7d4a960a6a46db69576a7e3717fef7872f873a0fb5b1e6fea2b2341baa18f36e

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2023, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_7.2.0_x86_en-US.msi
Size

5.8MB
MD5

7522424ea68e64621cd8a81f1eb71e2a
SHA1

d4b84e4f586127cf15715c99f2d5e66ce953bc64
SHA256

7d4a960a6a46db69576a7e3717fef7872f873a0fb5b1e6fea2b2341baa18f36e
SHA512

0305ac4dc857ae77e5da11bab0eb0334697cae70681648945eb6f73325c5eb303de6cc21fe8cec8f90540a6acc2d96a8915ee420e5c8219a7711a8f781241429
SSDEEP

98304:6YGaxzW1K/3a9xtLMlrgUhWHaF1CYddUCa59/fcL+j4/zyh1kP0K6MFToDmgsUST:yqzWEALwLekTdE/fcO4/SpKnFWoPimc

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
43	372	powershell.exe
45	372	powershell.exe

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Executes dropped EXE 11 IoCs

pid	Process
640	MicrosoftEdgeWebview2Setup.exe
5076	MicrosoftEdgeUpdate.exe
4860	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
2164	MicrosoftEdgeUpdateComRegisterShell64.exe
4000	MicrosoftEdgeUpdateComRegisterShell64.exe
1532	MicrosoftEdgeUpdateComRegisterShell64.exe
2412	MicrosoftEdgeUpdate.exe
264	MicrosoftEdgeUpdate.exe
4960	MicrosoftEdgeUpdate.exe
408	MicrosoftEdgeUpdate.exe

Loads dropped DLL 16 IoCs

pid	Process
4832	MsiExec.exe
5076	MicrosoftEdgeUpdate.exe
4860	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
2164	MicrosoftEdgeUpdateComRegisterShell64.exe
2868	MicrosoftEdgeUpdate.exe
4000	MicrosoftEdgeUpdateComRegisterShell64.exe
2868	MicrosoftEdgeUpdate.exe
1532	MicrosoftEdgeUpdateComRegisterShell64.exe
2868	MicrosoftEdgeUpdate.exe
2412	MicrosoftEdgeUpdate.exe
264	MicrosoftEdgeUpdate.exe
4960	MicrosoftEdgeUpdate.exe
4960	MicrosoftEdgeUpdate.exe
264	MicrosoftEdgeUpdate.exe
408	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 33 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Checks system information in the registry 2 TTPs 8 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\Uninstall JJSploit.lnk	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_az.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ms.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ca.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_te.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\psmachine_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fr-CA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_km.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_zh-TW.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_tt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\psuser.dll	MicrosoftEdgeWebview2Setup.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e57e32c.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{38680C4B-563D-4FD5-AFE9-2B29593BCDAC}	msiexec.exe
File opened for modification	C:\Windows\Installer\{38680C4B-563D-4FD5-AFE9-2B29593BCDAC}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e57e32c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE55F.tmp	msiexec.exe
File created	C:\Windows\Installer\{38680C4B-563D-4FD5-AFE9-2B29593BCDAC}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e57e32e.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a577c74c521b2f150000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a577c74c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900a577c74c000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a577c74c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a577c74c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79D15DEF-E2AC-47E8-87F1-1AFD6FC3CFB4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.175.27\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{E92E8AF9-A2D8-48A4-B704-3024EC20EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3396	msiexec.exe
3396	msiexec.exe
372	powershell.exe
372	powershell.exe
372	powershell.exe
5076	MicrosoftEdgeUpdate.exe
5076	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4880	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4880	msiexec.exe
Token: SeSecurityPrivilege	3396	msiexec.exe
Token: SeCreateTokenPrivilege	4880	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4880	msiexec.exe
Token: SeLockMemoryPrivilege	4880	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4880	msiexec.exe
Token: SeMachineAccountPrivilege	4880	msiexec.exe
Token: SeTcbPrivilege	4880	msiexec.exe
Token: SeSecurityPrivilege	4880	msiexec.exe
Token: SeTakeOwnershipPrivilege	4880	msiexec.exe
Token: SeLoadDriverPrivilege	4880	msiexec.exe
Token: SeSystemProfilePrivilege	4880	msiexec.exe
Token: SeSystemtimePrivilege	4880	msiexec.exe
Token: SeProfSingleProcessPrivilege	4880	msiexec.exe
Token: SeIncBasePriorityPrivilege	4880	msiexec.exe
Token: SeCreatePagefilePrivilege	4880	msiexec.exe
Token: SeCreatePermanentPrivilege	4880	msiexec.exe
Token: SeBackupPrivilege	4880	msiexec.exe
Token: SeRestorePrivilege	4880	msiexec.exe
Token: SeShutdownPrivilege	4880	msiexec.exe
Token: SeDebugPrivilege	4880	msiexec.exe
Token: SeAuditPrivilege	4880	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4880	msiexec.exe
Token: SeChangeNotifyPrivilege	4880	msiexec.exe
Token: SeRemoteShutdownPrivilege	4880	msiexec.exe
Token: SeUndockPrivilege	4880	msiexec.exe
Token: SeSyncAgentPrivilege	4880	msiexec.exe
Token: SeEnableDelegationPrivilege	4880	msiexec.exe
Token: SeManageVolumePrivilege	4880	msiexec.exe
Token: SeImpersonatePrivilege	4880	msiexec.exe
Token: SeCreateGlobalPrivilege	4880	msiexec.exe
Token: SeCreateTokenPrivilege	4880	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4880	msiexec.exe
Token: SeLockMemoryPrivilege	4880	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4880	msiexec.exe
Token: SeMachineAccountPrivilege	4880	msiexec.exe
Token: SeTcbPrivilege	4880	msiexec.exe
Token: SeSecurityPrivilege	4880	msiexec.exe
Token: SeTakeOwnershipPrivilege	4880	msiexec.exe
Token: SeLoadDriverPrivilege	4880	msiexec.exe
Token: SeSystemProfilePrivilege	4880	msiexec.exe
Token: SeSystemtimePrivilege	4880	msiexec.exe
Token: SeProfSingleProcessPrivilege	4880	msiexec.exe
Token: SeIncBasePriorityPrivilege	4880	msiexec.exe
Token: SeCreatePagefilePrivilege	4880	msiexec.exe
Token: SeCreatePermanentPrivilege	4880	msiexec.exe
Token: SeBackupPrivilege	4880	msiexec.exe
Token: SeRestorePrivilege	4880	msiexec.exe
Token: SeShutdownPrivilege	4880	msiexec.exe
Token: SeDebugPrivilege	4880	msiexec.exe
Token: SeAuditPrivilege	4880	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4880	msiexec.exe
Token: SeChangeNotifyPrivilege	4880	msiexec.exe
Token: SeRemoteShutdownPrivilege	4880	msiexec.exe
Token: SeUndockPrivilege	4880	msiexec.exe
Token: SeSyncAgentPrivilege	4880	msiexec.exe
Token: SeEnableDelegationPrivilege	4880	msiexec.exe
Token: SeManageVolumePrivilege	4880	msiexec.exe
Token: SeImpersonatePrivilege	4880	msiexec.exe
Token: SeCreateGlobalPrivilege	4880	msiexec.exe
Token: SeCreateTokenPrivilege	4880	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4880	msiexec.exe
Token: SeLockMemoryPrivilege	4880	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4880	msiexec.exe

