d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
Size

1.6MB
MD5

2d7dc161bc1a8432ffabd77e6e9af669
SHA1

c481d959a2e7660ab279775d0458be6684a7de65
SHA256

d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33
SHA512

3e5c5db69178ced85b52a5273577458de4cb3e4ce731826849272f86be3c4f9266df76d84a9c846bc822c8cfcbc5eb6fc90559f7e7c5117cbd2f13eb1ef1b946
SSDEEP

24576:rwyo3roDgLtU66nwEIyy/I2i0VcmeTGFiTYSVNVb+uGwRnND3SMsVqwtYa:kyo3DLtt6ni7I2iYeTGFiThVNNFFo7r

Score

8^/10

adware discovery evasion persistence stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 22 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_107.0.1418.56.exesetup.exesetup.exeMicrosoftEdgeUpdate.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1388	MicrosoftEdgeUpdate.exe
1492	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
1924	MicrosoftEdgeUpdateComRegisterShell64.exe
2004	MicrosoftEdgeUpdateComRegisterShell64.exe
972	MicrosoftEdgeUpdateComRegisterShell64.exe
1664	MicrosoftEdgeUpdate.exe
1828	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
1904	MicrosoftEdge_X64_107.0.1418.56.exe
1044	setup.exe
824	setup.exe
1732	MicrosoftEdgeUpdate.exe
944	msedge.exe
1060	msedge.exe
1216	msedge.exe
584	msedge.exe
1812	msedge.exe
1172	msedge.exe
588	msedge.exe
2156	msedge.exe

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe

Registers COM server for autorun 1 TTPs 37 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exesetup.exeMicrosoftEdgeUpdateComRegisterShell64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\International\Geo\Nation	msedge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\International\Geo\Nation	msedge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\International\Geo\Nation	msedge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\International\Geo\Nation	msedge.exe

Loads dropped DLL 64 IoCs

Processes:

d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_107.0.1418.56.exesetup.exesetup.exeMicrosoftEdgeUpdate.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
1388	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1492	MicrosoftEdgeUpdate.exe
1492	MicrosoftEdgeUpdate.exe
1492	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
1924	MicrosoftEdgeUpdateComRegisterShell64.exe
1984	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
2004	MicrosoftEdgeUpdateComRegisterShell64.exe
1984	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
972	MicrosoftEdgeUpdateComRegisterShell64.exe
1984	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1664	MicrosoftEdgeUpdate.exe
1388	MicrosoftEdgeUpdate.exe
1828	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
1828	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdate.exe
1904	MicrosoftEdge_X64_107.0.1418.56.exe
1044	setup.exe
1044	setup.exe
824	setup.exe
824	setup.exe
824	setup.exe
1400
1400
1400
1400
1044	setup.exe
1044	setup.exe
1400
1400
1180	MicrosoftEdgeUpdate.exe
1732	MicrosoftEdgeUpdate.exe
944	msedge.exe
1060	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
1216	msedge.exe
584	msedge.exe
1216	msedge.exe
1216	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

setup.exe

description ioc process

Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce setup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

msedge.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce	setup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	msedge.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe

Drops file in System32 directory 9 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exed6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exeMicrosoftEdgeUpdate.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\EBWebView\x64\EmbeddedBrowserWebView.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\lo.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\ur.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ar.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_tr.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\msedgewebview2.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_fil.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\gu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\es.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\bn-IN.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\mk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\dual_engine_adapter_x64.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\da.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\delegatedWebFeatures.sccd	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdateBroker.exe	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_pt-BR.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_az.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\BHO\ie_to_edge_stub.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\icudtl.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\psuser_64.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_bg.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\msedge.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\eu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\msedge_100_percent.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\da.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\sr-Cyrl-BA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\fr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\kk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\ug.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_lb.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\fil.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\ta.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\nl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\mip_core.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Trust Protection Lists\Sigma\Other	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\vk_swiftshader_icd.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\MLModels\nexturl.ort	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ka.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\cookie_exporter.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\sk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Trust Protection Lists\Sigma\Other	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\msedge_200_percent.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\te.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\NOTICE.TXT	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_te.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_mt.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\notification_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\te.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.56\Locales\el.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ta.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_sr-Latn-RS.dll	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1044_1015777680\107.0.1418.56\Notifications\SoftLandingAssetDark.gif	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3FC8BC12-6529-4CF7-93D5-68187D02130E}\76-03-fd-b3-6a-ca	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3FC8BC12-6529-4CF7-93D5-68187D02130E}\WpadNetworkName = "Network 2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3FC8BC12-6529-4CF7-93D5-68187D02130E}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\76-03-fd-b3-6a-ca\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3FC8BC12-6529-4CF7-93D5-68187D02130E}\WpadDecisionTime = 10d364f1a900d901	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\76-03-fd-b3-6a-ca	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3FC8BC12-6529-4CF7-93D5-68187D02130E}\WpadDecisionTime = 60ee77b4a900d901	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3FC8BC12-6529-4CF7-93D5-68187D02130E}\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\MSEdgeHTM	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ = "ie_to_edge_bho.IEToEdgeBHO.1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

MicrosoftEdgeUpdate.exemsedge.exe

pid process

1388 MicrosoftEdgeUpdate.exe
1388 MicrosoftEdgeUpdate.exe
1388 MicrosoftEdgeUpdate.exe
1388 MicrosoftEdgeUpdate.exe
944 msedge.exe
944 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description pid process

