Overview

overview

10

Static

static

3

carta de renuncia.pdf

windows11_x64

10

Analysis

  • max time kernel
    1691s
  • max time network
    1698s
  • platform
    windows11_x64
  • resource
    win11
  • submitted
    21-02-2022 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    carta de renuncia.pdf

  • Size

    105KB

  • MD5

    e686263875be0a20e06433ce4d441df3

  • SHA1

    1eb30a9fdf34cee296f207ab37541b6b8af7d8ce

  • SHA256

    d2ee522319efd6781f2c0457a0ef1eecbf8ea62ca4b530aa693b388dcfe3ce9f

  • SHA512

    064d40846eab3738a1ba4c8d678c54bb07a9435008403e661ce139da501848e5a8d2de8ca0e4e49f2b025c861487c438f3f3aa3d33f6b530be1f1f4b14234299

Score
10/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Executes dropped EXE 15 IoCs
  • Modifies Installed Components in the registry 2 TTPs
    persistence
  • Sets file execution options in registry 2 TTPs
    persistence
  • Loads dropped DLL 36 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\carta de renuncia.pdf"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\carta de renuncia.pdf
      2⤵
      • Adds Run key to start application
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x104,0x108,0x10c,0xa0,0x110,0x7ffcded746f8,0x7ffcded74708,0x7ffcded74718
        3⤵
          PID:1740
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
          3⤵
            PID:2020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2288
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:8
            3⤵
              PID:1476
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
              3⤵
                PID:4072
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
                3⤵
                  PID:3476
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
                  3⤵
                    PID:4748
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                    3⤵
                      PID:1576
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                      3⤵
                        PID:2168
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4048 /prefetch:6
                        3⤵
                          PID:4196
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
                          3⤵
                            PID:4128
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2564
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:8
                            3⤵
                              PID:892
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5228 /prefetch:8
                              3⤵
                                PID:2364
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:8
                                3⤵
                                  PID:2832
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3036
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:8
                                  3⤵
                                    PID:4032
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4904 /prefetch:8
                                    3⤵
                                      PID:2768
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 /prefetch:8
                                      3⤵
                                        PID:4784
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 /prefetch:8
                                        3⤵
                                          PID:3028
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5152 /prefetch:8
                                          3⤵
                                            PID:3136
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,13276025432755727337,3404842455030999402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4076 /prefetch:8
                                            3⤵
                                              PID:1568
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:476
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:4852
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\elevation_service.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\elevation_service.exe"
                                            1⤵
                                              PID:4324
                                              • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\msedgerecovery.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\msedgerecovery.exe" --appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} --browser-version=92.0.902.62 --sessionid={05e8cfb4-3577-4ac9-9997-91b39bf762a0} --system
                                                2⤵
                                                • Executes dropped EXE
                                                PID:824
                                                • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\MicrosoftEdgeUpdateSetup.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\MicrosoftEdgeUpdateSetup.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Drops file in Program Files directory
                                                  PID:3852
                                                  • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeUpdate.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1364
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                      5⤵
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:2348
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                      5⤵
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:4252
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Modifies registry class
                                                        PID:3200
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Modifies registry class
                                                        PID:2768
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Modifies registry class
                                                        PID:4744
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTEuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUEyMzBDQjMtMkVFMS00NEE0LUI0MUUtQTMwNTc1QzQyQzY1fSIgdXNlcmlkPSJ7OTkxM0E1OEQtODUxOC00QTg3LUJFNTAtNTJDQUVBNDBGNUVCfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezAyMDc1N0E3LUIxMTktNDE3OS04MTgzLURDOUFGODI5NTU1NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuMTAwIiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE1MS4yNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNzY1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                      5⤵
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:1544
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /machine /installsource chromerecovery
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4488
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                              1⤵
                                              • Loads dropped DLL
                                              PID:5072
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
                                                2⤵
                                                • Loads dropped DLL
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2776
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:788
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                              1⤵
                                              • Loads dropped DLL
                                              • Modifies data under HKEY_USERS
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:4080
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6E5DE94-3200-438D-8350-30520F9A63A1}\MicrosoftEdgeUpdateSetup_X86_1.3.155.77.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6E5DE94-3200-438D-8350-30520F9A63A1}\MicrosoftEdgeUpdateSetup_X86_1.3.155.77.exe" /update /sessionid "{D1A0BDB4-CED7-469F-8995-48BA65D77221}"
                                                2⤵
                                                • Executes dropped EXE
                                                • Drops file in Program Files directory
                                                PID:1268
                                                • C:\Program Files (x86)\Microsoft\Temp\EUF20D.tmp\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\Temp\EUF20D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{D1A0BDB4-CED7-469F-8995-48BA65D77221}"
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3384
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                    4⤵
                                                    • Loads dropped DLL
                                                    • Modifies registry class
                                                    PID:2244
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                    4⤵
                                                    • Loads dropped DLL
                                                    • Modifies registry class
                                                    PID:432
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:1568
