9e894c2620d565949e0d71e181e780ddaccc5b0d2fd70ec674e913ac7549fdcf

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d51d1d2718e3b9eb5651398e61d74327.exe
Size

10.3MB
MD5

d51d1d2718e3b9eb5651398e61d74327
SHA1

296f84b6c276fe9e91651336de83d3377ffa147b
SHA256

9e894c2620d565949e0d71e181e780ddaccc5b0d2fd70ec674e913ac7549fdcf
SHA512

a5cb4c437ec8a6a7b036c5e4acd9317b5348851b867069e5da0cc1e887a6b29e33e4d0f6c34a55ed1fc9786bd03a6ae39c95df3ae5f0eb41ab66972d38400063
SSDEEP

98304:9Ap0k+ZEtzkBIDW3TFCdsnCDyXOJWvO1pD5i4By2moI3YxkTN1JItXiy+HD:9w3dtDW30jygH7i4fI3YxkZqLy

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 20 IoCs

pid	Process
212	.tmpMZaI76.exe
4340	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
1664	MicrosoftEdgeUpdate.exe
4112	MicrosoftEdgeUpdateComRegisterShell64.exe
3560	MicrosoftEdgeUpdateComRegisterShell64.exe
3220	MicrosoftEdgeUpdateComRegisterShell64.exe
3248	MicrosoftEdgeUpdate.exe
2304	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdate.exe
4956	MicrosoftEdgeUpdate.exe
3040	MicrosoftEdge_X64_115.0.1901.203.exe
5084	setup.exe
844	MicrosoftEdgeUpdate.exe
1820	msedgewebview2.exe
2952	msedgewebview2.exe
3912	msedgewebview2.exe
2548	msedgewebview2.exe
3556	msedgewebview2.exe
2148	msedgewebview2.exe

Loads dropped DLL 36 IoCs

pid	Process
4340	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
1664	MicrosoftEdgeUpdate.exe
4112	MicrosoftEdgeUpdateComRegisterShell64.exe
1664	MicrosoftEdgeUpdate.exe
3560	MicrosoftEdgeUpdateComRegisterShell64.exe
1664	MicrosoftEdgeUpdate.exe
3220	MicrosoftEdgeUpdateComRegisterShell64.exe
1664	MicrosoftEdgeUpdate.exe
3248	MicrosoftEdgeUpdate.exe
2304	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdate.exe
2304	MicrosoftEdgeUpdate.exe
4956	MicrosoftEdgeUpdate.exe
844	MicrosoftEdgeUpdate.exe
2772	d51d1d2718e3b9eb5651398e61d74327.exe
1820	msedgewebview2.exe
2952	msedgewebview2.exe
1820	msedgewebview2.exe
1820	msedgewebview2.exe
2548	msedgewebview2.exe
2548	msedgewebview2.exe
3912	msedgewebview2.exe
3556	msedgewebview2.exe
3912	msedgewebview2.exe
3556	msedgewebview2.exe
2148	msedgewebview2.exe
2148	msedgewebview2.exe
3912	msedgewebview2.exe
3912	msedgewebview2.exe
3912	msedgewebview2.exe
3912	msedgewebview2.exe
2148	msedgewebview2.exe
1820	msedgewebview2.exe
1820	msedgewebview2.exe

Registers COM server for autorun 1 TTPs 33 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD327221-7139-4D2E-8B0B-018B525DFEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\fil.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\th.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\pwahelper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\EBWebView\x86\EmbeddedBrowserWebView.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\identity_proxy\win11\identity_helper.Sparse.Beta.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\edge_feedback\mf_trace.wprp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\am.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\sq.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\msedge.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\bg.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\en-GB.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\SetupMetrics\a63b3c8f-6cf5-4dac-a3c7-428535a3bc93.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Trust Protection Lists\Sigma\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_sk.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\icudtl.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\ca.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\show_third_party_software_licenses.bat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\v8_context_snapshot.bin	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\he.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdateCore.exe	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_tt.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdateSetup.exe	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source5084_1380072720\msedge_7z.data	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\pt-BR.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\hu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\sr-Cyrl-BA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\cs.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_th.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_or.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\msedgewebview2.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\VisualElements\SmallLogoBeta.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\or.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\microsoft_shell_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\fa.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\fr-CA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\nn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\km.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\mt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\gd.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\ta.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Notifications\SoftLandingAssetLight.gif	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\identity_proxy\resources.pri	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\ga.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\te.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_bs.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_mi.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\libGLESv2.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\edge_feedback\camera_mf_trace.wprp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\lv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_mr.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_sr-Cyrl-BA.dll	.tmpMZaI76.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\vulkan-1.dll	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{479A50AD-067E-4594-88CE-01A45BDF1CE8}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.37\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{DD327221-7139-4D2E-8B0B-018B525DFEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4340	MicrosoftEdgeUpdate.exe
4340	MicrosoftEdgeUpdate.exe
4340	MicrosoftEdgeUpdate.exe
4340	MicrosoftEdgeUpdate.exe
4340	MicrosoftEdgeUpdate.exe
4340	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
1820	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4340	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4340	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1820	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 212	2772	d51d1d2718e3b9eb5651398e61d74327.exe	83
PID 2772 wrote to memory of 212	2772	d51d1d2718e3b9eb5651398e61d74327.exe	83
PID 2772 wrote to memory of 212	2772	d51d1d2718e3b9eb5651398e61d74327.exe	83
PID 212 wrote to memory of 4340	212	.tmpMZaI76.exe	87
PID 212 wrote to memory of 4340	212	.tmpMZaI76.exe	87
PID 212 wrote to memory of 4340	212	.tmpMZaI76.exe	87
PID 4340 wrote to memory of 4552	4340	MicrosoftEdgeUpdate.exe	89
PID 4340 wrote to memory of 4552	4340	MicrosoftEdgeUpdate.exe	89
PID 4340 wrote to memory of 4552	4340	MicrosoftEdgeUpdate.exe	89
PID 4340 wrote to memory of 1664	4340	MicrosoftEdgeUpdate.exe	90
PID 4340 wrote to memory of 1664	4340	MicrosoftEdgeUpdate.exe	90
PID 4340 wrote to memory of 1664	4340	MicrosoftEdgeUpdate.exe	90
PID 1664 wrote to memory of 4112	1664	MicrosoftEdgeUpdate.exe	91
PID 1664 wrote to memory of 4112	1664	MicrosoftEdgeUpdate.exe	91
PID 1664 wrote to memory of 3560	1664	MicrosoftEdgeUpdate.exe	92
PID 1664 wrote to memory of 3560	1664	MicrosoftEdgeUpdate.exe	92
PID 1664 wrote to memory of 3220	1664	MicrosoftEdgeUpdate.exe	93
PID 1664 wrote to memory of 3220	1664	MicrosoftEdgeUpdate.exe	93
PID 4340 wrote to memory of 3248	4340	MicrosoftEdgeUpdate.exe	94
PID 4340 wrote to memory of 3248	4340	MicrosoftEdgeUpdate.exe	94
PID 4340 wrote to memory of 3248	4340	MicrosoftEdgeUpdate.exe	94
PID 4340 wrote to memory of 2304	4340	MicrosoftEdgeUpdate.exe	96
PID 4340 wrote to memory of 2304	4340	MicrosoftEdgeUpdate.exe	96
PID 4340 wrote to memory of 2304	4340	MicrosoftEdgeUpdate.exe	96
PID 3148 wrote to memory of 4956	3148	MicrosoftEdgeUpdate.exe	98
PID 3148 wrote to memory of 4956	3148	MicrosoftEdgeUpdate.exe	98
PID 3148 wrote to memory of 4956	3148	MicrosoftEdgeUpdate.exe	98
PID 3148 wrote to memory of 3040	3148	MicrosoftEdgeUpdate.exe	104
PID 3148 wrote to memory of 3040	3148	MicrosoftEdgeUpdate.exe	104
PID 3040 wrote to memory of 5084	3040	MicrosoftEdge_X64_115.0.1901.203.exe	105
PID 3040 wrote to memory of 5084	3040	MicrosoftEdge_X64_115.0.1901.203.exe	105
PID 3148 wrote to memory of 844	3148	MicrosoftEdgeUpdate.exe	106
PID 3148 wrote to memory of 844	3148	MicrosoftEdgeUpdate.exe	106
PID 3148 wrote to memory of 844	3148	MicrosoftEdgeUpdate.exe	106
PID 2772 wrote to memory of 1820	2772	d51d1d2718e3b9eb5651398e61d74327.exe	107
PID 2772 wrote to memory of 1820	2772	d51d1d2718e3b9eb5651398e61d74327.exe	107
PID 1820 wrote to memory of 2952	1820	msedgewebview2.exe	108
PID 1820 wrote to memory of 2952	1820	msedgewebview2.exe	108
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109
PID 1820 wrote to memory of 3912	1820	msedgewebview2.exe	109