Token: SeDebugPrivilege 1388 MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege 1388 MicrosoftEdgeUpdate.exe

description	pid	process
Token: SeDebugPrivilege	1388	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1388	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_107.0.1418.56.exesetup.exe

description	pid	process	target process
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1900 wrote to memory of 1388	1900	d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1492	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1984	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1984 wrote to memory of 1924	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 1924	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 1924	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 1924	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 2004	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 2004	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 2004	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 2004	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 972	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 972	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 972	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1984 wrote to memory of 972	1984	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1664	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1388 wrote to memory of 1828	1388	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 984	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1180 wrote to memory of 1904	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_107.0.1418.56.exe
PID 1180 wrote to memory of 1904	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_107.0.1418.56.exe
PID 1180 wrote to memory of 1904	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_107.0.1418.56.exe
PID 1180 wrote to memory of 1904	1180	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_107.0.1418.56.exe
PID 1904 wrote to memory of 1044	1904	MicrosoftEdge_X64_107.0.1418.56.exe	setup.exe
PID 1904 wrote to memory of 1044	1904	MicrosoftEdge_X64_107.0.1418.56.exe	setup.exe
PID 1904 wrote to memory of 1044	1904	MicrosoftEdge_X64_107.0.1418.56.exe	setup.exe
PID 1044 wrote to memory of 824	1044	setup.exe	setup.exe
PID 1044 wrote to memory of 824	1044	setup.exe	setup.exe
PID 1044 wrote to memory of 824	1044	setup.exe	setup.exe

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe
"C:\Users\Admin\AppData\Local\Temp\d6afcfb03ba7fd6dfb005f70684587646cc1a300e2ffe8425ede3bb56e250b33.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1900

C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100"
2⤵
- Executes dropped EXE
- Sets file execution options in registry
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1388

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1492

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1984

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
4⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
PID:1924

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
4⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
PID:2004

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
4⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
PID:972

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTVDNDRBRjktQzc4My00MjJBLTg5NDctNTRBRjdDNENGMjU2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0M5N0MyRjdCLUY5M0YtNDMzRi04NTg3LUMzQjYzMjc5NzI5MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zNyIgbGFuZz0iemgtY24iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA3MTc2MjAwMCIgaW5zdGFsbF90aW1lX21zPSI2NTc2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1664

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn&brand=M100" /installsource taggedmi /sessionid "{A5C44AF9-C783-422A-8947-54AF7C4CF256}"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1828

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1180

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTVDNDRBRjktQzc4My00MjJBLTg5NDctNTRBRjdDNENGMjU2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0U1MUU2OTFGLTg3QkYtNDAzRi04NjgzLURGQ0M2ODQ5NzYxNX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iODkuMC40Mzg5LjExNCIgbmV4dHZlcnNpb249Ijg5LjAuNDM4OS4xMTQiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDg1MDIyMDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:984

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\MicrosoftEdge_X64_107.0.1418.56.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\MicrosoftEdge_X64_107.0.1418.56.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1904

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\EDGEMITMP_A0D22.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\EDGEMITMP_A0D22.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\MicrosoftEdge_X64_107.0.1418.56.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
3⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1044

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\EDGEMITMP_A0D22.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5899A3A-45C1-4286-9756-C7E6FF6DDA5D}\EDGEMITMP_A0D22.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=0 --install-level=1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:824

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTVDNDRBRjktQzc4My00MjJBLTg5NDctNTRBRjdDNENGMjU2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0E5QjZBNTQ1LUE3MjMtNEFFNS05MjlDLUYxMkFDRUFDQTBCQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA3LjAuMTQxOC41NiIgbGFuZz0iemgtY24iIGJyYW5kPSJNMTAwIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU1NTgzMDAwMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NTU5ODYwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Nzk3MzE4MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80MTc1ZmMyYy0zOTU1LTQ2OTAtOThhYS00MGE0M2EyYWJmMWY_UDE9MTY2OTk3MDUwNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1nTm04dWplVE1ac2F2V2NOeGVDRzZ0ZUZqQVJ3YnNuRzZoaWF1SXM3VU9veWdhQUpVNkZYNk02TkZXUGhjNjNObXdxbERHNW9Iang3a3lZajBrbGxLQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjEzNzc4MzIyNCIgdG90YWw9IjEzNzc4MzIyNCIgZG93bmxvYWRfdGltZV9tcz0iMTk3NTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Nzk3OTQyMDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjgyMzM3MDAwMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzIzNzM5NDAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEzMjI4IiBkb3dubG9hZF90aW1lX21zPSIyNDE0OSIgZG93bmxvYWRlZD0iMTM3NzgzMjI0IiB0b3RhbD0iMTM3NzgzMjI0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MTE1MiIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=107.0.5304.110 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=107.0.1418.56 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xe8,0x7fef6aeb208,0x7fef6aeb218,0x7fef6aeb228
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:3
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=zh-CN --service-sandbox-type=utility --mojo-platform-channel-handle=1476 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:8
2⤵
- Executes dropped EXE
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --first-renderer-process --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2152 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2160 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
PID:588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2416 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --lang=zh-CN --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=2424 --field-trial-handle=1324,i,2191270712876208372,1106569719683432191,131072 /prefetch:1
2⤵
PID:2376

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\EdgeUpdate.dat
Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeComRegisterShellARM64.exe
Filesize
179KB

MD5
f5123f139892be31deab7d210a15ef4f

SHA1
48caff4c7d647d5b4ee15b076a349abe8d16a540

SHA256
691436e3fac197330b10d3ef9866ba9d1bd86e7f5ee731f138add7695120efd3

SHA512
cbd00c73271d175c78d79fd1440b785362f460ace38bdce6703f397ebe2b838d6bea1702b1a411b1516f455f8ddd67c27461a52e8200aedea372aa5f53e24cb1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
05a73ef9cdae8d3783e99fea3d3e9841