Suspicious use of WriteProcessMemory 34 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 4832	3396	msiexec.exe	93
PID 3396 wrote to memory of 4832	3396	msiexec.exe	93
PID 3396 wrote to memory of 4832	3396	msiexec.exe	93
PID 3396 wrote to memory of 4156	3396	msiexec.exe	103
PID 3396 wrote to memory of 4156	3396	msiexec.exe	103
PID 3396 wrote to memory of 372	3396	msiexec.exe	105
PID 3396 wrote to memory of 372	3396	msiexec.exe	105
PID 372 wrote to memory of 640	372	powershell.exe	108
PID 372 wrote to memory of 640	372	powershell.exe	108
PID 372 wrote to memory of 640	372	powershell.exe	108
PID 640 wrote to memory of 5076	640	MicrosoftEdgeWebview2Setup.exe	109
PID 640 wrote to memory of 5076	640	MicrosoftEdgeWebview2Setup.exe	109
PID 640 wrote to memory of 5076	640	MicrosoftEdgeWebview2Setup.exe	109
PID 5076 wrote to memory of 4860	5076	MicrosoftEdgeUpdate.exe	110
PID 5076 wrote to memory of 4860	5076	MicrosoftEdgeUpdate.exe	110
PID 5076 wrote to memory of 4860	5076	MicrosoftEdgeUpdate.exe	110
PID 5076 wrote to memory of 2868	5076	MicrosoftEdgeUpdate.exe	111
PID 5076 wrote to memory of 2868	5076	MicrosoftEdgeUpdate.exe	111
PID 5076 wrote to memory of 2868	5076	MicrosoftEdgeUpdate.exe	111
PID 2868 wrote to memory of 2164	2868	MicrosoftEdgeUpdate.exe	112
PID 2868 wrote to memory of 2164	2868	MicrosoftEdgeUpdate.exe	112
PID 2868 wrote to memory of 4000	2868	MicrosoftEdgeUpdate.exe	113
PID 2868 wrote to memory of 4000	2868	MicrosoftEdgeUpdate.exe	113
PID 2868 wrote to memory of 1532	2868	MicrosoftEdgeUpdate.exe	114
PID 2868 wrote to memory of 1532	2868	MicrosoftEdgeUpdate.exe	114
PID 5076 wrote to memory of 2412	5076	MicrosoftEdgeUpdate.exe	115
PID 5076 wrote to memory of 2412	5076	MicrosoftEdgeUpdate.exe	115
PID 5076 wrote to memory of 2412	5076	MicrosoftEdgeUpdate.exe	115
PID 5076 wrote to memory of 264	5076	MicrosoftEdgeUpdate.exe	116
PID 5076 wrote to memory of 264	5076	MicrosoftEdgeUpdate.exe	116
PID 5076 wrote to memory of 264	5076	MicrosoftEdgeUpdate.exe	116
PID 4960 wrote to memory of 408	4960	MicrosoftEdgeUpdate.exe	118
PID 4960 wrote to memory of 408	4960	MicrosoftEdgeUpdate.exe	118
PID 4960 wrote to memory of 408	4960	MicrosoftEdgeUpdate.exe	118

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\JJSploit_7.2.0_x86_en-US.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4880

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B58AAD01DC6B870995D52AE503D40CCB C
  2⤵
  - Loads dropped DLL
  PID:4832
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4156
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:372
- - C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:640
  - - C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5076
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4860
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2868
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.175.27\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.175.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2164
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.175.27\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.175.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4000
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.175.27\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.175.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1532
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzUuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzUuMjciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkY5QkU5MDUtMDI4OC00Qzg1LTgxRDItNzIyRDJFMjI0OTUzfSIgdXNlcmlkPSJ7QUUxNDY4M0QtQ0I0Qy00QTlGLTlEQTYtMzdERERBQjFGOUEyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMDhDREI3Qy01OEI1LTQ0OTEtQTRFRC01NkVBRjgxREI3RkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzMuNDUiIG5leHR2ZXJzaW9uPSIxLjMuMTc1LjI3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDY0ODU0NjQ3IiBpbnN0YWxsX3RpbWVfbXM9Ijg0NSIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:2412
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2F9BE905-0288-4C85-81D2-722D2E224953}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:264

