Malware Analysis Report

2025-08-10 23:21

Sample ID 241117-krp26swenq
Target Epherome_1.0.0-5_x64-setup.exe
SHA256 1accfe058c211aaca53ea32d814fb68359a0628cd8073eeed8db1dbcb1b6fc01
Tags
discovery evasion persistence privilege_escalation trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1accfe058c211aaca53ea32d814fb68359a0628cd8073eeed8db1dbcb1b6fc01

Threat Level: Likely malicious

The file Epherome_1.0.0-5_x64-setup.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence privilege_escalation trojan

Event Triggered Execution: Image File Execution Options Injection

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Network Share Discovery

Checks whether UAC is enabled

Checks system information in the registry

Drops file in Program Files directory

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-17 08:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-17 08:50

Reported

2024-11-17 08:53

Platform

win10v2004-20241007-en

Max time kernel

177s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe"

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Epherome\Epherome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Epherome\Epherome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Epherome\Epherome.exe N/A

Network Share Discovery

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\vccorlib140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_af.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\de.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\oneauth.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\tt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\learning_tools.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\NOTICE.TXT C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\onnxruntime.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\en-US.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdate.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\fi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msedge.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\uk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Mu\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_nb.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\dxil.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Mu\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\edge_game_assist\EdgeGameAssist.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_id.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\VisualElements\LogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_is.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\ca.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\he.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\ne.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\identity_proxy\win10\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_de.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763071930321496" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1356 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 1356 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 1356 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 764 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe
PID 764 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe
PID 764 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2468 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2468 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2468 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2468 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2468 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2468 wrote to memory of 468 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3320 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3320 wrote to memory of 640 N/A C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3480 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3480 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3480 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3480 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe
PID 3480 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe
PID 4444 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe
PID 4444 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe
PID 2220 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe
PID 2220 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe
PID 3480 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3480 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3480 wrote to memory of 2692 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1356 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe C:\Users\Admin\AppData\Local\Epherome\Epherome.exe
PID 1356 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe C:\Users\Admin\AppData\Local\Epherome\Epherome.exe
PID 1188 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Epherome\Epherome.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 1188 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Epherome\Epherome.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe
PID 3092 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe

"C:\Users\Admin\AppData\Local\Temp\Epherome_1.0.0-5_x64-setup.exe"

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5NzBCNTctQUMwOS00NTdGLUFGQTctNjZGOTA1RDJERTdFfSIgdXNlcmlkPSJ7ODVGNTY0NEYtMjYwNS00MTRFLUI0ODMtNEVCODE3NjFERDBFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMUM0MUNEQy02QUVGLTQwRjQtOEVBOS03NzBGRTc0RTEyNjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODMyOTE2MDAyIiBpbnN0YWxsX3RpbWVfbXM9IjU2MyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{52970B57-AC09-457F-AFA7-66F905D2DE7E}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5NzBCNTctQUMwOS00NTdGLUFGQTctNjZGOTA1RDJERTdFfSIgdXNlcmlkPSJ7ODVGNTY0NEYtMjYwNS00MTRFLUI0ODMtNEVCODE3NjFERDBFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MUFCMzE3MTMtOTcxNS00NkUwLTk3MEItOUE2OTFCQzAzOTAzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNDAiIGluc3RhbGxkYXRldGltZT0iMTcyODI5MzM2MSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY2MDczOTE0MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4Mzc2MDM1NDMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{881F11E1-48E2-43ED-A2B0-C1B0F24919BF}\EDGEMITMP_8C8C9.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7d8772918,0x7ff7d8772924,0x7ff7d8772930

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5NzBCNTctQUMwOS00NTdGLUFGQTctNjZGOTA1RDJERTdFfSIgdXNlcmlkPSJ7ODVGNTY0NEYtMjYwNS00MTRFLUI0ODMtNEVCODE3NjFERDBFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGOTBGRjQyOC01NkIwLTRBMkMtQTE2My1BNzg3ODhFNENGM0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy41MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg1MTUwOTg1MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4NTE2NjYxMDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTM2MjA4OTI1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yNmQzOWY5Yi0wMmUxLTRlMjctODRlMi1iNTRiMjRkYzY4M2U_UDE9MTczMjQzODI0OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1meXhRSGhUNDI4Rk9TVU5mS1NSbSUyZk9XWmRSU0IxNlRjOFdxeDV2R2piMXF0dWhwYm9hN3JCNGtLOHRqanRpQU9GeGZja3h6NEpOc1pXZmdsWHBpMTVBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NjA3ODI0IiB0b3RhbD0iMTc2NjA3ODI0IiBkb3dubG9hZF90aW1lX21zPSIyMTc1MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxMzYzNjUwNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTUyOTI3NzIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NzczMDU2MDk3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTAwMCIgZG93bmxvYWRfdGltZV9tcz0iMjg0NTQiIGRvd25sb2FkZWQ9IjE3NjYwNzgyNCIgdG90YWw9IjE3NjYwNzgyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIwMTMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Users\Admin\AppData\Local\Epherome\Epherome.exe

