1416152bd056f841b3de3e41a40c83b8c667fb75308d26d23f6cb7c234dbb928

Analysis

max time kernel
599s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MicrosoftEdgeSetupBeta (1).exe
Size

1.5MB
MD5

f1e4564fa9f70772e3faf831101357b1
SHA1

e64e4d3752f4dbfc41316b26c15f1871ecfe3222
SHA256

1416152bd056f841b3de3e41a40c83b8c667fb75308d26d23f6cb7c234dbb928
SHA512

88e6070eacc18154d1ecada8bb14720a6c2f65855ed3c30d017ca86a1c3313c42f2cdd7f785a36194d7ffb34d2e4fe8134a711d5306b24dec3e816f2208e8150
SSDEEP

24576:bwy53G70SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzU7:Uy53w24gQu3TPZ2psFkiSqwozy

Score

8^/10

adware persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43F137B0-8F4D-463B-AB83-ADEAD4F15096}\ = "Microsoft Edge Beta"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43F137B0-8F4D-463B-AB83-ADEAD4F15096}\Localized Name = "Microsoft Edge Beta"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43F137B0-8F4D-463B-AB83-ADEAD4F15096}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43F137B0-8F4D-463B-AB83-ADEAD4F15096}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{43F137B0-8F4D-463B-AB83-ADEAD4F15096}	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43F137B0-8F4D-463B-AB83-ADEAD4F15096}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\116.0.1938.54\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge-beta"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Edge.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\msedge.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\sv.pak	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1550581766\manifest.json	msedge.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\msedge.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\dual_engine_adapter_x64.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\edge_feedback\camera_mf_trace.wprp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\vccorlib140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\identity_proxy\win11\identity_helper.Sparse.Dev.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\hu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\VisualElements\SmallLogoBeta.png	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1847452138\manifest.json	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\Locales\lo.pak	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_2121460062\hyph-kn.hyb	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Trust Protection Lists\Sigma\Staging	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\pt-PT.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Trust Protection Lists\Sigma\Staging	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\EdgeWebView.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Locales\el.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Locales\sv.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\onramp.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\Locales\da.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\identity_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\vcruntime140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\fr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\identity_proxy\resources.pri	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\msedge.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\bn-IN.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\msedge.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\qu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\msedge.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\vcruntime140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeSetupBeta (1).exe
File created	C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B66C2663-3C1C-4078-8189-261C5F238E3E}\EDGEMITMP_77E3E.tmp\setup.exe	MicrosoftEdge_X64_115.0.1901.203.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\identity_proxy\win10\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-notification-shared\id\strings.json	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\nb.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\sl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\notification_helper.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\psuser_64.dll	MicrosoftEdgeSetupBeta (1).exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\cs.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Locales\nl.pak	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1252073615\Mu\Analytics	msedge.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_2121460062\hyph-et.hyb	msedge.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_is.dll	MicrosoftEdgeSetupBeta (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge Beta\Application\SetupMetrics\20230703133321468_5312.pma	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Trust Protection Lists\Sigma\Entities	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Locales\pt-BR.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\Locales\hu.pak	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-mobile-hub\es\strings.json	msedge.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\psuser.dll	MicrosoftEdgeSetupBeta (1).exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\msedgewebview2.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Locales\th.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Locales\ar.pak	setup.exe

Executes dropped EXE 64 IoCs

pid	Process
448	MicrosoftEdgeUpdate.exe
4260	MicrosoftEdgeUpdate.exe
64	MicrosoftEdgeUpdate.exe
2104	MicrosoftEdgeUpdateComRegisterShell64.exe
436	MicrosoftEdgeUpdateComRegisterShell64.exe
3776	MicrosoftEdgeUpdateComRegisterShell64.exe
4180	MicrosoftEdgeUpdate.exe
4056	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
1308	MicrosoftEdgeUpdate.exe
2704	MicrosoftEdge_X64_116.0.1938.54.exe
1432	setup.exe
1212	setup.exe
4288	setup.exe
948	MicrosoftEdgeUpdate.exe
1164	msedge.exe
768	msedge.exe
3044	msedge.exe
1932	msedge.exe
1192	msedge.exe
1516	msedge.exe
4568	msedge.exe
4160	msedge.exe
3352	msedge.exe
2024	msedge.exe
2892	msedge.exe
4256	msedge.exe
4184	msedge.exe
3020	msedge.exe
4028	msedge.exe
4116	msedge.exe
5128	msedge.exe
5432	msedge.exe
5448	identity_helper.exe
6120	msedge.exe
5312	setup.exe
5348	setup.exe
5432	msedge.exe
5796	msedge.exe
5280	msedge.exe
4988	msedge.exe
4796	msedge.exe
2024	msedge.exe
5664	msedge.exe
5644	msedge.exe
4252	msedge.exe
5948	msedge.exe
5404	MicrosoftEdgeUpdate.exe
1748	MicrosoftEdgeUpdate.exe
5184	msedge.exe
5268	MicrosoftEdge_X64_115.0.1901.203.exe
2716	setup.exe
6088	MicrosoftEdgeUpdate.exe
5664	MicrosoftEdgeUpdate.exe
3016	msedge.exe
4804	MicrosoftEdge_X64_116.0.1938.54.exe
5764	setup.exe
5324	setup.exe
1768	setup.exe
5100	MicrosoftEdgeUpdate.exe
5608	msedge.exe
5508	msedge.exe
2024	msedge.exe
1444	msedge.exe

Loads dropped DLL 64 IoCs

pid	Process
448	MicrosoftEdgeUpdate.exe
4260	MicrosoftEdgeUpdate.exe
64	MicrosoftEdgeUpdate.exe
2104	MicrosoftEdgeUpdateComRegisterShell64.exe
64	MicrosoftEdgeUpdate.exe
436	MicrosoftEdgeUpdateComRegisterShell64.exe
64	MicrosoftEdgeUpdate.exe
3776	MicrosoftEdgeUpdateComRegisterShell64.exe
64	MicrosoftEdgeUpdate.exe
4180	MicrosoftEdgeUpdate.exe
4056	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
4056	MicrosoftEdgeUpdate.exe
1308	MicrosoftEdgeUpdate.exe
948	MicrosoftEdgeUpdate.exe
1164	msedge.exe
768	msedge.exe
1164	msedge.exe
1932	msedge.exe
3044	msedge.exe
1932	msedge.exe
3044	msedge.exe
1164	msedge.exe
1192	msedge.exe
1192	msedge.exe
4160	msedge.exe
3352	msedge.exe
4160	msedge.exe
3352	msedge.exe
4568	msedge.exe
4568	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
2024	msedge.exe
2024	msedge.exe
2892	msedge.exe
2892	msedge.exe
4568	msedge.exe
4256	msedge.exe
4256	msedge.exe
4184	msedge.exe
4184	msedge.exe
2024	msedge.exe
3020	msedge.exe
3020	msedge.exe
2892	msedge.exe
4256	msedge.exe
4184	msedge.exe
3020	msedge.exe
4028	msedge.exe
4028	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
4116	msedge.exe
4116	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
1164	msedge.exe
1164	msedge.exe