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe
"C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\.tmpMZaI76.exe
  "C:\Users\Admin\AppData\Local\Temp\.tmpMZaI76.exe" /install
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Sets file execution options in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4340
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4552
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1664
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4112
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3560
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3220
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNBMEJERTQtM0FENS00QUQ3LThDOTAtRURGM0E1RDk0OTRGfSIgdXNlcmlkPSJ7OEU3RDZFOTctRjUwRC00NTQ0LTgyOEItODU5Q0FDN0FDNzc1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NUZGOTUzQS04MjkwLTREOTMtOUNCNi0zMzFCNTQwOTYyNTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzUuMjkiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTE2NzIxOTM1IiBpbnN0YWxsX3RpbWVfbXM9IjE2NTYiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3248
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{13A0BDE4-3AD5-4AD7-8C90-EDF3A5D9494F}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2304
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=d51d1d2718e3b9eb5651398e61d74327.exe --webview-exe-version=0.2.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2772.3752.17861328949037308743
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1820
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=115.0.5790.171 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=115.0.1901.203 --initial-client-data=0x164,0x168,0x16c,0x140,0x174,0x7ffcc659d310,0x7ffcc659d320,0x7ffcc659d330
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2952
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView" --webview-exe-name=d51d1d2718e3b9eb5651398e61d74327.exe --webview-exe-version=0.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1808 --field-trial-handle=1812,i,4693055413012173782,7373607289119988811,262144 --enable-features=MojoIpcz /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3912
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView" --webview-exe-name=d51d1d2718e3b9eb5651398e61d74327.exe --webview-exe-version=0.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=3108 --field-trial-handle=1812,i,4693055413012173782,7373607289119988811,262144 --enable-features=MojoIpcz /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3556
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView" --webview-exe-name=d51d1d2718e3b9eb5651398e61d74327.exe --webview-exe-version=0.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=3076 --field-trial-handle=1812,i,4693055413012173782,7373607289119988811,262144 --enable-features=MojoIpcz /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2548
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView" --webview-exe-name=d51d1d2718e3b9eb5651398e61d74327.exe --webview-exe-version=0.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3420 --field-trial-handle=1812,i,4693055413012173782,7373607289119988811,262144 --enable-features=MojoIpcz /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2148

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNBMEJERTQtM0FENS00QUQ3LThDOTAtRURGM0E1RDk0OTRGfSIgdXNlcmlkPSJ7OEU3RDZFOTctRjUwRC00NTQ0LTgyOEItODU5Q0FDN0FDNzc1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNzlBQTlBMy0xQUY2LTQ4MjEtQjNDQi1ENzg3RkY2OTdDMDB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTMxMDk3NzI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4956
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C87B7B7-541E-4C1B-95AB-260C03D32B32}\MicrosoftEdge_X64_115.0.1901.203.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C87B7B7-541E-4C1B-95AB-260C03D32B32}\MicrosoftEdge_X64_115.0.1901.203.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C87B7B7-541E-4C1B-95AB-260C03D32B32}\EDGEMITMP_2FD7E.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C87B7B7-541E-4C1B-95AB-260C03D32B32}\EDGEMITMP_2FD7E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C87B7B7-541E-4C1B-95AB-260C03D32B32}\MicrosoftEdge_X64_115.0.1901.203.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5084
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNBMEJERTQtM0FENS00QUQ3LThDOTAtRURGM0E1RDk0OTRGfSIgdXNlcmlkPSJ7OEU3RDZFOTctRjUwRC00NTQ0LTgyOEItODU5Q0FDN0FDNzc1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBQjExRTA0MS0yMzMxLTQzODktQTUwNy1ENzRCQjgwQjdBRjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjExNS4wLjE5MDEuMjAzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTQ0ODQ2NzUwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk0NTAwMjk2OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyMTM3NTMyODEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2M1ODU4YWEyLThkYjUtNDE2MC1iYmI5LWE3MWY5MWMxMjJhZT9QMT0xNjkyNzU2OTg1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUcyJTJiZDJIOE13STVzZktTQVZUVXNNdzhwY1ElMmJLc01WU01kREN4MGNLYXRFMnBZd2M2MzRwZUxWa2hQekRIbnUwWGpBeXBacVNMSTkyaUxGem1reEtiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE1MTQxODgzMiIgdG90YWw9IjE1MTQxODgzMiIgZG93bmxvYWRfdGltZV9tcz0iMTc1NzgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjE0MDY1NTY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTIzNzM0OTgzNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTU0NTQ3MzE3NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijk2OSIgZG93bmxvYWRfdGltZV9tcz0iMjY5MDYiIGRvd25sb2FkZWQ9IjE1MTQxODgzMiIgdG90YWw9IjE1MTQxODgzMiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzA3OTciLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Installer\setup.exe