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1584

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzUuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzUuMjciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkY5QkU5MDUtMDI4OC00Qzg1LTgxRDItNzIyRDJFMjI0OTUzfSIgdXNlcmlkPSJ7QUUxNDY4M0QtQ0I0Qy00QTlGLTlEQTYtMzdERERBQjFGOUEyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RjZENEY0Ni0zRUJGLTQ1MzktQjdEMS02RkNGMUZCQjlGNEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDc3NDk5NTk2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\JJSploit\JJSploit.exe

Filesize
9.9MB

MD5
f8f4bf8bdf30ff646f9f5f472830a44f

SHA1
1ce48772c00ce27cd1b4d38ef3bcb0d95b7a81af

SHA256
0b284f8b038ddf9c8780f5cacf9816562b49f093372928a01066039c921f3c32

SHA512
7e6f8f4d7f526aee65946d6943c991569410c0260afe799233a9f304c4823a1d1d13fbb5b20c2c37aa3949323500e1e6a08b3f7357d71e31ba1638565708b6dc

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4cb326ff5bdb251b9f92b35e4a4d7741

SHA1
26442b959c62db6604f6d0bffaab38ca39050b62

SHA256
38a44760c4b6fd553531d7f99f6f78110f488e57ee00d2fc498635ec7ab4a478

SHA512
9d62f48be43de8e6a60ee40f9e982c1906273b65c96299ae68e1f72e31b8f78dd01199b36f62e61836a2c0d84fc106ae550cf94ffe2cb9b6a082774cb8eedea4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
cde0b043689701612c34a2207d6f19bc

SHA1
8136c9272876c5f47bd2e15ac8f18f46d2a7ffd7

SHA256
521ec740311e90716250d61bf1e7c5b4aee3fa7b8a0ac7156457512aa4bd161d

SHA512
f1e530d8f727dfd66cf4513303c29ea5f902f39ed5b435a1d21401405d159ddd268b7609d8467de3a1aaf9baef827b82792a2f75b2393250b4f2208a9a402fc9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4cb326ff5bdb251b9f92b35e4a4d7741

SHA1
26442b959c62db6604f6d0bffaab38ca39050b62

SHA256
38a44760c4b6fd553531d7f99f6f78110f488e57ee00d2fc498635ec7ab4a478

SHA512
9d62f48be43de8e6a60ee40f9e982c1906273b65c96299ae68e1f72e31b8f78dd01199b36f62e61836a2c0d84fc106ae550cf94ffe2cb9b6a082774cb8eedea4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4cb326ff5bdb251b9f92b35e4a4d7741

SHA1
26442b959c62db6604f6d0bffaab38ca39050b62

SHA256
38a44760c4b6fd553531d7f99f6f78110f488e57ee00d2fc498635ec7ab4a478

SHA512
9d62f48be43de8e6a60ee40f9e982c1906273b65c96299ae68e1f72e31b8f78dd01199b36f62e61836a2c0d84fc106ae550cf94ffe2cb9b6a082774cb8eedea4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
5b66418885b6e16363a52f3929e1106b

SHA1
532245beddb1f2686f105a3ab5cab3bed18f6647

SHA256
7d1c6c4c8f7ee030c318a86af954c97b914990a89da1f28ad02df84d569b8a90

SHA512
ffba026cf991c6c86d5e22ede5df0139b85bd33255f8b890f39b4a7d9bb55eb42d88a7ca8199fb56ef395faae5fe24fd4d527042e3b18668839bee9d2e2bf4c8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
ff4ec7cfa567f13b3d39f4421e51a9be

SHA1
fb8e32097b408d9c48c866ed52a852904209b315

SHA256
cbb0cc650fed59965de18beff97303b5e70d4602a5272029ce7935080e150b43

SHA512
b28bc8b5cd500ea14321c32308b600432e0b43146dfcbbfe1d44551eef37d01f1bfe33eb5aeae497776a640efb1e6bc4d6842b61c73441cc4c024c5dcb46ec34

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
dc025358d0e6146597a8381d38412fc1

SHA1
4ea48d01ab8a3d0156f56e62aed18e1effa76ac6

SHA256
60177c766e9f32fad5158dd7f4e006835db66a418e6f0e6ae29a3b517c811892

SHA512
bb7c4b19e7d81d839e5ff3d860e6a6d82e460ce790ff8277ad2887529a3a56822863772b608ca69d9d93c13386d23b883ec432055909c3b144271aee7dd6f187

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
dc025358d0e6146597a8381d38412fc1

SHA1
4ea48d01ab8a3d0156f56e62aed18e1effa76ac6

SHA256
60177c766e9f32fad5158dd7f4e006835db66a418e6f0e6ae29a3b517c811892

SHA512
bb7c4b19e7d81d839e5ff3d860e6a6d82e460ce790ff8277ad2887529a3a56822863772b608ca69d9d93c13386d23b883ec432055909c3b144271aee7dd6f187

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
a4b8f24d201402785f2ca163a4af2d27