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:1076
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:836
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDFBMEJEQjQtQ0VENy00NjlGLTg5OTUtNDhCQTY1RDc3MjIxfSIgdXNlcmlkPSJ7OTkxM0E1OEQtODUxOC00QTg3LUJFNTAtNTJDQUVBNDBGNUVCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NTFGQzc3MjEtMEI4RS00OTlCLUEyRTMtQTFEMDFEODk2MjEwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC4xMDAiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTUxLjI3IiBuZXh0dmVyc2lvbj0iMS4zLjE1NS43NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjaHJvbWVyZWMzPTIwMjIwM1IiIGluc3RhbGxhZ2U9IjIwMCIgaW5zdGFsbGRhdGV0aW1lPSIxNjI4MTIxMzE2IiBjb2hvcnQ9InJyZkAwLjA5Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                    4⤵
                                                    • Loads dropped DLL
                                                    PID:924
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTEuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDFBMEJEQjQtQ0VENy00NjlGLTg5OTUtNDhCQTY1RDc3MjIxfSIgdXNlcmlkPSJ7OTkxM0E1OEQtODUxOC00QTg3LUJFNTAtNTJDQUVBNDBGNUVCfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezVBRUEzOTg5LTg5NzItNDgxMi05NTFCLTA5Q0I3ODZENEI2Q30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuMTAwIiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE1MS4yNyIgbmV4dHZlcnNpb249IjEuMy4xNTUuNzciIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY2hyb21lcmVjMz0yMDIyMDNSIiBpbnN0YWxsYWdlPSIxNjgiIGNvaG9ydD0icnJmQDAuMDkiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9jYjFjYmQxMi0xNWNhLTRmZTktOTk0Yi01N2ZkZTVmNTRlNWQ_UDE9MTY0NjAyMDM2OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ubXROVWZvVUhCJTJmQk5MMmY2ZVU4ZDJaWVElMmZDeTZ1SGR1NGN1cjhKbXBaTlBRS3J1andoaWZDODJNS0glMmIyTkdQOGpPYjhhVjRCS3F1V2pTbTZCYUdJUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgZG93bmxvYWRlZD0iMTgxMzQ0OCIgdG90YWw9IjE4MTM0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjUwMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48cGluZyByPSIxNjkiIHJkPSI1MzI5IiBwaW5nX2ZyZXNobmVzcz0ie0JCRUM0NUNBLUE2Q0EtNEEzNi05ODRFLTQ1RThCNjU0QzFGMX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBsYXN0X2xhdW5jaF90aW1lPSIxMzI4NzE2MjI1MzI0MzU3OSI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjE3OCIgcj0iMTY5IiBhZD0iNTMyMCIgcmQ9IjUzMjkiIHBpbmdfZnJlc2huZXNzPSJ7MDZCNzg4OEEtQzcwMS00MkMyLTk5REEtNUZGRjhFNDU0NzE0fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42MiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuNDIiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMjcxNzQ1OTE1MDg5NTYyIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcj0iMTY5IiByZD0iNTMyOSIgcGluZ19mcmVzaG5lc3M9IntFODY1RENDMS1CRDI1LTQyODYtODZFNS0xNzFDNjc2MjkyMEV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                2⤵
                                                • Loads dropped DLL
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2148
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                              1⤵
                                              • Loads dropped DLL
                                              PID:1508
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
                                                2⤵
                                                • Loads dropped DLL
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:4504
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
                                                  3⤵
                                                  • Loads dropped DLL
                                                  PID:1168
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
                                                  3⤵
                                                  • Loads dropped DLL
                                                  PID:4820
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                              1⤵
                                              • Loads dropped DLL
                                              • Modifies data under HKEY_USERS
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:4632
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8563F584-2095-4B28-B295-7988D622DB35}\MicrosoftEdge_X64_98.0.1108.56.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8563F584-2095-4B28-B295-7988D622DB35}\MicrosoftEdge_X64_98.0.1108.56.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                2⤵
                                                • Executes dropped EXE
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:5000
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8563F584-2095-4B28-B295-7988D622DB35}\EDGEMITMP_5B461.tmp\setup.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8563F584-2095-4B28-B295-7988D622DB35}\EDGEMITMP_5B461.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8563F584-2095-4B28-B295-7988D622DB35}\EDGEMITMP_5B461.tmp\MSEDGE.PACKED.7Z" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Adds Run key to start application
                                                  • Drops file in System32 directory
                                                  • Drops file in Program Files directory
                                                  • Modifies Internet Explorer settings
                                                  • Modifies registry class
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • System policy modification
                                                  PID:2136
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{891FF8BE-2972-4740-960D-F5DBFB5063F2}\MicrosoftEdge_X64_98.0.1108.56.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{891FF8BE-2972-4740-960D-F5DBFB5063F2}\MicrosoftEdge_X64_98.0.1108.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                2⤵
                                                • Executes dropped EXE
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:5004
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{891FF8BE-2972-4740-960D-F5DBFB5063F2}\EDGEMITMP_742D6.tmp\setup.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{891FF8BE-2972-4740-960D-F5DBFB5063F2}\EDGEMITMP_742D6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{891FF8BE-2972-4740-960D-F5DBFB5063F2}\EDGEMITMP_742D6.tmp\MSEDGE.PACKED.7Z" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Adds Run key to start application
                                                  • Drops file in Program Files directory
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4716
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjA4NUIwQUItQTBGMC00QzVCLThDNjUtMDJBN0Y4QjI3RDQyfSIgdXNlcmlkPSJ7OTkxM0E1OEQtODUxOC00QTg3LUJFNTAtNTJDQUVBNDBGNUVCfSIgaW5zdGFsbHNvdXJjZT0iY29yZSIgcmVxdWVzdGlkPSJ7NzE3NTU1QUEtOUNGMy00Qjg5LThGNTgtMUE5NEM4NUM4RDQ3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC4xMDAiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTU1Ljc3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNocm9tZXJlYzM9MjAyMjAzUiIgaW5zdGFsbGFnZT0iMjAwIiBjb2hvcnQ9InJyZkAwLjA5Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjMyIiByZD0iNTQ5OCIgcGluZ19mcmVzaG5lc3M9IntCOEVGNDRFQS1GMURBLTQwNkMtODY5RS05NzhDRTZFNzk3Qzl9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjYyIiBuZXh0dmVyc2lvbj0iOTguMC4xMTA4LjU2IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMjg3MTYyMjUzMjQzNTc5Ij48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82NTk0OGZiZi02MzNiLTRlOTctYmVjOS1iYjg1MjIwNDA4NTk_UDE9MTY0NjAyMDQyMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ON3lzU2JjTWM3YVZHdHY0JTJiaHdPbSUyYlRkOHZmM1lCZld3SmxOUlE3YnQlMmZpZjNGODQlMmZlNHFZa3NkRmw0ZzlsJTJmUWJ3MGVGMlRoOGpQV2NuY2FNRVcxMHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82NTk0OGZiZi02MzNiLTRlOTctYmVjOS1iYjg1MjIwNDA4NTk_UDE9MTY0NjAyMDQyMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ON3lzU2JjTWM3YVZHdHY0JTJiaHdPbSUyYlRkOHZmM1lCZld3SmxOUlE3YnQlMmZpZjNGODQlMmZlNHFZa3NkRmw0ZzlsJTJmUWJ3MGVGMlRoOGpQV2NuY2FNRVcxMHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGRvd25sb2FkZWQ9IjExNzM1MDI4OCIgdG90YWw9IjExNzM1MDI4OCIgZG93bmxvYWRfdGltZV9tcz0iODAyNiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNTE3IiBkb3dubG9hZF90aW1lX21zPSIxMDk1MCIgZG93bmxvYWRlZD0iMTE3MzUwMjg4IiB0b3RhbD0iMTE3MzUwMjg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI1NTY4OCIvPjxwaW5nIGFjdGl2ZT0iMCIgcj0iMzIiIHJkPSI1NDk4IiBwaW5nX2ZyZXNobmVzcz0ie0E5OTk4MEJGLTAwMUUtNDU3QS1BMEQ1LThGM0ZBNTc0NDgzQX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iOTIuMC45MDIuNjIiIG5leHR2ZXJzaW9uPSI5OC4wLjExMDguNTYiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgY29ob3J0PSJycmZAMC40MiIgbGFzdF9sYXVuY2hfdGltZT0iMTMyNzE3NDU5MTUwODk1NjIiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNTE3IiBkb3dubG9hZGVkPSIxMTczNTAyODgiIHRvdGFsPSIxMTczNTAyODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjMzNTgiLz48cGluZyBhY3RpdmU9IjAiIHI9IjMyIiByZD0iNTQ5OCIgcGluZ19mcmVzaG5lc3M9IntBRjZFQUFBNS03NkMyLTQxMTktOUI3QS1BNzkyRTFCMzNCNzZ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                2⤵
                                                • Loads dropped DLL
                                                PID:3596

