File name:

DawnMTA Launcher telepítő.exe

Full analysis: https://app.any.run/tasks/ce7a228a-a39f-40dc-a482-0b312f888ba4
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 10, 2025, 18:10:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

379E44B03435D301B426A9979F7EFB7D

SHA1:

F2EDB2AC410F643F4A4310754DF21BFE8C7BB1E1

SHA256:

D0394675738733DA35FB284D40CCA0D77E77FB4C99F294BF0B8EDBD21D8B3F25

SSDEEP:

98304:6J8Dlj1CHV6omupZ2eeZ0O6Ipk6c+NBYR0mKPiT2xigkxbJoGBpGB/bAt1mEN9Es:6SSpK6hcHy2GNeY8C14p4n9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6108)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • DawnMTA Launcher telepítő.exe (PID: 1276)

    • There is functionality for taking screenshot (YARA)

      • DawnMTA Launcher telepítő.exe (PID: 1276)

    • Executable content was dropped or overwritten

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4880)
      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 4736)
      • setup.exe (PID: 968)

    • The process creates files with name similar to system file names

      • DawnMTA Launcher telepítő.exe (PID: 1276)

    • Process drops legitimate windows executable

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4880)
      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 4736)
      • setup.exe (PID: 968)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 4880)
      • MicrosoftEdgeUpdate.exe (PID: 6108)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6108)

    • Process requests binary or script from the Internet

      • DawnMTA Launcher telepítő.exe (PID: 1276)

    • Searches for installed software

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • setup.exe (PID: 968)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1020)
      • MicrosoftEdgeUpdate.exe (PID: 976)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1812)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3900)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • msedgewebview2.exe (PID: 6540)

    • Application launched itself

      • setup.exe (PID: 968)
      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • msedgewebview2.exe (PID: 6540)

    • Creates a software uninstall entry

      • setup.exe (PID: 968)
      • DawnMTA Launcher telepítő.exe (PID: 1276)

  • INFO

    • The sample compiled with english language support

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4880)
      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • setup.exe (PID: 968)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 4736)

    • Reads the computer name

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1020)
      • MicrosoftEdgeUpdate.exe (PID: 976)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1812)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3900)
      • MicrosoftEdgeUpdate.exe (PID: 1628)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 4736)
      • setup.exe (PID: 968)
      • MicrosoftEdgeUpdate.exe (PID: 864)
      • dawnlauncher.exe (PID: 3800)
      • msedgewebview2.exe (PID: 6540)
      • msedgewebview2.exe (PID: 680)
      • msedgewebview2.exe (PID: 5600)

    • Checks proxy server information

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 1628)
      • slui.exe (PID: 7020)
      • MicrosoftEdgeUpdate.exe (PID: 864)
      • msedgewebview2.exe (PID: 6540)

    • Create files in a temporary directory

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4880)
      • MicrosoftEdgeUpdate.exe (PID: 6108)

    • Checks supported languages

      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4880)
      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • MicrosoftEdgeUpdate.exe (PID: 976)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1020)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1812)
      • MicrosoftEdgeUpdate.exe (PID: 1628)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3900)
      • setup.exe (PID: 3676)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 4736)
      • setup.exe (PID: 968)
      • MicrosoftEdgeUpdate.exe (PID: 864)
      • msedgewebview2.exe (PID: 4620)
      • dawnlauncher.exe (PID: 3800)
      • msedgewebview2.exe (PID: 680)
      • msedgewebview2.exe (PID: 5600)
      • msedgewebview2.exe (PID: 6540)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 4736)
      • setup.exe (PID: 968)
      • setup.exe (PID: 3676)
      • DawnMTA Launcher telepítő.exe (PID: 1276)
      • msedgewebview2.exe (PID: 4620)
      • msedgewebview2.exe (PID: 6540)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 1052)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 1628)
      • MicrosoftEdgeUpdate.exe (PID: 864)
      • dawnlauncher.exe (PID: 3800)
      • msedgewebview2.exe (PID: 6540)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6108)
      • setup.exe (PID: 968)
      • msedgewebview2.exe (PID: 6540)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 1628)
      • slui.exe (PID: 2852)
      • MicrosoftEdgeUpdate.exe (PID: 864)
      • slui.exe (PID: 7020)