SHA1
c77ed6ccbc405b49ee3fb757a5bc9677f0a45823

SHA256
981ac233a928a5e68ec9b269ee059996e09396dda7205d41d0f283bda24a7941

SHA512
023ac5a8a5ac29f811a8fd7c87fc163d9b6913de89a732305bdfa52aea604598fc93c45559f41e9d1eb622a31995e1f97b48121eaae98193b81f5da7c31e55e4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
05a73ef9cdae8d3783e99fea3d3e9841

SHA1
c77ed6ccbc405b49ee3fb757a5bc9677f0a45823

SHA256
981ac233a928a5e68ec9b269ee059996e09396dda7205d41d0f283bda24a7941

SHA512
023ac5a8a5ac29f811a8fd7c87fc163d9b6913de89a732305bdfa52aea604598fc93c45559f41e9d1eb622a31995e1f97b48121eaae98193b81f5da7c31e55e4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
Filesize
212KB

MD5
97ddfcc4dbf9925a7291502c51015e43

SHA1
91f833f8f02ea03a480d614151285a29d8ffd10d

SHA256
c00fec19989b322e7a17f73142a56e516c41666b781d598efad2f07ee66f4760

SHA512
c69a657159778a9c894c7f63cfcdd5263291160e6e6803238d822c52bc1ce08774511259626cfd87d3f441cc44ab6ec04cf5a6544965c653d2858b1478de16cd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdateCore.exe
Filesize
257KB

MD5
a3ede53f7ef455e5f6692f46d1b6c694

SHA1
e86becc21c7910f2f70747d637ca2c84453893a8

SHA256
598a8a594937cdffb664c84ffbc83592687a1e92c884e88c71da591bd7429609

SHA512
befaf6eed25d05f79935fb988f82b452ffb3bfd0a56bf22bf0600b3eb556cf521af04b93244aec9bfc68fc1018dcde8268fdaf6a0b6221b3ac1e18ef0fcaebd0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\NOTICE.TXT
Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdate.dll
Filesize
2.0MB

MD5
2cc05aacc62dbbfb2f419482fcecb2ed

SHA1
dca7941ac0c6f519b629f8acd8b98352f05aa290

SHA256
68e1f3aeed0c9cc2016fb3832207fd9d1696e0457ed826ccb2609913da4883ed

SHA512
d74baa5e1199f32a8558e46d23bd60288e6f7702b28ae9c856b79c2f401abf095a08c1081ede742a7c90a89faf5015506d4f7bab8de824af11261b2e330d8bc5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_af.dll
Filesize
28KB

MD5
8f82cfc1f2180b4608ad33918a31dbdc

SHA1
151b0e225084f3817fcb794d242b4b17d2ac878f

SHA256
44a5ed301a10a8dcb32fdd509757da7535c447bff9618caa637fc89acc52a011

SHA512
8b061f2d00d3ef4f3f987dcd216795fe046f28ad3ba85d6ff5f9775e3dd94650b6b09ab698692103b2d620846211f4946710ee497594dc44f94718466f5f5b79

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_am.dll
Filesize
24KB

MD5
d64cc59bb717c2b9b780cfcd9102596b

SHA1
799e389f70cfa8b6480a9f31b28b5d80941046c7

SHA256
1dbd6cd911b5ece2759ebb71948ac8340ce748ce77ae588a03b5d1afcc4bad76

SHA512
20bd0ec612772867f1c66886152aad2c8dcb0cc5f5a056d20bce05a1fdc1604f44270b42d3028740c0ec4ae053e39dc5d0c8b559532b166fbf34b73753ea1895

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ar.dll
Filesize
26KB

MD5
bc444e9192dddd43a64bd7f05aa2038c

SHA1
e0be9224ea664c3401ba58847233d6bd3fca19dc

SHA256
976a16f186866974de5b2e712e93674e4121c9827ab9399b8762c8067b7a0894

SHA512
837d28049d02f5c79b55b8ec898a2f58f26e7c5e9093a41d05cbce911f9d3b6c554c39737fb39dc8a937ecae31949d2035925c5f388170ce6805bded460ee833

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_as.dll
Filesize
28KB

MD5
b0288b95a6aceee7de14c886478d3205

SHA1
8ceca13af957c28ddb86cf0347e30d172ce069a2

SHA256
e57f37badf1f23d9821b7872717ce4a210e3948099f0a27fc8a50c90b522f87b

SHA512
a487a3ff13b3ade55808093c24997ba1e353c34b43104af39c417b6f040d5727b85896ee7a06069c57e8c5f3e6c11d35d517f6a25859e41d65b94c8974f97dac

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_az.dll
Filesize
29KB

MD5
ae37298c5914a9c9172931fcb7a90825

SHA1
51bedc411c778e52863ce9db1902dca110580b1c

SHA256
d438840d81a749e87acd5a1162f7e17ea8b284844b921d8f25320f8f3d1ce4d7

SHA512
40820c95cf2d45f561a673219c28cffdbfcb2319236536c10a717059059bcf62ff81db7730e81c4c67a641e2969da4aa4abcb15788f7bddcaa528459063edac0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_bg.dll
Filesize
29KB

MD5
3bd46802c062a780341350c042a5455c

SHA1
ceb142bf02a80eaabab04ae383f3fffab59748ce

SHA256
ef02cef7ce51a03d5d34cece843bede2d3d593287414463a0e3ae354da82cf87

SHA512
dddb0432528d0c38556e578070d4cfa922a76a0d64d82c3fca23f34d2fae472a9c201f9360c883eb05438d260cf05db2d8ed0d70dbda2af9c44c8e67e6f8ae83