Registers COM server for autorun 1 TTPs 52 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\notification_helper.exe"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B89B137F-96AA-4AE2-98C4-6373EAA1EB4D}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\PdfPreview\\PdfPreviewHandler.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\notification_click_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{30413CFB-529F-4DE2-A1E8-28ACDA587650}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{30413CFB-529F-4DE2-A1E8-28ACDA587650}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\116.0.1938.54\\notification_click_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B89B137F-96AA-4AE2-98C4-6373EAA1EB4D}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\116.0.1938.54\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B89B137F-96AA-4AE2-98C4-6373EAA1EB4D}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\116.0.1938.54\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{30413CFB-529F-4DE2-A1E8-28ACDA587650}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\116.0.1938.54\\notification_click_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F795C339-932E-4B24-85B3-C7865BE4C1B9}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\notification_click_helper.exe"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath_beta = "C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge Beta\Application = "1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	wwahost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\116.0.1938.54\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeBMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\msedge.exe,9"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{F795C339-932E-4B24-85B3-C7865BE4C1B9}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\MSEdgePDF	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeBHTML\ = "Microsoft Edge Beta HTML Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{F795C339-932E-4B24-85B3-C7865BE4C1B9}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	wwahost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\AppUserModelId = "MSEdge"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{F795C339-932E-4B24-85B3-C7865BE4C1B9}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeBHTML\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas\command	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeBMHT\shell\runas\ProgrammaticAccessOnly	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeBPDF\Application\AppUserModelId = "MSEdgeBeta"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{F795C339-932E-4B24-85B3-C7865BE4C1B9}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeBHTML\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge Beta\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\Application	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.177.11\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{F795C339-932E-4B24-85B3-C7865BE4C1B9}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8EDF453E-CD8F-4C56-BBA1-AA63266058E5}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\MSEdgeHTM	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0"	MicrosoftEdgeUpdate.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	msedge.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	msedge.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
448	MicrosoftEdgeUpdate.exe
448	MicrosoftEdgeUpdate.exe
4288	setup.exe
4288	setup.exe
448	MicrosoftEdgeUpdate.exe
448	MicrosoftEdgeUpdate.exe
448	MicrosoftEdgeUpdate.exe
448	MicrosoftEdgeUpdate.exe
1356	LocalBridge.exe
1356	LocalBridge.exe
1356	LocalBridge.exe
1356	LocalBridge.exe
1356	LocalBridge.exe
1356	LocalBridge.exe
6024	LocalBridge.exe
6024	LocalBridge.exe
6024	LocalBridge.exe
6024	LocalBridge.exe
6024	LocalBridge.exe
6024	LocalBridge.exe
5664	msedge.exe
5664	msedge.exe
5404	MicrosoftEdgeUpdate.exe
5404	MicrosoftEdgeUpdate.exe
5404	MicrosoftEdgeUpdate.exe
5404	MicrosoftEdgeUpdate.exe
1768	setup.exe
1768	setup.exe
5664	MicrosoftEdgeUpdate.exe
5664	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	448	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	448	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	5512	wwahost.exe
Token: SeDebugPrivilege	5512	wwahost.exe
Token: SeDebugPrivilege	5404	MicrosoftEdgeUpdate.exe
Token: 33	2716	setup.exe
Token: SeIncBasePriorityPrivilege	2716	setup.exe
Token: 33	5764	setup.exe
Token: SeIncBasePriorityPrivilege	5764	setup.exe
Token: SeDebugPrivilege	5664	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1164	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5512	wwahost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 448	3088	MicrosoftEdgeSetupBeta (1).exe	83
PID 3088 wrote to memory of 448	3088	MicrosoftEdgeSetupBeta (1).exe	83
PID 3088 wrote to memory of 448	3088	MicrosoftEdgeSetupBeta (1).exe	83
PID 448 wrote to memory of 4260	448	MicrosoftEdgeUpdate.exe	84
PID 448 wrote to memory of 4260	448	MicrosoftEdgeUpdate.exe	84
PID 448 wrote to memory of 4260	448	MicrosoftEdgeUpdate.exe	84
PID 448 wrote to memory of 64	448	MicrosoftEdgeUpdate.exe	86
PID 448 wrote to memory of 64	448	MicrosoftEdgeUpdate.exe	86
PID 448 wrote to memory of 64	448	MicrosoftEdgeUpdate.exe	86
PID 64 wrote to memory of 2104	64	MicrosoftEdgeUpdate.exe	87
PID 64 wrote to memory of 2104	64	MicrosoftEdgeUpdate.exe	87
PID 64 wrote to memory of 436	64	MicrosoftEdgeUpdate.exe	88
PID 64 wrote to memory of 436	64	MicrosoftEdgeUpdate.exe	88
PID 64 wrote to memory of 3776	64	MicrosoftEdgeUpdate.exe	89
PID 64 wrote to memory of 3776	64	MicrosoftEdgeUpdate.exe	89
PID 448 wrote to memory of 4180	448	MicrosoftEdgeUpdate.exe	91
PID 448 wrote to memory of 4180	448	MicrosoftEdgeUpdate.exe	91
PID 448 wrote to memory of 4180	448	MicrosoftEdgeUpdate.exe	91
PID 448 wrote to memory of 4056	448	MicrosoftEdgeUpdate.exe	92
PID 448 wrote to memory of 4056	448	MicrosoftEdgeUpdate.exe	92
PID 448 wrote to memory of 4056	448	MicrosoftEdgeUpdate.exe	92
PID 4500 wrote to memory of 1308	4500	MicrosoftEdgeUpdate.exe	94
PID 4500 wrote to memory of 1308	4500	MicrosoftEdgeUpdate.exe	94
PID 4500 wrote to memory of 1308	4500	MicrosoftEdgeUpdate.exe	94
PID 4500 wrote to memory of 2704	4500	MicrosoftEdgeUpdate.exe	103
PID 4500 wrote to memory of 2704	4500	MicrosoftEdgeUpdate.exe	103
PID 2704 wrote to memory of 1432	2704	MicrosoftEdge_X64_116.0.1938.54.exe	104
PID 2704 wrote to memory of 1432	2704	MicrosoftEdge_X64_116.0.1938.54.exe	104
PID 1432 wrote to memory of 1212	1432	setup.exe	105
PID 1432 wrote to memory of 1212	1432	setup.exe	105
PID 1432 wrote to memory of 4288	1432	setup.exe	107
PID 1432 wrote to memory of 4288	1432	setup.exe	107
PID 4500 wrote to memory of 948	4500	MicrosoftEdgeUpdate.exe	115
PID 4500 wrote to memory of 948	4500	MicrosoftEdgeUpdate.exe	115
PID 4500 wrote to memory of 948	4500	MicrosoftEdgeUpdate.exe	115
PID 1164 wrote to memory of 768	1164	msedge.exe	118
PID 1164 wrote to memory of 768	1164	msedge.exe	118
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120
PID 1164 wrote to memory of 3044	1164	msedge.exe	120

System policy modification 1 TTPs 5 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetupBeta (1).exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetupBeta (1).exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}&appname=Microsoft%20Edge%20Beta&needsadmin=prefers&lang=zh-cn"
  2⤵
  - Sets file execution options in registry
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:448
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:4260
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:64
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:2104
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:436
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:3776
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzcuMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUVFNjk4NzUtNEEwMS00QUU0LUE2OTYtOEUyRjM2N0ZCRjM0fSIgdXNlcmlkPSJ7NkY0OUVCMEEtQ0QzRS00NDFBLUE1QjMtRUE2RUJCODEwNzA5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezFDMzg0RkU3LUExODUtNEUxQy1BMkNGLUEwOTZGOTFDNkVBMX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBvc19yZWdpb25fbmFtZT0iVVMiIG9zX3JlZ2lvbl9uYXRpb249IjI0NCIgb3NfcmVnaW9uX2RtYT0iMCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTc3LjExIiBsYW5nPSJ6aC1jbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3MDk2MTI4MzEiIGluc3RhbGxfdGltZV9tcz0iOTY5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4180
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}&appname=Microsoft%20Edge%20Beta&needsadmin=prefers&lang=zh-cn" /installsource taggedmi /sessionid "{AEE69875-4A01-4AE4-A696-8E2F367FBF34}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4056