"C:\Users\Admin\AppData\Local\Epherome\Epherome.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=1188.2028.11196430996058002191

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.epherome\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.51 --initial-client-data=0x15c,0x160,0x164,0x138,0x198,0x7ffd366b6070,0x7ffd366b607c,0x7ffd366b6088

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1828,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1860,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1728,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.epherome\EBWebView" --webview-exe-name=Epherome.exe --webview-exe-version=1.0.0-5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3512,i,16049773230749111423,3059220957684016223,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 172.169.87.222:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 222.87.169.172.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\StartMenu.dll

MD5 d070f3275df715bf3708beff2c6c307d
SHA1 93d3725801e07303e9727c4369e19fd139e69023
SHA256 42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
SHA512 fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\nsis_tauri_utils.dll

MD5 0ba06473cec3f0e72fc6865d870b6bd9
SHA1 16df1d1a5b4d5df3859447279c55be36d4109dfb
SHA256 2b454443f12806d9e531e18bf19933c0aad1cd8ae397c71b99e814566e6bb5fd
SHA512 42b3c4ce685afb43b8ba235b29919f7fdbc1997618b74d189817d14d1d80e52ea67f6e614d4097bce6ca53b90d46a6d6a54882cd2ea176134a308b64a2b882cc

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 431a51d6443439e7c3063c36e18e87d6
SHA1 5d704eb554c78f13b7a07c90e14d65f74b590e3a
SHA256 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6
SHA512 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdate.exe

MD5 35a79bd6de650d2c0988674344bf698b
SHA1 a0635c38472f8cc0641ceb39c148383619d221dd
SHA256 a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1
SHA512 afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdate.dll

MD5 39ac5a029f87748e964491b97936d890
SHA1 24777aad794a13d0e7381fc6f32f0e1bcdb1ba80
SHA256 ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc
SHA512 2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_en.dll

MD5 894b6ea4b49fa390bd70167a75f3ff7b
SHA1 4f834ef6567d02f28390d63c8ca9fd3c735b2140
SHA256 a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a
SHA512 9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdateCore.exe

MD5 dd30f3ff486b830211df62d20348f86f
SHA1 08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf
SHA256 9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7
SHA512 af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 c55b37823a672c86bc19099633640eab
SHA1 da5e15d773c794f8b21195e7ad012e0ed1bceb72
SHA256 3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0
SHA512 1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 1723c5e707061e59d769c492a95d5083
SHA1 3b535b7a0df2f7a4ab5e531956dad9892adfb5e9
SHA256 e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab
SHA512 a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ar.dll

MD5 b4c28669b9d4e56b094af6062f4db065
SHA1 4c492c03138c8a796cf0673866892b9e0c2073ec
SHA256 7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb
SHA512 35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_as.dll

MD5 16b0c8a664626da016a95fb46fdc9c0e
SHA1 c674b635cd8927511825847f3d86a5562b4155d7
SHA256 b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255
SHA512 ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_cy.dll

MD5 11b92ae8fe94c784480d465a37935766
SHA1 f4ead29d4b20c57bb0e4d16a7488784f61a25972
SHA256 571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161
SHA512 b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fr-CA.dll

MD5 08b6c8f26644370c6dcbee63e4abf884
SHA1 e4981733831c4d31715cad1749545d21dc29acf2
SHA256 916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8
SHA512 31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_hu.dll

MD5 df2764d7bf9bbc6d4e96301c928566b5
SHA1 1f9adfed63fff6cd144515e8a7fbf8c4131d2f65
SHA256 3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514
SHA512 8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lv.dll

MD5 0edaf7aa97694524c60369256b17c9f8
SHA1 48a81d2c180b9dbb970dfc381b204c3e0bf11532
SHA256 74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe
SHA512 de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lt.dll

MD5 883f3e1c963322852aa6ce7177ba11fd
SHA1 3da37835cb54a847e3fa2edec45c4589e2c31561
SHA256 c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5
SHA512 52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lo.dll