                                            Network

                                            MITRE ATT&CK Matrix ATT&CK v6

                                            Initial Access

                                            Execution

                                            Persistence

                                            Registry Run Keys / Startup Folder

                                            4
                                            T1060

                                            Browser Extensions

                                            1
                                            T1176

                                            Privilege Escalation

                                            Defense Evasion

                                            Modify Registry

                                            6
                                            T1112

                                            Credential Access

                                            Discovery

                                            Query Registry

                                            2
                                            T1012

                                            System Information Discovery

                                            2
                                            T1082

                                            Lateral Movement

                                            Collection

                                            Exfiltration

                                            Command and Control

                                            Impact

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\MicrosoftEdgeUpdateSetup.exe
                                              MD5

                                              4488f766299c7fefe2a7038e3d0b7e6a

                                              SHA1

                                              04ec94e21ff2c4eb6c144f6c6241642c05f182b3

                                              SHA256

                                              8874fb15d446396d1740a3ed90a4643de9ba982d6fdfd61282d75e81efcc415b

                                              SHA512

                                              4a70adc8cfbef86745a7061bba71fb75fac0741db64bc27207e4b3d1855fbba710d024018bd31a31e01135efe425271bdd6be71261242b43df0b8e0e0fcf96d3

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\MicrosoftEdgeUpdateSetup.exe
                                              MD5

                                              4488f766299c7fefe2a7038e3d0b7e6a

                                              SHA1

                                              04ec94e21ff2c4eb6c144f6c6241642c05f182b3

                                              SHA256

                                              8874fb15d446396d1740a3ed90a4643de9ba982d6fdfd61282d75e81efcc415b

                                              SHA512

                                              4a70adc8cfbef86745a7061bba71fb75fac0741db64bc27207e4b3d1855fbba710d024018bd31a31e01135efe425271bdd6be71261242b43df0b8e0e0fcf96d3

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4324_652000477\msedgerecovery.exe
                                              MD5

                                              6de69804e275844266117f3f3016af57

                                              SHA1

                                              684e1f5f5d2d9c49c491ca2f6e5dd86e4489c812

                                              SHA256

                                              70928f78c5c52c98ff43f66b6d3b0ee0cb0e0460f0799007c970857539d5ba1c

                                              SHA512

                                              f172c0cd760c17dd04f7b08a90ad921f92e600e21f1aeb25f4338905f829a6a1077bde92b5183d7adf56b48ef772e05a1262498038e1fd5b9682afd18e42e9d2

