5241e7dbe8dbb2467f37d64d0b1b8be6783f1e7f551bc7f0b942f54ce8625926

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
16-02-2023 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe
Size

128KB
MD5

db1d7d815156b77233cbd2eb24559b68
SHA1

e999f5b293568487415a69f0ba3682f1205e77c4
SHA256

5241e7dbe8dbb2467f37d64d0b1b8be6783f1e7f551bc7f0b942f54ce8625926
SHA512

92facaf2da5fe448f0a9e0197e6896750b18d2532a999a34d1c62224ea432585e483cbb23326f92fcc5861ca119892d4d70440f68ccde2a574a8fd4f751f49ce
SSDEEP

768:rH8kLBwW59VRjB/jZRj0tZYgU1l50AyDu88+a4:rckLBz59/gU1M8+a4

Score

8^/10

microsoft persistence phishing

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 10 IoCs

pid	Process
4064	msedgerecovery.exe
3932	MicrosoftEdgeUpdateSetup.exe
3192	MicrosoftEdgeUpdate.exe
3344	MicrosoftEdgeUpdate.exe
964	MicrosoftEdgeUpdate.exe
4376	MicrosoftEdgeUpdateComRegisterShell64.exe
2276	MicrosoftEdgeUpdateComRegisterShell64.exe
3400	MicrosoftEdgeUpdateComRegisterShell64.exe
1688	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe

Loads dropped DLL 11 IoCs

pid	Process
3192	MicrosoftEdgeUpdate.exe
3344	MicrosoftEdgeUpdate.exe
964	MicrosoftEdgeUpdate.exe
4376	MicrosoftEdgeUpdateComRegisterShell64.exe
964	MicrosoftEdgeUpdate.exe
2276	MicrosoftEdgeUpdateComRegisterShell64.exe
964	MicrosoftEdgeUpdate.exe
3400	MicrosoftEdgeUpdateComRegisterShell64.exe
964	MicrosoftEdgeUpdate.exe
1688	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 33 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\msedgerecovery.exe	elevation_service.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_en.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_kok.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\psuser_arm64.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\NOTICE.TXT	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_am.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_id.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_te.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeUpdateSetup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230216074359.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_de.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_az.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_lv.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\EdgeUpdate.dat	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\msedgerecovery.exe	elevation_service.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fr-CA.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_zh-TW.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_hu.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_mk.dll	MicrosoftEdgeUpdateSetup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeUpdateSetup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\MicrosoftEdgeUpdateSetup.exe	elevation_service.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\psmachine_64.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\psuser_64.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_is.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_or.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdate.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_sr.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeUpdateSetup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeUpdateSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E45E8446-680D-4668-A46C-D13892D6B640}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.169.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\LocalService = "edgeupdatem"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E45E8446-680D-4668-A46C-D13892D6B640}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CCB8559-9E10-4759-AEFD-51815C3677E3}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{0CCB8559-9E10-4759-AEFD-51815C3677E3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
3092	msedge.exe
3092	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe
3192	MicrosoftEdgeUpdate.exe
3192	MicrosoftEdgeUpdate.exe
3192	MicrosoftEdgeUpdate.exe
3192	MicrosoftEdgeUpdate.exe
3192	MicrosoftEdgeUpdate.exe
3192	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3192	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3192	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2288	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 3092	960	4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe	82
PID 960 wrote to memory of 3092	960	4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe	82
PID 3092 wrote to memory of 2160	3092	msedge.exe	83
PID 3092 wrote to memory of 2160	3092	msedge.exe	83
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 2020	3092	msedge.exe	86
PID 3092 wrote to memory of 4772	3092	msedge.exe	87
PID 3092 wrote to memory of 4772	3092	msedge.exe	87
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89
PID 3092 wrote to memory of 2244	3092	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc48de46f8,0x7ffc48de4708,0x7ffc48de4718
    3⤵
    PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3184 /prefetch:8
    3⤵
    PID:2244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
    3⤵
    PID:1272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 /prefetch:8
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 /prefetch:8
    3⤵
    PID:2360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
    3⤵
    PID:3408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
    3⤵
    PID:4416
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff6af5d5460,0x7ff6af5d5470,0x7ff6af5d5480
      4⤵
      PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
    3⤵
    PID:1308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
    3⤵
    PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1932 /prefetch:8
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
    3⤵
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:8
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7148 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,6063724392831633078,7944677844196660893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5436 /prefetch:8
    3⤵
    PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=4460-132-0x0000000000E70000-0x0000000000E90000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc48de46f8,0x7ffc48de4708,0x7ffc48de4718
    3⤵
    PID:384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:4356
- C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\msedgerecovery.exe
  "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\msedgerecovery.exe" --appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} --browser-version=92.0.902.67 --sessionid={567989e5-d713-4a35-b975-9d9c9c642fdb} --system
  2⤵
  - Executes dropped EXE
  PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\MicrosoftEdgeUpdateSetup.exe
    "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\MicrosoftEdgeUpdateSetup.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:3932
  - - C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdate.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3192
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:964
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4376
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2276
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3400
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTExNjNGOEYtNjEyMS00NzA5LUI1MDItREM1NTRFRjUxOEFDfSIgdXNlcmlkPSJ7OTc2OUJBRTMtMkFGOC00MERBLUFFQTctQkZGREI1RjQ0NkM5fSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezI2QjcxNDUwLTU5QkQtNDMxRS05RUM0LUM0MTgzRDRCMTMzNn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7bTQ2SzVLNXoxdnZrTkxIcjRjMXgvaENqZTdaUUxkcUt5WjVOd2d6VjNBOD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE2OS4zMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTMzODMyOTI0MCIgaW5zdGFsbF90aW1lX21zPSIxMTcxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1688
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /machine /installsource chromerecovery
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\MicrosoftEdgeUpdateSetup.exe