Filesize
3.5MB

MD5
c7645f29dd120d88267e5086790d0833

SHA1
7157d3406cb0aa4add402db04ac11d64e9fa21ad

SHA256
04f0c327aca916474cc9462dacc2aa519ddc2f7113673ffc16d7d2d2e25ae3cd

SHA512
e7188b8dc1f58e5b980c13c80b4e50a3b49edcdf9053fcdf84d521726253b93832bdb1b667e477bd51be9aab1e0e62f751af59d9651a401da8277fa8a05e0a23

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\115.0.1901.203\MicrosoftEdge_X64_115.0.1901.203.exe

Filesize
144.4MB

MD5
d570ce7edf851d97067aacc7a08dfc58

SHA1
097172f7663696c768299d2f956740497b647adb

SHA256
52695a998c0aabd5ef2e39b05ec27073a44a3e0efc65eed1bd252f92e9f2c0e1

SHA512
f6125052f959dd485a361b634b588e178cf46fe4b8ecbd417b4e07affa30b849c09764b570bca16860dadce38e9b1e98c1b2a7c4574fb2bcfc9b36d23f9232f4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
05a73ef9cdae8d3783e99fea3d3e9841

SHA1
c77ed6ccbc405b49ee3fb757a5bc9677f0a45823

SHA256
981ac233a928a5e68ec9b269ee059996e09396dda7205d41d0f283bda24a7941

SHA512
023ac5a8a5ac29f811a8fd7c87fc163d9b6913de89a732305bdfa52aea604598fc93c45559f41e9d1eb622a31995e1f97b48121eaae98193b81f5da7c31e55e4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
f5123f139892be31deab7d210a15ef4f

SHA1
48caff4c7d647d5b4ee15b076a349abe8d16a540

SHA256
691436e3fac197330b10d3ef9866ba9d1bd86e7f5ee731f138add7695120efd3

SHA512
cbd00c73271d175c78d79fd1440b785362f460ace38bdce6703f397ebe2b838d6bea1702b1a411b1516f455f8ddd67c27461a52e8200aedea372aa5f53e24cb1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
05a73ef9cdae8d3783e99fea3d3e9841

SHA1
c77ed6ccbc405b49ee3fb757a5bc9677f0a45823

SHA256
981ac233a928a5e68ec9b269ee059996e09396dda7205d41d0f283bda24a7941

SHA512
023ac5a8a5ac29f811a8fd7c87fc163d9b6913de89a732305bdfa52aea604598fc93c45559f41e9d1eb622a31995e1f97b48121eaae98193b81f5da7c31e55e4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
05a73ef9cdae8d3783e99fea3d3e9841

SHA1
c77ed6ccbc405b49ee3fb757a5bc9677f0a45823

SHA256
981ac233a928a5e68ec9b269ee059996e09396dda7205d41d0f283bda24a7941

SHA512
023ac5a8a5ac29f811a8fd7c87fc163d9b6913de89a732305bdfa52aea604598fc93c45559f41e9d1eb622a31995e1f97b48121eaae98193b81f5da7c31e55e4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
97ddfcc4dbf9925a7291502c51015e43

SHA1
91f833f8f02ea03a480d614151285a29d8ffd10d

SHA256
c00fec19989b322e7a17f73142a56e516c41666b781d598efad2f07ee66f4760

SHA512
c69a657159778a9c894c7f63cfcdd5263291160e6e6803238d822c52bc1ce08774511259626cfd87d3f441cc44ab6ec04cf5a6544965c653d2858b1478de16cd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
a3ede53f7ef455e5f6692f46d1b6c694

SHA1
e86becc21c7910f2f70747d637ca2c84453893a8

SHA256
598a8a594937cdffb664c84ffbc83592687a1e92c884e88c71da591bd7429609

SHA512
befaf6eed25d05f79935fb988f82b452ffb3bfd0a56bf22bf0600b3eb556cf521af04b93244aec9bfc68fc1018dcde8268fdaf6a0b6221b3ac1e18ef0fcaebd0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
2cc05aacc62dbbfb2f419482fcecb2ed

SHA1
dca7941ac0c6f519b629f8acd8b98352f05aa290

SHA256
68e1f3aeed0c9cc2016fb3832207fd9d1696e0457ed826ccb2609913da4883ed

SHA512
d74baa5e1199f32a8558e46d23bd60288e6f7702b28ae9c856b79c2f401abf095a08c1081ede742a7c90a89faf5015506d4f7bab8de824af11261b2e330d8bc5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
2cc05aacc62dbbfb2f419482fcecb2ed

SHA1
dca7941ac0c6f519b629f8acd8b98352f05aa290

SHA256
68e1f3aeed0c9cc2016fb3832207fd9d1696e0457ed826ccb2609913da4883ed

SHA512
d74baa5e1199f32a8558e46d23bd60288e6f7702b28ae9c856b79c2f401abf095a08c1081ede742a7c90a89faf5015506d4f7bab8de824af11261b2e330d8bc5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
8f82cfc1f2180b4608ad33918a31dbdc

SHA1
151b0e225084f3817fcb794d242b4b17d2ac878f

SHA256
44a5ed301a10a8dcb32fdd509757da7535c447bff9618caa637fc89acc52a011

SHA512
8b061f2d00d3ef4f3f987dcd216795fe046f28ad3ba85d6ff5f9775e3dd94650b6b09ab698692103b2d620846211f4946710ee497594dc44f94718466f5f5b79

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
d64cc59bb717c2b9b780cfcd9102596b