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzcuMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUVFNjk4NzUtNEEwMS00QUU0LUE2OTYtOEUyRjM2N0ZCRjM0fSIgdXNlcmlkPSJ7NkY0OUVCMEEtQ0QzRS00NDFBLUE1QjMtRUE2RUJCODEwNzA5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezdGNDE3QjQ0LTdGOEEtNDMyOS1CNDRDLTJENkY5MEQ2ODBGMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBvc19yZWdpb25fbmFtZT0iVVMiIG9zX3JlZ2lvbl9uYXRpb249IjI0NCIgb3NfcmVnaW9uX2RtYT0iMCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzIxNjQzNjUwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1308
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\MicrosoftEdge_X64_116.0.1938.54.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\MicrosoftEdge_X64_116.0.1938.54.exe" --msedge-beta --verbose-logging --do-not-launch-msedge --system-level --channel=beta
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\EDGEMITMP_78CC9.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\EDGEMITMP_78CC9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\MicrosoftEdge_X64_116.0.1938.54.exe" --msedge-beta --verbose-logging --do-not-launch-msedge --system-level --channel=beta
    3⤵
    - Modifies Installed Components in the registry
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Registers COM server for autorun
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1432
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\EDGEMITMP_78CC9.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A8B30C3-5360-44B9-84B1-AEA488EE7B5C}\EDGEMITMP_78CC9.tmp\setup.exe" --msedge-beta --system-level --verbose-logging --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      PID:1212
  - - C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Installer\setup.exe" --msedge-beta --register-package-identity --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4288
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzcuMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUVFNjk4NzUtNEEwMS00QUU0LUE2OTYtOEUyRjM2N0ZCRjM0fSIgdXNlcmlkPSJ7NkY0OUVCMEEtQ0QzRS00NDFBLUE1QjMtRUE2RUJCODEwNzA5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezU5MEZEQUM0LTI0MjMtNDEwRi04ODUzLTIyQTgzQUE2Q0U2QX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBvc19yZWdpb25fbmFtZT0iVVMiIG9zX3JlZ2lvbl9uYXRpb249IjI0NCIgb3NfcmVnaW9uX2RtYT0iMCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezJDRDhBMDA3LUUxODktNDA5RC1BMkM4LTlBRjRFRjNDNzJBQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjExNi4wLjE5MzguNTQiIGxhbmc9InpoLWNuIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDczOTYxMzI3MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3Mzk5MjU2MjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzM2MTUxMTIzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hZTI1YTUxMi1iNzgzLTQ0NWQtYTBmYS1kMGUxM2U0NmNhNzA_UDE9MTY5MzM5NjgzNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Nd3ZKOERmQ0paVnl1TFFtJTJmTmFJdk15RUZsTENhNllhMjVoRFRXUWY1OGV5dFFCSVVLN3lxekU4ZDZGM1E1YVNzUkdFaWVpZXYwVSUyZnlxTEFlTTd6ZWclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNTI4Njk0NDAiIHRvdGFsPSIxNTI4Njk0NDAiIGRvd25sb2FkX3RpbWVfbXM9Ii00NDAwODk4MTAxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTMzNjQ2MjQxNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNTE0NjI4MTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4MDU2OTgwMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMTQxIiBkb3dubG9hZGVkPSIxNTI4Njk0NDAiIHRvdGFsPSIxNTI4Njk0NDAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ1NDI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:948

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
1⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --from-installer
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1164
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel=beta --annotation=chromium-version=116.0.5845.97 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.54 --initial-client-data=0x17c,0x180,0x184,0x158,0x1bc,0x7ffbf5537240,0x7ffbf5537250,0x7ffbf5537260
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:768
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2164 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=2940 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --first-renderer-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3376 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --instant-process --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3664 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4520 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5576 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5780 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --lang=zh-CN --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5048 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6284 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=zh-CN --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6356 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=zh-CN --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6312 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=7028 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=zh-CN --service-sandbox-type=none --mojo-platform-channel-handle=7028 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=8256 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge-beta --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  PID:5312
- - C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge Beta\Application\116.0.1938.54\Installer\setup.exe" --msedge-beta --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge Beta\Application\master_preferences" --create-shortcuts=1 --install-level=0
    3⤵
    - Executes dropped EXE
    PID:5348
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=7396 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=7848 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=7852 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=zh-CN --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5040 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=7156 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=7120 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2504 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6676 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=2908 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=zh-CN --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4572 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6500 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=7172 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6336 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6280 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5544 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5776 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5560 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6088 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=6084 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=zh-CN --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=2168,i,3699280323124886741,16036684189432932815,262144 /prefetch:8
  2⤵
  PID:4364

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1356

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5512

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:6024

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:216

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5404

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:1748
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B66C2663-3C1C-4078-8189-261C5F238E3E}\MicrosoftEdge_X64_115.0.1901.203.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B66C2663-3C1C-4078-8189-261C5F238E3E}\MicrosoftEdge_X64_115.0.1901.203.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  PID:5268
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B66C2663-3C1C-4078-8189-261C5F238E3E}\EDGEMITMP_77E3E.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B66C2663-3C1C-4078-8189-261C5F238E3E}\EDGEMITMP_77E3E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B66C2663-3C1C-4078-8189-261C5F238E3E}\MicrosoftEdge_X64_115.0.1901.203.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2716
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzcuMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjE0RkE3NzAtNUZGNC00NzdGLTk4OTEtOEUxMjY0NERGOEE2fSIgdXNlcmlkPSJ7NkY0OUVCMEEtQ0QzRS00NDFBLUE1QjMtRUE2RUJCODEwNzA5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2RUU5QzA0MS1GRUFDLTQxODgtODQwNS04Q0JFNkI4Q0Q1NTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtxV0pTeld3UGZkY0xSK1hHSXY2eHJaZmlZT3hoUFUyczFOV21qV2NhRlBnPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMTUuMC4xOTAxLjIwMyIgbGFuZz0iIiBicmFuZD0iRVVXViIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MDYwNzk4MTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzA2NTQ5NjM4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NTYwNzk4MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9jNTg1OGFhMi04ZGI1LTQxNjAtYmJiOS1hNzFmOTFjMTIyYWU_UDE9MTY5MzM5NzEzMSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1kWjJpaElTZERYSkx0Y3JDQ2h3ZllOS1Uyd3UwTWh0SkJ4ZVd6a0NZZ1doWW9uWDRPQ0F4Wll0RGl6dzZLUG9XOHR1MlNYREJ6OWh0UTVPRWlBcnpPUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NTYwNzk4MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2M1ODU4YWEyLThkYjUtNDE2MC1iYmI5LWE3MWY5MWMxMjJhZT9QMT0xNjkzMzk3MTMxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWRaMmloSVNkRFhKTHRjckNDaHdmWU5LVTJ3dTBNaHRKQnhlV3prQ1lnV2hZb25YNE9DQXhaWXREaXp3NktQb1c4dHUyU1hEQno5aHRRNU9FaUFyek9RJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTUxNDE4ODMyIiB0b3RhbD0iMTUxNDE4ODMyIiBkb3dubG9hZF90aW1lX21zPSIxMjQyMiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NTYzOTMyMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODcwNjEyNTk2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDgxNzExMjM0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTg0IiBkb3dubG9hZF90aW1lX21zPSIxNDg0MyIgZG93bmxvYWRlZD0iMTUxNDE4ODMyIiB0b3RhbD0iMTUxNDE4ODMyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIyMTA5NCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  PID:6088