SHA1
8c046a284bbf445f67098fa76ddb1a150bd4ddc0

SHA256
992614574ee31aa50e038a35d5f501045d0febd80278dce0f2874facf2938cca

SHA512
a728761d3470585ac4a642295383ee064a3e83c4aa3cf132f1f710d6e0e0edc35d3d8af0d24b208103ff305ef40ca6fd9847c7b9a9284fc4cb52dc0b80180682

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
97ded7a9f936f7e6019c7625413debb7

SHA1
1fc734c9f940fc07170090c16a587dac65623261

SHA256
df357cb62f57b95f57a52d665c92da6674b6cfbffb8c6ef33e58ce65742379a1

SHA512
2b3175140d9f4bbf78a006ffe7c59bfdb315b1c51f765a1d2c5e71ecd16e3c95cd7b8cc671443a61a51dcd02df6d875235efc2f3b635ab68cf13757875a9a25a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
27668ea5d2ffb894b91ac78a38f010dd

SHA1
b3ddc1db958cdf24aea6ba1273651815c6df9cab

SHA256
3ca0191953302ac0f9d079b0610172ba1433a7ea2be8c87ebee098b131ec6fff

SHA512
1b53983e24b06179fe4a5942cb58423f6e2315cb550b81e574460936b11bee26c35d1c08463047285b0ca4be4cb5f9f7d72b9f9c2448639f65ceaa81fc4edff0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
2f5d2e565d54543051a6ad62fa840947

SHA1
57c486e7377c0b06048cf43a791a330df68694f3

SHA256
12d9210151de9c820eae139495ad438ca9010df27e43077b8e96c8b9f4a30c4a

SHA512
d072101b5714a3a0ec5f0df4030b37d8e791364d370f592bb0a739a295c7755578a7bc9de6375ecd45882a6ab45f33e8d2c4c84bac1304f34e37c04e339dc959

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
c245242d173d0caeb11d281eb7db5673

SHA1
6a1e82b5505f231c5390815af18babe44668aa4f

SHA256
25086eea02a58d0c0cee8e41a95861ca139fa5ef6e76a9e5a8b377b05942b2ff

SHA512
21c6bcd58a283f6b0fce68aa46277d592cf4e2091d342bc68d0751036fbcf80d5cb1e135f83ef8cb0ee7f67cf3e7c48b95e36d3dcbefe63e8e71e687868fdc7d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
47c1b34fe823f224d21820a0d578b6ff

SHA1
1b289cec1b473127d3c076897f8c0e986b20b2c1

SHA256
17a709938f9b8c3881e01a9d96d90fc5941f30f74b9e4465602593e99703f4d2

SHA512
e7d129db5333a1d4604183a79f6053a1f9968d2e04511e580ac0c77446ac8a9a028ce75a87abda2c8e6e5bbed6b29634794087ac3b49acc93e2215e253384ee3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a1f77030addb6910d8aa0cf40cbbb9e9

SHA1
6abfe99973648f2923d7eaeac0b1d62548b81c1e

SHA256
031e2895e7f691bf01b248b2b44f07dd3363801b5db547be2f0d8a2750bd49e7

SHA512
8d84060e277835fa7f7b16e2c8b44bda0895b4281714f448451ae00b4a25bd45740e251c4f91cbafd07a0492eb1c283f0c9d0f279876e21db3226074a761fa38

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
6ffa3f421d240d7fdc81a22c3a038081

SHA1
8ab2f56177102149c3303f3d4fefd750b7ff9d3c

SHA256
b4c3e95222ab7c53e8d620f3e3774db2a7c418abea941fc193fe89aa1fd67f6f

SHA512
97bdb6972cb8c209e71e36171011a387571fa26142fd9c8f9668857d93278125d57ab9f7c650baafaa3641191ed5d462ba66d03aa3d42370532f8711b739870b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
935de4cd1430856f2ff7e159a58cadf2

SHA1
1e795b830eacb25b3c1fe65ef0049e33aedf5c01

SHA256
75b59524b1cb010429df91a08bfe794f77d80504722bd2ba8cdba96ca0ce1820

SHA512
ff12c59fd87797803c8936a9d6687e1f015f80d136cb83a9ede6681f892f59f2b28e86c77c499837f8326f43576aacc81b8b677453a0ce6a18a18e134edec52b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
9ebd49f46afd5b3084230d3bf2058850

SHA1
9b5533e8e385964c6415fd062f6185d4481e30b3

SHA256
31f10f7dbd583c5b8c2df0cc10944dec2eaff0e0dfe21a96d198ad2dc446bde7

SHA512
b335b7167a126eb7c6a4c145dbbe77075f130c1fa710e87d67731713632178973c3038a941349ab36e699ee22e2eed80170af4a1b1a5f3b358670fb768d29cd6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
4829f9d2f6b1dd8440b616984c409da9

SHA1
035bcd9adec5eb744b0f38e34cf9f53a2892d71f

SHA256
c8868a0635caf43e21d2d14c2a81039a5fc38d901adacc1b94a2d520537dd0d2

SHA512
6b74daaaa90e2d3bbf27015b9747ec61a6e778278d055c4cdc95ae33eb34311a6071becdcd33d17270a7da8d1ee00806c902b12077c2d01cc79660c11aa4b245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
0d47d81663205d6846a9e6eeaa89d4df

SHA1
12fe024f51438239d0931daaa5bd8c27b1a56f01

SHA256
a42322c4ab67989f27689895a24df0438cbc3ffb5b26ae1a832b30efdac6c5a8

SHA512
21822e52b64aa32b2a1a86d9301bda8f2e9eed6ad2ff7e3c15e64f9791691fa02570c265135f77a87e5921f9e01ffff5d276635edaba212da27c0da2aea69da9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
3425e71f55cdc6051835beed4199745d