    • Manual execution by a user

      • dawnlauncher.exe (PID: 3800)

    • Reads product name

      • dawnlauncher.exe (PID: 3800)

    • Application launched itself

      • msedge.exe (PID: 3760)
      • msedge.exe (PID: 7700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.1.0.0
ProductVersionNumber: 0.1.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: DawnMTA Launcher
FileVersion: 0.1.0
LegalCopyright: -
ProductName: DawnMTA Launcher
ProductVersion: 0.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
51
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start dawnmta launcher telepítő.exe sppextcomobj.exe no specs slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_136.0.3240.64.exe setup.exe setup.exe no specs microsoftedgeupdate.exe dawnlauncher.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
680"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.dawnlauncher.app\EBWebView" --webview-exe-name=dawnlauncher.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1892,i,9676813603753500798,9480417951074590209,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
864"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNTciIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7OTA5RkM4M0UtNDM5Qi00MTZGLTgzQTgtMzBFQTFCNzQ1MTU1fSIgdXNlcmlkPSJ7RjI5QzZGMUEtN0MxRS00RjA4LUFDNUEtMUM2NUE0MkU2NzJFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNkNEQzdGMS0wOUU5LTRDODEtOTJCQy05N0M4NzhGN0E2Qzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzYuMC4zMjQwLjY0IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3ODM2NzQ4MjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzgzNjc0ODI0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NTIzNjMwNzYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2QwMzBkNzZmLTM1ZTYtNGM1MS05Mjc5LTI4NjQ0YWEzMzRiYj9QMT0xNzQ3NTA1NDY3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUlqTGh2bjRZY0VadlIxTmc3RjJHaE94VEpES0ZGemdlQnFOWjFSTGYydzRSYkltRUowRHklMmJINERBNnolMmJCdUs0eSUyZjNoUU5nNHNseDFmcklpS2hBUG5RJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc0MzA0ODY0IiB0b3RhbD0iMTc0MzA0ODY0IiBkb3dubG9hZF90aW1lX21zPSI4MTU1NyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjUyNjc2NDYzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NzIwNTMwODciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMDgyMjc5Mzc2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjAzIiBkb3dubG9hZF90aW1lX21zPSI4Njg4NCIgZG93bmxvYWRlZD0iMTc0MzA0ODY0IiB0b3RhbD0iMTc0MzA0ODY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MTAyMyIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
968"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{F3D28526-3F3A-4D25-BB67-8BFD24739C2F}\EDGEMITMP_2BEFF.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{F3D28526-3F3A-4D25-BB67-8BFD24739C2F}\MicrosoftEdge_X64_136.0.3240.64.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{F3D28526-3F3A-4D25-BB67-8BFD24739C2F}\EDGEMITMP_2BEFF.tmp\setup.exe
MicrosoftEdge_X64_136.0.3240.64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{f3d28526-3f3a-4d25-bb67-8bfd24739c2f}\edgemitmp_2beff.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
976"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1020"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.57\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1052"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1116"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.dawnlauncher.app\EBWebView" --webview-exe-name=dawnlauncher.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=1892,i,9676813603753500798,9480417951074590209,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1276"C:\Users\admin\AppData\Local\Temp\DawnMTA Launcher telepítő.exe" C:\Users\admin\AppData\Local\Temp\DawnMTA Launcher telepítő.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DawnMTA Launcher
Exit code:
0
Version:
0.1.0
Modules
Images
c:\users\admin\appdata\local\temp\dawnmta launcher telepítő.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1388"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7ffc86c15fd8,0x7ffc86c15fe4,0x7ffc86c15ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1628"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNTciIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7OTA5RkM4M0UtNDM5Qi00MTZGLTgzQTgtMzBFQTFCNzQ1MTU1fSIgdXNlcmlkPSJ7RjI5QzZGMUEtN0MxRS00RjA4LUFDNUEtMUM2NUE0MkU2NzJFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMzgxMUY3OS1CNTZDLTRDRjQtQUQzQS04MTU1OThCMzMzQjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS41NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTc3NTIzOTk1MyIgaW5zdGFsbF90aW1lX21zPSI1NzgiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
22 975
Read events
19 091
Write events
3 815
Delete events
69