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\EdgeUpdate.dat
                                              MD5

                                              369bbc37cff290adb8963dc5e518b9b8

                                              SHA1

                                              de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                              SHA256

                                              3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                              SHA512

                                              4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                              MD5

                                              e7ddb7d2103fd518652eca1328f21510

                                              SHA1

                                              36bf5749f398a586ec1481cc42a3a6f5deb3754b

                                              SHA256

                                              8666d49f5af22615eacbb8b389098c2e7276e6040c937aba970a1dd46fefa7d5

                                              SHA512

                                              66c44138de7053a38ed25a01d5c03b08b2d91b2845b54efe6e0be79f843fbd07a81aa0796965e8de027cfb3f9ba362fd34694535f5a72d8c0dd56ea5488b97f7

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeUpdate.exe
                                              MD5

                                              3c2ec71dbec0629c92ee081fa5523190

                                              SHA1

                                              c34429bccfa61fc4d2bfc7be42227017fcefd4a9

                                              SHA256

                                              d357502511352995e9523c746131f8ed38457c38a77381c03dda1a1968abce42

                                              SHA512

                                              2a50c2c3b1391b0450cea7dd02b96046fed3e5467cc0e317b4950514fff46ed07a64fd48a917ebc1d86247f30d274bab9efafed2d4e05fc485d55e9c254bd448

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeUpdate.exe
                                              MD5

                                              3c2ec71dbec0629c92ee081fa5523190

                                              SHA1

                                              c34429bccfa61fc4d2bfc7be42227017fcefd4a9

                                              SHA256

                                              d357502511352995e9523c746131f8ed38457c38a77381c03dda1a1968abce42

                                              SHA512

                                              2a50c2c3b1391b0450cea7dd02b96046fed3e5467cc0e317b4950514fff46ed07a64fd48a917ebc1d86247f30d274bab9efafed2d4e05fc485d55e9c254bd448

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                              MD5

                                              9db970fa6963695477e8a3691c5d9940

                                              SHA1

                                              e5b57ead1f5d0fbc3185a3761103e55b69ca03d0

                                              SHA256

                                              d5d69fb701c077892a587f3ecbb1010ec0846f5046b05a653a7994154420c328

                                              SHA512

                                              fdfabf237fbb833f76c9968e99e887a6bc732b9be13bdb3723c472251b11faacc16eb73377ee5b532d2e6faa03e103106120d80b2d4ac0cc843c4c9951b310b8

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\MicrosoftEdgeUpdateCore.exe
                                              MD5

                                              b6a524d1abeb4868b67e780ea6c2e267

                                              SHA1

                                              fbe541805bc0922f0a1c1eb9f09125a7f38a32a9

                                              SHA256

                                              113d781452ea8d2632d50a6c64c4b1728d8d158964c0ea99e6e0b23cc9861d89

                                              SHA512

                                              6a8df76159c0ed181e35084d75cf2edc36a0e16f93c1115d6c455b544cb2b409a447ecd1e7ae976cb2518a9cc1298df25d8ad946d4a2b89c1b3ee4b9f035c8ad

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\NOTICE.TXT
                                              MD5

                                              6dd5bf0743f2366a0bdd37e302783bcd

                                              SHA1

                                              e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                              SHA256

                                              91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                              SHA512

                                              f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdate.dll
                                              MD5

                                              93d198acff9bb99fd6dd2f0b972a4172

                                              SHA1

                                              a1667b10a8536b773d0c0fc9dae19f0320f95336

                                              SHA256

                                              a88a49608b123e5241c4ebe8d69dfda70c0b3d87640c4d4a565c99b8ec00aa12

                                              SHA512

                                              b3e5fcbad61f038848dda8cbfc40664285aabce4fcbc0ede274a9d1296216a4ab3b6a3ead902f204dbeadf7d6cfabf56f50f277e18f47b399217087996c140eb

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdate.dll
                                              MD5

                                              93d198acff9bb99fd6dd2f0b972a4172

                                              SHA1

                                              a1667b10a8536b773d0c0fc9dae19f0320f95336

                                              SHA256

                                              a88a49608b123e5241c4ebe8d69dfda70c0b3d87640c4d4a565c99b8ec00aa12

                                              SHA512

                                              b3e5fcbad61f038848dda8cbfc40664285aabce4fcbc0ede274a9d1296216a4ab3b6a3ead902f204dbeadf7d6cfabf56f50f277e18f47b399217087996c140eb

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_af.dll
                                              MD5

                                              51e0f6293052a9ed32eebadb0e78dba2

                                              SHA1

                                              b6f109d95760e6a8da19f760b54e35316d50db47

                                              SHA256

                                              65f20a53718c547b675f0ebd8ce406ae2dcbe242f50fbb631e0d052befaa1a87

                                              SHA512

                                              d4ca2fa4b832537d9dcdb6358aee50824085c4327957cfe6465e5af7ddc8245158959ecd6b7767686033c799df4deca06716d8bfdfb55d297436cf65769d1161

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_am.dll
                                              MD5

                                              a6c941f474e1c7266ab500cc932ad294

                                              SHA1

                                              cfff3bcf205666ca3b17b65d82a7aed01888af6c

                                              SHA256

                                              5ad20f36db95fabbb0f8c62b94bbd532db8083e0f380191180613bd2579a5481

                                              SHA512

                                              a7b36bef2929df59999a9fb32a0a2cd8982d90e552ceb29730ed544ba0009192659b360d02181a894943571030b5e0f7ee63b3449be489527718de318a1eaaca