SHA1
799e389f70cfa8b6480a9f31b28b5d80941046c7

SHA256
1dbd6cd911b5ece2759ebb71948ac8340ce748ce77ae588a03b5d1afcc4bad76

SHA512
20bd0ec612772867f1c66886152aad2c8dcb0cc5f5a056d20bce05a1fdc1604f44270b42d3028740c0ec4ae053e39dc5d0c8b559532b166fbf34b73753ea1895

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
bc444e9192dddd43a64bd7f05aa2038c

SHA1
e0be9224ea664c3401ba58847233d6bd3fca19dc

SHA256
976a16f186866974de5b2e712e93674e4121c9827ab9399b8762c8067b7a0894

SHA512
837d28049d02f5c79b55b8ec898a2f58f26e7c5e9093a41d05cbce911f9d3b6c554c39737fb39dc8a937ecae31949d2035925c5f388170ce6805bded460ee833

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
b0288b95a6aceee7de14c886478d3205

SHA1
8ceca13af957c28ddb86cf0347e30d172ce069a2

SHA256
e57f37badf1f23d9821b7872717ce4a210e3948099f0a27fc8a50c90b522f87b

SHA512
a487a3ff13b3ade55808093c24997ba1e353c34b43104af39c417b6f040d5727b85896ee7a06069c57e8c5f3e6c11d35d517f6a25859e41d65b94c8974f97dac

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ae37298c5914a9c9172931fcb7a90825

SHA1
51bedc411c778e52863ce9db1902dca110580b1c

SHA256
d438840d81a749e87acd5a1162f7e17ea8b284844b921d8f25320f8f3d1ce4d7

SHA512
40820c95cf2d45f561a673219c28cffdbfcb2319236536c10a717059059bcf62ff81db7730e81c4c67a641e2969da4aa4abcb15788f7bddcaa528459063edac0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
3bd46802c062a780341350c042a5455c

SHA1
ceb142bf02a80eaabab04ae383f3fffab59748ce

SHA256
ef02cef7ce51a03d5d34cece843bede2d3d593287414463a0e3ae354da82cf87

SHA512
dddb0432528d0c38556e578070d4cfa922a76a0d64d82c3fca23f34d2fae472a9c201f9360c883eb05438d260cf05db2d8ed0d70dbda2af9c44c8e67e6f8ae83

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
0342fae4c5816870b1f89c53ab6c32c1

SHA1
d8c823ed491b7bfd7a1e19608144bc8aa0ba521e

SHA256
1796f5867d972b4096b002f856e24881eb6523ba46a1dd30c05598ac9689b6f6

SHA512
3d8bdc961bf96cfa60308c968759a6a43284f63e47ccee5122028d871dbe4590d4e8fbd997fb54b175331cd53d4f6d61001cab481ddc9cde57a4cb686db16806

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
50feae66730d0a430e90d36fc9662adf

SHA1
7a93d22ca160f636615e03bfe5af225147c8355b

SHA256
3772f79632710288de0d6fcd95529c67b4727639cc93eabdc5649baced807e9d

SHA512
6cda7db4dceafa257ebd4ded7d03d4cbc37534a5585efae0bdc288d2fd756b30712073afe0afb031ed940b1fe0acf15e4a8c42f81afe24e5cf165e742310935d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
a3889fd87e113518e37209d06d87331b

SHA1
f90121fddb8d61bd439cbad9ee31ca2a23e47372

SHA256
f614887b8bd7bf37770433d47e0aabd0ce5ee516f227e694125051db8abdfac2

SHA512
0ad0ca9c357c520c19a3eccf57471d56a0900269c615c038644026732fa7273f76cc1da3d0bb05697a5a8c6d483de72aff7a57deff36eea9f40452012ac933fa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
021041453eada7c500dd7d43c5f60a83

SHA1
4908b5e75ea8a01d86187c83896a7bc766799da1

SHA256
6c098cc5033ec06eedaa0328ae5c45f879e9624c0d076e9fe6bf33c2a929f751

SHA512
94b725c570730d10e40822dc18b9b2282cd02feac2b78ff8dd96fd7b0464dd5a53f8ea6894f1767c0f1e7ac8798ce3f5195d3f19e676a42ed40bda664040d898

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
3c6c5d804bd0c30f35dd44923b53c429

SHA1
e0798b42e741c125d67be3d58b31f4c225160c37

SHA256
d695c8fa8c93b57092630ee2d6286887fd6f8f91b1253323c0ead4fb310591b8

SHA512
ed1d31f9de7a8110385a9ad0f51c1d19f0564839977eb609cfc4d8791f83f1901b70a4f9cc5bcc1a72771dd0d05a98f921921346d9fd4fb29a5098d962466987

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
08f9879b9261be3a702646984b6fbe96

SHA1
327ceaf251659f94d0dfd547d12e48cf6a9227b6

SHA256
a9917eb0b2191a53284f33159dd746f763d2314648b4ba93c4d534e7bf9ee28a

SHA512
79f7c9545972d91552fd301e686cacedfd6c74e459a3e27801f567a017fb56e58aee5819cf1a247cf66402c4190aa88ec58a6c6b4dc0a76c85e66285bdf809b9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
5d2a6de66dfeb5241ec5574bb6fea786

SHA1
34ac86208ac0e92bfc685b203a3130db4dace94f

SHA256
82e2c75d76d1315226d6283c02940fe750ebe9c9dfd8dffc29226a2180967f0c

SHA512
a9b0d5fc29c5897d6b542e25b2ecafe2d8c8f917714ed82afcb0ea3dff7e6e8b83ce340de36a7c2904ce9ab21a90c32696135b158124e6e61888c971d0611784

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
6ccf39d9c3834276f7f1198be0ed0b98

SHA1
dff2e1e1c0cb97032c92f98877b6c81b494e2ae4

SHA256
41beb17ba1215d85b95a7809c978cd6132d405afa016b5564a01b8060bb55c02

SHA512
f8c80738d8d8f7afbc2a5f8c7c37aec9d88199974470eb58acfc9a8a4a7570b0d295c54ea7db2b902384ac8ae83dd52b7978d84a0f38e7cfa74cc5defa7e9f90

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
5e467b6c149791ed06630140fecb4c97

SHA1
a000efd07c5f36ab396346f6818e0b3f7c168e21

SHA256
ab91a0d6cfb528af7b1d6bbd987709a5f928b99d5e5308db5826313429fa58e7

SHA512
1aecb295393b61c3767f75d8ee66b754841faf10528d99f6f17175d8a52dab1251fc262a3f6de463d127d33a6dcfa9c38db6d24b540d562078709989897b6aa7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
eeeabd00c9481bf83155b9304bae7fdd