Filesize
1.5MB

MD5
f70962a7883fefe8defa224c1ffdadfa

SHA1
efd06b7c1b5ead8cec2cd029a8d8ccb0c46ee2da

SHA256
3e726854ff0a0046de458afc2cd58cfc37430b4c7969395111398f47d8f63bb4

SHA512
678c10874e6089acde5c57cdc64e11a76cbc9b3e7c882f9c1eaa619f897675c8f145e4be4825d8197edb2e645035a0953c3ed5a34da3e84d013fea5599699761

Download Submit
C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\MicrosoftEdgeUpdateSetup.exe

Filesize
1.5MB

MD5
f70962a7883fefe8defa224c1ffdadfa

SHA1
efd06b7c1b5ead8cec2cd029a8d8ccb0c46ee2da

SHA256
3e726854ff0a0046de458afc2cd58cfc37430b4c7969395111398f47d8f63bb4

SHA512
678c10874e6089acde5c57cdc64e11a76cbc9b3e7c882f9c1eaa619f897675c8f145e4be4825d8197edb2e645035a0953c3ed5a34da3e84d013fea5599699761

Download Submit
C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir4356_255852220\msedgerecovery.exe

Filesize
1.1MB

MD5
3b2bd3e2b22afa49576723c819a1185b

SHA1
41a1590e22600c717acd9e376b9020b3021dada6

SHA256
b2900c435244e948491cfab330b570b4326d1879c5c2be2aa35ce8bd49446d05

SHA512
a411b00da74a6c90d0a60a0d9a024a430c2c7483416dc95634bd62c5c29b9c9d1fd3310911f2da85df66aac08e9026df4aad00c083781ca22802b0236652d1d5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
172KB

MD5
b462ad181104b32ec56a6a1e1aa25622

SHA1
c26dbc70359be470fb63d50e12528e473749d9f7

SHA256
5b95e7e42a2df4c8cb8a1dfc9e71f81831ffc128408ad1a37f83ab76dcdf1afb

SHA512
5f6b37f4e88b617ca68762706423e38da4eccb820e82635eda3ed269efeb92ae3285e0b1285978f35dd8df004c801ebbca2f7c061ae055070bdbcba88c474e70

