2afe8b9

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_et.dll

MD5 8b51e86ace114d92a5fd2f53269a0785
SHA1 c175ead12ddc50d1df4b9b1687364aabee035a65
SHA256 7b5b4c7eb487f5411c6dda6e7a91501f9473e2fa66dedcce28a12f356b984840
SHA512 96de82a64d420120cc6eaf16d4ca77fd5aef1e848d6b006c2ec0ce5bbbc1ce6fae9fe57de552f3df9dcc59c49f5cdb024097a33c24c10de12c4adb6a5fecee4f

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_es-419.dll

MD5 7e8d44be65ac66ce05fb0bae2ba06f59
SHA1 f7341452313b2e38c0212b1ed499912d210fd315
SHA256 564c505c5f3617b2ccbffafff9f81771055b6edccce22917fa0bf553386a3749
SHA512 59417deaed339aa61f19336f307f2a5f5057f7ee18a13f1c8b4055e0bf0b8ee15bba6b15233aff239a7dc9b1fedc4a993fa8f4fbf9d76393f930c6ab2f52da85

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_es.dll

MD5 4c3382b9bb276730ac626a30904420f6
SHA1 622af5199231a82a88fc70af89474f55af5fc2ed
SHA256 430a568d7d001f4dbd4c3473838146542f06e8b7a0e8a8f41dec5de94feb9f84
SHA512 1248bf0a772a7ad2264dfc3ddc6d0ffd278c83c335c8a4a1468ddee742fb6a0fa033ffd40bdd135c2604ce35c12f882951cdfd6ea728709ed287294e5fc149ec

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_en.dll

MD5 dde9aacccb335e8a14bc4c0f2ac28eab
SHA1 8dfd19ecafda06c7e760e8fc17cc1dc43b9f3508
SHA256 c701a69236db5927f925a7d2d9845ca22cd59e03e83bfaabe5c4db35d373c056
SHA512 37de0760864b0e25277664ef8d8c4ac0df1f90ec6caa37f6e527be3b6af7a977b58453d26095fdede13ea9383166a9e60e9e0fdb9d8856eb54632a2943c1fada

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_el.dll

MD5 7ed8de68978a390eeda6b9f4145f8fec
SHA1 d4553ca5efd8801608196c81649dcd045e8beacf
SHA256 6ddf0517c8e51150048ee6ac66d5659559ecd4e6c3343245068ea1b8a3350878
SHA512 61806df41a9f2df86c71880be3e5e338ac35dad2a4964856e42a6d821b3d432b4412daa7a849cbbb3cb05228be777948387d90f6a4ed2276c537656098636e71

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_de.dll

MD5 c4ec05491b1585b7a3aa50375f5e4368
SHA1 cb37296d111b4c6d0456e88b94b482de4582161a
SHA256 a1d616c002ae667321cb3d78958877dfa47bdaa83a43d374d8e3628ec6ae18d5
SHA512 6392f6b349804243965b2ab83e80ee9a80627f9acaf5803aade67ab49c78647e3c8983b38fe7d1f55fefa0c90d2ca3b0cedf3d820c32a700eacd747fc4c72401

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_da.dll

MD5 dd517584ac41b7c185c1258a13143062
SHA1 60da459099559e30908938b742d6f5c1d0f99a4b
SHA256 904481a7bc079a6734dbce692d756952e7ffecebecb2f743568defc19f9f9e1b
SHA512 f96a73ad75e8d9adc01841a3f7a552c3115ff643d1cba669511e17012f892cb352cd77963044029ff7a7243b941e9f29e53a4ec51ba52977d05af20ab6d44779

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_cs.dll

MD5 90d8f09d6e68940399ebb1215c521511
SHA1 06d2a1a3a08cc2bf519ba83dbe08e4f240b60a4a
SHA256 2c27a8c3653aae163bebe05f010a5d73aa47f0b58aad14bd1811b2300fe564dc
SHA512 34cf592dbebf2055451b967d27cae5849896b26ef161bfc07aada6cf7757d39ac8b8fc9c003d3770f72aa046c132280be0646f9ae101e0ec36e3b6d95aa6a89d

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ca.dll

MD5 140f6d23813e344ab06afe865699c0c0
SHA1 527abdec73c8add2f9baf9d8de5c7d454512710d
SHA256 390c60bbf529ffe7174f6e1f7cde2af1455d618f5eb16f6bc3a48cf2bdf51d27
SHA512 b51988055a11eeff7a07b9b97a5055c0e0b8ce60f5a7aca94adcaa62472f63a9620d4f34eae75a772674eaa9e9461d716ba39989c1d6708e3846b92807f6c4f5