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_bn-IN.dll
Filesize
29KB

MD5
0342fae4c5816870b1f89c53ab6c32c1

SHA1
d8c823ed491b7bfd7a1e19608144bc8aa0ba521e

SHA256
1796f5867d972b4096b002f856e24881eb6523ba46a1dd30c05598ac9689b6f6

SHA512
3d8bdc961bf96cfa60308c968759a6a43284f63e47ccee5122028d871dbe4590d4e8fbd997fb54b175331cd53d4f6d61001cab481ddc9cde57a4cb686db16806

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_bn.dll
Filesize
29KB

MD5
50feae66730d0a430e90d36fc9662adf

SHA1
7a93d22ca160f636615e03bfe5af225147c8355b

SHA256
3772f79632710288de0d6fcd95529c67b4727639cc93eabdc5649baced807e9d

SHA512
6cda7db4dceafa257ebd4ded7d03d4cbc37534a5585efae0bdc288d2fd756b30712073afe0afb031ed940b1fe0acf15e4a8c42f81afe24e5cf165e742310935d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_bs.dll
Filesize
28KB

MD5
a3889fd87e113518e37209d06d87331b

SHA1
f90121fddb8d61bd439cbad9ee31ca2a23e47372

SHA256
f614887b8bd7bf37770433d47e0aabd0ce5ee516f227e694125051db8abdfac2

SHA512
0ad0ca9c357c520c19a3eccf57471d56a0900269c615c038644026732fa7273f76cc1da3d0bb05697a5a8c6d483de72aff7a57deff36eea9f40452012ac933fa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
Filesize
29KB

MD5
021041453eada7c500dd7d43c5f60a83

SHA1
4908b5e75ea8a01d86187c83896a7bc766799da1

SHA256
6c098cc5033ec06eedaa0328ae5c45f879e9624c0d076e9fe6bf33c2a929f751

SHA512
94b725c570730d10e40822dc18b9b2282cd02feac2b78ff8dd96fd7b0464dd5a53f8ea6894f1767c0f1e7ac8798ce3f5195d3f19e676a42ed40bda664040d898

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ca.dll
Filesize
30KB

MD5
3c6c5d804bd0c30f35dd44923b53c429

SHA1
e0798b42e741c125d67be3d58b31f4c225160c37

SHA256
d695c8fa8c93b57092630ee2d6286887fd6f8f91b1253323c0ead4fb310591b8

SHA512
ed1d31f9de7a8110385a9ad0f51c1d19f0564839977eb609cfc4d8791f83f1901b70a4f9cc5bcc1a72771dd0d05a98f921921346d9fd4fb29a5098d962466987

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_cs.dll
Filesize
28KB

MD5
08f9879b9261be3a702646984b6fbe96

SHA1
327ceaf251659f94d0dfd547d12e48cf6a9227b6

SHA256
a9917eb0b2191a53284f33159dd746f763d2314648b4ba93c4d534e7bf9ee28a

SHA512
79f7c9545972d91552fd301e686cacedfd6c74e459a3e27801f567a017fb56e58aee5819cf1a247cf66402c4190aa88ec58a6c6b4dc0a76c85e66285bdf809b9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_cy.dll
Filesize
28KB

MD5
5d2a6de66dfeb5241ec5574bb6fea786

SHA1
34ac86208ac0e92bfc685b203a3130db4dace94f

SHA256
82e2c75d76d1315226d6283c02940fe750ebe9c9dfd8dffc29226a2180967f0c

SHA512
a9b0d5fc29c5897d6b542e25b2ecafe2d8c8f917714ed82afcb0ea3dff7e6e8b83ce340de36a7c2904ce9ab21a90c32696135b158124e6e61888c971d0611784

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_da.dll
Filesize
28KB

MD5
6ccf39d9c3834276f7f1198be0ed0b98

SHA1
dff2e1e1c0cb97032c92f98877b6c81b494e2ae4

SHA256
41beb17ba1215d85b95a7809c978cd6132d405afa016b5564a01b8060bb55c02

SHA512
f8c80738d8d8f7afbc2a5f8c7c37aec9d88199974470eb58acfc9a8a4a7570b0d295c54ea7db2b902384ac8ae83dd52b7978d84a0f38e7cfa74cc5defa7e9f90

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_de.dll
Filesize
30KB

MD5
5e467b6c149791ed06630140fecb4c97

SHA1
a000efd07c5f36ab396346f6818e0b3f7c168e21

SHA256
ab91a0d6cfb528af7b1d6bbd987709a5f928b99d5e5308db5826313429fa58e7

SHA512
1aecb295393b61c3767f75d8ee66b754841faf10528d99f6f17175d8a52dab1251fc262a3f6de463d127d33a6dcfa9c38db6d24b540d562078709989897b6aa7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_el.dll
Filesize
30KB

MD5
eeeabd00c9481bf83155b9304bae7fdd

SHA1
71ccc3d9aeb29b30d40bf1cff449d7a173e3b4c4

SHA256
0c1d82acff3ab5c1b274c2803566c88bd5cbb77b82230c0b5e7b30a26d507aca

SHA512
2f196a4e499c0908007fd254070018a4751aa8e89f20e9c36e27a575b3a9139793b278c30811a92946de0781e1b976645b3cc518700119b5951a982a23d857ec

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_en-GB.dll
Filesize
27KB

MD5
2c58fc7a937a24dc8ad77337ff6577c2

SHA1
dba73f9ee4697d45b21c0103888ef03b9753b0d6

SHA256
cf85115f48bfc1d5a7dea0c89049abfb118da803f37b08bf02a0769019aea684

SHA512
f7025b557a02ae99ac097d7bb85d290ae35ca46a726a078081e38ab20d3ccd291c6f094eadbbe1496f3e943728a17f6e2ec344d1f9b06f5a02ec47e5c50aded5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
6cf20567ab4bdaac0a3bb9c0314be71e