MD5 b0973b4e4407ea116a723bd7c39c1d45
SHA1 011e9126cf2fd3db3f0f810dc1d8e60891ef0695
SHA256 36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a
SHA512 574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_lb.dll

MD5 9c7c3dec8769f8b33aab63a15f642d81
SHA1 41ab17373c388d005b6d39c3ffc9fd5aac1a75cb
SHA256 c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7
SHA512 86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_kok.dll

MD5 f97d285a3ba35b1395d9868e15bce4f1
SHA1 154dfcb8646bdb02b618dddf8a0dc1cbdab2269a
SHA256 33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4
SHA512 bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ko.dll

MD5 6c3abddca78cb3ba9f724bad9fed6165
SHA1 3114daf9295215bbeed0f4bb4e282b46ec1c74ae
SHA256 d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548
SHA512 b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_kn.dll

MD5 1ee9fe48904cb43a9147bf16823b16f1
SHA1 19fd9c0a2a1d919340eefca7956bd84df467b737
SHA256 a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d
SHA512 b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_km.dll

MD5 5ef433fe15a877e530ba0a044486f200
SHA1 db1deb37392e001353f5a098d8686a17fc156b40
SHA256 896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502
SHA512 97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_kk.dll

MD5 d9b956ec540d8b1e528d88d8c5e5fdaa
SHA1 bb967aeba493d9ac0b3889f7bbf9136614080331
SHA256 cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901
SHA512 d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ka.dll

MD5 67eb1378381ad4d1a450bd26fe51f5e3
SHA1 ae0655d07a4d0b049ed258de646199f9004963ce
SHA256 b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9
SHA512 1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ja.dll

MD5 0ff69dde83bf61a768bc63870d687747
SHA1 622714cb8eac68b79021800f28f5874aa23176b5
SHA256 3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7
SHA512 e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_iw.dll

MD5 d92167a825c73bd6246483bfa1787c8c
SHA1 0a96d89226f1e694275922e5e2640bca3d7e7020
SHA256 d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019
SHA512 12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_it.dll

MD5 0da1fde56fc0bf63e17a891e99f559f1
SHA1 131d18d7329be3ff21c78a3921b88e910a3d5a68
SHA256 ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec
SHA512 67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_is.dll

MD5 28064f47523b575c20fc85733cddf487
SHA1 0c5583888be256c8e09a396e333ad158b5f87553
SHA256 0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a
SHA512 d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_id.dll

MD5 c80c6530280315158443cd04f89e9169
SHA1 fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d
SHA256 52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de
SHA512 bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_hr.dll

MD5 ca9abf92edc001d3c0cea4c926bd004c
SHA1 740513a325a5c15376f4b1aea402e9c54155ab33
SHA256 d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346
SHA512 7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_hi.dll

MD5 274c267b7ee544d36698b2db119a6929
SHA1 27377267ddc09060254033c4aa9916a60a254956
SHA256 ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f
SHA512 f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_gu.dll

MD5 bb4a1f9374f1c3e0cbc4788a3ce1d4c5
SHA1 30667d6dbaa689db9a08b42acacdf68435dac46e
SHA256 bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655
SHA512 d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_gl.dll

MD5 31276d0895baff6976c94c549efbb47d
SHA1 4f0fe790cecc28823e6359fb3b78dde13cc17681
SHA256 d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88
SHA512 413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_gd.dll

MD5 d64f47e1971f1e9faba211ca984e550c
SHA1 6f4de57c6f174dd778788b138a9b25cf4725258b
SHA256 75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00
SHA512 722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ga.dll

MD5 3ca8dfe9af49bdde95188002ebd5f227
SHA1 d18d7af889c4d03ea417c09bc56069f3f697c547
SHA256 6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5
SHA512 a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fr.dll

MD5 cf3ff14718b5e6125b956d6d9e897196
SHA1 041de2587e03f6c52dba60e9d2459ce33b263eb9
SHA256 d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa
SHA512 551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fil.dll

MD5 20134024ed75deda002dc0839b352f84
SHA1 e67bbd13a320d2b4413b283e165385c44a65ea0d
SHA256 425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76
SHA512 7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fi.dll

MD5 7f47c9b9bc9488754579935209291c55
SHA1 470e590c6f5263a44b95abbd6d0c158fae326d21
SHA256 f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75
SHA512 6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_fa.dll