SHA1
99da19acda63467fc02498f87536986552340203

SHA256
b1913cd16df93c185d087e37c01c9540655ccaec2c18ad06d79e474d6337f155

SHA512
9367746a709f5624ecc41680b223159899d8c45703cbb90feac156e53394cf9bf56b965f12a87246386039f497b9ca4558622ad1fce8a42c72fb039f4a7c7f6d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
c3ff030387d71c2035ee1ffd11783547

SHA1
78696063b1abcf28dad9416c97071e36697b1d60

SHA256
af71a2b3acabf64e9513b85285ce0b10dfc2667b1df5a1b37a75b4fa4c9f940e

SHA512
d924aa70fef83ae3be9a64b949f38d531b045f9b2f6c11516dd31761128f5ba145a0b74dedcd724298d4a0d469de8afacd41ac53cc6cd87571a569b1e8beae5e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
f9c7a6c69d713670ac1e0e8f8d8064af

SHA1
e560a37eace5b2fa8083ab42e37198c5697455bb

SHA256
c5566148acf21deea8cc1bcca82946b00595fbf28ecb061a7a67c317acf85cde

SHA512
a099d2738c7c03a194eb0f9bb7fac9732a8b678ea839f483ab7df93c8b36eafa0b5b50f05cf87feaf311ed3416b0c700d3d66d8f42bb4b61e4e7e51f2acd06f3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
a37e2a4336f19e70670dc82953be6827

SHA1
ab762209f11c5d44b741248526cb28f0d9919591

SHA256
af0d99b12ad9a0c20e5057453c355c0a76d1cbff361cac11a060b1c0bd78c317

SHA512
3bad1f05ed880b16e6972cb780b4b069bc5738b500f368fb46d565ee268b71c0f868bb69b17b1db811479c4ac7f3a07fa65be73c4372fa879029110b26d36b01

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
eadaf5bb7b175d757baf7ca015ac488e

SHA1
4a45f50d3833df9ee56bfbce60d6bbb3dea8ada7

SHA256
ace499d750e6d2b7c8b88a4293d15337b3c4ca9b964df2b616cf7e0dcbf36f5a

SHA512
14481a34811cd684a61e2fac6c882079922ec21bdd73989dd97a9ee8d302f235a600305e8f4e5521e40ac6712c2e73fc4eb29be10c0b226c91fcddf7b51cfe98

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
e8d05cc055f3bac201d94cfcfdf5bd0a

SHA1
7d0cc4e99dbfa0fdb1e562e145e10a0713d13adc

SHA256
bd95ee3a9f10e36e027d2f642f39549ca3447f3049c8a95fa9b30aee4a9deacb

SHA512
039b111cb02bfe0185403cbdde7dad38c7dc02b8d61fe65f76b21fffac94cc9b8c18310021f4e3c6449bc57faaef7bea8c980dbcd7084979e9b2ff3137a6d143

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
1a7af59a8ad7bb644405f77b626e310e

SHA1
93b43a684ca88ad9f807b9940990a65bcc3b35d4

SHA256
e8239f31b8d768f3eac28444b52bbf2bf6bfdfb386f356ab88df587a6348bf5e

SHA512
9ff94b4707ca6dd80c89975a2c97db3592eb9cbb7921ae6adb4ddfbaaffe09261cc0516674c68ad428d3b7b13b979f8b01b4c6eecaa1481bb6ba6924fdc274a5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
18b6c5194cd2505fa3193b31c6c5e8a3

SHA1
1510bca0291ad6e682cf32c4540b3a66cb795e7d

SHA256
fb32aebe44092217a6d112243c8ddec79d2d3aa9c283f25f9204f0ef76d647b8

SHA512
b840d6cb8e47efe33510f58f51036be978e7a4339a0e5b91df1ec17494f809950e0f0f1b80b590fdaa2e8687f55ae337a0b0cb404ddb4df96a2ac8eae5e64e86

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
742d8f6ee54ccc9912e82b45034a290c

SHA1
1baec0e1450b4c00e5e4cabde53b560962942084

SHA256
a7528be9560876cecb65b5fc561de818bf9255efa439c62b3db852c1a7aeb3df

SHA512
f27fd6ea859bfa0aee971e1c8cb52dec58e5c78411642292166f7cbc84fe8ed77006d37699cf03c87394747dfea988b470f72920bc74a9593387d4740e9f1411

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
35c5fbcc9f4b44609ad66bab8efd351c

SHA1
80c5315837deebcaca4bf2a67678b2943d7f7c56

SHA256
b79d422d0cab1e5c24f09cec0dbda5954367e8158a2211e0535a0df822dc7f0d

SHA512
0ec8e06622efa48d28da1a142db2af5c7075f92c8576a03023be5ab874b53e5022fa2f7d04f5f34ffc7f0a8e633a4f255a1285f6200c75e30a53ee6dbb2852bc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
d4e4bbe139b9abf65e43a45a12ef0c11

SHA1
62dc16792f5fad24c9ea54758df1d9756faad0f3

SHA256
84da26b420547eb828eaa8bfac57a9ade2a9c5bb827f3aae81db5ff4a1d20e9b

SHA512
d9d3d185b2b531a3d981a3b5aa1df87588c335a736b7c720797d87b6876e39fc4c39e6e3f7ebc132960ace3e8b94e67a73f6cae04395494e958a0bce2133d458

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
528e5396b078d0a05962295d48629bbd