SHA1
71ccc3d9aeb29b30d40bf1cff449d7a173e3b4c4

SHA256
0c1d82acff3ab5c1b274c2803566c88bd5cbb77b82230c0b5e7b30a26d507aca

SHA512
2f196a4e499c0908007fd254070018a4751aa8e89f20e9c36e27a575b3a9139793b278c30811a92946de0781e1b976645b3cc518700119b5951a982a23d857ec

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
2c58fc7a937a24dc8ad77337ff6577c2

SHA1
dba73f9ee4697d45b21c0103888ef03b9753b0d6

SHA256
cf85115f48bfc1d5a7dea0c89049abfb118da803f37b08bf02a0769019aea684

SHA512
f7025b557a02ae99ac097d7bb85d290ae35ca46a726a078081e38ab20d3ccd291c6f094eadbbe1496f3e943728a17f6e2ec344d1f9b06f5a02ec47e5c50aded5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
6cf20567ab4bdaac0a3bb9c0314be71e

SHA1
c5054e05335164afe1848ee9ffc5eb187f707b0a

SHA256
5efddcde709e05a7a603758ce19ae75a9683aa3aebd566094387a601c9c20f88

SHA512
0e6ee9c93abb1b9eb09efdd3299a56abf645f37d1c36fee57867d6087047fa4245ef9f1239617af2aa43d8574e237c6899b5b71f9bb0044315ceeff9c1e04ca6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
f0dfe4e6ef7da24089666d3bd577b52b

SHA1
a89b360f0b792773b63be8d92feeb647b04b4ae6

SHA256
64d3ad890010b4c076f25b0fe3f1d673f990d3d419e621d48620f92613d35164

SHA512
cdfac789d428d075dc764482ac1e87154421fb55ea4cd675432b9311a576630dfc40704745eaf1c8373403fe16d2ddf5e6db4e6863d4f598085ff8066fbf3689

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
3481d8da98329ccc202181027f604201

SHA1
561d0b9a308a4b99b33d3b4b1b397fc3026c5322

SHA256
648f277ee72b145691f6552843fbb7c27027ea2fef66ca9faca851cd6802b54e

SHA512
f85710663104a79b567ea6484987fe6ee7ff07fc709be8352749f79f0c639f5d3581fd957857bd014b9d6f555573ab3578796d03e815d6ae549850ff7c7fec2a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
84ab4cfc49d385b39f4be1f60ed7dfda

SHA1
e739450a7c51ad3efd6ed8c314865bf674c7ef33

SHA256
d8aba0f7f1b8efeb9299f467f3688241b90daf71082ec239dcd1d12ca9471415

SHA512
b86078190684c467aa1f035d86d4f1ac29b75943e17e07f3e6293b7aed332bd47f309f5754c5d95abc452bd1525b933c66ae8ed072bb90ab66813475544a5ae9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
9961b537bcf4ca25046610dfeac522d1

SHA1
a45c63af20e23d4e39528e1adf6cad75b3d94534

SHA256
35933842e2224ea3c969b93ba0892afeae45b7f63e41442f049cbfb48a5a38f3

SHA512
77040bc71512d0c0cd1cc93951c008a1a8d5d82404b490894de2ef0882c4eee73639b43f198ce2646dd4ec87fb6c4f6ad842c71a804f465c3f759e7ec7a93346

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
96299418eb52e4a327398cd3fb1f5a3b

SHA1
f1efe6533f241d336c2c0fbd2710402486f4f4de

SHA256
adacfeaadb2652eade235deadb8bc8037d36fee8e61bb37827c1fe1a38dedd7e

SHA512
9c863c15009d31300652c2d70adbca35322905386c93052cd60543d19a165137e3edd89af70e1790a94c125d2d98e92af8fb985a25bc2052c5458e04ffe89d27

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
b328ed4cf9f38464280a7145f4a1fdb1

SHA1
30c18b07cdcba45bc7320793c2c91f66325ac6b9

SHA256
7b333783f74a0b70a97fdfaab2811128c11bcdad6e178731560864cef9cd371b

SHA512
dad9152040b68b8d2b189a83f1e6ff34a0cfc6772beca99e9731dc8189d0f511ff30fafef309911bf4fe7cdb7b9d7a5de80ce03a53fae6f71722cea43409d631

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
1a09eac1d844cf3b3a9e9b8eb790d3b6

SHA1
7f26e851daac329c4a62b0b654ac798d174c290a

SHA256
694b8c816a5bc1715f3ee7119d6d91d358ebc5e2b1f77b2bfda202fb5d9ad40c

SHA512
a51022c136949c439f31a9a86a79ab7e57223ad8a3506019f9a26a85ac3aa5ccaa118956ad566d80da8fc7b241d5a03562b635ee47e4c6589b75c42102751320

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
94b19a612453bec8202e5c1150bb9266

SHA1
16cbe47c563066d14f21d82602a5bf7cf4aa3b36

SHA256
76d4c3eb1bf1c2c07c092d59fab25c9a4438d992f17afc7e63e5cbf593bf0b64

SHA512
05217af1e4957c3db9dda06fb9f41f1cc776872ad5523e2b9a1469c3c975a1b238cb1c183bf2ffccfeb3877513bcbbc7084d22d05de4eda5c22e6a18f36d37e8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
53d27556e6571ba4498dfd800a12ea10

SHA1
1e150df8077ae6dbcf3ec9f94f59fd31dcecd553

SHA256
b047a1c5776ec3c1262f1e755dae2302bb289a0f455dea5d0297d2d9e5777819

SHA512
a17287b2327a44aa61c6f1df75948de64ee0696a4168aa36a2ae92f20a7d99a045f8aab21ab22ba08e0c14f4ce158ebf3e112651dc459a52d8628754e8ca1e29

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
4f13fbb3453425c61cf18e45164cfbce

SHA1
7d96d84adfe06bf6c3bb3057489d88b593f7b09e

SHA256
81e75b16574e16cfe8ba086361c6bf18bba4fd48429c204a8d141654af2435dd

SHA512
e006402453a28bfb2ba1671e754f95c99496dabb3e14819782bbdf24295e9c4bda02a0bc809bc835e0a714678048a4d086225e6d57e52667057b5324d1a1c8d5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
9965e4bbc4abbae200ca90bbc6685d30