MD5 ba417f44f7564f1aca70cca9166f3f44
SHA1 d8f064e25038e0076bffcd1a694b58063b7268d7
SHA256 56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703
SHA512 c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_eu.dll

MD5 ed883bbd9e4b3de4db68e356707f3e67
SHA1 e03dde660c15a614442552f8c4d2cc5dd8425fc1
SHA256 168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7
SHA512 ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_et.dll

MD5 6b03eb5b302e72727977f2431ea7f30d
SHA1 ac5cab93d3c28e46f92d2719638c739c680cc452
SHA256 b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137
SHA512 362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_es-419.dll

MD5 bcafbabbfc8f810220b2ebdbb8a76d19
SHA1 58703c8355f996f2ce8ae5fd1ce4dc29318fd414
SHA256 7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7
SHA512 b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_es.dll

MD5 3ccb8eab53a0b4c93507bf2adff6ced5
SHA1 25fa2435e97bd0e1cf986a882ce33e68f961c139
SHA256 8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0
SHA512 4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_en-GB.dll

MD5 39dc20ae50a0e2ba9c55dda91256b3cc
SHA1 464139f11db3fd6ae77502b183c4b59f581d6c7a
SHA256 e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14
SHA512 08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_el.dll

MD5 09cf47260852ff7b2c91c65d127b9314
SHA1 b3d362f3d08f81bd1b719a1c94b54f5f9c9610da
SHA256 eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920
SHA512 114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_de.dll

MD5 ce66ef1a806c21949b75055f81cac760
SHA1 3719e4af114a3c0baceb133d152a02bc6a1fb9f8
SHA256 23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f
SHA512 04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_da.dll

MD5 19a7aee0daf68fdc1a24e3228a8bf439
SHA1 1fc6ce227a11245787c80f3932e2c311de2d44bb
SHA256 409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99
SHA512 0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_cs.dll

MD5 8eff4531519a4b768005b9411d4a5f9c
SHA1 59b354e3f32f0a0da8755c27b903803994f4aa31
SHA256 2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0
SHA512 4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 afdafc9f56401b662f42cef830d92b38
SHA1 b56966370ec07cd676e35d93fad001e0f6b3fb8a
SHA256 03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72
SHA512 884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_ca.dll

MD5 15ee7526536790bf77317975896542f9
SHA1 365bc54203b490daa0e24a1c9813d5d99c9de720
SHA256 5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e
SHA512 475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bs.dll

MD5 5e06d311c2e24b94f378c4d3b3deb260
SHA1 ef7df63f63746eb197c21694ebb21cfb86c0b2b8
SHA256 d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65
SHA512 8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bn-IN.dll

MD5 1e038b27661b303e15a39a55305e86bb
SHA1 35b48fe72d50406063f9145fea64c57f205f0084
SHA256 385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364
SHA512 13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bn.dll

MD5 9afe531b6472cf9eb66028e9638584bb
SHA1 6212292867bd59fe376e79988c07f4db8ad26cdc
SHA256 383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812
SHA512 352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_bg.dll

MD5 4b23c7229eb43740744cfbf48c4242ca
SHA1 4938dcf6239e14db53c8f085d3c477905a9986af
SHA256 a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2
SHA512 4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_az.dll

MD5 bf510bb9b7639af7da969f77620b480f
SHA1 17a6693a5d6aea1f3fa6f34abc46daf558cac645
SHA256 2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3
SHA512 6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_af.dll

MD5 2a9524cf8afae49394379d9d9be69206
SHA1 e43d4146f8abebbb30831fbd39a39846bfb7eeef
SHA256 e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0
SHA512 a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\msedgeupdateres_am.dll

MD5 1903bc250fc269e79c9f7aada2979aff
SHA1 efbf76b1259217c02c138078c56f36b2cb8543ab
SHA256 228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04
SHA512 9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538

C:\Program Files (x86)\Microsoft\Temp\EUAA69.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 e5b7394a73c9081d0ecf69763038d170
SHA1 d8eb184df8502aec696403689e044f617fd700f6
SHA256 562d22c0e033ed3f483c392ac158884785940254e692f1e9a0d5939f201060a4
SHA512 bb9a724bcdbcb74f5d8e288a222809eb0e464f30e237e6e10f27047d278daa7015e37187bd770c1de5b609d049867cea6712fec41c0e4b259ff43effdd9b78b2

memory/3320-210-0x0000000000690000-0x00000000006C5000-memory.dmp

memory/3320-211-0x00000000735B0000-0x00000000737D6000-memory.dmp

memory/3320-217-0x00000000735B0000-0x00000000737D6000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 a4dc4af4e9e731509fd452129667e3e1
SHA1 d865b86165eb7428acaa817ab64543e200cf0810
SHA256 a533804f73e860681eea27f465ac878bab43395b6887bbce90b293e0e4021524
SHA512 edbb1ddfe2c577303468613569ed7b076ad3062984b189c8f627c98791b638e05128a604e61ea829c636e6a745f7ae392528a8cf912094f0743d0260c8a46acb