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5664
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\MicrosoftEdge_X64_116.0.1938.54.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\MicrosoftEdge_X64_116.0.1938.54.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  PID:4804
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\EDGEMITMP_C1B09.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\EDGEMITMP_C1B09.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\MicrosoftEdge_X64_116.0.1938.54.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Modifies Installed Components in the registry
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Registers COM server for autorun
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - System policy modification
    PID:5764
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\EDGEMITMP_C1B09.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\EDGEMITMP_C1B09.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Drops file in System32 directory
      Executes dropped EXE
      Modifies data under HKEY_USERS
      PID:5324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1768
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzcuMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjU2NTc1QUUtNjZENC00QjE4LUE2NkUtOUY4M0U4RDQ1OTQzfSIgdXNlcmlkPSJ7NkY0OUVCMEEtQ0QzRS00NDFBLUE1QjMtRUE2RUJCODEwNzA5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFNDNGRTQ5Qi1BOUJGLTQyRkQtQUZBMy0zODYzMEI4NDgzRjd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtxV0pTeld3UGZkY0xSK1hHSXY2eHJaZmlZT3hoUFUyczFOV21qV2NhRlBnPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTc3LjExIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC43NSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI1MSIgcmQ9IjYwMjciIHBpbmdfZnJlc2huZXNzPSJ7MUQzOTEzRUEtQzZBOS00NEMzLThFNTItM0JFNzAwNjI5MURFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjExNi4wLjE5MzguNTQiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzMyODY0NTI4ODgxOTg3MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI3NzQ4NTU5NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4Mjc3OTU0NjkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMDc5NTQ2MzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMyMjAxOTA0NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODUyNjcwNDU2OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEzNTkiIGRvd25sb2FkZWQ9IjE1Mjg2OTQ0MCIgdG90YWw9IjE1Mjg2OTQ0MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMjA0NTMiLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI1MSIgYWQ9Ii0xIiByZD0iNjAyNyIgcGluZ19mcmVzaG5lc3M9Ins3QUY5MkQyNi1FRkFDLTRBMTEtQjAzQi04NUMxQUI1NkIyOUR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezJDRDhBMDA3LUUxODktNDA5RC1BMkM4LTlBRjRFRjNDNzJBQX0iIHZlcnNpb249IjExNi4wLjE5MzguNTQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9InpoLWNuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI1MCIgaW5zdGFsbGRhdGU9IjYwNzYiIGNvaG9ydD0icnJmQDAuMTgiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzMzMjg2NDc5MjYwODc4NjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0FBQ0JGRDIwLTZDNTQtNEUxRC05Qzk4LTE1MUQxOEM3REEyQn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTE1LjAuMTkwMS4yMDMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkVVV1YiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjA3NiIgY29ob3J0PSJycmZAMC41OCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezc4N0Y4MDdGLUVGOEMtNEU5QS1BREUwLUExREE4Mzg3Nzk2NH0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.203\Installer\setup.exe

Filesize
3.5MB

MD5
c7645f29dd120d88267e5086790d0833

SHA1
7157d3406cb0aa4add402db04ac11d64e9fa21ad

SHA256
04f0c327aca916474cc9462dacc2aa519ddc2f7113673ffc16d7d2d2e25ae3cd

SHA512
e7188b8dc1f58e5b980c13c80b4e50a3b49edcdf9053fcdf84d521726253b93832bdb1b667e477bd51be9aab1e0e62f751af59d9651a401da8277fa8a05e0a23

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\116.0.1938.54\Installer\setup.exe

Filesize
3.5MB

MD5
046791ee4e5819c009afab52e66e1b66

SHA1
f6455ceab1dcc7fbca69e13f0875efebae511715

SHA256
1002d054461740f0e900aae1b8f34c427886dcd0d480ba9cefa7b0321f336b76

SHA512
8fc80ab0dd200255ecf9e26d807f77b470c1f0fcd21b1ec217df70ccada88dd4172791e246631ad8da8e5c706fdc071411a6e08f1fda1aa1c87a8e7cabc7fcea

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{2CD8A007-E189-409D-A2C8-9AF4EF3C72AA}\116.0.1938.54\MicrosoftEdge_X64_116.0.1938.54.exe

Filesize
145.8MB

MD5
eabad48069a5f9982bece7fcb24047ed

SHA1
ec202fe32d4e11a48fc2e153e839694568dd154e

SHA256
c6eb3b7db2bae472fd65d068e3c6b6b25c5927bb9fd350ac7f707ff51cfe84b8

SHA512
353096cb65431f05684db43a2d15ae5ad0798189f0aca4979fca7b45638c3558120e2a46f22756de60cd57410acfb3d4eb69c12829d64ece1ad9ab6634208579

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\115.0.1901.203\MicrosoftEdge_X64_115.0.1901.203.exe

Filesize
144.4MB

MD5
d570ce7edf851d97067aacc7a08dfc58

SHA1
097172f7663696c768299d2f956740497b647adb

SHA256
52695a998c0aabd5ef2e39b05ec27073a44a3e0efc65eed1bd252f92e9f2c0e1

SHA512
f6125052f959dd485a361b634b588e178cf46fe4b8ecbd417b4e07affa30b849c09764b570bca16860dadce38e9b1e98c1b2a7c4574fb2bcfc9b36d23f9232f4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F67ECF4-ED05-4319-BF44-36640335D4E3}\EDGEMITMP_C1B09.tmp\SETUP.EX_

Filesize
1.5MB

MD5
7dc0dad54f0fa4c8e01102c230b7297f

SHA1
87ed21f85999ddb615377a370cbc47742336885d

SHA256
a0aaa95cb9c536472fc4de02794a10c2cce04f1af7f6b54319252e4361aea016

SHA512
51f462cd89559ece20319071e6d4b12f54b70cc7bac2bb041cea3a863ab9a2e051247d2f9d47b20ed958047dd2200102b0199606c8b5bce14f95d22d021f5f8f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
d182a0d12ca3a95fe1f2f5134861ae1b

SHA1
0c5f3e8a767a2b5ab7510d6139f47336e333e906

SHA256
14ba66344ddd4816d823d5ecc97bf94da5d441299401e8955f44b1df7969be06

SHA512
ab33ae1e3684c40b1a1d801d8b0ad8e0d624c9b3db60945a0c30a3efa02a2d69d284620859421407c9891db0fab4c4c57ece10b22b7b801dcb34ccd6f4ea2f12

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ddda5568-5d75-4f1e-9827-cb020a85b872.tmp

Filesize
528B

MD5
35c766307f0cba26a87e4cc28c0c9445

SHA1
27f50c457db76641ed9a707e9ec33ba557dfcd72

SHA256
dc005dbbb3c84044357cbc45174986a5f5ab6cae0e8e638917803ff65ec52675

SHA512
648c029cdbd16afd0203b9bb0b6ffb1fad5c403092acc151afc8d10fdf5b0efe80fe01a7338b12690201f7b26905dd3cbcc9c90832fdf577e3c79545a19f8588

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
e8ea60c751cb76dbfd27190759b40b70

SHA1
6d27b973a4f93f509dbff46ecf9e2413f027485d

SHA256
81288d80d8909c98650c37057135e9a6f06df9dc44002a0dd043bc407d541413

SHA512
a19bdcaf87a42d30b407b47f955cfb539d479fb0d0f8a72e37bf97a19b5305d9423f11875789dc18f041be320638475f68157c38ba151ccfe87102512d65abde

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
d182a0d12ca3a95fe1f2f5134861ae1b

SHA1
0c5f3e8a767a2b5ab7510d6139f47336e333e906

SHA256
14ba66344ddd4816d823d5ecc97bf94da5d441299401e8955f44b1df7969be06

SHA512
ab33ae1e3684c40b1a1d801d8b0ad8e0d624c9b3db60945a0c30a3efa02a2d69d284620859421407c9891db0fab4c4c57ece10b22b7b801dcb34ccd6f4ea2f12

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
d182a0d12ca3a95fe1f2f5134861ae1b

SHA1
0c5f3e8a767a2b5ab7510d6139f47336e333e906

SHA256
14ba66344ddd4816d823d5ecc97bf94da5d441299401e8955f44b1df7969be06

SHA512
ab33ae1e3684c40b1a1d801d8b0ad8e0d624c9b3db60945a0c30a3efa02a2d69d284620859421407c9891db0fab4c4c57ece10b22b7b801dcb34ccd6f4ea2f12

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
aa40483e78012d125b1b9d2fc64ee27c

SHA1
0a00181082545626eb5644cac1cdb78904e476b0

SHA256
2570f92864ae626cac90f2192c1a5143cdec5fdf65c9638f4bce842b9fb3ea34

SHA512
462545b3a69b14464234db3765ecfa4aea5581cf4b4e501bb2fb26e9bea047fe0b40bf2951df16c50b4f7443409af94a247a2013e1855b04fe801ff7a55864b4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
7daa5566b4fb35bf1561ba78a8e14b39

SHA1
fed2634cd5e3a7e725c888d7a3eb112f3946d95f

SHA256
eb0763b1876ae8b21b35dd8c132aecb94ac811983623ecd47902b8d938c85a3f

SHA512
7f3ec67b5e9e9a35e6efe715ef9810a71e5b64c39d8ad87f6d322960103b45c37a3b4c20a26d2fcc1072fad4dd7c4e0dfd3a5fd8dccf96cf1a58d361b2913a44

