Malware Analysis Report

2025-03-15 03:48

Sample ID 250217-qjlbxayrfr
Target 970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3
SHA256 970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3
Tags
fatalrat discovery infostealer rat stealer trojan adware persistence privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3

Threat Level: Known bad

The file 970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3 was found to be: Known bad.

Malicious Activity Summary

fatalrat discovery infostealer rat stealer trojan adware persistence privilege_escalation

Fatalrat family

FatalRat

Fatal Rat payload

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Installs/modifies Browser Helper Object

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Checks processor information in registry

Modifies Internet Explorer settings

Modifies registry class

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-17 13:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-17 13:17

Reported

2025-02-17 13:20

Platform

win7-20241023-en

Max time kernel

149s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe"

Signatures

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\admin.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\c:\admin.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz \??\c:\admin.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A \??\c:\admin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A \??\c:\admin.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1048 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe \??\c:\admin.exe
PID 1048 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe \??\c:\admin.exe
PID 1048 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe \??\c:\admin.exe
PID 1048 wrote to memory of 5236 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe \??\c:\admin.exe
PID 1048 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe
PID 1048 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe
PID 1048 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe
PID 1048 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe

Processes

C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe

"C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe"

\??\c:\admin.exe

c://admin.exe

C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe

"C:\Users\Admin\AppData\Local\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe"

Network

Country Destination Domain Proto
HK 103.68.195.146:443 tcp
HK 103.68.195.146:443 tcp

Files

memory/1048-0-0x0000000000400000-0x00000000004FB000-memory.dmp

memory/1048-1-0x0000000076E70000-0x0000000076EB7000-memory.dmp

memory/1048-504-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-524-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-546-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-544-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-542-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-541-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-538-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-536-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-534-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-548-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-532-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-530-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-528-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-526-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-522-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-520-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-518-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-550-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-516-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-514-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-512-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-510-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-508-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-506-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-503-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-552-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-564-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-562-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-560-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-558-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-556-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-554-0x0000000002360000-0x0000000002471000-memory.dmp

memory/1048-2239-0x00000000020B0000-0x0000000002231000-memory.dmp

C:\admin.exe

MD5 7a96cacfa36023763cd276819c1be778
SHA1 2c087b1688bcaffba3426de47a0c0015a6b4d070
SHA256 970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3
SHA512 27a1f43bb68d353fdd4a9f815a53357d9001dd408be01043c211483ed5839621b31ec57719b18c070011100c541b22508127714af763ef7af7d763d2ac15f7a7

memory/1048-7790-0x0000000002770000-0x000000000286B000-memory.dmp

memory/1048-16506-0x0000000000400000-0x00000000004FB000-memory.dmp

memory/1048-16507-0x00000000033A0000-0x000000000349B000-memory.dmp

memory/1048-16504-0x00000000033A0000-0x000000000349B000-memory.dmp

memory/5236-25215-0x0000000000400000-0x00000000004FB000-memory.dmp

memory/1048-25222-0x00000000033A0000-0x000000000349B000-memory.dmp

memory/3316-25223-0x0000000000400000-0x00000000004FB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-17 13:17

Reported

2025-02-17 13:20

Platform

win10v2004-20250207-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\mip_core.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\ru.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ca.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\eventlog_provider.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\mi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\internal.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\beta.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\edge_game_assist\EdgeGameAssist.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\oneauth.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\SmallLogo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\nn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\dxcompiler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\Logo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0537896a-f21e-481c-ab08-4bde6afdd96e.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\PdfPreview\PdfPreviewHandler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\133.0.3065.69.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6012_13384271985128062_6012.pma C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5788_13384271987986702_5788.pma C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win11\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\dual_engine_adapter_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\ffmpeg.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6164_13384271989582563_6164.pma C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msvcp140_codecvt_ids.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationCompany = "Microsoft Corporation" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationDescription = "Browse the web" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ = "ie_to_edge_bho.IEToEdgeBHO.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LoadUserSettings = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\ = "URL:microsoft-edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\DefaultIcon C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\Version = "1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,11" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Windows\system32\wwahost.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5748 wrote to memory of 5788 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\MicrosoftEdge_X64_133.0.3065.69.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 5748 wrote to memory of 5788 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\MicrosoftEdge_X64_133.0.3065.69.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 5788 wrote to memory of 5812 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 5788 wrote to memory of 5812 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 5788 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 5788 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 6012 wrote to memory of 6036 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 6012 wrote to memory of 6036 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe
PID 5788 wrote to memory of 6164 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 5788 wrote to memory of 6164 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 5788 wrote to memory of 6176 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 5788 wrote to memory of 6176 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 6164 wrote to memory of 6196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 6164 wrote to memory of 6196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 5788 wrote to memory of 6200 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 5788 wrote to memory of 6200 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 6176 wrote to memory of 6232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 6176 wrote to memory of 6232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 6200 wrote to memory of 6480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
PID 6200 wrote to memory of 6480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe

"C:\Users\Admin\AppData\Local\Temp\970d11840a9afac9c17131613d391da0f82c71cec0f119d62504754292e4a0d3.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkJFMzAwOTctNUEwQy00Qjk4LTlEMTctMUU3MDg4ODgyNDAxfSIgdXNlcmlkPSJ7RDM5MTYzODAtRjU3Qi00QzAyLTlGNjgtOUQwQzY0QkE1QkY4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjExQzA4MUMtNkU2MC00NjZELTlBOTctMjE1M0VBMEMwREM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY0MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODc1OTU2NTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzQ1Njk0NDIzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\MicrosoftEdge_X64_133.0.3065.69.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\MicrosoftEdge_X64_133.0.3065.69.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\MicrosoftEdge_X64_133.0.3065.69.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7087a6a68,0x7ff7087a6a74,0x7ff7087a6a80

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7087a6a68,0x7ff7087a6a74,0x7ff7087a6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff666ee6a68,0x7ff666ee6a74,0x7ff666ee6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff666ee6a68,0x7ff666ee6a74,0x7ff666ee6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff666ee6a68,0x7ff666ee6a74,0x7ff666ee6a80

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa

Network

Country Destination Domain Proto
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 4.155.164.36:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 92.122.166.16:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp

Files

memory/3612-0-0x0000000000400000-0x00000000004FB000-memory.dmp

memory/3612-1-0x0000000076420000-0x0000000076635000-memory.dmp

memory/3612-3276-0x0000000000400000-0x00000000004FB000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{52751590-313D-4D5B-9265-4A89EED6C42A}\EDGEMITMP_5DBE0.tmp\setup.exe

MD5 bdb1aecedc15fc82a63083452dad45c2
SHA1 a074fcd78665ff90ee3e50ffcccad5f6c3e7ddcb
SHA256 4ea0907c3fc2c2f6a4259002312671c82e008846d49957bb3b9915612e35b99f
SHA512 50909640c2957fc35dd5bcac3b51797aa5daa2fb95364e69df95d3577482e13f0c36a70ae098959cb9c2aaeb4cfe43025c1d8d55b5f8858b474bcb702609749d

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\msedge_installer.log

MD5 5d24270c4efe4db0e4ce1932d93583b4
SHA1 e59747dcc2e68edd15c3535dfeb08807f491ab9f
SHA256 285bab13339bc0d5477d71b075a10900dd9bec4e0e94123525824c976f123917
SHA512 937401e16d879e66f1e58acb13d3b2211f1c855860b0ab3ed8c32bb34646f97c4c574f561bbdb1c5baf804065d8e53ab8d231e017ba04968eefef156793617e1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 4aaa893417cccc147989f876c6a7b295
SHA1 b1e35c83518bb275924ead0cd6206bf0c982d30f
SHA256 2c38e3c3f18e2d3fb7f04336356b9b5186cabe06b3343beec318ef0def1a9eeb
SHA512 109e0c88977fae65a4950fc38393ca32a70d68ef41aeb75b28e6566e0fa626e32e31be38308e7ed5b6a8ba1f56fb5f2133a07aa8bb643224c3dbb089ce9cfd0e

C:\Program Files\msedge_installer.log

MD5 fb29a5295d68ea6a8534294dc0fb829a
SHA1 e51ccbc170526c8e42129a73645f2050360bd5fb
SHA256 66b3c8d9ee7c55e9f4a65248fe0e2875811c091642d9b4cc843b516866ebea6c
SHA512 189c78ea398aa6552f3f439fb1115519f38294eea92d37691aa8733b0ded14e0827c2e35485202f3cb04915638b657b8b50b53a8b5c745a3f7dc5188ab14d952

C:\Program Files\msedge_installer.log

MD5 6897a5a9bb3427c403dc012e1a002d02
SHA1 1f8b0f9f15ed9c51025201db01f3ac5bbca5c414
SHA256 4923c5dfbedcbb3c7297816780c4feb9a26baed72c110c55fe4e90718b674eb3
SHA512 0162748c0bbccaa2eaa8ea35eef3b50932fae1dd43967d56d5f639daf002c1064f0b3021a9c0c79f00f1ea951fd2645eff8107fd34b1034086fc051c8bc541a1

C:\Program Files\msedge_installer.log

MD5 87cc1398ee60f578ab34dc3d72a87df8
SHA1 67e75f037bb1bc547d83555ca6036ef8243cc563
SHA256 7b9583bef16af26a2497e14cec36157abf602aba4327af47f8df477b23536a77
SHA512 4bc2a4ceec9a57b14e68e4155172a126e882178807ec821ff08aa7006d023652f219fb200445b1061d56a88caed86a378e943bb15a9a4b1e9d936f489e4f96c7

memory/7300-3347-0x000001B8AD620000-0x000001B8AD62E000-memory.dmp

memory/7300-3349-0x000001B8C7B60000-0x000001B8C7B68000-memory.dmp

memory/7300-3348-0x000001B8C7B30000-0x000001B8C7B3A000-memory.dmp

memory/7300-3350-0x000001B8C9000000-0x000001B8C9249000-memory.dmp