SHA1
44fcecbfbb0f6bdb10ba0ae4d6356076e79ca92b

SHA256
03f8258bbed60aa476f24604a8796d3fd72d71476dc1acb64d27e0781c99f645

SHA512
c37694007e90a781b3c60a78f6e8590b9b14af693bff366b6d153dd735c1ce82baf7756bb3150f1c0ac46f8e5a3c7458b4b99390a2d2382974150e797cf5d92a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
3cd18b2793c5c1e236665edff542c5c9

SHA1
19cf9e6f7cb4035497109727057c7576ee8a6be9

SHA256
8dcf55a3dbf6abd8d7c83504ff0d65392db69787bec04c3e24c45d6a85d5cab6

SHA512
e4842963d4d38b69b270d470cd8a1210b04f99977c5cc52ad347370dee941a58cc972b05d24ca5f282ead0fe64dc1b75c2823c21747a06f8a08d121a5b54659c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
a5b720700d4cf4a9a6857c498ad3d11c

SHA1
7bab942accaf6fb49b4a6fcc95bffbf94035ec95

SHA256
5a40acd26fc6ae38de8352e33d3df7f26af589afd1423314049c08354a9d4161

SHA512
05a5849dc76d2c51d57a6f4d1c7d6cbf22361ff79c6f1b5250269c6f5d232e0fc444bb56ecf2860bb0074219a2c47d472cf6873e78b3c39fd0e4a55d266fecab

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
7b9952adeca48c3d0da0cdb2cdce685e

SHA1
79c6d438fc8cfb713394eb0a9f6137759d3b72ee

SHA256
b87cb0adc1de86875dc2504eb7d6d287a579595c42f51e846764ef46a2be738d

SHA512
8098d6989bb1907119a4373a724f34d96b5f57c72202e9d28a18bfa91e35bc50c7c3ed8579fdd9cc725a8cc9a86eff2bdcce526b593fa9f3b6b7137dfb8285eb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
6b44ba6e3a3ea1d140004fc74ec5af2f

SHA1
598d643751cf123158a1165b2d788b990b82b5d0

SHA256
16f88d8459c5516431c8c922827f63c5249fba45db24bddafce320dcf540c209

SHA512
825ad207046304c14fa6a86b77fd599c3d7d7f25b383209df21b43291b6552540b0895b4d351a3aac7074b9aa2db1990df615e603eabccd08c3db6c8e1bbe5cc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
70f6d35d85161494c2ac51f08cddca3c

SHA1
810875523114508c8a42fb8750b452a364c5ada2

SHA256
57ad2a58174ce76210319142e4de70341841b501b1b56715b13d786b32aa21e3

SHA512
3d3fdd3ba6e2727afe39c24d5721edd0b475ae809a6f70f569daf97915a750145e364d7db18658f012a798b5691bcfd536e09c895f287b4bf9b9fca63e3af680

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
bfd156ff8976cc32b0347e842d0c9510

SHA1
11e52be1a13e400ff095f52b0f5e79c1837338e5

SHA256
056a58fa513c461bb3afcbb1bfd0a3874b9c9ae76f307e329f666babd890802d

SHA512
72633849e5f2b66b8885d65c6aa60425168b45d4d784edb0a4d97bd414382635057f28b875cc546e6e5fb2ca5074f9a8f93991618baef6f10c97cf257732430e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
0bcb48255d3dcefd404ab32d7b9e985f

SHA1
09e9e3f79115df8468f22188ca87e7c76c8116bf

SHA256
bd0416f18580720fa1f4a498109c3c3d7a1d4c7765d8fe6d96aa37cc0942b3d2

SHA512
310e45987188325dbc0164812defa293c4eaafde1d0950527aaa91968b8580003fe884a6a2058f5cd33c369de4d68a9f66f02ba8cf70a0959557c9e2547fe2d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
e8bef25bffea9568b2d8730a058245e7

SHA1
03de05e90182c1781db8f40dca8229174798703e

SHA256
901e8952a73c1ad86f02e15395f8089dd7c3739445b3d9ae663e523fb0d89c50

SHA512
dac653fff648d540def0f04b45367147080fe3def6112fd034e078b433d6a274862de750f4f493581d573c07e822b943171f41dc5fc30dae7ee97090094ac80e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
ff06b00720c57890dbddaab0dbef3247

SHA1
820f45f96410da56711476514887f13bd567d3c3

SHA256
38e462eab64ab465b93563b74294459ca401a3581b9d55e58832ce0477344a36

SHA512
cb7728eabe4ce0a6cb401df91fa2fd22559d03707d17870815a246098a53bc2c11ff37057409ca7d4ed514b1ff7180b48c69ee871a5300ec1c600a51f16af6a0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
cbf3b736eee44c0b5ad46969e550d5f8

SHA1
a553d97853a181b07d9a3548060a1fa83d43bcd2

SHA256
389b7a9c401bf6ecc848484f1bb4543732eca5f73d4c9b70a46513362dff6660

SHA512
d7880d7df490952e87a8267fa5907faa3cebeb431c3bbc8334296f68d94460b055eabc5b405bc0ab721ef08347689ce98c97ad7ecef6be5fc3e3e43c914b8d52

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
9448e0bc9bd46181fe505dd3c9145ecd

SHA1
a1197e11572fc8d3bcdda9caa448904d5436f12e

SHA256
bd0964f7ab39cb21d36cf80e7276c824c78e332636fb1e31b5ddd395254eaf26

SHA512
5180e4846c2610a77c33e2475824b627456e64f492d3383f29ea27e37c87a4b6b56ac8a7647df71ecbd3e2aba8d89a2b8a0a43569d032d9017d35799ef61c06f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
a45eebd5578fc5f92e195f68de6af3ed

SHA1
e4978fc867d9d8cd4565383b3141b936746e7d53

SHA256
670de377c3eb316ac6b977660762b203258af20fa054ad4911b5585b1eb99c3b

SHA512
80a21647a867815dca8ff24de4e6a1e5c039187f5db27ff77ec5bcbda0bd586e0645b763b13df22e13e2b2f2044c0f9c46efc8c1a4adaa21f7a1137bc530f571

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
90c4ec8c01b9a929f4ac8a29d61675f1