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
c22f37ef0b285b63962ddf7e062ae29f

SHA1
ef9598d7b2ce54bd3ea4706ee863962d2cf272f6

SHA256
475f414a874da59ce0822f583d503edec46ac8583b6e6a0f64710f5ca2528594

SHA512
4c95c6e5439215c2c8cdb4db45de0631af4c2ab9ec25a4e0a495298cc6363d47000a454d1e6b79f503e4e76402a63ea3d90ce16c179c923f9d8a9b09e77f1564

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
c22f37ef0b285b63962ddf7e062ae29f

SHA1
ef9598d7b2ce54bd3ea4706ee863962d2cf272f6

SHA256
475f414a874da59ce0822f583d503edec46ac8583b6e6a0f64710f5ca2528594

SHA512
4c95c6e5439215c2c8cdb4db45de0631af4c2ab9ec25a4e0a495298cc6363d47000a454d1e6b79f503e4e76402a63ea3d90ce16c179c923f9d8a9b09e77f1564

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
7e7c7d6e53d9bf68989f59ba50fdd5e7

SHA1
a511c567b396fa80f5fb8ffeebb8b5a640675e91

SHA256
7776fc6e6f3c14abedb7748a84906c06cec4a64e195770e8572269464cf9470e

SHA512
96a306b3d7b8e5350bc480fc58d9080e4de925ab6f25646f710c1d332da3aa4330e1e7a277c4cd0048d7455cbc1cb773475eb799b1b8fc48c6c04ffb2b6445f1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
82b41fa81fa193c8bbd8c0afb93f3933

SHA1
2303e5b48d3c68218800f19ebd84478a2efdd7fb

SHA256
d08d65dd7d7719726ada64ffadb4c32eb3f54b3f1019a2770dd38fd8833f6a54

SHA512
f431e3e5b73fc1d589afc240c519675fea566d6a25c5c24d8129f5fdd963991a6fc602d016ef0e76cb2e696a41b505e439662dd58dd8382df148af422eded95a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
a8af64b5c408accaaa64869eaa78e761

SHA1
42a7c882ba21223ceab800336680c4959a936698

SHA256
798b0447fd031629d21a4e91646e2f10aa4bd9896bf09648057e94c2ba8354f6

SHA512
b7288c5b80ec5e08753860ca243515209ac8425e356f66226013fd0e13bf8b410b03114ee204f7f5fce5e167318ae6034b1f5abd9fa8c14eaefcbef66fc977c2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
c2a62879368c5de5370926c1bbc70de0

SHA1
a58b29fd67d6d3cd222f543e3e7636de1f18a22b

SHA256
07b42eed4cc3839cfe5e61ce8de52a6eb40eb144004c17a37adf1ebc0ff824d2

SHA512
ff2b2340ef03e2f452c61a25e87b5d1fe509f456844ed04f819a4c732aeab191ac9bb57f4ca90432998e348a5e59ad3ff39139dcb662e8adb972939db92cb3ff

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
335a166de6bbc3ec8a2f35c0f5d545ca

SHA1
8d749f9df5687f714dfe518d10c2ee4240ddea89

SHA256
26f21e6c6d3cbe790d5aa8cb64c4e0fce48d5298e038070adecbdef27d475986

SHA512
1659ececfc44a4ae4702add2171a0aa080b62566106e74271c666bb09137cdca8bed749561b1e97bce961cc703b7fd1239d1e61234797c164f4606eb51b37929

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
a0815114318c08ec4995cee251d70b37

SHA1
9bf9ce1f96193c449de016e27bf517a06b95ec86

SHA256
cf87d5bba4e91365aff397ebafc355a7f6b2ebcd2eb3b4b1bbf1fea47ae7fc95

SHA512
8bf25ee314674d2e9aee8baee3d95cb10851f58b51bf69c31160ff5ed2d2d23d1e637c361ee00658618f77ca99927622419b16bdc18b69bb7a933232faff9d56

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
37d708de5bdf34edb14af4f17a6b0bc2

SHA1
0b4e4868b1e3401cf92270d328ab56198c5f013e

SHA256
cdfeb6a2cc0574ff1ac249f172345918b4a23adf4db90de77dd4fafd3a6bfcfe

SHA512
6447e15e3f4a88229d8e7d20ac136bdd73501c9a4cb6d6ab918ee9ebe4897c2999852420b5fe671a1d8e0805ce4f0456090433f3d77845914a495fbf1363827a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
9020517f7453d95dfda34c9088109ee3

SHA1
b7a79b66d7353534735eca32a6adcf389504ce3a

SHA256
18618ff34a95f10e2c43a1eb62ac3c52e6967f280bf3041213b643af6d29d81d

SHA512
374ac39064c608b79eda53dd6df2c68c891f0ee9a1b8850bed4d76b840facf92affde9c8386c7b564d5f9338d9f226ded0c5c9acca1c78ddfd1407cce7d5700c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
f505b968de43e98370617e3fd7c4e054

SHA1
3585be337f8cfd76786518be983be156231532be

SHA256
d5626b32ff17633d555204c9b23acde3ae08b0345e9a00e3bb6ff50a4f904624

SHA512
0d7a16c1e5eed1004c88d5caf80bde39a0c4260be2a7d29952786b47ef94a08bead428a231225f1038e5d397f4a14421860a5de76575b5b214e914340e1f0b8d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
cd82f83dd5f184daadff660610120254

SHA1
4e85cd1758107662456a1971a9fbb8f234d04e23

SHA256
29b7a6b8bfea1570842e12e1b63506501e1fbcc557f39afa083d0e66bcdff5a6

SHA512
686d842eb67e019880052fd5730429d5a0e9a912cc15b1d30a7ed0b09662cd7672043c96795e45815efbbd2af785724f589198fa3e7d6b88dbb40f76e600b54a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
f4ce012e34fef84068de3b61702d4919

SHA1
7a264832315d8477249bacda46a228efe4ec814f

SHA256
851a7d72b024f73a488a8fafc72ade8f4235681ca32414bcf065f916ec7a0c2d

SHA512
c7de958484cbd8f9159347037201693e6c6642fc00388d41aa678931bc4c4f8dc2d7356bd351a04ba205259784cc87b373e9bbfec38ece65cd2a6b5569ced095

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
feb87f329f2ac2bf8a68f150b41fbd50

SHA1
2ecd10c1619850317a37eb0b09bd4d4f15cf79c6

SHA256
bfcf60e3836802ff04a8800729bc6fe720912611e103683a158fc901b1d60aa4

SHA512
80c219c419f2f496dec2212f80d025d4f4da7b8e7eb87a36b7db833735fcc4dc5d6ace52ff80a7e94702696f17f44421312f59bd7f3153681ecb436c22e98f7a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
1602043007f18f1ec08b62a76037f1ad

SHA1
8b52948fd53b55a6d16163aeebeaee98a5145311

SHA256
69da0aac62ae0b9e027c08baa878c49d5bbcaa51689dffd7b23fd14ed237f2a3

SHA512
3dbdd26a1d65d0f666322a5d06bf09615e0d63fbac57c62b3a19b952b2d8204a64dac70d0322446c0fb18095ec1fd28f3492d1281ed77dcb466a843b95e7e9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d914a4aa41a3af01f95d657a2a5641dc

SHA1
65f74f3497ba8cc62bc81246d3ad2b31ca329b10

SHA256
0195c8bfe14255fb5de12965737845a89bf39698004757e84bd58302b8fb7548

SHA512
5f394ba7ed913da81e3eac053a4220749dc16706562b744a7fc17e6ebab4d1dc0f087579889491543037c00bb46ba672ca3149ba6e9d62b4e2ac6d78f0f84356

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
02d70b1466e7ea07ebdcc1130b60c341