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdate.exe

Filesize
200KB

MD5
7bcf03ae20f6b4aab6efda45f6a0fa01

SHA1
6f1a63a994568c7cac224c6f44d41d19fe24a2e4

SHA256
23387b13f6386a095ae8f178c261f6565e5828fd7e67ef0cbb10e07224149ba6

SHA512
615d130b2f87d3f2ec125cc97391c6b318359a78f0135f10d0ffd5085062cde39935823865f139d767f9d7992dfa926358442369ab424fbe1d54b2c915992c4b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdate.exe

Filesize
200KB

MD5
7bcf03ae20f6b4aab6efda45f6a0fa01

SHA1
6f1a63a994568c7cac224c6f44d41d19fe24a2e4

SHA256
23387b13f6386a095ae8f178c261f6565e5828fd7e67ef0cbb10e07224149ba6

SHA512
615d130b2f87d3f2ec125cc97391c6b318359a78f0135f10d0ffd5085062cde39935823865f139d767f9d7992dfa926358442369ab424fbe1d54b2c915992c4b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
205KB

MD5
fccf8ebd72efacc9566b7849d59512aa

SHA1
2d0cc03e7912578d1c0a01e1d338290a0d1c157e

SHA256
a6a3b7b77ec3fcbdd07b516457fcc7368282ed84e04792316d2ceeeb3b6c84fb

SHA512
6e0b2e27ae19c3100b789b8b22eb307072a902878d92cea426ac02c07c8338934b49c57012a858e01816617ec6c41ef39b7a390e63c8975e56c4504faa8b6b3a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
250KB

MD5
524a95f05f4c0def70fa61a5f0717e9c

SHA1
6ee3b87e60e865d21bc1b5e434fea12fe262c315

SHA256
e17a7d9e0dcb1a3d6a21009f8d9b41fe1986312d79ffc6728c6c3f500dd6434f

SHA512
cc5e21ce182489416c906fb3f16e808554b739908916682cef6afe11a748b02382bfb93d1359cdc0794c2fb4b6f3cb9d9c677215a904be79d4b1df573de99089

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
5f4cdf4268be23a984ee0b2feaad3dd3

SHA1
cc5aabfc567971d7d2b7a0a206925a59de79dad5

SHA256
bb92222715061ddc89332668248c696348b953a0251893ec7d36597099308d92

SHA512
41803d549742f3b22521d6b645adfafdc477c3fc315a88056b111d54cb0ba677db4a8162b793a19619f672b3580736d939367649d3729c129ef871b55900f0cd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
5f4cdf4268be23a984ee0b2feaad3dd3

SHA1
cc5aabfc567971d7d2b7a0a206925a59de79dad5

SHA256
bb92222715061ddc89332668248c696348b953a0251893ec7d36597099308d92

SHA512
41803d549742f3b22521d6b645adfafdc477c3fc315a88056b111d54cb0ba677db4a8162b793a19619f672b3580736d939367649d3729c129ef871b55900f0cd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
c7872f08802f693ed9fc16ea960789f6

SHA1
b0b8e4dfbe1dc76e4903216948374e1356d33e53

SHA256
de5d1223ffd38be89cd576b0de036760f8a84c231eb97f1d7f74dfcf4b41fb19

SHA512
339520bea363a1ea34e75755c70f4b1f6a189e7084ca9d5c6189d769965ae1fd0b093b948dffe3d256dd82591bdb2b3627ed20e747a2505377babc34eb94a0e6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
6dee4281b2d0dc43c8eac5afde5dc5b2

SHA1
35584539f94fa4a91229b8d810f1d5c0207d9ef8

SHA256
b0fc60e07fa8fcfa0a174f1f5fc3a303d5498669eba846d51731494e9f86e46e

SHA512
de6a54e08c1a7c2a77a26f9de11a8e25b30f3d275fd4b72fb068ec3a5c0fd2072cc02a33b4581ba0dd565963bb834c5da831013d9ffb4386d0fc59935c184079