SHA1
c5054e05335164afe1848ee9ffc5eb187f707b0a

SHA256
5efddcde709e05a7a603758ce19ae75a9683aa3aebd566094387a601c9c20f88

SHA512
0e6ee9c93abb1b9eb09efdd3299a56abf645f37d1c36fee57867d6087047fa4245ef9f1239617af2aa43d8574e237c6899b5b71f9bb0044315ceeff9c1e04ca6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_es-419.dll
Filesize
29KB

MD5
f0dfe4e6ef7da24089666d3bd577b52b

SHA1
a89b360f0b792773b63be8d92feeb647b04b4ae6

SHA256
64d3ad890010b4c076f25b0fe3f1d673f990d3d419e621d48620f92613d35164

SHA512
cdfac789d428d075dc764482ac1e87154421fb55ea4cd675432b9311a576630dfc40704745eaf1c8373403fe16d2ddf5e6db4e6863d4f598085ff8066fbf3689

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_es.dll
Filesize
28KB

MD5
3481d8da98329ccc202181027f604201

SHA1
561d0b9a308a4b99b33d3b4b1b397fc3026c5322

SHA256
648f277ee72b145691f6552843fbb7c27027ea2fef66ca9faca851cd6802b54e

SHA512
f85710663104a79b567ea6484987fe6ee7ff07fc709be8352749f79f0c639f5d3581fd957857bd014b9d6f555573ab3578796d03e815d6ae549850ff7c7fec2a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_et.dll
Filesize
28KB

MD5
84ab4cfc49d385b39f4be1f60ed7dfda

SHA1
e739450a7c51ad3efd6ed8c314865bf674c7ef33

SHA256
d8aba0f7f1b8efeb9299f467f3688241b90daf71082ec239dcd1d12ca9471415

SHA512
b86078190684c467aa1f035d86d4f1ac29b75943e17e07f3e6293b7aed332bd47f309f5754c5d95abc452bd1525b933c66ae8ed072bb90ab66813475544a5ae9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_eu.dll
Filesize
28KB

MD5
9961b537bcf4ca25046610dfeac522d1

SHA1
a45c63af20e23d4e39528e1adf6cad75b3d94534

SHA256
35933842e2224ea3c969b93ba0892afeae45b7f63e41442f049cbfb48a5a38f3

SHA512
77040bc71512d0c0cd1cc93951c008a1a8d5d82404b490894de2ef0882c4eee73639b43f198ce2646dd4ec87fb6c4f6ad842c71a804f465c3f759e7ec7a93346

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_fa.dll
Filesize
27KB

MD5
96299418eb52e4a327398cd3fb1f5a3b

SHA1
f1efe6533f241d336c2c0fbd2710402486f4f4de

SHA256
adacfeaadb2652eade235deadb8bc8037d36fee8e61bb37827c1fe1a38dedd7e

SHA512
9c863c15009d31300652c2d70adbca35322905386c93052cd60543d19a165137e3edd89af70e1790a94c125d2d98e92af8fb985a25bc2052c5458e04ffe89d27

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_fi.dll
Filesize
28KB

MD5
b328ed4cf9f38464280a7145f4a1fdb1

SHA1
30c18b07cdcba45bc7320793c2c91f66325ac6b9

SHA256
7b333783f74a0b70a97fdfaab2811128c11bcdad6e178731560864cef9cd371b

SHA512
dad9152040b68b8d2b189a83f1e6ff34a0cfc6772beca99e9731dc8189d0f511ff30fafef309911bf4fe7cdb7b9d7a5de80ce03a53fae6f71722cea43409d631

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_fil.dll
Filesize
29KB

MD5
1a09eac1d844cf3b3a9e9b8eb790d3b6

SHA1
7f26e851daac329c4a62b0b654ac798d174c290a

SHA256
694b8c816a5bc1715f3ee7119d6d91d358ebc5e2b1f77b2bfda202fb5d9ad40c

SHA512
a51022c136949c439f31a9a86a79ab7e57223ad8a3506019f9a26a85ac3aa5ccaa118956ad566d80da8fc7b241d5a03562b635ee47e4c6589b75c42102751320

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_fr-CA.dll
Filesize
30KB

MD5
94b19a612453bec8202e5c1150bb9266

SHA1
16cbe47c563066d14f21d82602a5bf7cf4aa3b36

SHA256
76d4c3eb1bf1c2c07c092d59fab25c9a4438d992f17afc7e63e5cbf593bf0b64

SHA512
05217af1e4957c3db9dda06fb9f41f1cc776872ad5523e2b9a1469c3c975a1b238cb1c183bf2ffccfeb3877513bcbbc7084d22d05de4eda5c22e6a18f36d37e8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_fr.dll
Filesize
30KB

MD5
53d27556e6571ba4498dfd800a12ea10

SHA1
1e150df8077ae6dbcf3ec9f94f59fd31dcecd553

SHA256
b047a1c5776ec3c1262f1e755dae2302bb289a0f455dea5d0297d2d9e5777819

SHA512
a17287b2327a44aa61c6f1df75948de64ee0696a4168aa36a2ae92f20a7d99a045f8aab21ab22ba08e0c14f4ce158ebf3e112651dc459a52d8628754e8ca1e29