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_bs.dll

MD5 0961601651370bc0ad92ae34c745455e
SHA1 25b29bd74f6c5b5d16fb178cd6a53ea981309457
SHA256 5443ff8250092985e0ea1ab213eebff92bf0a40d908051915ead8d1ae0e97a5d
SHA512 d81053a2bb8ebdcbcc8d55671371a71af68c5d2cc309cb92d79dbd20203285846887da7c59453f38cb721fc164768a0b92bfaf62f78eb264acd37142df5f4e5e

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_bn-IN.dll

MD5 aba517fc0076e621244645abfdf2d60f
SHA1 3c1226b3fd9ae38967f8f3fc81d5c8014eab8ff3
SHA256 17e4f7edf396f0b4d8f64b46c5530260558ab0637cafba8c93c8e928c2b6de43
SHA512 5e3e48c8a97d10eac726b964716aa3524388474a7271c03657868fe8f1575ff0bde8911b91f6e874011e0c93581bd7a8d0d2920a140fdb47f37bb0d831befe45

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_bn.dll

MD5 933d66b54eaf05bc5aaab7c681da0b36
SHA1 a86effdbcc468df187d74f5b5e9d42d88e3197d1
SHA256 0e472bcc13ccfa83096e11217fefcb0e5aed3fa7ed8f1bfca7f2b7c151691b06
SHA512 628ca72071bd072bab9f81a10c6ba79a3b9d48c60dda1b58d4245d24841ca1288fb253e9212ff2cf721e366ea0aff0a068b08372a0cdf9279b298825ec8d2086

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_az.dll

MD5 75188196b6f7149d5ee776b95ff56ee4
SHA1 ad80c3fbb83d67c96fc4c3276747678d78d71359
SHA256 fddd8aba9fee226a935ace41d0f6707f1fae84d88f703bfa50ae9a13cd22610b
SHA512 08ee04a6a95b5b7c2396dc60dad24f2dcd46259a6318a15596581cf86ca66a47cd7a6685c94a746e88ccacf3f5ae051894dd2eaf2d09f04fde94524fcf63d952

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_as.dll

MD5 ff972d54852866ec3a43f11d7eeebd3e
SHA1 d3aaa7122de308be3fdfe27eaf7e22e0c0a02852
SHA256 b7862bb1d69e0e720db9fc1c498ed30f309dcaba73b304d239c1847441c5fd3d
SHA512 a4141404d4873bbef1a522e63644fdf37c6118a6314624541e367855e7d7bebf4bdf736295857a6e5c28db79ac6f51ff94123fb7119e05a48fbe3ac77505624a

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\msedgeupdateres_ar.dll

MD5 bcfb450a64ce92040d69e4fb5930762c
SHA1 944a72d0072ea260e8927e6309de6ae4a4796ff6
SHA256 a09fe2478e1662bcab92b41c8ecbe73d6bdeff386f0789c59236588ae2f887b7
SHA512 210a39a25db954636e8da1ed6b1a9e3608f19ac3b154ec9f274694d3fb8617af69abf7516ea00d62a5b100b5121bd7de32ff5afec7632f697dece7d8a201e5ad

C:\Program Files (x86)\Microsoft\Temp\EU3577.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 a0a6fe642213826a1613a5208a008055
SHA1 e9059ce64a1ee047d299c88a9c64edf61cdc0504
SHA256 f87c42f298612bb4cdaba4d56cbc1fde4856648bb1b771651b985b5d0f163cba
SHA512 bfa27c53eda95fea35e2b732fae85760f4c260999a646d951a7c2c0ad34f1c7af0a8d90916f4f99ba1cb1951801dfee01d0f7f2775e4491519187fa8b9718d5b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 ddd4f679747060ea2ccf64a6b66e2de1
SHA1 ffb6d66e547dfa4fb009bdba7ca9ca7ee6e60bc2
SHA256 465ca3d0aa65b84bec9175fb6c1ab26dbafc87cc425b3553722b874c4c333e9a
SHA512 b48542321d26c132c84b4c68ccc626994fac851b07bd91c97604363da815e61a6f9f9c9d30605fbe7290d3b097912e73cf6d43f069303c70cce230e18f2f795b

memory/1436-192-0x00000000004D0000-0x0000000000505000-memory.dmp

memory/1436-193-0x00000000743A0000-0x00000000745B1000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\124.0.2478.67\MicrosoftEdge_X64_124.0.2478.67.exe