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
c5e0d596829abbf221a7e2fcc3f37059

SHA1
2a55fc6e9110d0bc5d735bd98e56241e416dd5eb

SHA256
9e3a04823e12f15954f1082ec019e29e1821d03db69fbaf9c906be28c8cf4fcf

SHA512
518a004482c590d87e104be80dcb12455379ac855a53bdfb94023041fac16e4806e4c78f28716f179031d62b21912cdf4be8b43b2a13747acc8e9a745dd6333b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
f344ea79294c175a3233be3c7bd4f7ab

SHA1
42f4d616f0b48828b629ffb384249edc76fea3a9

SHA256
36551c9271d084f31facbd342a0a0b5e530a2070e7de34c42ef2987633134b99

SHA512
dac1c65916fbca857dc8b5a0a3ef9c6abd5090e2c99ada98809d6cf04d09d4b9d63256e4a57754960476896ea46027cfb06bbb3ae68df573b207ca267d4efe94

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
34c97ccc6da86fa0fc6aca8102115683

SHA1
23c30d6f41bbfccb40d5209d70999384f3d59893

SHA256
205be42f8590a17ce1a0da594c818f84ef8cc19f8f54cd74acd16ddf7df11684

SHA512
7100e92fd948b75f7d134e813a836ce9691e6994f989b6d53255b17e3fca5be55cf69c50ef01e625a8f85a764bfafcf49bc5f82d229bf44168bf89b953c1642c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
83976f605267f63c512741c90085ef37

SHA1
e1907443ecf114b1b2d4b5fb622ca6fcba0d6b2c

SHA256
8e7bc240557c0f4058fb3380d01584eb5b9ad69ac5fd2f7a56bf2293dafd6069

SHA512
d5713af38add972fc04c1b1b7aca033532c50c31e8d1e3c0e889d69c94ff2d2ecdec95edabf4717a4bc649f2d68a5b1a77dac0355bf493eefe2cf86b7b53ba84

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
055acbbed4580bb0c2b15ad8407f34c5

SHA1
cf7c3539d97090b33ea5cb7d4880dd1b28c259f3

SHA256
edb350193ce5ee7984cd11d446ee5848879e6447b08a6e9353a8310a1574bce7

SHA512
11e9e78b28e868781b355de473c157f4fbf1b8f30e3cae6f19aa895a456e7876827ff859ee4bc65215b73ed27eac67c139a1cfc887adee0f7fa1c2c446962311

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
89d1459c67621ae933ea973c36c86830

SHA1
7793109fad9c7d6e267046be6f188262d6655736

SHA256
faa59f14007729085711f504f3580b5d1f289d9d6b8a57ecaa6b7980d9b3b9e8

SHA512
95e333c1d28ba10df6e95e7bcf80fd1cd3fb7e32aa72b1749a4983c762fa227915d49547c5be114a471072d21a5f9c87c24bd6f45e8a711cbecc1074a3cefd7b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
a2ae01f60764eb9717c2e843bdd40c43

SHA1
f611b0f880d1dc52a5ff996b5106c8c0bdd7cf68

SHA256
9542302df51fad8c1095f6068378608b8edc89a633b30d26cae0e0fcb4515da3

SHA512
e12d3634bd8738865ea210775d78e53c5a30e74dca39655882c2464d1f9a1ac4a96a7608e57a92ff3b7b6a77750ab24ff12df59e5006b18c1f83cc270760bad5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
97fe80b8bc29698d3dd3912878d8a785

SHA1
580f290f32bf083f9485e06165fcc751ae181be0

SHA256
c382b8fe1abc83ebe97e66a3d4737ab66a7210a59fc0d18f9fc8b6735771b247

SHA512
08f56d8759721b0241d60a532e9634bc98aebcb7e7c251630adc1c93d28d40158a6f3bafc32f19cf9aa27ad5ba6e42f58bc2c8361e1ff97aa2ddf05c0147d248