SHA1
1dc052e97b71e68ffa614e8a195ba99b6cce670d

SHA256
e98f925b023228cdbcadde47e5be799349a78ac9f28f4f651150811834b7567e

SHA512
300eceedc9308f78e1151a50d96e34572ca956c68a2d46042ff39825a23219e38550ce01df80acdfc7e06854a1f5788dfed141e693b32f8e4e2c1d1955fa25ae

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
f02b1b9ec36577f040a37ebaf7d2b138

SHA1
2a3b2490391c8d253e017d399b86fbc29ad12f32

SHA256
fa82dec4e559a2503658d3c5189078280f1441bedf9e8c3da9144913cecddd57

SHA512
7491c9193a1c69a37c9ce9dc0f788bd2392644e040c17ca9afc71251cd0378c4efaed15e68073ee1fd4c5ad9d3faca78f0baf09f1d41555edbc7e6cb3233df57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
54b6789d2b1fc0073d182c996c85781b

SHA1
87ca0b231c916b269e423a0dbc1a526cfab8a60c

SHA256
c9d8a2ae83e667bc10cd8888f380c979ddfd7d17c0452c93be1d935a7961e39e

SHA512
ed08ce52a0871838f412af9be7ebe271b16c253d0c73c2a73955382c017a013379d02d636b00759817df808839461afb791525df26f37be51293e8b1c379f9df

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
a10aa79e49a2fc9fe07e0e4846f18959

SHA1
37111d97a5b3c6f350a5272c9fb642c17fd9c771

SHA256
9fbd110162ab8bd31902ecb12e7cbbbd404eb14d777b03796a90a8acdcbf334b

SHA512
ed136d70dc6185376ada6d03d9905eed3477ac77d71d17d47a7f0591f69db854dba4c48dabd54831e1939d9b4da41f23cf5ed9c13f20b1c2ff8446b623484a87

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
1dc4c2bc2db9f61e142b3cb56b643aca

SHA1
4834304c33903bcf2794c55692f4aee01340d0b5

SHA256
3579242a1eefcdc969b53a8dbf06e067bf966fddaed8e8631fba7a54f6634bc5

SHA512
a7be4fea16f0e60b5e38cd41ecc5e3629898d6672bacac984696ec9558774f5ae7c20c500d90096bca612f15e53a0be1a7476501be5960a26c3297f8b4154ff1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
6b13181b23769db1504a148f320ce636

SHA1
8df705e3a8a3c7ef49842510b80e073778c4210e

SHA256
28129145a1c5de79255b051668690cd149e28b6c31011593d4199a17e1466123

SHA512
97e49e86f7ec7c991b5f3b063bead17c7c59428cd010e15384b6b05d89bc395f15818cecdef26cbaa660c171c1c6e6df431a6f3ea461308ee0635448a302766b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_lt.dll

Filesize
27KB

MD5
fa2e6f380c64f6f604e2cec5f27469e6

SHA1
c9889aad92042d1f6a9285b68ad486844d91bfa2

SHA256
c61e19968e3c1a9efabf15e96652141c790dbec44b933f557847cc64ac3febe4

SHA512
49c14354fb4ed19168a7c628b775b7701a124bbf10371b50c3a8845506d20f0e909459ab337b6f34bf539062e7660234328d48a3f96fd4d3b7156d92d7c870c6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_lv.dll

Filesize
28KB

MD5
af54c576d5cf7ada021c59b3174c7f4c

SHA1
75f7d8f9b319660b8b7343deb8ea72170d9c5c9a

SHA256
20c83f6da03c643bfafa1033f9ef9d6ccb2c8607b90b8013075afab3146e3f60

SHA512
99029b8860f8890a2ec4613fa4d441e666d1e144975c610a6869abee9973305bb7cf0bb9485771638fa350d1bb9921ea2a46caa06dafe0142cc530e469737129

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
7ee077d0999114e47ed5e0ac8f91ae4e

SHA1
a90fb4fd38863a7ee0f3157be0dae9e08581c877

SHA256
33fb2206281bd9e6d48801de687f0f9f9f7f60a08e5fe46f91311c218c79ae7f

SHA512
4cc8f10efdfd3589d152d11425a8fa4f772504ff0b2630efddf58c5a6cbd4665bdc40e3e8d605ef643f50aa3fb2d7ce70b50667c32413b81474a48133e494258

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
6013d50ed757f222d103fb551c17c236

SHA1
9dc3c922186d4d90cea415aea5ebc6f168e896db

SHA256
3999f550d50503ec79373d006d08bdb6d26ecf0579af0639097eedf4ab39e302

SHA512
afdd22db850a75c88fc9d60a65ac9e33e5bfe62f152339d582f0c349f7c4f51755694e1385b9c20afa7a44043b22a82f58542b02ce91356ee62386d88b774a8f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_ml.dll

Filesize
30KB

MD5
a05314eef30cce5d1934552a6c09eb2d

SHA1
a8509363de3b61c29d6161695cdb37d00e6ea10a

SHA256
cb626473d63bebde08cea385bddddf5139f7bd2931118a2d03bc1ae70b9a512d

SHA512
1558c0c3d99eec8d2aefc12f019ae9a27e3473a02150b59305d95c47a857ab2d003654c5de719d2ac176ef7844808849e45d6dc41205940a2317acc42bd39702

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB9F9.tmp\msedgeupdateres_mr.dll

Filesize
28KB

MD5
4b65229f164f568aa35fdee0b365212d

SHA1
e37a4dc3165260a21a116d6577610196026077b1

SHA256
62e9e5a91a7fb336729678743ad7c090279555554d70dc8712deb3349cf79086

SHA512
190e1ec723862b255683582a53f0e543ee17f0779003ed506ea405cc26b4504fb3d44697fc17093c1768e672bd5512b345db3929e6a18a520f86f9286d683ca4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
113KB

MD5
c362e29185bf2d59711551bd23bb1ba2

SHA1
97f5b8a7d23632a512fbbd684f020159fb3be942

SHA256
64fb809e4b3cced70a04473d44c31c128093d4f074edf98f9774f9234539fdac

SHA512
98127116b59878d1ef7e0e7e192fe7cf08b2056f159ef41977831a9c7271aaa2dcfb9e8306ac5ed1c4e20c72df00089da75793074d0b84fee1d314603f9f718e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.tmpMZaI76.exe

