: Look in %localappdata% for a folder named Microsoft Edge (with a space). A legitimate folder is usually named MicrosoftEdge (no space).

: Some malware attempts to inject code into all .jar files on your system, disabling digital signatures in the process.

: For deeper behavior reports, use Hybrid Analysis to see if the file attempts to access system folders or external networks.