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
2293c9a1af6be53ef61f8fc168e181d7

SHA1
f37155a592bcb1cbaeb67509b36797087d228b8b

SHA256
0b00898937e1f40415a42a8aa4dcf4ea396c40083abfe04fd141edcdd1d35600

SHA512
ac4c27db8296283292d06e0d152434f18a227c4d68294ef52ca473736458724df374f20ce88d214486d7027696d081203e92fb98c682e531071b9ae6d9703d22

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
b09754ee0b3048dc68584bfe0f631ea1

SHA1
87a2426414fdd52fc39679f6958379482ca3dde4

SHA256
9dcf2f8fba4c3bf4b194e3b27e5ef572e573a638d5c71e3ae4a154ddb62a91a7

SHA512
5d0d9b653184a41cff580683c16b4f67514bfa04987ee650c1d9ade4b12f5eb125fe44aa6e1a5e689423f62e755c460fc4886eac08c0e72fbd64fd9573212d4c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
7df1f9bf10766cba6f2b6d48e4dae8e3

SHA1
0008dbaa46d83ffe8d4a9d536a61a5109d74ca8d

SHA256
18827570bad9f879f6853438bcd0e379518531bafbfac2bb626dc1cc13711596

SHA512
bd8ee85d664c1480240e89c05d3639b5650aecb056263b75d7d37168bf6b6dada04145f42075e5ef0841efa9417880e8f9697e4ca71f20eaecfebd98e6b61f1c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
0973e0fe9cdbb5133b27568795b7bf6b

SHA1
eaf2af3b576cffe390ef11c38a594a0a5880aa1c

SHA256
5772740a636254ee2967ca17a83d4b1b13934a4c2db7725115f8754a762cc734

SHA512
1a2346c569266085abef030a235ca83bc1e3249bd090823757495c71332546c6fc3692233415df9168b609820a0bca2ee22d8064e49c9c2aaf7b707e4f52c285

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
eadeb006461520d14aa2578af902773a

SHA1
f0a23049c073b8bb189dc38dc3d38c4603862754

SHA256
fe1573ff17ffd86d793aa1dd9fd36109961850bea883d2d3e6d8d3baa3a2e468

SHA512
608cd2b73f0b95a7b57f1e23e9da70c663fef20412c6612b58af953061b8c42c25b24d234b380cc86a5dfc166f3018a48aac2f5659434bd038d8a74a252bdf15

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
1a4700d41421d915d26ea36073467527

SHA1
3c657523c891dbff19676f1d3b471bc7beaa59f5

SHA256
0a6f96613229ffc6beb1b36c73cb52be4d68346fd08adbb89e95814ffdc78c6d

SHA512
d62cdcfcdb721bb72892a09763f6c97edd0a0b37123a8605d846b8ef8d09938d8c99c49f574e29f590d6528738ac92b8ba8c31cf337408434caf14716e790d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
162af0ee7f6257765264df1ae5cedf19

SHA1
b25132643b3153c764ee9a9443cf2ae2fb476029

SHA256
982e2f99ab53b7325a3be510c50dfb01ffeed1bf2e291253c8ad9de6497b6c89

SHA512
8c615ab0942da4265238f16f0e71a5e095f07af654377d170370e885516b049a4505ec9e44f73f1ee70eca278da0d9affd4c4c3c660676134b634a995b4490c6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
ca88ea1e6a8ee2379ea2c8459c2b99e5

SHA1
dcf468473aa7ece0f106ab34bd7ae633097153d4

SHA256
1e61386dff70de6dabc71ec5d13f8d77ae7e1ac7350f6cc7977603415f29c46a

SHA512
d51e59ceb1e99f771ae7f45c986f77f9471e120b27f777056fb12e3b6add87e2540b838cf86ff5fcb76794f4eb5d922c72410204baa5ca3635f4f6157efc20b0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
d5f0c3f6a7f33abb613146888add7e1d