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_ar.dll
                                              MD5

                                              ad19703ff751e308a0e64e5aa88e018d

                                              SHA1

                                              aec05b96d8a10a2d6f3b09691b1f2512af92948d

                                              SHA256

                                              13a26667a4fd42a7d9fe3b61fa5ddf959d93642b051a8ad43ef87d38619cdc82

                                              SHA512

                                              56f7599ec7ac2db9b6d8e7c632f1327caa97395c18f436052e7482fa9d12d65c14f84dfb9e6052529a133e36201cb76ee5cab37da5ad1bb8def1abbf885f3c5f

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_as.dll
                                              MD5

                                              57147d7160d98f0e550abbe56f09e12e

                                              SHA1

                                              8463be34d9a2852f57ff18763d8ef7d2c070e544

                                              SHA256

                                              1ba80418686eea5fc7ece5d0d4f0dd4bcdda9df6abf5bf0e8bd941ee2972ac7b

                                              SHA512

                                              f1020a91b43c40eebd8f6f61dcba9588c6b4966bc5bd50fa806f3a0c55ec6f9921f44bf36915fcec541df540f40f2e6f3c073a9f1fc2b603db590887cf8b2dc9

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_az.dll
                                              MD5

                                              033e5cfa0a2627efca17f13824ad5092

                                              SHA1

                                              9f7357fd9a06f4e59cbeb4492bbed4d364789e9f

                                              SHA256

                                              de0b777c86d95dc5e9d0614ac8a5dc1b559791a2fe11385d3758e6f7021d5cb4

                                              SHA512

                                              453508c01d40a9c6a7c4359ec991f94201be1090f663828f1f4b962734852c6ea761a75fa590669436ec0d74025d1654ec0d4dfa116d0a2f8680d54c6efb6662

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_bg.dll
                                              MD5

                                              b5c174c65533a224015e940453ebf7bd

                                              SHA1

                                              e812e228587a9c8eb7ec7e5d838da264fbd3eb9a

                                              SHA256

                                              f9b9730b97f160b22bb9e5f96c2fe623e4cd1ec8d58b36c05e62b92b6eed29e6

                                              SHA512

                                              0ca1668e224130c9b9638c979d1e833ff3e4452d9007f1748d4d126a0dd99d829e8dd46dcd0606f5202534e8e483d3af5f5b300d92063a8294338f2264c58ead

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_bn-IN.dll
                                              MD5

                                              03159478c2c5416cd03b90fdbb85f60b

                                              SHA1

                                              3015e5b79be506516f05366c36e885fa15675bc0

                                              SHA256

                                              ae58ce60a6171b2fbee56f58bfe6e38f5efe568af13355b1d3f6b6c66e5b7906

                                              SHA512

                                              38071382f91847641e19ed957e695f45b6b76fa4b91d90db1251dae00df07d6757a6e382098ec8afb35f04fd01c8dcbd661bf0b7a1bea1054b24fbc29a29cf6c

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_bn.dll
                                              MD5

                                              ceb156024e4c9b36bc3e217201fc2322

                                              SHA1

                                              e126d7953d5c49b724617e1f8b81edb64a769dfc

                                              SHA256

                                              ff10d60ec3ff0cd35ce090823bcb2fdd18c825d7ee6ce17655431739e219c17e

                                              SHA512

                                              dc74407f6b2f237479d6fde428be3fa72be3e2efe4d8dfb8e5430c119deb39ea0c9d63cde654376e7a190be0a220eaab3343df76a01059316b5b6c444479abf9

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_bs.dll
                                              MD5

                                              32018e13551cc7fabff9b9d281d3bea8

                                              SHA1

                                              49796fd79c9c76e45358f21d8f9fabbb81f928db

                                              SHA256

                                              6eab69d9cf28d403706e0dced218b3bfdce328cfed3103812388734bae98c693

                                              SHA512

                                              e960f0eeb0cbd3393b575b91c953ed5bd8c9146aa8b8aa113605d646e48b4c4ba4faa8987889fc72dc2d786c8c4200867689c1cd8867c3f3dd9a249537ddae4b

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                              MD5

                                              37eb7b29ec5007edf219acb6779d791e

                                              SHA1

                                              4097b0b293e2e5c8908b8baa7bc41128ad4abaed

                                              SHA256

                                              e9b2d242cef0bf2f10824e9435eaa9cbe196c88c6692c0707bcb532580dafa8f

                                              SHA512

                                              e9a8a52b7e52e85468edc9503bc1970585c178bcf8c29c662b17bed4d4399ac0b756a67c926b79f2a409f91de3067fb39a4e7f36efd5fa7ea720b841f3d50371

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_ca.dll
                                              MD5

                                              13de822ff2627018bdb4c30c14463dcd

                                              SHA1

                                              9e09b285785ec4ccd6b307176212edba410b128a

                                              SHA256

                                              9871893788cb63a024923941c1ad02da611e27328745eab33f73b42d62c9eaa8

                                              SHA512

                                              e4e0d039f6250fd0ff78e34103909eaf13c45396900107342dc8b727b03c0e58aedad3deba7958f282e74e1a3ceb840c3cd38edf4ec10a1eabd768c1325b19b6

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_cs.dll
                                              MD5