MD5 dabc3160a804b9fadd89ceb0fcecf388
SHA1 b52f15e866a18637683bdf0ea4eaa326b787396f
SHA256 53eb39a92ee0d2eb94f6d33c015097bddd9cfe5c4129d3ac9a9facbfb5087bfe
SHA512 74fc0f21d7cf99e07c079224e2af8a4a51bff98a97bc471cfedfbd3a28d3ee681fbd63fa7239948c3c0bf4f9af56dc582dd128f8c08b54cb73389e85f949f431

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 c2a2c7f9c79ec7fb28d375ac8a66d451
SHA1 1c6f55093c87b6623b1059f3e5a7ca59342625c3
SHA256 4225ab307bc1acfaef0bbfe8d50b33a185ec9bf37e06a10c622982bd3564af65
SHA512 39a1634f147849bd3e0607c9eab85f54386346ea28f46f2943cb3f5d41cda60fc680ee34533ac7490879d4038ac4afaab13c897d697188ba77909346a359e9c2

memory/1436-222-0x00000000743A0000-0x00000000745B1000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

memory/4008-258-0x00000195BED70000-0x00000195BED7E000-memory.dmp

memory/4008-259-0x00000195D8F50000-0x00000195D8F5A000-memory.dmp

memory/4008-260-0x00000195D8F80000-0x00000195D8F88000-memory.dmp

memory/4008-261-0x00000195DA600000-0x00000195DA849000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmp

MD5 effecce1b6868c8bd7950ef7b772038b
SHA1 695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0
SHA256 003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046
SHA512 2f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2

memory/1436-396-0x00000000004D0000-0x0000000000505000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1999a8faa2437ac6b0d0d20554758ee
SHA1 28a0728cb2916461d8237a85381c99058469b98e
SHA256 b54416cb39934f61ffc01f25b00c6936b652f1b488fc5185284c24c7fa272501
SHA512 ee76053981831c1bb54ab3051b2879bcba89dde01421cdaf83f68d4e6c695223ccb36e6ad54cd95ea5f23f9b74359422e2b9afc42f5adf65f34e2ab0b3cc4f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb9a292d44693098220f758b76dac6f3
SHA1 cf6e5f2c4bf7d6de295eb11ef92aadf8b364f882
SHA256 251d4ccc272c2107782a0806d93ac52fc79ab58addb99314e58d7fdf89b26b6f
SHA512 ce2ee84e83f8b4b1b5c11f44ee6d8e27fa6d8ef22b1819e9c06eed03336fc1f3cdcab8163e40615ae40a8fed5babe3af23c2af879ff0ef6115b04b16217c3271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6209a5c6f514b73d2bf92fe6ad82de46
SHA1 4bb1b8636d3d14df322fcb1a3be82a4617724cdf
SHA256 368cb2ce3eac257050080bf9d2c81e73ee7ab5ce2c063e04ddacfa48f4498d9f
SHA512 e8840d32f4b3bfb5a73703def3461e16045f71b623569203da6639a2235b7a128ecc4f4609e71cdf498032486acc6a1da52d208f8871d64cf62cff04bdfa45e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5cdf761f6d4c9c3724635133faeff454
SHA1 003520d4ff69f8897bedf7c9b83d67c6a54ac688
SHA256 806d1caf6c9cd24424727d784c2a65588fd658a95d61e798f64666646ed2a1db
SHA512 bec9494e71a17b9a550a0d4995cae7c2053cf4e0860eb2b31e9f56657e8487e67a9c92044ff04a940eb94fba469f86971cce8a376a714339ac6f6b99ff9057d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d42e6911fafefed767cd3ef97371cb3f
SHA1 cf14ea8dabd2aa1049eae52516ae040e35ab22ae
SHA256 7e7a5d5af50b84643f64805dbca475c51ebecde2c47515ceea16c622c3ad3d32
SHA512 6a2d1c6758e0ec8964ab42b2ac06a480b4e3c79799f681c66dea8c5b1f3c7499e3674535290f0d4ca1e58897657be60a26d03e386c3240e8c11ac840655372b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

MD5 47d41a980668e9bfae197488d6d56feb
SHA1 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d
SHA256 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43
SHA512 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 33873e2426a5819a46f074cc6c586f34
SHA1 e95b50182964f0a6ef404ca08e791caf6e2bcfb6
SHA256 36557821b4ba40f591bc50c588e09ddfd5ddb5005780b22478fb4b968f1ccc9b
SHA512 c5314f3d86e018c4ab059110c08ccefea0135c4b0898842168da7b58f5ce0c98c422ef94cb2e757a1f824ab3dc415325884e8113a397eec4695e778678453215