SHA1
01864e305dd70fbbd5aabaf5b9fb71dd235591f6

SHA256
d25b66f475c67394eed4c51c498f9e20dee225c3aaa9427281a2148cc760f46d

SHA512
ee4ad7416408b6fa5d07ed6b964101002de68d2a6e5206bbf5044c5d1323f8f3950e0d229f41b7b4c5389ff68deb890e5db1c2fbdd04c56dd247efe0648bb514

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
a86027b5da426647253679150fe41c6d

SHA1
c5e06bdfc88a39b95e65ba9552c7204da5268564

SHA256
ab508539ad80b32dfeb2cbeb57ef31467f0a79ff095d2ff892c17e80356a60f9

SHA512
45217ac7e913175416a5a6e446c4081af401e361663e1e99409779a6f08040a4fe08b116056ab7d112f6d1a71f97a6d5e53f22f9d986754f98d177f79d72b773

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
ab288e21516f5001b120a6129e8c6b6e

SHA1
00e93428692465d5874ca879bae9fe4a61debbe6

SHA256
a3a74bc891e686c5350bb763b75717f00d34f9281f98081e49611419c999acf7

SHA512
9e89a37d34ae04678be70ef4b0e83886698e067fa578b4acfa13643557b31c718172defac1053ced3c2acff3def2bcaa9ed40fba65ccdd96f37e46098d975fdc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
16c9a02f38925a4ebed9c1d1ba95f61b

SHA1
41d4e6d32bdcda0fe7f3c58253f2c5032cac346c

SHA256
da28ac726626540f08c4c881af38844108e2f878890316f588f62239f88bdc68

SHA512
84b544954553e198a1328968ac2bc86a9757d14dd4c304a1b4a55825d1d5dc42952fbd44df6c1c5951d95d430bfde78e60f750902c985877c6a6640c1aa3ab34

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
532b88ef925118e43b4ed556c5fdfc3c

SHA1
5c4990ace3c1abd89802a4f5a06e4dd3aa1afa92

SHA256
a8fc095c422a0c0dbde18fcd8292402eff23371f79b4092fed0b7d3f2d4a382f

SHA512
f547a65a154b9ab942b185f3c9e4b55dd5771b6cc4442bdbb66487e47f1c631a987bfbb327b71a822b362ae5df5720549c1164e2e49825f4823ca7f3d5d6771b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
70d809ac0e74e6ae8ba2bfef150d6e30

SHA1
6d799af22f709cf7e1c0028fe994d27a17269130

SHA256
f2e9ce01e00117fabb74dafae001059b3c032263cbad7f9076f009da4a8abc1b

SHA512
927d7abdb298088953029fba117b095f26fccfd6c543201687e3a69b9c97ea90a657ee43d4f412fc633ff36ed80f4ac7b374763c7e61a222c76fd92e5cc66b72

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
3cc0c1a7cece41adc97fff2f3366877d

SHA1
897a222da884641f32e374494b7348dd55627167

SHA256
565c9e8b60039a24e5bec0810917e64f32da727954b723dfc0be1983a0340957

SHA512
2d6f495cd9cf6d0ecafa41c37480e60f1e2ae1507e152b235a0e274f9db940810482224768490b3fa1193a926268fcab08c2602ae3167476b03ac4600fca96ff

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
85c1fd04d1b0bc0fa1e00559aeedd14f

SHA1
21b8a901a08a748f5c6483ab364c13a9a9ee6d79

SHA256
e7f16fc0c9060aa39521d2bb7c5f74e634c71a0f95ce62c89e018d8d1578b977

SHA512
824bb0be9c46e5074467f091b5cdb6968d3aa989b598d294932b10f254b5f0b4230da2ed86c9723068fb997b39d06f0ac3c67f98c0969227cb602e57603e9bff

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
1f446af97cc5b43c506505e07b0abe61