Filesize
1.5MB

MD5
bef60694a28373cd20f5debf8c938aa1

SHA1
fb04fc410bb4a823d4ac7beff8d73bfcb8702106

SHA256
0cdd5825454130a82fdd7f4ea9f406524b886a6a550be49e39b4d9bb2890d83d

SHA512
891a9eb5da563bf2b678d7c3e1c7262f3a1db753c5d65b95fd2bcd9956120fde4b0305f3cf6ac7e41feedeee2a8d26e2cdcee210720fd81f6e259429feeb44d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.tmpMZaI76.exe

Filesize
1.5MB

MD5
bef60694a28373cd20f5debf8c938aa1

SHA1
fb04fc410bb4a823d4ac7beff8d73bfcb8702106

SHA256
0cdd5825454130a82fdd7f4ea9f406524b886a6a550be49e39b4d9bb2890d83d

SHA512
891a9eb5da563bf2b678d7c3e1c7262f3a1db753c5d65b95fd2bcd9956120fde4b0305f3cf6ac7e41feedeee2a8d26e2cdcee210720fd81f6e259429feeb44d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
9d7fbdd4fd81cc6158c880319c557623

SHA1
d34796c7fc8e0315b568897585e87fe10c679639

SHA256
a91bef5c688befc94924883d9d4af5e0f22926d7146fcd338593a81d50b10b43

SHA512
8bf975641d6f166483333d9ffb65cd4223f6e3840326a655527b9dea6566a1bbcdc6de8fd4e4be23fe484573dd0a7a29bf6b6dd46f3663701baaeba0be61c372

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
aa1320d38c98b484f6f3257792f1a914

SHA1
d2d41368483a154730f9f90d45d8a0eb914915c2

SHA256
c149dfde34ecc8c5cc11b32cd417c734c5a499a639db9efcd44908fe93302cfc

SHA512
8a30a19964e1e3444030ade32a900457ddd3d05a6740cdc23d7beb53694d7c715fd461fc3e2afe19065441fa88f4f7f37b349a77596579fc03d505081c38414e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0a54c97f9603505bf0ffedafc1e7700d

SHA1
3f5e94be135860f0fa19b0812987f607f23016a2

SHA256
774cdffea28dc208d680c73553d936d75b28a60d04694a7ff408101298a72e9d

SHA512
94743fbd82df6d92e5d5d789528878d9f103a95f8189e4537d02cec00c498239ea8c2fb49c4afa65326b9ff5651f6eaf1ea75f503eca11515b708f62a9059eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe593b69.TMP

Filesize
48B

MD5
7d9fdd1beec2ff137f564152b769c696

SHA1
9b9d0ec56810144c54c5f378ebcd0e75bcabd114

SHA256
b381d469e4220df8a3e1b0f7807c0a3f58e9569ea43349f833b4d57fef54f3d6

SHA512
539a490ddd7ffd29e020c501a60bb32a829dedf939618339c1f34756abe598383af826f52f86887057a649adf8a1f887f022cc1b5ad55343c06919f8cf724795

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Preferences

Filesize
5KB

MD5
b527ae61833228242269face0f510268

SHA1
82044b2c6233129679f3bd78dd3a3887f18cf24b

SHA256
8516c257e8281d9fbf0d533837bf3a7edf2d1d40e867b815a99240df4a816323

SHA512
beb0c1414a91ebfd6375d72dc48c40b5540ae02b9afdb7a2e6fe6836909197d223c380d62202af0917e36e8a55937c25ccf1b49116af7def9ab3c8c7d89f0fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\Preferences~RFe598534.TMP

Filesize
5KB

MD5
44152804119cf723c3fe579f1c313a86

SHA1
037bc7d9ccdbb6ec9291db5c26f4bd58c3b716d9

SHA256
321016fba916f55d9a2171f1981c2ce8cf4856f8c8f442eb5b4ad17e659ae7b8

SHA512
30fc3c0556ec467726783c7b022d8e207eef70d8219f7205e1df8432d08a4fe3216a70de56992c59130975f0ea2dcdf54610da0b191063c589d804049326a16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Local State

Filesize
15KB

MD5
728b5b7385361a0753fe27e943cd4f3a

SHA1
c7a034c899440ee02111a2634f227d421b275aa7

SHA256
12fd87d9924b9aae6b0d4752102feabc119b3e5a9d8866560c6733525fe16967

SHA512
0f556011e5161fa39d1a032e9738552cc03e9e51edcd80559460fc7ec55f06b126d099c363cd1bc0db15d6ed0af7dc24ec330448ca2e9722ab5eacc1ec275438

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
a006673565c761ae78d6f54e77805487

SHA1
1db9d7de9209002e32f0f6a6a8072e81f03b9217

SHA256
f513eb934374e13bb080642afc1f8ad83a10de2043cb5eb70c011217b98aab63

SHA512
56ae586b270baa2b7ef4fd7ace809c732ec36d420550017c211fede157cbf63e93abfcef0d147e6f1b533924dcbc72a95c8ecdf7439fa1582980cd54f6a6cbd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
743f0696affa3ee6d705fa8da0bcd709

SHA1
b22f369267849d85fc36c2f47a193f5de01a4ad2

SHA256
9936297e999f7361a40d2bcc78e3c9b2af0eb97e092da9bed2feda7102ff7942

SHA512
83e1eaa485be27ca43908c982d4384f850e5df504f07d3e41160596f7df0aeeace4efa8ac30ae99928a8bfde7e1e28b29995e0f7611f708fae6995128f2c64e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d51d1d2718e3b9eb5651398e61d74327.exe.WebView2\EBWebView\Local State~RFe58d184.TMP

Filesize
930B

MD5
ae1dcd8c46289afd87d61813b43583dd

SHA1
c6e9967a396fe3ae48b8057930fba9da1f703a16

SHA256
6a2eafb4283421236ac62fcbd544294180eb95e069dd0700a725c6acef0b7bfb

SHA512
c82279349f30de85afa308cd2ac9f20afc424111017767c6ed78baa72d252a8891d19a5563ad1359cbf727a83ee06a02a6bdb37f9f89f561fcc5809a9f5e1e75

Download Submit
memory/2148-444-0x00007FFCE3210000-0x00007FFCE3211000-memory.dmp

Filesize
4KB

Download
memory/3556-457-0x00007FFCE3130000-0x00007FFCE3131000-memory.dmp

Filesize
4KB

Download
memory/3556-445-0x00007FFCE4510000-0x00007FFCE4511000-memory.dmp

Filesize
4KB

Download
memory/3912-442-0x00007FFCE3210000-0x00007FFCE3211000-memory.dmp

Filesize
4KB

Download