Modification events

(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.57
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.57
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{7FA7C973-23DB-4D60-A5EE-FC5638F3C3B0}
(PID) Process:(6108) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{8F04D64A-3C14-486D-91C9-BAE13900C8D9}
(PID) Process:(1020) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
225
Suspicious files
334
Text files
88
Unknown types
2

Dropped files

PID
Process
Filename
Type
1276DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nskB72E.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
1276DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nskB72E.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
4880MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE4E3.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:74ABCEE07CF78D7DB223D6BDB5DD5CCA
SHA256:7E4AF81ED4C0B300D182ABE757ACD5436D160E35221B7B38CC0B14C21D70768B
4880MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE4E3.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:5FB2A3D78FA87A1A6250E1BCA55CCAD7
SHA256:B80CDCE8D4A0E484078F0555428B71DFA573EC0EEC644D84554C469C50227197
1276DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nskB72E.tmp\StartMenu.dllexecutable
MD5:D070F3275DF715BF3708BEFF2C6C307D
SHA256:42DD4DDA3249A94E32E20F76EAFFAE784A5475ED00C60EF0197C8A2C1CCD2FB7
1276DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nskB72E.tmp\NSISdl.dllexecutable
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
1276DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:A7E58B2280FE3768A007DE5BFCED6E1E
SHA256:3B8733318F3FD0B18714B651F1558B063A3EADBE287695B6A36BA45FAEF3DECA
4880MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE4E3.tmp\psmachine_arm64.dllexecutable
MD5:9EFCD19FF09ABBB2374302BA9FE815E9
SHA256:342A254273C035644065C84FEB6192397994ABAEDD55D9B08538212FB824D38B
1276DawnMTA Launcher telepítő.exeC:\Users\admin\AppData\Local\Temp\nskB72E.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
4880MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE4E3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A2B91A80F7A2A32ABF8F2E524C07EB6B
SHA256:31DAB919FB0568B18E4A9C6CAF9F6C327AB312E226B05A8FB3C0C48895DEB03D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
65
DNS requests
64
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1276
DawnMTA Launcher telepítő.exe
GET
301
2.19.106.8:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
88.221.110.122:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1276
DawnMTA Launcher telepítő.exe
GET
200
2.22.242.129:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/7819ef26-d4fa-4dd3-988f-fc05ba1f3fe4/MicrosoftEdgeWebview2Setup.exe
unknown
whitelisted
5508
svchost.exe
GET
200
208.89.74.29:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d030d76f-35e6-4c51-9279-28644aa334bb?P1=1747505467&P2=404&P3=2&P4=IjLhvn4YcEZvR1Ng7F2GhOxTJDKFFzgeBqNZ1RLf2w4RbImEJ0Dy%2bH4DA6z%2bBuK4y%2f3hQNg4slx1frIiKhAPnQ%3d%3d
unknown
whitelisted
1812
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1812
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5508
svchost.exe
HEAD
200
208.89.74.29:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d030d76f-35e6-4c51-9279-28644aa334bb?P1=1747505467&P2=404&P3=2&P4=IjLhvn4YcEZvR1Ng7F2GhOxTJDKFFzgeBqNZ1RLf2w4RbImEJ0Dy%2bH4DA6z%2bBuK4y%2f3hQNg4slx1frIiKhAPnQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
88.221.110.122:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1276
DawnMTA Launcher telepítő.exe
2.19.106.8:80
go.microsoft.com
AKAMAI-AS
DE
whitelisted
1276
DawnMTA Launcher telepítő.exe
2.22.242.129:80
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 88.221.110.122
  • 88.221.110.114
whitelisted
google.com
  • 142.250.184.238
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.246.101
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.68
  • 20.190.160.17
  • 20.190.160.132
  • 40.126.32.134
  • 20.190.160.66
  • 20.190.160.131
  • 20.190.160.130
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 2.19.106.8
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.22.242.129
  • 2.22.242.107
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

PID
Process
Class
Message
1276
DawnMTA Launcher telepítő.exe
Misc activity
ET INFO Packed Executable Download
5508
svchost.exe
Misc activity
ET INFO Packed Executable Download
5072
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5072
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DawnMTA Launcher telepítő.exe