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Installer\setup.exe

MD5 e8ecc691b6b345c25ea749591911d934
SHA1 b54f8b8ece5c4221c4180edfdef39df38a36ba21
SHA256 e226aafcb47b85afe8962b885921dd982bbeb356ddd1c66e5a6f42be80dd052a
SHA512 9364268b3e7333a6d52e3ab1eedb15c9cee98d5139be0708790275ef05abba12f32c2a39546b4c81f799d7ee662d5f705af9de28b0fca12a64c72ebcccd4f066

memory/3320-269-0x0000000000690000-0x00000000006C5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epherome\Epherome.lnk~RFe5922a1.TMP

MD5 b50603a6ce58d999997bfd7d33da271d
SHA1 073c71f68985ba9c40dfaf231e394f6c09f74ed2
SHA256 c3e8a922effd97f4c30c7ef914965fe504b15a8241c20fc2cbe180f9224311e1
SHA512 a6ab7473e9bb0933afff34d479bbd7af1b4cb53cf17c0104214119b8f527cc61eaf1bb1a8ab8b0eb35ff8ccc6512aa9f6b92165c7beb46f84109bbe18c508606

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epherome\Epherome.lnk

MD5 f015f4ed19a7b0a55c929cab79b09952
SHA1 df8df2a7bbb2bd4fb7bf3d1de8ca4ee571be11d2
SHA256 57706a9991502c5c3dca463eb10d5b2556d050c12ae212be5c5f378adcec4e5f
SHA512 a3c9d8b4ae9f85a06a8ebef60fdde0fce085d4f0874184b522b51b5c26b49b29de109a342cef374462e87e9906eb9726ec2fce23f95f46643a1dbb3816e6b689

C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\Desktop\Epherome.lnk

MD5 5a04aeb047f1a7160233ac2d6dfe16d4
SHA1 5dac84d5b4186350d98af1502c6de22601fbc950
SHA256 76876aad6e179cadb4ad80b0e2ab55fa082ddea78198447d322a20edf2b4c844
SHA512 777eb0d506941eb15ae0b4af97d3106a34d8bf0e25b5fea2614ac9adbb01e4c831c925d4ac3a8dad84f107358a0fa1d68a76003d40270b37db161861625608fd

C:\Users\Admin\Desktop\Epherome.lnk~RFe59e073.TMP

MD5 501a21a42f745ce518b396663877430f
SHA1 81b17c5055fb50fff1c0876cc77ddcca22ab1959
SHA256 158a4e17258b7a1fc5e4481960f7b24f2206fa012cfba12b9c3ee7d2e4757eab
SHA512 21ff3a31dd016e98648b9b1809fa71c75b59bbdd316571cf127fc6e3b83b7c9f0ae9ede7ffda7143bc99d9a369db2a431a4dae1b0b4c52a82de5873b5f434f68

C:\Users\Admin\AppData\Local\Temp\nss803E.tmp\ApplicationID.dll

MD5 91c2e2f34b5bba068e9a6178e13a4e5c
SHA1 affcac00894c9afd152e55d0bff7899349edcd6c
SHA256 f6851dcbf0a39edecd8a46564bc455e5273736c3dbcb02b954c201c79ccdf117
SHA512 ce7f629bc0e6e10eca9d671513062f353d8d47666df58c9ad7cc7f767df520b75b2da1f9d6551eae86c738455919463ec89a0c3dc2a8366fa021e6fa6e292000

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State

MD5 02443ec0557050cae37d5c42cd7a1dff
SHA1 f3aef351db81e8b474148dd9f89a806b70bbb963
SHA256 817d91e939fde06fb7921d4b8181fef0f034544b205c655553252988f6519256
SHA512 2fcb51e191fabfb0fe116c70ee10764fa823b58164ecc7e87b572ca6788be0b6596ea01499aa06d9a62d780f684de7402f2438563537d70cdbe34305c8e88f6f