SHA1
22604fac1d9f1938a3104a9bab248b61d023dc26

SHA256
4fe489f3ba58f608901117191b516b2f1f7ed5e144a72dc76a2ea4b99dc0f899

SHA512
fda90b7255e071dfc0bc403faa72616870c19cf49454240cd5859e03ae0430a732a19451b095c5837589433de3927bcb7d79bd45645f4717c276eb9d217bbefa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
3849c32a7e24439972dc3b6b53fbd270

SHA1
38258d9aa8d9b7427181f50eeeed7345ed0e8b7b

SHA256
8b3c4809ae4676ab7c6c5c5ab2107ed04d464fa9beeb10379915e5c6349540d6

SHA512
49c513373390a9c421e996983a9bb73c841899299f4bb4515c7540b1bca2fd83da2cbe6cc787f6ed23e5d533aff03b54a04c44f6d22c6ac9085a94f6c9637378

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
7ca8b6931bf364c298e205876f6c4790

SHA1
994a675f1f72cacda38b8c5f66eef89e17708c7b

SHA256
64f65b536a28267a9a60e14ea35c86726b81db0854b7043f478332d3393781d9

SHA512
f55282a3fde07e8949e3fe095eb87c84840b410db3bf4430883685f2c48df3892de01843fa5070839b7e490f3e77a0cd7483666101c36e237f1428338ab9414e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
4b4729724bd113a8db246786513ce46d

SHA1
476549b2f3e8abf85c18affd62344452dd50067c

SHA256
3e4552ac2a546fd7e7017db43b2e5e753da9d8c3228e3881f6b9231dda85d8ee

SHA512
6d4ecb0670b0282e552b793efa0306787a21da3794f9f1d2b72865265e1539693305377d85edb56e469aca44cd5550386386ae08612c8d7b94d39315192337fe

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
e2fdb53c6f65640b502778ee388a559d

SHA1
a36ca1c03afe3b37bb494d980bd27dc1c599d0af

SHA256
25a19560ade9e611255539ae3205c93bdcbe51e113b8c13ddd8cadfd0faf12de

SHA512
a93be51d5b184b3ab4a78715bfa19549cfe8342e85866454d729d715ed0a8fa0b97e7ed72a68585a15c5245d4a468968b2a3325eeb121e7eb8f854866359bb23

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
f9506e84e4ec576bfc75fd10833f1c9e

SHA1
4c2ad674cabdb1b1cfa7266640ad2cde78005b31

SHA256
5f13a77b07a2d377a00c562a597541257cc32c3962fc635665130147ec572c62

SHA512
f716cc6216d313570ddd07fa5b068d331da64a8321885c6017749e0e119fa31b096b2106f2d3551f88d8271346a362e6b601e21c6d562f887047d94354f7f2fa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
7083fc568e6de8a8a2e167d050a6fbd5

SHA1
9875bf4725e81c7814f612534edf26aaba2e1817

SHA256
34491d9535e96801e0acaef234f8a6eb7f300a7be7ec9a9c6f894e0189001cfe

SHA512
83e028ae13d844b4f5d622bdfac19b059e705f3930a2f4b51536b85b151268bda8299f7e1f49429079d2be05b9d64ae40a89211c2760ed9515e72d31e353f18b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
420f8e07623e3d066e6cac05c5549764

SHA1
244e6ba39a4b2234edccb871c5c996e78948bc5f

SHA256
cf547ccf34de9d510564f5cf2ce6975992016bad2543856da9526497c44d432b

SHA512
8914817159d52659089de3e3454997eca591b72795d7a63f2edbdf2f72c6409853a7320b7d7e95df171394522ebd8727f23a5670b54427c38359a11c5bcc5b07

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
786fcb2f1d42f797b4fbb48996a2dc65

SHA1
43b073caed92275f81f3226c180385efd9249bb8

SHA256
ffe90d060d1fe1c208be49cf208b0ffcad101964f1e022e2afc873fd15cd4ae9

SHA512
8539e4ecffc64ce0d6fa44c4cacfb9457ed3a20b5174be4b1978fff6b7457e45a1b36cdf582c3e39a9181aa32037638d2011c4888ea91dbded59b52da4f03e2a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
559ce98f3f7c19150d9b2b8eca1d8fdc

SHA1
1abf4b27d56b6755c5fa2e114f57ecbc35a264be

SHA256
de8e29726663c94194bc63379891ef1fd52ae37da09dc5e3415fe3a3513ed669

SHA512
c1312a35d496c4993f0a4e33f7d7a012ab6368ec2d00f86f05bbe28d5abf70092ecf96f41b8806bb0e793d8c55a4bf6a4c82c79320ee5685cfceb46ed31188a3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
d540f4b97c793349c3a388b1bdc94bf8

SHA1
92cede16e098f3ee00e03241d4e098e83d6dd961

SHA256
852964ea502b119e616cfa6e1739b2c308d2311c38f33f5761b4eb6d0dec9547

SHA512
ee075614ac47b41232cbb694462a50bad653c0371effcf3d19977da85b696e7f2615cbefff4c949710e11c4e43db8def2a7d03bed5fb81446546e9ba0407323d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
f2d14a220b1c5dfb0d2976eaadeac123

SHA1
9c45e3ac8d22d3f3b8bfcf73cc1d2ff92d13e806

SHA256
91e8678616b6bc11a1bbb3b3b8906f4b69a707af88e4d97170295beb3e211790

SHA512
6d5e9834f7e3e04fada045a848fb20c7afde2d8ae6c7ae2a48bb1c1db6a79e4f0cc6dab9a7fd7dc7880fc5e13210051222dafa53cfd5e5f9dfcc498197836c20