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ga.dll
Filesize
28KB

MD5
4f13fbb3453425c61cf18e45164cfbce

SHA1
7d96d84adfe06bf6c3bb3057489d88b593f7b09e

SHA256
81e75b16574e16cfe8ba086361c6bf18bba4fd48429c204a8d141654af2435dd

SHA512
e006402453a28bfb2ba1671e754f95c99496dabb3e14819782bbdf24295e9c4bda02a0bc809bc835e0a714678048a4d086225e6d57e52667057b5324d1a1c8d5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_gd.dll
Filesize
30KB

MD5
9965e4bbc4abbae200ca90bbc6685d30

SHA1
44fcecbfbb0f6bdb10ba0ae4d6356076e79ca92b

SHA256
03f8258bbed60aa476f24604a8796d3fd72d71476dc1acb64d27e0781c99f645

SHA512
c37694007e90a781b3c60a78f6e8590b9b14af693bff366b6d153dd735c1ce82baf7756bb3150f1c0ac46f8e5a3c7458b4b99390a2d2382974150e797cf5d92a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_gl.dll
Filesize
28KB

MD5
3cd18b2793c5c1e236665edff542c5c9

SHA1
19cf9e6f7cb4035497109727057c7576ee8a6be9

SHA256
8dcf55a3dbf6abd8d7c83504ff0d65392db69787bec04c3e24c45d6a85d5cab6

SHA512
e4842963d4d38b69b270d470cd8a1210b04f99977c5cc52ad347370dee941a58cc972b05d24ca5f282ead0fe64dc1b75c2823c21747a06f8a08d121a5b54659c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_gu.dll
Filesize
28KB

MD5
a5b720700d4cf4a9a6857c498ad3d11c

SHA1
7bab942accaf6fb49b4a6fcc95bffbf94035ec95

SHA256
5a40acd26fc6ae38de8352e33d3df7f26af589afd1423314049c08354a9d4161

SHA512
05a5849dc76d2c51d57a6f4d1c7d6cbf22361ff79c6f1b5250269c6f5d232e0fc444bb56ecf2860bb0074219a2c47d472cf6873e78b3c39fd0e4a55d266fecab

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_hi.dll
Filesize
28KB

MD5
7b9952adeca48c3d0da0cdb2cdce685e

SHA1
79c6d438fc8cfb713394eb0a9f6137759d3b72ee

SHA256
b87cb0adc1de86875dc2504eb7d6d287a579595c42f51e846764ef46a2be738d

SHA512
8098d6989bb1907119a4373a724f34d96b5f57c72202e9d28a18bfa91e35bc50c7c3ed8579fdd9cc725a8cc9a86eff2bdcce526b593fa9f3b6b7137dfb8285eb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_hr.dll
Filesize
29KB

MD5
6b44ba6e3a3ea1d140004fc74ec5af2f

SHA1
598d643751cf123158a1165b2d788b990b82b5d0

SHA256
16f88d8459c5516431c8c922827f63c5249fba45db24bddafce320dcf540c209

SHA512
825ad207046304c14fa6a86b77fd599c3d7d7f25b383209df21b43291b6552540b0895b4d351a3aac7074b9aa2db1990df615e603eabccd08c3db6c8e1bbe5cc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_hu.dll
Filesize
29KB

MD5
70f6d35d85161494c2ac51f08cddca3c

SHA1
810875523114508c8a42fb8750b452a364c5ada2

SHA256
57ad2a58174ce76210319142e4de70341841b501b1b56715b13d786b32aa21e3

SHA512
3d3fdd3ba6e2727afe39c24d5721edd0b475ae809a6f70f569daf97915a750145e364d7db18658f012a798b5691bcfd536e09c895f287b4bf9b9fca63e3af680

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_id.dll
Filesize
27KB

MD5
bfd156ff8976cc32b0347e842d0c9510

SHA1
11e52be1a13e400ff095f52b0f5e79c1837338e5

SHA256
056a58fa513c461bb3afcbb1bfd0a3874b9c9ae76f307e329f666babd890802d

SHA512
72633849e5f2b66b8885d65c6aa60425168b45d4d784edb0a4d97bd414382635057f28b875cc546e6e5fb2ca5074f9a8f93991618baef6f10c97cf257732430e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_is.dll
Filesize
28KB

MD5
0bcb48255d3dcefd404ab32d7b9e985f

SHA1
09e9e3f79115df8468f22188ca87e7c76c8116bf

SHA256
bd0416f18580720fa1f4a498109c3c3d7a1d4c7765d8fe6d96aa37cc0942b3d2

SHA512
310e45987188325dbc0164812defa293c4eaafde1d0950527aaa91968b8580003fe884a6a2058f5cd33c369de4d68a9f66f02ba8cf70a0959557c9e2547fe2d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_it.dll
Filesize
30KB

MD5
e8bef25bffea9568b2d8730a058245e7

SHA1
03de05e90182c1781db8f40dca8229174798703e

SHA256
901e8952a73c1ad86f02e15395f8089dd7c3739445b3d9ae663e523fb0d89c50

SHA512
dac653fff648d540def0f04b45367147080fe3def6112fd034e078b433d6a274862de750f4f493581d573c07e822b943171f41dc5fc30dae7ee97090094ac80e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_iw.dll
Filesize
25KB

MD5
ff06b00720c57890dbddaab0dbef3247

SHA1
820f45f96410da56711476514887f13bd567d3c3

SHA256
38e462eab64ab465b93563b74294459ca401a3581b9d55e58832ce0477344a36

SHA512
cb7728eabe4ce0a6cb401df91fa2fd22559d03707d17870815a246098a53bc2c11ff37057409ca7d4ed514b1ff7180b48c69ee871a5300ec1c600a51f16af6a0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ja.dll
Filesize
24KB