                                              dd7622f55ba5a8253f7140ed8619d71c

                                              SHA1

                                              0cc78f6db200f6da0d0c631e36335f9720fe4ae7

                                              SHA256

                                              90eaa4bf9fb360730d5d9567206f0740d77007492725973e4dfd3b934cae13f8

                                              SHA512

                                              aa46fb3b01045f2f04999e66ecbe17e43212287fa08f36e6197240fd4c1686411682d0a915d7d72ba105a350c22dd7b0e2690fded93742d027efe9bca37709e6

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_cy.dll
                                              MD5

                                              7fa587fc34b1f4ccff8687202d5ceda8

                                              SHA1

                                              45a5c0ea96d729664401facb37bde3d764158c5e

                                              SHA256

                                              8dddfa9c3cb4a5f6d756b80c254e2c260cc902bc029e01708bb0828abb7ca0a6

                                              SHA512

                                              137d520fbeb25c8dae9717c2ec4ddff1a070af074d7586afbdaa8c069f62aeae1157cc8e1b08ba40db4729314e3beb0e6fb601f017ea7e8f885a948dfa454b03

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_da.dll
                                              MD5

                                              d02196748b8425bc2c8140f4e83a78d2

                                              SHA1

                                              0969bb02aae0ef1af7f96aba45f3941d088f9eb7

                                              SHA256

                                              2dfbb4caa84b3be64aa909d4cf63ff4efa02695d6a378e358943c623dbf2a178

                                              SHA512

                                              53df9dac034f7a2713b7030236c9d123f4ff2eb0fe8048f5c6902459fa812572b41b7f6c01c565cd3acb38c44ffaa2ef649dcfed76d4a2ecc6a7b22c3c53da26

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_de.dll
                                              MD5

                                              a8a9599b126dc0e904efd055f7137c6e

                                              SHA1

                                              061824f41d8a4d2f8ef8bef3ef2cf32a443aa326

                                              SHA256

                                              d97203d6a65b7069423228c962639a9b8772588515baf875ff3f4a3f5bc78726

                                              SHA512

                                              e7ad1f5c7e63cf6b3f819b8b690e078d7e7be2a4bc1df6c94132e4c3e46a4cb26b509c0f28a5647a2b1749ead70d3896f4ae4c5378f3542911a97a5842d98a61

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_el.dll
                                              MD5

                                              e14d69cce787e19d164c3f7c0ae61332

                                              SHA1

                                              d19d3856cf7caa2b725e1b83e861e2cd907128c0

                                              SHA256

                                              e8187fea1b82843af60eae0e49ba184e05d36f112024c029fa0125c5d7067a64

                                              SHA512

                                              26d984b35b12fbb416d5b27eeb8784bf5200e2d2ce618c6e2974e1336cab0f62ba82296494027ce3b73e402aa43d9b66abbe19107d74376d3490f012587c1b10

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_en-GB.dll
                                              MD5

                                              06e1502286ac9dc94e223f186df41132

                                              SHA1

                                              946166c0e8e57e17caedf5df17242e91f5772e81

                                              SHA256

                                              1ec5c1132baaf9732b5bc30e6d870d5537e6bf3baf9516f66f4bf0c95c1e8b6e

                                              SHA512

                                              9c5091c95c22d87070c6a750d66feea3e42b51cf474c5ae5566d4321acf64c7ecf37687dcc3eedeeafd568c608778b2b0e06e329ebc77c24997896b755b24ca1

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_en.dll
                                              MD5

                                              c97f93ffe9d5e3e5bbc04b168650cd00

                                              SHA1

                                              fb035621aed66c60271df3111eecec2d178a021c

                                              SHA256

                                              6c9f604468d01e0db22903555ce58fba91b3bc1168057bc3cb0d056c4c785ba9

                                              SHA512

                                              b6c86093fb142af4c47b478920106eae03552ada516429bbdb249e51b4caa8a7ed49c741c8bd469c853a2e36f99b5c6a79a7414e7a7848d6027351216d6b7f27

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_es-419.dll
                                              MD5

                                              4bcd1fee36fe6a0cdaaada40907c3d8b

                                              SHA1

                                              51eb3487585e51c3c263089bad695e0922264a79

                                              SHA256

                                              a9b4c3aa17f41e577f3d8f47e7b1b0eb57e83a67e14f3b9796a6224f0bf13a9e

                                              SHA512

                                              f1ce2504c051301c361ba081b41b655e2a9f6add8152f5e93867dde1d2974c7723475b935ebe815c0bfcb97b9cbcb783e9c1141786a1445e8ec44bcce2e215cc

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_es.dll
                                              MD5

                                              f3cad4dc9b85dfadd1a2f7f23f6a115a

                                              SHA1

                                              e6326bae48881a877b2ea0e7abad5ea8833b8aee

                                              SHA256

                                              cd0b3d6c02257f25cac07adbc2e04745afa7677e1546de60e445a1e1cde7a2dc

                                              SHA512

                                              e870f2a49e8f33ec90cbffd783c6bdeb8259afd0bd6851bb94f471c900e6f67e12e1da16d549564da15d65e7c517bac0f983ee3395770dc7f57a31158980bff4

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_et.dll
                                              MD5

                                              5179538542bf7b9d09fed7c6ce5f36b6

                                              SHA1

                                              485a7ba019a79c9edf5170c66f20093a8e244054

                                              SHA256

                                              46a9baf759ff770d2abf7fd7f2dda8b1f3336f3dc477889a93b25a12e839d9d2

                                              SHA512

                                              0b60f7c21b9421c52caa00052d1c2c3c0b4bbdb2ece783e4c9dc4b288e56c21452040ab6f0e2a024e73f6fffd4bf0c5b348975bb73e197220082e4eaf55505ef