SHA1
8f82df233de701642dd00793429cdbf2c23864a6

SHA256
204384ea774572e0e22c9d0807c7ef2baf2bbae4c784bb62c527cae8399a9d4a

SHA512
5ea899c84aad45f77a28cc879e97d29faf2753ad1601f43658228ebe88dc8881008bb5cb3c30cae2fc06c189c670dee465b5daf1506a12055a4bb3e2cb274baf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
0024dddbabb27865e546a20ae9477529

SHA1
f051a3de42ccc2f4e0f1b27d19e6661908741325

SHA256
0a86740ff14a4d20389a0f5e929f020eeb423f3fdc62a78c4ff5f232acc26c27

SHA512
59ce581fd33d575d11a78396823d74f47623040698c6e2ba2a1fc4af06275cbfae22f9c9ec0942aaf41744c8ad40a44b736c712fda2286b40519063f27a9fdc6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
5f7d01e99d2c5123ff88a818659115d4

SHA1
0037e1d806145815241c140cfaf89965573a1350

SHA256
704cae14acfafad4459fe7f6a029297f0c01c7e64d9244043c0497554a04020c

SHA512
d01707243b8f12a48055ac384489f623c03d5ba28536900ca211810d8ec63ee2e2a8cb9d4dcd492835413addc962b7744d59710aa16fb2d850d4164ea349b5d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
3ba56c8fa89e5f66323ef47861af55ad

SHA1
2b4931cac944d06133ad5ecbf5f28296e0330631

SHA256
9bf804c655057b03f356c9b513621186ab80a3595fd44784b79babf3ed9d919b

SHA512
4aaeebf7031891f18dc28547c67df47d773952abbe38c04a723f840c75c78439f1d8f430f56a343d0592147b5d113d91348ae17c7effa331c8dbedee902916c1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
5df1d5be439bf19de819ac877b799de8

SHA1
07d219fafd493deda0bacb1c7cf37b64bb1f3941

SHA256
eeaa93350e2409d651cde7d4522bd709add40180efea4af3e403960db224d819

SHA512
035c365d8e1f1987eac3ff58d300d34dc590421b4589ce710aaa5ca813310570de16560f1b5b58a87267285006d698ad3215c6aed3de7ec76547d94f331f1ee4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
23c7ab948ba12238aa93cf0b405d1a77

SHA1
23d0f928dedf3be436bc4358e93306878b78d253

SHA256
97684bb63d9fe68b6d9d1c085e88cafad075113a0c931b26779c76737e5db880

SHA512
271770d77e209826976026d3b94362693f858cafe07ab45506ebee11c4e3faf188b6033960f84a5f0d531905eef980347c9ae3835cff3ea25bdc9478dbad4e44

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
2e9dcc805e1d6720f5763ef4d545ecfd

SHA1
6d6c64d940be5a6d229e085ad182aa83834ccd6c

SHA256
63beb8c3988552fbccb6b2fffd700b04d4c372ed9a6fbd027cd7a945bc2c8206

SHA512
d53e06b43ed129cffa3e9e1eab577fffc0304057efab3ba1aeede2059ac6dd7ebbe3ed863d18755634d81b6f80d335152dccecd89320c3918c2681cf3876de33

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
4f3f51be14cce78b1b63f0f1f80a7be1

SHA1
f21bf36af1684a46cb21d29734c0268b210ab4a3

SHA256
5743dc880e17b805d314cbdc589fb6f7364775223cb02e8b2d924149f72dcdb3

SHA512
544844b979eeb45eefc86fc98a6240c984cd847a7f4b23485ff57fbf5cc636aa15efc873b37798ad3ea93168d74c922db05b100838c4d7acf27a19b36b5c9873

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
e48ba41c089c7b9ac47da4a9d0bace50

SHA1
55735651a0b8a2297baeeff80a0a927306abad62

SHA256
94a8e0e9b041ab620e29a04e03775a2dd144ab2b7457a05ecf805fff2518cd9f

SHA512
aee8c24cc6356d3a4c33d4d359b94431631bb4b18229ef913f437b672051b3fb1bb7f339b094e2f5192819bf9cc91c3cc2c9f83ac9cc4120b4fa63a03906c251

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
f9da7b28f81534331d7c37bfbb4ff5f4

SHA1
53bffafc71415dd4e8c8b0c9104e71017c4ac8ed

SHA256
6f5b53b2837801e948d6332d3810a34c1496066c31a2c2f1806158f7aaa5de21

SHA512
b9359d9ab78c1bebae7f9f7bfc6c98e8630a89152f76a2c8f646ae14bc2c022caa0bf2621edd334d818ff564e84c7110a8d3f6a4a54ac0d9c800dc7b4f0f13c8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
ee2246d36389a930eff63b21aa5d8433

SHA1
3e25e794673b1ea2876b56c893f704cee524fe9c

SHA256
f52d73c5f8010aa95fe18971799f071f0487fc4162ee634d8ef059870279ab6d

SHA512
227e0b2cd4bf129259f7b37e9bee7f110ac738da28fe07d02e75f2d847505f227fda096664f17631a45991ede8a78abd63ba3be46df8de7389b3ff84c6aae921

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
6eb2fcd0bb91b8cb3453b561687eb223

SHA1
d7ab9918434e24e3f5482627c72f0e47c28fcf1e

SHA256
a1c04b8c84a0ca0ede89e211c1910edbc6cfb590b32de8c240337a998b38344d

SHA512
02cdf2e11819081758bc1256a9dc61968c93f752e863bb6fc23da8363fc6c7f631bdd2d47f9758a1062d14e7fc64308fb3a685dc6a985412c2e50b32be10282a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
1777cdd258e11756f4a888b0fca263d8

SHA1
719ad769c8d25959ff261875ce9fd3c48c3c18ea

SHA256
6f8f2eb0becb6ab09602617b349ade01618e65764ce0243a7399d4bc0afaef1a

SHA512
d6b0f0ed5e07ad2dfb60376e6e97e6ede2b3db1a720a04dc0b01fac967508889b50439d628395325f48079639f224b01b895a3ed6fd5f8ad5532b889a9f6642b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
d90280520f1c86acc25138facd83a149

SHA1
5c0944038db678031045897fdcce6e401804ad3a

SHA256
98c263b8acc2627ef7ebf3d96df5368c91d629608e1b4d85d90b3edc2996b9f5

SHA512
c8f86c1c46a376fc6ce7212cdf9f3f77383938046d576c3d1e86230fabcee4b438aef8167db5864a4e6e0b8c50bc503e62903dffffeab816da5b5882debb8cfa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
6fd41a5fff477bd4a2bfc1290d2c8d9c

SHA1
821474bb151388c4e4967d45db2b0df539591da4

SHA256
5f9bf043a4b4131f854d03ffeaf0f233834849fe0f57817e5aa337eafb7b6d76

SHA512
fb2cb0e7963e0712013a526f54e7372e0b21b2845f11febe5e4b20886fe44f5b783a5be1fec30db6e7f961e7f4db2a12327bdfe4a26b86df43945fefe2220934

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
6c82e8a3cb8a53d0c7d4f24d84c98252

SHA1
feaef8b4f10208021c73e218941e8a7e9902235d

SHA256
8f0d75b7e06581f37245a3399fee1a42ff694aa9ef7bc7ead0aa4f85828b8d2a

SHA512
ca3aa6f52f98c3f212ba66b4f95a4a27838e6e33863adad62e55f6ab50a9d44709d8b29e4499e05153e5643de5fb2958b10464d9f9f67b7b9d95d6469be65d36

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
a57cd409e66c1b35fb1bc7deffe9da75

SHA1
dfd92e5ee807dc68d5edaf7597fa3ced633f679c

SHA256
d12672fc01f64f02185d20a42c8722306b8e873db5953602482e02bde5859bde

SHA512
11bf34d36406d52ccbcefb55383b28072677f0bd5a6c17c4ee6747529c7965fb9e490200d67b46b65e6a9eff9927eb83e67ecaf8e2bf0cd5b22a64d728886535

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
19fb56d6856028bc41c4eb5efeed894c