MD5
cbf3b736eee44c0b5ad46969e550d5f8

SHA1
a553d97853a181b07d9a3548060a1fa83d43bcd2

SHA256
389b7a9c401bf6ecc848484f1bb4543732eca5f73d4c9b70a46513362dff6660

SHA512
d7880d7df490952e87a8267fa5907faa3cebeb431c3bbc8334296f68d94460b055eabc5b405bc0ab721ef08347689ce98c97ad7ecef6be5fc3e3e43c914b8d52

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ka.dll
Filesize
29KB

MD5
9448e0bc9bd46181fe505dd3c9145ecd

SHA1
a1197e11572fc8d3bcdda9caa448904d5436f12e

SHA256
bd0964f7ab39cb21d36cf80e7276c824c78e332636fb1e31b5ddd395254eaf26

SHA512
5180e4846c2610a77c33e2475824b627456e64f492d3383f29ea27e37c87a4b6b56ac8a7647df71ecbd3e2aba8d89a2b8a0a43569d032d9017d35799ef61c06f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_kk.dll
Filesize
28KB

MD5
a45eebd5578fc5f92e195f68de6af3ed

SHA1
e4978fc867d9d8cd4565383b3141b936746e7d53

SHA256
670de377c3eb316ac6b977660762b203258af20fa054ad4911b5585b1eb99c3b

SHA512
80a21647a867815dca8ff24de4e6a1e5c039187f5db27ff77ec5bcbda0bd586e0645b763b13df22e13e2b2f2044c0f9c46efc8c1a4adaa21f7a1137bc530f571

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_km.dll
Filesize
27KB

MD5
90c4ec8c01b9a929f4ac8a29d61675f1

SHA1
1dc052e97b71e68ffa614e8a195ba99b6cce670d

SHA256
e98f925b023228cdbcadde47e5be799349a78ac9f28f4f651150811834b7567e

SHA512
300eceedc9308f78e1151a50d96e34572ca956c68a2d46042ff39825a23219e38550ce01df80acdfc7e06854a1f5788dfed141e693b32f8e4e2c1d1955fa25ae

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_kn.dll
Filesize
29KB

MD5
f02b1b9ec36577f040a37ebaf7d2b138

SHA1
2a3b2490391c8d253e017d399b86fbc29ad12f32

SHA256
fa82dec4e559a2503658d3c5189078280f1441bedf9e8c3da9144913cecddd57

SHA512
7491c9193a1c69a37c9ce9dc0f788bd2392644e040c17ca9afc71251cd0378c4efaed15e68073ee1fd4c5ad9d3faca78f0baf09f1d41555edbc7e6cb3233df57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_ko.dll
Filesize
23KB

MD5
54b6789d2b1fc0073d182c996c85781b

SHA1
87ca0b231c916b269e423a0dbc1a526cfab8a60c

SHA256
c9d8a2ae83e667bc10cd8888f380c979ddfd7d17c0452c93be1d935a7961e39e

SHA512
ed08ce52a0871838f412af9be7ebe271b16c253d0c73c2a73955382c017a013379d02d636b00759817df808839461afb791525df26f37be51293e8b1c379f9df

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_kok.dll
Filesize
28KB

MD5
a10aa79e49a2fc9fe07e0e4846f18959

SHA1
37111d97a5b3c6f350a5272c9fb642c17fd9c771

SHA256
9fbd110162ab8bd31902ecb12e7cbbbd404eb14d777b03796a90a8acdcbf334b

SHA512
ed136d70dc6185376ada6d03d9905eed3477ac77d71d17d47a7f0591f69db854dba4c48dabd54831e1939d9b4da41f23cf5ed9c13f20b1c2ff8446b623484a87

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_lb.dll
Filesize
30KB

MD5
1dc4c2bc2db9f61e142b3cb56b643aca

SHA1
4834304c33903bcf2794c55692f4aee01340d0b5

SHA256
3579242a1eefcdc969b53a8dbf06e067bf966fddaed8e8631fba7a54f6634bc5

SHA512
a7be4fea16f0e60b5e38cd41ecc5e3629898d6672bacac984696ec9558774f5ae7c20c500d90096bca612f15e53a0be1a7476501be5960a26c3297f8b4154ff1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_lo.dll
Filesize
27KB

MD5
6b13181b23769db1504a148f320ce636

SHA1
8df705e3a8a3c7ef49842510b80e073778c4210e

SHA256
28129145a1c5de79255b051668690cd149e28b6c31011593d4199a17e1466123

SHA512
97e49e86f7ec7c991b5f3b063bead17c7c59428cd010e15384b6b05d89bc395f15818cecdef26cbaa660c171c1c6e6df431a6f3ea461308ee0635448a302766b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_lt.dll
Filesize
27KB

MD5
fa2e6f380c64f6f604e2cec5f27469e6

SHA1
c9889aad92042d1f6a9285b68ad486844d91bfa2

SHA256
c61e19968e3c1a9efabf15e96652141c790dbec44b933f557847cc64ac3febe4

SHA512
49c14354fb4ed19168a7c628b775b7701a124bbf10371b50c3a8845506d20f0e909459ab337b6f34bf539062e7660234328d48a3f96fd4d3b7156d92d7c870c6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_lv.dll
Filesize
28KB

MD5
af54c576d5cf7ada021c59b3174c7f4c

SHA1
75f7d8f9b319660b8b7343deb8ea72170d9c5c9a

SHA256
20c83f6da03c643bfafa1033f9ef9d6ccb2c8607b90b8013075afab3146e3f60

SHA512
99029b8860f8890a2ec4613fa4d441e666d1e144975c610a6869abee9973305bb7cf0bb9485771638fa350d1bb9921ea2a46caa06dafe0142cc530e469737129