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 64f165cfac8001de9f50cbdc8110b58b
SHA1 b4d483ef73d3d246ef26dbfd53b42597c7fcaa7b
SHA256 98aeaabb831b75eee8767f7aa9a2a4c75d0134c7131e77afcf4e85d1f2deaf57
SHA512 a2bfea3eb565c0a781537e153ac14936e0cb2c135678dd23d252d918a6a0eca7f0f837ac61ba0e74d1086ef4b5baa33d4dd3c4e9d0230f0ecc6e36298058f51c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt~RFe587431.TMP

MD5 0c3ba64133602930ba8dddb2e62a1c9f
SHA1 21f8e46a345bfeddb551cb492f052aecb37e16fa
SHA256 8681abeae7c7e3884887c63f47202138105c46832b16461b1c9acbfb68cfb190
SHA512 83ea890b10c0d1269589c3f182bf9bc454601bd607906fb1b6e6fc4a99a8e189fb4eeefa1b3d60cfa47d569ed3583b084c38c376b7fcb4d5a5b2e881113b1212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 10e77ae03352b6f8bcf16c46761c00ff
SHA1 102e97f3510b87ec12949a767dc63c254ab21417
SHA256 626a67d66bc333527f3708fa31b6781f4c3f351810a6cbbad5efbb510ba71106
SHA512 2992548d72406c29124858e664b47abb324d0580dd0b403b80970c855795d11b304f96839d52df782a795fe37ec7b7905399a459b31a5656b3a214a89636196a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\31806c66-7ddb-4d26-b181-d637656f1ea5\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\8a99212e-b13e-47e5-89be-487878c42c4b.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\6f5259dc-0ef6-41df-bc45-4b63eb39f79c.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\be15bbb7-c351-4eb9-9d9b-153de06dd922.tmp

MD5 78e47dda17341bed7be45dccfd89ac87
SHA1 1afde30e46997452d11e4a2adbbf35cce7a1404f
SHA256 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA512 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

C:\Users\Admin\AppData\Local\Temp\ae6d5b25-6ff8-4b4d-b908-da9c1054d557.tmp

MD5 87996ba4dd83a8988d96e918dcb2bc62
SHA1 23910f09ea806d13d9a337a1e23d5fa49b383269
SHA256 6409d21a03faff1503aa83a19be0b7dcb701f5e4501c4fefb81877147e869d57
SHA512 a9a1b4bb6ed0410232db0414ab238baa594f6c936a801213e0e6fd7ff96f34ab57036cd0070c68d75a8cfda89b7240b6fb8f661bc9c4d9a45666a798d7d12999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

MD5 3d20584f7f6c8eac79e17cca4207fb79
SHA1 3c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA256 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 4c472291650e7624d24e3cbd9907432c
SHA1 ebcd2468b763e1943fbc19c333b735109ee736cd
SHA256 74695d0eaf5e84e224e8e7047b97fb99cc224f20e3226435eda76530dfefe12f
SHA512 f25d7bc4c97b483253d16e9fa5297e92eedeb38f158ffd423aa568b73080cd9f43bdde7e147f911565a49ebe53560dfd00c58270f9799ccebda6df8451ab556c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6817d4856718a8fc427739d67261f30
SHA1 5f04f5d98ab9142f7443f42d60b343f57f638b42
SHA256 8af2311f784aeb2a964e96d042c74e6c95e6deaf458f2ddf061d66623af19f51
SHA512 3ddb7921f93a2c967cfe032ecff0f9f31fab1702e71c8cb738c4cc210656726924fd3487fd058289718a67c221b5d4bbe1067bc56268bcddd25b2b053b919449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3dfc35c78852b9c66485cf9fdffe8cfc
SHA1 4a656ad9293c0a35a0d4ac3211a5c68a17d932f5
SHA256 35d6fd67cdc41aed436cfc73da046b1d7ad015c748e84cdf9aaaf1b69424f901
SHA512 2d6f232d5b4a6140fa6c517246ee36d5f7d8d827ee7f2494dff39b1521f1621db59b58f72e88684d4f9860ce1afbfcbf1c75e04adc75b3e720c3fd4388416060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c29f.TMP