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_eu.dll
                                              MD5

                                              b2a5bfeb8421a42a6d4e4bbe0af1ff9d

                                              SHA1

                                              2949dacb397f669812acbd2a44d45b6fd87de110

                                              SHA256

                                              e9be16e58573ad3a66eac5330eeabde2e6b07d47862a78b4a4552cb04570488c

                                              SHA512

                                              a89ba89ce32116fd085bd11a2c5d164e6c37e5519a8547481eaa8e1b75837920831abe2f86b6454821c133f1a7d8c1ef3d0b7cacbcfb0570d88affdeea35c81b

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_fa.dll
                                              MD5

                                              a6e0e94a5118406a49967eff69e5f95e

                                              SHA1

                                              cb97b85f6c45cb1635a05e2ae678861758ffb5dd

                                              SHA256

                                              3757d9f64dc9050b4b4a880be38c563202f5d4e9d4bf5c6209abfd4392aba906

                                              SHA512

                                              11d5d98ee13b6c9da1d69b6958adfd3b078e6e4c887b056e33c59893be044ebe6fe74b3367959cc8248c2067ba54220e4333f63942da78f9cd0eef56da5222de

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_fi.dll
                                              MD5

                                              5bcd5010264333cbfb0005678db9079c

                                              SHA1

                                              67049ceaee6f1021cd4cd7b2886c92aac5d6b047

                                              SHA256

                                              3e1325f1f1f95d9fffc554d656720e19499ad8f658b1ebbfd4e4d1623639a6fc

                                              SHA512

                                              f32a204d75683bf6a26a60e0ea41db3048dcbeb868955adde28b16786b6be8a91587cc8432a8d5a2de70b151d954543f0477fb56b26be5f0efbe25dff89fcbd5

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_fil.dll
                                              MD5

                                              10bcbf6c7efd39b40c4d7819103f83d3

                                              SHA1

                                              dc870a07ab956e2bd519424553373e53dd50ff6c

                                              SHA256

                                              36ee1d98a48726048f1db8a34a474bd595d42836ef3c9f45ad8fc7876f6f5782

                                              SHA512

                                              cd4cafc77ba66912d3fd46fecc2eed59f4b19de1564c42948d01e0e8a5d1150f71d59827179eedcbe12cf4308fb13023eba30f1590cb70dbdf4df29eb9e495ed

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_fr-CA.dll
                                              MD5

                                              f443e9d9a090641a0108f2bac5f00332

                                              SHA1

                                              6e8efd1f83dc26490920f0135f36f2e91df08c8b

                                              SHA256

                                              ec194ff30119639d586d6bed4a57fa16cc7d1024f09313c55f54311f123bcb88

                                              SHA512

                                              892323d6497ab36a049f59e49de8c23e5ce880aca811c3423621585838bbdb64c0e95f62f22d9353ad3efc84383be52eab2797b8067fba66689763d0a9287f63

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_fr.dll
                                              MD5

                                              d60d8b7d2861cb74672a085694c4a080

                                              SHA1

                                              c4be46de53e224e53db055d17b3393edecdaa7bb

                                              SHA256

                                              ccdda5523459637f0d7b8766fd282b70c2849185dff5935dc2dce1cac89b0e80

                                              SHA512

                                              6836a47ab09acfbd526d0dedd46c16b7879138d2511afdb8321c615d122f3a7c51997fab1cb9407cc6ac6ad19862e25035b133f30e0e74cff50e7a0ea4b3baa3

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_ga.dll
                                              MD5

                                              13eb51cc09c9f16c2744daee640a5cbd

                                              SHA1

                                              eee30a7fd1fccf3dbae9c1dfa6d77122cb05536c

                                              SHA256

                                              9ccb338c76156396388f1bdcdd8ab56dddd3e7d0c9e58ad0d36f749a3edb6ec8

                                              SHA512

                                              6fe703743bc6db042561a9d84a4dc3219fbcf4b362808979adf8e89bac7a89ba39d5d4e72137dc74ac7406a89a057001b2cfe84715a5e26a7790353c56acf748

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_gd.dll
                                              MD5

                                              000f0f4c7002bcf241d5d4a93bdfced3

                                              SHA1

                                              826c174c8ccdc75455bf4a68051ad0850be05593

                                              SHA256

                                              2faa96d51684d46d93bfb700d518144bdb50cbdd73fe18e24a1f47d769cd097b

                                              SHA512

                                              7f83df76b5fa87311157a5388440b2737197381a4153c0f3ede0774fc9dc545875ebb5f3c274fde3e428b0e8c067663fed95c25be8be8e8c2de97d1d761027f7

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_gl.dll
                                              MD5

                                              82583acb95a791851f88d38726823703

                                              SHA1

                                              fa7da649160bb78939193f159060d6bcede11527

                                              SHA256

                                              b76cf107610560354caee4c9519b3e8a94376394a4abaa32fcec5ab1d83f976d

                                              SHA512

                                              d62868ea81a124bb07a655c3f6be7723977171102ae160b48460c2e466f2206ea98a68b64cc8e5e0a8a7dac1fcb10ef7c7fbdaaa4b67a2ff6feeea368e2969f9

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_gu.dll
                                              MD5