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State

MD5 5b46b5e41b730a51b36b18222bcf1051
SHA1 915867fad74b950ce737212edb3aed3524b3c7bb
SHA256 e661d6f7ee032ba4c96cac909b322c8679a7768e21a422f35e73979f7df3cc3c
SHA512 b4bdc1869379e03647237a12f16bc34964838ca0b4012804cfd846d7ef4a98e74ee6e767911062b3b14ca83651c72df5f4ee90b5353f1d95853116953115efb3

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State

MD5 9867a4c6745fc0e8ff9b5d5c98c11fac
SHA1 bc7943d8f6c13b9749119b452de1b68d8a7504fe
SHA256 caa108cb86ed4d3f1f4c7fd0bab0fffb914dac93eb66467554f39634569c3880
SHA512 28b56613162b4e1d63ca8baf328142fb9d2e845fb8495c2dcc6f176a04988f06ffe8fa7f81e673cf72c447ab9ff94f2c1ec1b6d6a7528dc41792107dc31eca82

memory/4780-428-0x00007FFD52730000-0x00007FFD52731000-memory.dmp

memory/4520-429-0x00007FFD52A00000-0x00007FFD52A01000-memory.dmp

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Crashpad\settings.dat

MD5 05fe04f3c3441c017e78c27e9c680d7b
SHA1 d7160755fae5f345f21a5b3387c4dd08bca1d73e
SHA256 da3d8dbf05256be545e30543fc0cb97db090fbeb7d5b035f4224b47c15b4a864
SHA512 4702cc9221fa8541adf94739d23ffb51151ca242eab0d7d095ba3c5b32d5770cd138227f46ed156889c97f8c5bac87929791fc8dcfef0af97722a2555dfb32ad

memory/3744-350-0x00007FFD52730000-0x00007FFD52731000-memory.dmp

memory/4520-430-0x00007FFD52000000-0x00007FFD52001000-memory.dmp

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State~RFe59e3de.TMP

MD5 064368f3f354a7636860901cf4f7e3a7
SHA1 5bbbd3b84ce6c1a7469f5c905aafa46e82d60f69
SHA256 d4378b2051399309f426b2939f70758e63a23d63dd0e3b97a66dbf724fc29d84
SHA512 9f8e02a75436a7efa7c7658098e9d21a21f0e15a8b052a1437799c85b74f70a7fab116ee21b3f768eff4fe34314860ce82a7ea8e375304e4f6d6c84f90e7381b

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Local State

MD5 b226b47d7726472e92f2a559da6d11b3
SHA1 d39c1bb1541c3510b285f10e3d63643de35db28d
SHA256 8013dc3495adb77a9a4f72a668d060abcda30aee17c0b1adde7ec2b034757eba
SHA512 922dbca14da1a1bbb78e826be1d0b7e7c9e55768a6a266fb215498059b790b017fd796c0c6cbb184aced7d6d0ef64672ae292f7f3f769b0f260714a073730c1e

C:\Users\Admin\AppData\Roaming\com.epherome\config.json

MD5 b27aeae7f63d3cc4d5d967fe868e4405
SHA1 a06edcc7a7f1124ca8e2a44b2212db0889b7bc11
SHA256 cc2d250dc3eba4b7dd8bcbdeacab30f013a4524276a47901d66fa4717abe2e4b
SHA512 81c9aec41f0eecac70b72b0b73bdabdc3f0fbbf14727aa2adfe0985aec9a99bd70d81e68d912221013ef29ee6f2b486fa0fe9cee048727303342623831ac2b7a

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 d674002ec1b6213d61b98c9e9d9b9b82
SHA1 2e4031c41c9e47d44f56367e8b9fef342e3a6e15
SHA256 5fe08f2346b6c7eddc1fee9fb2d644e0fd98a3e232aa1786212e2392ee788fa1
SHA512 e5b0baad1b73630345bcea8db07715ad2bd13d3b10ce9432f5d40d20e722bb2e8f6027a3d9057804d7c627c252b0f2c4eebe5c0e715249bbdbcc25fc40e1abab

C:\Users\Admin\AppData\Local\com.epherome\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 01c2f9038383d173f0360a35d682fee5
SHA1 85327012c3caca2cd717183b07e707286193cfc1
SHA256 176d21af58783edc3d883ad133388cc8a1f20837b6e9e206ac3da779867faefa
SHA512 6e0032d40f7400f98bf8bb82d3289a6d3aa8cd4efd0d3596b2f3ed79bff7714232628dac83701865eb03641f5d92431faf6ab3111c22db907dea1827aa10e426