MD5 684910dbf11bfc8311e0791ff7b62c3f
SHA1 4c0a94d8e83f0aa76ff2c33823a09f80932a9c38
SHA256 07c4f66085bbef3290edb1e867717eb0084e399b0644b81d1d293b0fd6338d3a
SHA512 5236f9deabb53a1aeefe50b13173fec729521f8b0e6039d7b6b146cee8e396dbd35ded8fa312ebf1be65d02cf04d00ab4f268394438627cc3007d251065fa0fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fdeef7e4fe084645b01e6b3d2742136c
SHA1 1b74e719a39a4940083ef172985ae0d818e0e4ba
SHA256 19fa8e73b3ccebf1c97ed8d3dc02794eaa73f9fda512ae8361b2226e09f3740f
SHA512 aca4f35f8fdfbdd4a96049fb747a5097253a621865e6706a743b74a67797964a2a02ba33ccb5fe2d5c904466784310983beea0c81ee1b55bea261e0aa6690d6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\1f8c75ac-eb67-46e3-8b2b-8db771441db3\index-dir\the-real-index~RFe58c733.TMP

MD5 2c184f6d138e19df2bb3e26c007c4a91
SHA1 eddc29726a660b97231a3f3309bd81aa5685a3b6
SHA256 abc341e2cce3d5973b25fcf0c2812a2af640c1c8e54dc21f2130c811f871c69f
SHA512 451e75f7168409f7e4243e64758494b43542b2376d0f5876173f0ba3153d0d662d94881e390b02b466e2b2c47751c416e3b37d014a15b78e8cc16ad0b252a106

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\1f8c75ac-eb67-46e3-8b2b-8db771441db3\index-dir\the-real-index

MD5 b95f1b68b1468994ac11e604279fb576
SHA1 11d5bafbe06b0a5158a76ea133769a7ebbace9e3
SHA256 8cafcce50aa4f05c5c0a7764d4c9e9dfada428661251c48ae04d3cfe642a2475
SHA512 04f736d7c5883ec01bdf4c4a3544e0fb03f767500291d58bf85171205d2fc070457d8d928ce95cb16d031227a9a36716097af84fb638c1df81be273554803c81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec8fddb767214389a7620007396906a8
SHA1 2f122ddb190a612742bcd7dd168082a6e3802748
SHA256 09ca1af0498841ff2be1476d43b38a60581b089ea00b630c24d5905a4fe3afde
SHA512 edfacf480e971ee7d0ac2f7cf3d735f34a0892be3c7910b90f65d95caa42a0a14a5b83b37bbc1b69e2f104f0b636c1ba5a6dccadd1f40a8c17de4ef93511fcc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\31806c66-7ddb-4d26-b181-d637656f1ea5\index-dir\the-real-index~RFe58df10.TMP

MD5 47aac1ba2a48786b60a7958db64f6b4e
SHA1 33f7af2f00e1281c6fcc18077e7ab85717a265c3
SHA256 2f9f517a886af5c07c1d8b314d6a3a6fa66f2dea670f5ebba79d834a0c352096
SHA512 6413c8ad63a142dc9e7165b684fd2b2b9f85a68f34217149a2bbc173e2566c5214b1b98ae657da19c78050a5489ab34b913e5dee3feb4224d45f5ec30694937e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\31806c66-7ddb-4d26-b181-d637656f1ea5\index-dir\the-real-index

MD5 513967f06b32e8c17b113abbbdca76e5
SHA1 cb5645731bdd7a8b2b6c96408db59117520eed23
SHA256 2ef436d688c4316bb688f500e8c7ae88ada40ba710e54744db0e81b97eaa353d
SHA512 816288b5c2c7413221702cd4fd4189e22437da72a4470f61e863f6d3c19daab957e892d459beb38e6867dc5b527cb093c576bbed21d2883175b30ad8da5e9760

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 15ccb6f2899902a93e06952b6276801d
SHA1 1b6b43843e6e933dcb6c1bc57b4bd58808cde621
SHA256 7f2c714dd1281d303e89332eb0b5163bbadfb9075f30aa8e69fbd5b4c9fbfdc4
SHA512 c6166221c76ac21b6975406b48384a12f15a29e310d6b0f70318397d6e65299aba7464cf537b7871dc8be263c30bc769640f5da53b7fc59c65768889fb95f8d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 d6ca8366e1899550dde00b6ca66fae81
SHA1 dd2111e0efe88c9339400823feb05280497d3a2e
SHA256 93dc67aa20ce057b1fbf53ac0b962c9190cb5d9556eb5bf9a2ad9e7f8f24aaa0
SHA512 b0368667db9ae07b59685e259a9dc4436c6985544efed0c66ec5f2f3fdcac6fd670da17be761533e68ca08457eccb69c0945eeef7035c96177535569fe50a798