                                              b18de93a0ab6c5150128c1ce85871960

                                              SHA1

                                              82639dc738bb9b9bdaf37b1e487b51517e819cbb

                                              SHA256

                                              d598eb005612e0a84ebb5a6b38bb3b963ef10d3c97bc27d6b31d2a5225fc239f

                                              SHA512

                                              84454597904b5c20edf356a706621f2434c70cf22edd2367b20d6d3417112c8341d7aa4e9b46a9473311727288298bbdefce3118838588082f92a6a348efd2dd

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_hi.dll
                                              MD5

                                              a77de8d46c5da2a1d07af61bee8923d5

                                              SHA1

                                              752a6202592f979edb850f9cd48667cff85eea4a

                                              SHA256

                                              5a8471a73dcf56c3e65ef855c6c559ce36a52c40f061902106ed9ee1c80600b1

                                              SHA512

                                              76dd9ff39e8bb06583ed2547dd6f42b29346b2ddf9b4ad5aae19182e7f6b0aa491a71758cdf08bcee2f071ab477f6f22d0793ce5d41c83c267daf2a1823bc051

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_hr.dll
                                              MD5

                                              80af740b5c50c78d3f9821f3e8638660

                                              SHA1

                                              629c5ebb042870b650b6f78223b70ccf3cc39e84

                                              SHA256

                                              6b30deee4522880198b706250c919c4ce2f8b63481489f309b7fe5014ee655d2

                                              SHA512

                                              cba44d0d42292660a7a27f5b5f3781b353d4131d3eb3e4c74e08455f8dda64143b7757b2b0c62ac839984beecc4617a7e836f286de4d75d6d2ec458f334dfb3b

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_hu.dll
                                              MD5

                                              1e959547bab52467f7c7bfe671ae2f20

                                              SHA1

                                              40f98aa0e71d40333e9b45ebfb18440e4a9eb0c8

                                              SHA256

                                              6048c07a850c8378268d7331ed804ec2fbbaa0659553382f72a423ff738df9b1

                                              SHA512

                                              3442ec3f25c2e9b0441d8e6dc2aeb8efffdeb646d8b1d2c0125490d3d59551d11a60827d0b7beb8fd1cb5c41af73100d44edfa01e5dd42b53d05f738a7ee538c

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_id.dll
                                              MD5

                                              b6e391edc3d1a78dea08f684d06b1b24

                                              SHA1

                                              6167d7bf6df527354e3f4201510472b677c00bec

                                              SHA256

                                              5351fc8c0e42c1c4e33b5a04c24109398bf5a025ada9379d9a7b408c0623e261

                                              SHA512

                                              4fe94f41583f1d5638a59efdabaf44b32e1f83b0dc39d068261f7c1e663682ef9dea3e01466005faff9340eca75c0f2fa3ac65903133c82d44a5cabb0101cec4

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_is.dll
                                              MD5

                                              89067e8802d0ad17c733a647f0f68f39

                                              SHA1

                                              f06dc0f692b894964c6a2884c1e52032f3f25c2f

                                              SHA256

                                              aa80041ef7b479789fc61cc85c82a340d36ebfe40f849e914ca2a86332167e6f

                                              SHA512

                                              307d443ee5753066051d907339e6c4de9b2e2b18f33c2fece7a6c78ac26af9d1ed40c631baf86e4e724e5825856b68ae58cc307b21a2c723f8ca783348824a4d

                                              Download Submit
                                            • C:\Program Files (x86)\Microsoft\Temp\EU5C74.tmp\msedgeupdateres_it.dll
                                              MD5

                                              abd3a4a91ac6a253a658495fb7f6ea60

                                              SHA1

                                              ea00d0f58a9324a9b33c1b0840a330d529df27a7

                                              SHA256

                                              b4d1a7bc6fd4606b7dbc95d817202bd01493205daa10a930e2cc2b18d7604c73

                                              SHA512

                                              da1d32215921f6127658923137ad735e803e47b7ec70cdc0bb98ef738a2ff568c6d652ec12cdd41de6b2d6ab311df948b88927da009172d246a9c353145ecb59

                                              Download Submit
                                            • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                              MD5

                                              63f086d602ce9234dfda186d3e4e8f2a

                                              SHA1

                                              172e9a1ddedbea1110b20f14b96d16864e8dc5d3

                                              SHA256

                                              a304c2587fd542ca7ff1e80d4e3e01525f2fede34db522ce990865e145ff553e

                                              SHA512

                                              d44533cd5b53199e6a7daa155098ce44f43bc4b82c091b6efa9d0f79bc8c6ccb74782d072990f8e8943bafd14c07e686ff639b2c684fd2ceef865adba9717f5a

                                              Download Submit
                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved\1.3.151.27\recovery-component-inner.crx
                                              MD5

                                              b62629cb2f8f2566e417f8869373caab

                                              SHA1

                                              d4b3aeeda75d7ba557d646d3100dc30a9be13b1c

                                              SHA256

                                              e82878d45ab7120e9f58eabc9be08f7e25e34ed9a4728288d9275952416ad48e

                                              SHA512

                                              192d578f2ea77a63e784834c8af63818ae465312e60c7d7614204a3200b1f013454e66c512d73c331de74718d6f4bce13e727d3d167ee49fbb977cad964a66ad

                                              Download Submit
                                            • \??\pipe\LOCAL\crashpad_468_TWTDNOZCCOJJEHZK
                                              MD5

                                              d41d8cd98f00b204e9800998ecf8427e

                                              SHA1

                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                              SHA256

                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                              SHA512

                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                              Download Submit
                                            • memory/2020-154-0x00007FFD02080000-0x00007FFD02081000-memory.dmp
                                              Filesize

                                              4KB

                                              Download