Malware Analysis Report

2025-03-15 03:48

Sample ID 250213-r1gwgszlft
Target fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2
SHA256 fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2
Tags
fatalrat discovery infostealer rat stealer trojan adware persistence privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2

Threat Level: Known bad

The file fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2 was found to be: Known bad.

Malicious Activity Summary

fatalrat discovery infostealer rat stealer trojan adware persistence privilege_escalation

FatalRat

Fatalrat family

Fatal Rat payload

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of WriteProcessMemory

System policy modification

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-13 14:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-13 14:39

Reported

2025-02-13 14:42

Platform

win7-20240903-en

Max time kernel

148s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe"

Signatures

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe

"C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.yydsnb1.top udp
HK 134.122.207.6:1080 a12.yydsnb1.top tcp

Files

memory/2584-0-0x0000000000400000-0x0000000000913000-memory.dmp

memory/2584-2-0x0000000010000000-0x000000001002D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-13 14:39

Reported

2025-02-13 14:42

Platform

win10v2004-20250207-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe"

Signatures

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Temp\source1548_1959657378\msedge_7z.data C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vulkan-1.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\es.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1548_13383931308404016_1548.pma C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EBWebView\x64\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\elevated_tracing_service.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\dev.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8422f6eb-d914-4b2a-9ab9-c3ce2375f86a.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c7053255-d0ff-4650-8fda-dac2eaa26173.tmp C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\edge_game_assist\EdgeGameAssist.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\internal.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\BHO\ie_to_edge_bho_64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\hi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\resources.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vccorlib140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ms.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\mip_core.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\LogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\et.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\ = "URL:microsoft-edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\ = "Microsoft Edge HTML Document" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\runas\ProgrammaticAccessOnly C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mht\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\Version = "1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.webp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3311063739-2594902809-44604183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationName = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO\\ie_to_edge_bho.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationCompany = "Microsoft Corporation" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\DefaultIcon C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationDescription = "Browse the web" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\elevation_service.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\ = "IEToEdgeBHO Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\ProgrammaticAccessOnly C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2764 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\MicrosoftEdge_X64_133.0.3065.59.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 2764 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\MicrosoftEdge_X64_133.0.3065.59.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 1548 wrote to memory of 3428 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 1548 wrote to memory of 3428 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 1548 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 1548 wrote to memory of 2660 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 2660 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 2660 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe
PID 1548 wrote to memory of 5024 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1548 wrote to memory of 5024 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1548 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1548 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 5024 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 5024 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1548 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1548 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1440 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 1440 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 112 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
PID 112 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe

"C:\Users\Admin\AppData\Local\Temp\fb54f1b9742bc5822b05437cc0b2dc64ddfa13a7546007621094d089d6fe96f2.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjcwQ0JBQ0ItQzM2Ny00NUExLUE1MUMtQkUyOThCODU0ODU4fSIgdXNlcmlkPSJ7OEU3NEQ3ODItOUFDMi00MDc5LUE4OUUtMUJCMTlDRTQxMzUyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MkE2NkY5MUMtQ0FDRS00MzBCLTk5MzgtREQ0Mjc4RkZEN0I5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5ODUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODQ0NDQzNjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODc1Mjg2ODU0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\MicrosoftEdge_X64_133.0.3065.59.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7fcdc6a68,0x7ff7fcdc6a74,0x7ff7fcdc6a80

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7fcdc6a68,0x7ff7fcdc6a74,0x7ff7fcdc6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff72bd36a68,0x7ff72bd36a74,0x7ff72bd36a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff72bd36a68,0x7ff72bd36a74,0x7ff72bd36a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff72bd36a68,0x7ff72bd36a74,0x7ff72bd36a80

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa

Network

Country Destination Domain Proto
US 8.8.8.8:53 a12.yydsnb1.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
HK 134.122.207.6:1080 a12.yydsnb1.top tcp
GB 2.16.34.58:443 www.bing.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 52.252.28.242:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 96.17.178.183:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 a12.nbdsnb2.top udp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp

Files

memory/472-0-0x0000000000400000-0x0000000000913000-memory.dmp

memory/472-2-0x0000000010000000-0x000000001002D000-memory.dmp

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 f0515557f4e39ac401a2d30b1a1f7a61
SHA1 79971d3b00f72494ec346f6e3b4afece196f2b15
SHA256 b5ddc1a9010e02eeaf1d1a684a44b9fff3a19be3e97a5faf56a1ce5f8394847b
SHA512 5552c375b297b9bbde9c0d398aae9143f32c85f2464133faaaa191ac2432f0efb065406a39450de094fe54534870a0c6882b9a702b2b5356a32ca08b24419422

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DCDEAED-B77B-4F2A-8BF1-B4DD22EC5A5B}\EDGEMITMP_A8C07.tmp\setup.exe

MD5 1b3e9c59f9c7a134ec630ada1eb76a39
SHA1 a7e831d392e99f3d37847dcc561dd2e017065439
SHA256 ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae
SHA512 c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

C:\Program Files\msedge_installer.log

MD5 67ab09279f8d0c7de9742e84e184858b
SHA1 df3ec0c27513adc8d5c9a132b63209c623d01c6f
SHA256 05294e54e13140f355dcbb73db089b5e20b6d24bd0b03d0ae46f599df9d9e2c6
SHA512 33cf400bf101147fe67b56c4dbc225503910676fdaa6acc5bbaedf749c5e628186c23988c5faa1aad717e8a55083806e75934be270d35a2476a66bd7d2597a6f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 ad5f7dc7ca3e67dce70c0a89c04519e0
SHA1 a10b03234627ca8f3f8034cd5637cda1b8246d83
SHA256 663fe0f4e090583e6aa5204b9a80b7a76f677259066e56a7345aebc6bc3e7d31
SHA512 ad5490e9865caa454c47ec2e96364b9c566b553e64801da60c295acd570017747be1aff6f22ca6c20c6eee6f6d05a058af72569fd6e656f66e48010978c7fd51

C:\Program Files\msedge_installer.log

MD5 f89681ef84797f7c1d210be182d30920
SHA1 2f41be8b50ea3f001e5b78a9053a676d1f31a178
SHA256 66657f0d4ed7a9fb78f51910a30b3438c24d29b141341b786aaf1d3a774660a0
SHA512 b93cb2f9511b7e7fe72d32814e44aedfee3a456271c33ed2477451dd197d7ae6a784c2d0b841cb3893668fd41f28c4703f2feab30aea875053df641a19e22d7b

C:\Program Files\msedge_installer.log

MD5 a103167407b439f79defe3df5a164b2a
SHA1 a1b9fb9cf8c8c2b03e08ff47d49a22884ddd7a2e
SHA256 1be8099e063046521128edadcbfa916e8c16fb1baa37e7e47c0d0558b923f889
SHA512 e829770f91e27d8980620182775cfcf462ebf47cc5853d75c3f8c7b0382832a7eb966fc2cf1269308b889b95f7d28dcd2064eb99aef05020bf7a6d4e5beac81d

C:\Program Files\msedge_installer.log

MD5 8ba2775a063569d0aa0140655f41ddbc
SHA1 99e48023379dc1a864a11aa6fd136892d7741ff4
SHA256 dd0fa5d48b0d7f98199b496852581a51b1b7be236eaddc8d0cc2ac29d74bc046
SHA512 95177cdeb795d67cd7b1ae69e1ebb8de2ded6e5b6c57c995a7f7d2c5ae4b5421e32c9d28b8575c0355cc9ffb6f07ca108f9b3137c31531861a98b06e56a3f990

memory/2896-81-0x000001AE7F8B0000-0x000001AE7F8BE000-memory.dmp

memory/2896-82-0x000001AE7F930000-0x000001AE7F93A000-memory.dmp

memory/2896-83-0x000001AE7F9A0000-0x000001AE7F9A8000-memory.dmp

memory/2896-84-0x000001AE1B200000-0x000001AE1B449000-memory.dmp