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
77bbbdf2a7f69b230bc8cd4bb7f6ea20

SHA1
7ac98ece6e4c1d8f258e9737f9607276bb1136eb

SHA256
a2ae1838e35a87b8ca604766c0166b84c7633845f2b45c936b3b0d1f6168acb9

SHA512
0588efd3923f8443b99d2747121b4228edbcf4b6b5167b2d470702ecf7bf903ab01e001847cc706ffaab21086c51a59ced1d3bf7008a3fd15e1c1eeb49b715fc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
ca2af40e8a967cab969659bd4bddc867

SHA1
8149bb92561fc3458f2c0fc7021fed50acc97efc

SHA256
9138cc8e546198ce161dc1e78f7d28312636532d9117043c0daad580c0b69c9d

SHA512
cb555265ec53d255e55c090b63bb7ab8504f2f71f0bccd7ccb42d5b8f24e4701e38b847785eaaeccc342ffa9c5aa9c7a13575b6b2ea9995a9335207f8720e103

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
5da8a2bcc699f6d4abb1176d598df062

SHA1
277368b217dbd9e3b76cf43e3783a99a5bc8933a

SHA256
2a1c13cf54b574659a0459810b4ae97dc1e491c17f0b77c6de73fa47ce9995bd

SHA512
b00ad2d15338f356e909dbd417f931bba5c3386382d682c341be91da14e7406d9f0b03063341f191f1ad00c167cac8e9409e2eed4dfdfe41e7aedef7f6a583d3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
6f787917be1b34c49961d8ae3c6e353f

SHA1
657640c2c5365d9a2b768d71364a62c22783f012

SHA256
8e991a90787569b3473d4c20e8dfda8afb62a346a6046b554b3a1b4fd8c292b8

SHA512
19568d8092d617903d77629aa52ab0de1d33e3aeafa74e4c3e777811ec775d0df87074f59cc841abdf5927463e3b1f125dbcda2fd28c4292b5c36aff85c5a56f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
c3df8d9b2d4cf15238672e327a79a36f

SHA1
854a2bfd664c5ede2879b61db2ea9d7282da9481

SHA256
e18f1628e80b8339b3e67fae68ad3505fdfed0fdbd52290f349c4c003eded39d

SHA512
6a92f5ffcaa8142a2e5e6a143bcea8a41793644422033e391d9dfd9f823874a4812577bfc029c916b824c46ba381edada8ba208c7c128d5157f4830466aa31ae

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
42ef71ad4298f3be9e1f0d3259014023

SHA1
fedc8b64a2c7922631f33a3d693ccc06d7396409

SHA256
835788c93c43e60c1c2ffe6ed65a7e6c2f4d07ede0276d00e8e0a24120cc8801

SHA512
dbc855a67da485dd8e6d66a6cad607dd8c3f72103a4d7fe18d0e8fe0360ddf1639f08d8ed274fc26aee3fa462d90617ab16fd7c9f4b5e310275e740ed1c3510e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
a4e4356dee5a8ab30f2b0e2691fcbaa2

SHA1
71e41d6d994cc2472a8727b6994b533c58567452

SHA256
08cea072fa6424b340ef8e9042409b60b286ef0aeedbcad91b42745e1cf80e68

SHA512
14974c1677e0d7e1125a1ddc29d5fa60df7f8d5e0290d81ba51e27431998ecb0e294be34ed8d6afacaf0021b4e59704c7008bd9863707b58a044062544d859ab

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
9367c7b9191edee32cc8fb9949b66b13

SHA1
bdb04b87de3ebba1f88debb1ddeaaf6505eda984

SHA256
44780dfc2c08b6fe1911356e901ebf68f126e846c430c9d915d1f8f81b59c6c8

SHA512
32ead64a8735d72a71005034700963a56d9d7acaaecad3838543cfaddf792486813858683ee004050473cce534b99f07a2c35705af15d3269c3424dfbb304571

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
5b2cc862f5a3439d481451b3fb6faac5

SHA1
48eff8ea0f259fdb1d392bfe0347941896470562

SHA256
d80dc235ef1558f3560d102d7fe66504b4c87ff5c757926e6b9f8ecf0413f509

SHA512
1d16d84019f7d1859f2d7e352ed5080ff559041313fd8043fbd95dc18cfb9a59cacafaf88c66f471327427f97cecc7f22972ef4b9f4dbf57ce1d99c99f9cca0f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
bdead45c46947785dca933563cdfee60

SHA1
16720f3d784cc6be03988a6d1b76f72992f93ba7

SHA256
4098382bead86758fddc9a6e4cfac86350ebbbc6dcabaacc2eac79e9e78cc0de

SHA512
6d600b559b95435ec318a906cd8b81bbd5bbdde9faea65ef73785872204ea1d7afc3447cf80fca21ef6ebf15d0a7eb32503fe455e6f27cbbf2dd03310961655b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
5ecb78b21e15323019eaf2257929d8ab

SHA1
bdf4186d977cb5b7dea4cdabfd6211ac7387dc17

SHA256
1de639e0e9ed005fbfc84a9818b36d9e98d467f7bb9920ba84f7b2f832723881

SHA512
d3beb402a94c6c3770b420ee27bebc969924e6385210dd4ba4ab5e23e4da0f8ca463068612bc13f2e2bace09431aa93f36d05f9f9b27a7e6aad2b26955adb168

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
cc1d0b8cff87a7c9edbd48a78b2f4895