SHA1
a5cd47c8b2bb75fd965c35976778808463c9d329

SHA256
af3a42b689ddca063d94d369fe2ca297b09ef6cbd7bfcc20dd0577de501da09c

SHA512
d99391ad790f40645080d06665a67f3d63adc1668c4aae0101310f608f5fc880366ffe72e367503aa114fc1b0a29dfd64abfbfee2e67a1a15a2a3f9469a19db8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
99a8c763d7100882dfe6a7cecb43abd0

SHA1
36d0fb25e5f7f4462c39cc5c8ef53cdab60fb830

SHA256
c8d38530ed5a4afd2c00956beaaf80f61a593e20f0bb7c884c6eb002c3ffa79a

SHA512
847b42d75891f40da878fa9df11349072113d05999ecb1c1d978f525743767c4b9b17028b8b45919f72cac77cc4e13d575e355564dd766b411ac3bc9165a558a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
dd59b2df0abac83f1a8fd2748efe6d0e

SHA1
881a8de4a1dbeeccc289c439f16984de4b3d6341

SHA256
1227f2b64d103754698e6147f4bf3b3f8bbd1b3eb7cc88649f5bfe94c62187cf

SHA512
96e98582c37f2d61d532c5e62603fd535cafd6634d16ec7e6b57a097ff35fe3a93ebfb5b62eada2976ea641bfbdda7fac8ae6e15620a550f6f336cb3f034f2d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
51b390000c80a39ec36c0eae17c79f83

SHA1
6175e0293a2d73ad81f220b856a3f1a3f1c950e3

SHA256
ce0a0d991b45191fa63dfa408848e4e490ce41862c86a626dd307e5d08ab7910

SHA512
e4f40a6afe8d2ccf058de8f51e31d2710d3c79fb6cbdd816d2703d4954c02bd9bd7cc56e6bfa9fba179a9c5c9fcd4d6d7ad0625700bdfb0e92f3955f453ec186

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
c82640ab7f677a8862282e66c1b424a2

SHA1
877c1db835f0a02e65b964194bdcaaedeb13b274

SHA256
a163317c9a53bd0a027e72a0ceb2eadbe1b448170d062cb1b270e36e73bb7e6b

SHA512
a3e7adac2271db80f85930be1ae201c781f1d3043f219462f7849a589ac3f819e0d56b272bf7223cecad44cad7d80155ba193e9948f5a9926e9260bc9c55867c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
e2d682270587730b5e8179894da378d4

SHA1
239a559dfa4f97fffd91415f5e4071686a328874

SHA256
5aef8facb2d692ff4b93269f62db834124b9640d0d1fd3038c69f85984784db4

SHA512
f1d4c0bb43e6f83367130db508e9f53966f0ebb267a67523cfed87a7e4c0ab3bc9001728b14173afc214fd809da91d8f725ab18aa72f496216623e4c7dfdb061

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
303536bed4f505f4e9e19de1a64dbf08

SHA1
1eb3c7223abd753dccbf940f19d9abfc39b3fe52

SHA256
1aa985ce9bbe295ae9c51612eb6b34c8e1bcd5b06bf3bb1699551c90ff9ad4eb

SHA512
6a8ce7c9c7da019e154274948cbab45d57d0586c25991cc940ba2dd7e24fe940add1884a5e7735d97de40d169ba92450f7b2d1af1ff53d4e44ba99367707854b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
0960d060fe9847963781235847fb708e

SHA1
7a27db167f6cb6a5a731b4ffd11a1148e7cf6604

SHA256
2d7be263302f6661bd4a79a9e9e33eeac35f0e4e031a31955053116d9113899d

SHA512
87ecb46c218d370b521afe18be96a7ead2746b62f9ecd861a839300cb19b7a53c47606e5b3293b073be40f73e2b9761c8b0e0a8c19140f093f2e3794c089f80b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
a02323364f16e811707747d7e835dcf4

SHA1
fcfcce3aa87c22dd2b0cf2e6c01a755c82ff43d3

SHA256
8c82ee1be3a0be96e17b35dcab246d235a1c46465eb16f6e13f56a159cce13ee

SHA512
e9acbd43cf09445850d1c2c150d125f4d8edaabe9f1de2a0d2874e29f51fce4e3a2dbd9eb0fad3f9c19042a3939f771bd63bf9debb31a8b08a124fb22f51667e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
e01418a5c79a7dd7f1375f9002cbd097

SHA1
ba9f1545105849ba4d1cf749eed81b388c925770

SHA256
3e2646eacee8c4fa1f6b88e3a77f1bd155495342bfa490de2e4863dff24dbf6d

SHA512
81b4ab0024b9c7bc74e999e50792397ddb30dc6eca8f56d4e0582ffd29b43282246e594ee6074b8cb3146f9ae120f2b0e12f887da1d1c041ea36d095e68456c2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
9eaef3d3a50f0e260195969d93de316a

SHA1
630dae1fa832e1fb1b3ff2e7bc6156ee9e2223a4

SHA256
a7ae105e66d96d075e373dfb00d1de8cb1f877510d8266976dcd55a04dd2bb1e

SHA512
ef33dc166f7ef22520924f7d86ee74fc9c8fa29d92ff8cbbf18619d18a248a61d87df6a3e78e3895083b434bb9792a807dda20383bdc8ea9c0f0bc21189872f4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
2722d4c40919a58e76cbfcd38872a7ad

SHA1
2664c12450d899a3a493c720ce3cae9f10f4e92f

SHA256
387f6d2ada610411c68d7961f9fff12fb85a33110b26d596d1385997c717831b

SHA512
52c11089a5640e02d04a20dc633d1a252b77e7f4bb1c1aae5e92be9df2b36834b76eeacf770f4c5ca4b804fc69757415b97d661cb405e93b556052e1fc43bc84

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
2d2cafad73f74db3d3c63a6b0aa4e453

SHA1
40c5c4001ed2b14a091684dec45798fa3219cb97

SHA256
62c111062a878e4e3d2faf34c3e2c22e5c35213dd4e0a994c01e617ccabc330b

SHA512
a5f1606731a409574e1e7857ef97924b40e4899a2efdf9d7ce369ee8426b14ee91f37437ebb95b8d2823a3e5eceb3cd141e8a255898fe9c7cf547507683eda73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
23e0da8888e972c1e70338d65dfc68dd

SHA1
142d4691d4ee8b13a2fda8a7056a293994cc5386

SHA256
63f08c5656e4c5638a8946ef794b0e145a67fcbc2ff1736ea8afdd37f136cdd2

SHA512
758fb07109b0d6085c2490fca136ffa7b87ee41d73746a823c3d7116eb52ad775f07d6d3cb155c6acbcad5602ee404ac84fa1d7d73e4caad9c094a71870f888d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
3ce4cd98e9e3132a0bebf6391a16a5db

SHA1
3cffc53fe5313e0218cf2a50e6044f5bcdf10de9

SHA256
cb19888759f3ee909c633bc877f01c687f35f761f416227dcdbcbd56d6468d61

SHA512
cfe270a550eba335a219a630dcbd381b677386ed18b7a70b0d527d91e055e3616c859b07e5f2c9bb69463c2f93ae6bf8d6381c18a8fec742ad450ee5700ab944

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
08efa0cdc78e900fd1a0e1290f367e1f

SHA1
0f7e76ad7a28af3741f3a55989593d1db6f207c4

SHA256
30b533be0280b69df4725f76a4f759272d38fa935ca13a17dfe8e929ecf43a71

SHA512
6161bc3a616a78be1771b6ceaa41a71289f3735820812998b9dd3a0517d08a38ba29b2ee1eddf5b9997074338d160ebcc383b6f60a9338ca24f8ed2ecd2106a3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_lt.dll

Filesize
27KB

MD5
ad459530f11bd85fe5dc334047cf5a74

SHA1
4a7f8eb91598f2188d792cd0023c8d8cbfa8bc10

SHA256
5d31f9b5e8445edd4b3df3f76b53a4f68f28bdc98adae9fdab2547a9bcf0b799

SHA512
a4cfd5d54b09057970fc1d8f6cbe98e474c9ca65947a6291ec616c4e36fd6966519592a20dfdf9231f592903c2ab3e18241c5eaef46de0d30bd9265dfbb54517