SHA1
3ed4be38abb4953d288d082578465b5ce92854c1

SHA256
10f6fe80963da0b757bde9781073df370be9b97301524838eac167787621118d

SHA512
d3215d7b15f2994a01b339053d976c8ad561b5324a9dbb269a5ac4668af917ae45dfe1c110855555c7855cf1c74ca38ec989beed91bb1d465c4304d888d6acf9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
daa37ea0971c528fa497be4deb9e9e5c

SHA1
ea3678e1939b1d78271061937da64e7f91d690ce

SHA256
4e8dc4059e333ace71741fdd601e7420744e2f81bdf0dfccb7f8590d23622e3d

SHA512
7b9df2d7d0f607312e1a035cfb7848839ecd025f8fcb6b1e0b57c89c6e4f47c692db4b5669d384db15ef39e7726015cd5d7c608f16ca1f0d70461744c9492c3a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
f976b60c6877ac880bf2bad3f3d20774

SHA1
d02ce01289cd2bac6becd1835e55bc6e60327e0b

SHA256
4859b9cad6e9b4e95adb96158bd4837192aba0fb8535696a23f942ddd1d93e35

SHA512
fb9054e0328211deb69d4c4fb3d03f075d03c2e198c51bb4d09006c87747c1dfc81a39072d2a5e8ba7e47e7e19be866d95b2444e0ff693c01f8afcbf0fdd1bca

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
199c4123ef874bd42b54d0c49d0b08aa

SHA1
e16a3d629ce1fca181c35f5c2e16497bf54941ae

SHA256
a2c22b7f9b1901407068df3ddb049a58b70218559d4cdd944328b9c23d8e5500

SHA512
662c91ea89c9f8fe05458301040136ff6e22c345bd25833cf7bb3b61ffa97c37c19bf5dac7fe68c4b0527ff718e05cc0476438e55a44ce0ed3a78358aea967bd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D5B.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
c0184213a10033245208238df3485522

SHA1
95690861b76477aefcdaf6026d9dd12332ccbfed

SHA256
cbdc3c2243fc61e0dd2f786330b9f3763d77bccb94ff69fe6a0b59c76efb0444

SHA512
b87c0894d6295147938b1f9d652427c8af77a345947038bc279ada7fe0ef7387e0d5af4c0eb1f0691a9e626d9562aec13aa1fab1568fd4bc6c9df3ce65857a61

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
116KB

MD5
655fa8a685455593bbeffe2d5854d74c

SHA1
15e7597f6afd7062852b049c705da483770d2e24

SHA256
aaf5396143f0a5c5fd00c6018beb012d9f0e10ce84fdf193d6fe21e0cb6474de

SHA512
0a2274384636799cd62bcf65a3e2c301b23e046adc3e2a0c7f117be7bf12ac4de3f55199f6d38bf7346eada866ecebcaa10257dd164d08d04437b0591cf9ac4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
248831967cd174eeb5bb5eba173da6a5

SHA1
81c9c24d106aeb26f4ae1dcd0866ec7ed6d81d99

SHA256
3752c2ea4a6ba3d1a5b7545246c430a37cc79c8fdd60c82b4d0200ce083cf9c3

SHA512
07cd5594939f896098976a4fec9dd1005fa031637697187f9a038b65ecb46d9d9d5fab3e51f7eade64c369e8a885c0c8e9b76efc71e3ed3c4e613c623b09425d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved\1.3.169.31\recovery-component-inner.crx

Filesize
1.9MB

MD5
dcb0ab396e869708ca1ca663c6697b50

SHA1
83d2d79250a470d8c140259688ee35e6019c60f0

SHA256
083c44f154565469a742fe081b09ab19eb5f2a986936dbcef55ddd21f79e6beb

SHA512
e598653b4e6fa16f7ca3a96b44cc279fb010555102c3b661a88e44f6750242e43293a54af25c187445a6f65f7979d556285c16a0294530978f97327f8c1bdd68

Download Submit