SHA1
7716d9ea696bf26da10a383383d1504d77c956ba

SHA256
99a7f5804d320333149f8cf2ae9bd17e3a09cb4e1dc6f81a1fd6de5974b022b6

SHA512
efee51839410f418a5937dbf7d84468651510794394e6bde454d37ea3627b86ec9614a9bb0f585cce0b5fa249251ee06693443497c0dcd87a203231ce6fa2682

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lt.dll

Filesize
27KB

MD5
8e36ba5b9ffc5bac31589b6fbe1cdf84

SHA1
921df491dac23b9ad62acc73454f09e591beb210

SHA256
3f4b509349bf0504e4a124243a3ab552318fe162d38578573689fc04a01eaad4

SHA512
63a8e82be2547dc9270dcb61b47b7fdc698de9a414b4a3c02c8c2298c1e11370f0035dbedfdd307c073302239132a8aaf878dd6f855076902064ac926c3d8e59

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_lv.dll

Filesize
28KB

MD5
c331849b99482598fed3fde474304862

SHA1
46a2a227beb91804877b4fd92a732fb8a1a0d4de

SHA256
dd8e4f957b46f9b3263658a2b566c7fc382a0f24f224caf6e69bdc2dfc242e74

SHA512
7816cc72e1ab31531600ee05574627c68fd34ef7703e04062ab8f6f89f74f8bb6eaac8f25723b757fc56a6e5b090cae3357cbe603924aae72dd6966afdd2d534

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFD5B.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
8ef343fdf3b0038c31b01e2318d27cfa

SHA1
b5545115c7de5da05e5673c1efd748d3e1fd8da8

SHA256
73f1a24bff2f9840250e81bc47f3b57cda6b77026dcc8c6691de1378d17e0849

SHA512
e9fc41cafd53e28a62ddc37e7fba7df2d2c0c38a5c9906c16debd0096e47ff08821214f96c18d61c6009943e9aa1fd8d32461db6b7f98d0bc88d2bd8bc7138cc

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
118KB

MD5
88c09f369c49834a9673d5c4e2d564b3

SHA1
e1de0c80404f7d90f915285cfa28f54784b6d6fb

SHA256
4e54c502267bc925c0a48c0e812a914dbc3fb052ab2ec99c315053aceec72a62

SHA512
835a84dbcfc310e9f8d02e232502ac659f8537d0ffab86babe533a988b022d9012e565183cb3597e9dd34034fa6c60373bbcb2b7f6cda5ceb9de7581e8dd3088

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
2KB

MD5
1d3afa250f543717e596890c59670679

SHA1
634923986212e95fac5dceb7f8c6af232027947c

SHA256
3c10155a61387f7b841891dd677eeb65e7c067c0359fbb85ae686a6f49478581

SHA512
b1cca1566b051cb73bc2ba0747ff5393ecc65fa65c375858aa66beedef80d0d14bfb594451824031cdc904d7c37547c746a3530774030993387542a55cde41ef

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe57e8d9.TMP

Filesize
1KB

MD5
55bc70ad9f710666d66b3c90e7542061

SHA1
78539eef4518753b5486c1ef6d6a2eb7e4093094

SHA256
4d1978311c50325e934e049d737cebc1f17d56c776d23ca3e77a9e3941c99334

SHA512
56c6a0157580b30ae0bf1dcd8b58e520befaa8ce59d8750746727ca535b781694c47644cd3953ac0e4a964dc4c1f770760ee21e4a94b9f4781f3514c897661f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID323.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID323.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
a743586a8a03b7ee728c772af030c19d

SHA1
407f997430a635dda6ee92086b41acbf96144be9

SHA256
d358fe2f4a382fee70198a7a2c5afa4fa98dc5b96296ab0e68d8a5854b0117f6

SHA512
82d2408214ae7fb5dc037d741a0e8083c968b8d8cb5b1e04b397ad710bf33cb4fad98895ab6914a6d88a1f65dd4ebd7f06d21b08e62af634809a2e57ef81de77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
a743586a8a03b7ee728c772af030c19d

SHA1
407f997430a635dda6ee92086b41acbf96144be9

SHA256
d358fe2f4a382fee70198a7a2c5afa4fa98dc5b96296ab0e68d8a5854b0117f6

SHA512
82d2408214ae7fb5dc037d741a0e8083c968b8d8cb5b1e04b397ad710bf33cb4fad98895ab6914a6d88a1f65dd4ebd7f06d21b08e62af634809a2e57ef81de77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
a743586a8a03b7ee728c772af030c19d

SHA1
407f997430a635dda6ee92086b41acbf96144be9

SHA256
d358fe2f4a382fee70198a7a2c5afa4fa98dc5b96296ab0e68d8a5854b0117f6

SHA512
82d2408214ae7fb5dc037d741a0e8083c968b8d8cb5b1e04b397ad710bf33cb4fad98895ab6914a6d88a1f65dd4ebd7f06d21b08e62af634809a2e57ef81de77

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wsdfv1hw.wdc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/372-197-0x0000028AA7310000-0x0000028AA7332000-memory.dmp

Filesize
136KB

Download
memory/372-202-0x0000028AA7350000-0x0000028AA7360000-memory.dmp

Filesize
64KB

Download
memory/372-203-0x0000028AA7350000-0x0000028AA7360000-memory.dmp

Filesize
64KB

Download
memory/372-402-0x0000028AA7350000-0x0000028AA7360000-memory.dmp

Filesize
64KB

Download
memory/372-403-0x0000028AA7350000-0x0000028AA7360000-memory.dmp

Filesize
64KB

Download
memory/372-404-0x0000028AA7350000-0x0000028AA7360000-memory.dmp

Filesize
64KB

Download