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_mi.dll
Filesize
28KB

MD5
7ee077d0999114e47ed5e0ac8f91ae4e

SHA1
a90fb4fd38863a7ee0f3157be0dae9e08581c877

SHA256
33fb2206281bd9e6d48801de687f0f9f9f7f60a08e5fe46f91311c218c79ae7f

SHA512
4cc8f10efdfd3589d152d11425a8fa4f772504ff0b2630efddf58c5a6cbd4665bdc40e3e8d605ef643f50aa3fb2d7ce70b50667c32413b81474a48133e494258

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_mk.dll
Filesize
29KB

MD5
6013d50ed757f222d103fb551c17c236

SHA1
9dc3c922186d4d90cea415aea5ebc6f168e896db

SHA256
3999f550d50503ec79373d006d08bdb6d26ecf0579af0639097eedf4ab39e302

SHA512
afdd22db850a75c88fc9d60a65ac9e33e5bfe62f152339d582f0c349f7c4f51755694e1385b9c20afa7a44043b22a82f58542b02ce91356ee62386d88b774a8f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_zh-cn.dll
Filesize
21KB

MD5
878215f1368d11b999ce6b1359f03fb2

SHA1
fd68301d60e997ddcd3c8606954ddff1ccc141a9

SHA256
8b65433d863cb40cc0c8253cb55adb9751a6e12e3cd8dd3fd43635bde5c0e4c0

SHA512
e040440c7c7af301392b42db1e4277a9928deeab5bb1c54c0d1aa7453a4f531569644fb40603c591403da85d53c4e0b3478807201cf27ec9aabf343e368581be

Download Submit
\Program Files (x86)\Microsoft\Temp\EU954.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
05a73ef9cdae8d3783e99fea3d3e9841

SHA1
c77ed6ccbc405b49ee3fb757a5bc9677f0a45823

SHA256
981ac233a928a5e68ec9b269ee059996e09396dda7205d41d0f283bda24a7941

SHA512
023ac5a8a5ac29f811a8fd7c87fc163d9b6913de89a732305bdfa52aea604598fc93c45559f41e9d1eb622a31995e1f97b48121eaae98193b81f5da7c31e55e4

Download Submit
\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdate.dll
Filesize
2.0MB

MD5
2cc05aacc62dbbfb2f419482fcecb2ed

SHA1
dca7941ac0c6f519b629f8acd8b98352f05aa290

SHA256
68e1f3aeed0c9cc2016fb3832207fd9d1696e0457ed826ccb2609913da4883ed

SHA512
d74baa5e1199f32a8558e46d23bd60288e6f7702b28ae9c856b79c2f401abf095a08c1081ede742a7c90a89faf5015506d4f7bab8de824af11261b2e330d8bc5

Download Submit
\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_zh-CN.dll
Filesize
21KB

MD5
878215f1368d11b999ce6b1359f03fb2

SHA1
fd68301d60e997ddcd3c8606954ddff1ccc141a9

SHA256
8b65433d863cb40cc0c8253cb55adb9751a6e12e3cd8dd3fd43635bde5c0e4c0

SHA512
e040440c7c7af301392b42db1e4277a9928deeab5bb1c54c0d1aa7453a4f531569644fb40603c591403da85d53c4e0b3478807201cf27ec9aabf343e368581be

Download Submit
\Program Files (x86)\Microsoft\Temp\EU954.tmp\msedgeupdateres_zh-CN.dll
Filesize
21KB

MD5
878215f1368d11b999ce6b1359f03fb2

SHA1
fd68301d60e997ddcd3c8606954ddff1ccc141a9

SHA256
8b65433d863cb40cc0c8253cb55adb9751a6e12e3cd8dd3fd43635bde5c0e4c0

SHA512
e040440c7c7af301392b42db1e4277a9928deeab5bb1c54c0d1aa7453a4f531569644fb40603c591403da85d53c4e0b3478807201cf27ec9aabf343e368581be

Download Submit
memory/584-174-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download
memory/584-175-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download
memory/584-176-0x0000000000000000-mapping.dmp

Download
memory/588-282-0x0000000000000000-mapping.dmp

Download
memory/824-137-0x0000000000000000-mapping.dmp

Download
memory/824-138-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download
memory/972-127-0x0000000000000000-mapping.dmp

Download
memory/984-133-0x0000000000000000-mapping.dmp

Download
memory/1044-136-0x0000000000000000-mapping.dmp

Download
memory/1060-141-0x0000000000000000-mapping.dmp

Download
memory/1172-247-0x0000000000000000-mapping.dmp

Download
memory/1172-246-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download
memory/1172-245-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download
memory/1216-177-0x0000000000000000-mapping.dmp

Download
memory/1388-56-0x0000000000000000-mapping.dmp

Download
memory/1492-121-0x0000000000000000-mapping.dmp

Download
memory/1664-128-0x0000000000000000-mapping.dmp

Download
memory/1732-139-0x0000000000000000-mapping.dmp

Download
memory/1812-212-0x0000000000000000-mapping.dmp

Download
memory/1828-130-0x0000000000000000-mapping.dmp

Download
memory/1900-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/1904-135-0x0000000000000000-mapping.dmp

Download
memory/1924-125-0x0000000000000000-mapping.dmp

Download
memory/1984-123-0x0000000000000000-mapping.dmp

Download
memory/2004-126-0x0000000000000000-mapping.dmp

Download
memory/2156-316-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download
memory/2156-315-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download
memory/2156-319-0x0000000000000000-mapping.dmp

Download
memory/2156-317-0x000000013FAB6000-0x000000013FAB7000-memory.dmp

Filesize
4KB

Download