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_lv.dll

Filesize
28KB

MD5
c664d18cd9c535af31de24c9de11f7b0

SHA1
ddcdf20e422ddebab05e9f80e5001fc322e47bc8

SHA256
c7b3fc413e800bf87c06b5659d61fa72fc6586ba066b7defeb7bff61ebbe92ef

SHA512
2d8a7806adb47c5ff87bb03e16c36e079b326c92a790f75f520ce78a3bae796e7dbd86c25e31a2b085494a1e74457d2a63adc30ddf38e210e6389b521bc4ff04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
332e811a1ae47d40a7f1d7b33a9fe760

SHA1
a68f75f2f0b34c81c23b855d5e2af7f044bcf585

SHA256
aa044619f8d59dafe96e1d0be22cc893f2c087d1bbf7abfdc0a940922872961f

SHA512
2c296aad2f00bc5beae9eaf9cbc8b939b665f3e9aec20344ae5086e171e0c958980c7b8332d1e1df3921b7b5fb58bdb940acd61de4d448ffaa626707c56cf92f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
181be7f83d0a1059fba6075c23084858

SHA1
13914064e2b49edf23b376b1d0dabb130d4ee6fd

SHA256
60b83ea81bd9430c38f0cfaef2cca5c994e94b93b20ec76256d6e86ea1ae691b

SHA512
6716203a287e2cec0322062f08a724f8e631ced28c1a6eebe2af8f7fc960ee4468bb283c42cf484ec6929be2bec307f7ef38cf566e628d06d7597afdbac204be

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ml.dll

Filesize
30KB

MD5
e80b128c6d4080998a6ca9a12d9130f6

SHA1
701f326b573618eadd3cd0fe08c49573ec26e94c

SHA256
15efde4422c5185a87002de260f8ec366ecbe2c217c22ec38ddfa8531ac32bb9

SHA512
ab7ad11a1b81a67da1b051e500a634f132a4ea31bf8ef7fe524c9e4404b7023120bb59396813a620519b25dbf60f9cab212a8d84174afab9c16ad4d6ea4ae624

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_mr.dll

Filesize
28KB

MD5
da6ae227cf86926017fd1fd0ae429ebc

SHA1
cda4b38eacbedd56b0cf5e38f389eebb345b64eb

SHA256
0e7c52568d9d6ceec12397eaae6f68b42a3fe611d9ce033ea7b72e73378b90ae

SHA512
1c2a72c92a1f65b1f546dc46b2feab1d02213cd88f0eeb61a9fc5065f9724ecbd951104951c717fd0ecdbfbb8bf687752e2230a42c614ab5e11157216abb2c70

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_ms.dll

Filesize
28KB

MD5
edda549a956f2398c12a86af4838a45c

SHA1
6f771432a102f46e94cff45236c36e70a6517b94

SHA256
170453b4b7de66d658cd57cf2db25ab7bff085a92711036d1a00645eefeb5319

SHA512
ff1f4d325810fb7892858c4a24112f1ed25b66fe7d0a25e4927b97bf09fcf110b44a8303789fe78fc410daefe06aa5f139cd09e3e7817a092c59252b21eec23b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6C75.tmp\msedgeupdateres_zh-cn.dll

Filesize
21KB

MD5
1e1383e66eb81ac71bbff0c0ba4c5225

SHA1
ada53c3a97b1144f955ea29db8a89900f0320b83

SHA256
baed78545b0f179e0029c9930f237146821193dc4718078badf6583b1576717b

SHA512
fcc2bce890a620bfcf1e4ca92e7d910c4ee249808d3b73fd8a2ad1f9959017b59843e82f936d67aa3329fd2ba650b43a1c07788a6dd7811e9a96d0d02a745aac

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1252073615\manifest.json

Filesize
132B

MD5
e7d5038d362bb1256b6164d60df4ccff

SHA1
9a181dc4a4ef15da84ddc28e784d20fad2b6e928

SHA256
65a73e5184c572f25bec7a62b11f906159876d2a2fa023e868a3bca213acfa03

SHA512
244702efbd2ce3de829abca34967b4ecbf2bcf4ce3a26b512b63366c763cdf2a6edfcdb325a95d008aeed908c98fb13009a19b9b0e914b13f0c5ca180c8af84b

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1472249760\manifest.json

Filesize
53B

MD5
8d0ab3864d574e745856ba6482410d89

SHA1
b1b728e965c1df64a9f55a1fb60b26a8c8859c5b

SHA256
fc2ee12a499b4460dc6da7da6f43f29e46f18502556ee80a754298bb94e388f4

SHA512
d58a7dec1e013351931c3665945bcb75d14b1c85d037521ab3b7e743f478dc833d0a97c8182a8887b4f698219b8c1f3afdeddfa02975b354a79cde13b778dfba

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1503423848\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1550581766\manifest.json

Filesize
147B

MD5
99a81054c477967f6d222a2f8f539ba0

SHA1
24ec65bb4cbde2b9ab756ee870184e2c3a3b842a

SHA256
cccc3ba39ef254b3d76c0fb86f93df09da8236ada41582148ae8e83fc58597e1

SHA512
3ac26bcbb4ef0506c1f18f067e4247b4ee46d8343aefcd407eb6965fac6fa3403f101465b7132c6b9fd1646a334a75f3439c37ccb35789031e89a2d2449e0d50

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_162441437\manifest.json

Filesize
118B

MD5
e7f31fe0ea7224603743fc0801566070

SHA1
f2605364e4887edc1100d4f170440271906a6e37

SHA256
60d18820bbf3829885f5c85725ed36a099b493b7b7bf99498f059096dbc2a8fa

SHA512
9999b6796eee0ed0afa22de6ab5c8a54b717d1273248613ce8518fbd69275b35128681855c24cc4a9b74f988e4292d2e6cd667b082de0afa96f3a6cac4fd28b7

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1847452138\manifest.json

Filesize
116B

MD5
ae5b4e5ee859c7b57eaa14906c27daaa

SHA1
ec6d0a28f0dbf1207da4bf1538e5dff2ac2c2289

SHA256
154efaafa74d953325e3a110becd079b39c2b892f058c2f7d71bee3c5829214a

SHA512
b640ca5627d1e5bc94c4ad11ef0054456fca9b3d133391bbaaa9b5a8b9c0ae2c8cb49a771867cf24178b053fd24f1fe80faa2eaa87672e89514cab4c92b2acc3

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1884254140\manifest.json

Filesize
72B

MD5
9f6d6805f4f2f6d574a2efb8ad7ed5bb

SHA1
dfabc6d1677dfb0f4208690d16d4e7e11923f3e7

SHA256
42cd1f4f4837470f4ae1b6d84ffd1e95440e0532a57bfe6fe8cca8b2e66b8674

SHA512
5140578f8d05047c2725f576cb3f430d3a662f10d1a98589b79861b3b6321c87e9c6299013f2bb4f002351ead826c27d07f48262f032c93035c3eeff9709cb84

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_1950730481\manifest.json

Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_2121460062\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_2121460062\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_2121460062\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_2121460062\manifest.json

Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_24836891\manifest.json

Filesize
175B

MD5
08491991da266c288c9249525efe4813

SHA1
76c210f77250ad632ec9e6ceab7a0ec15b22f51d

SHA256
41b308c25ac618c647b894634857e860fd9cd9f72ec80490247df4fbb594128a

SHA512
f70bff21e22ca48918d1c243ef4ed10397f7845a63411ab8a5057634d9236eec99ea99f365d17479c02e01617536636923f6f02c530659f9ff2398cc0cae48bd

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\Notification\notification.html

Filesize
4KB

MD5
06f84f68409c4f47a7cf69cfa62ec08f

SHA1
5c7032401204b7ed60d503697e33a75db9455603

SHA256
c2f8292ef211830d807087b722f2d525fa8570318568c2ea09420e2227cdf089

SHA512
b3304cb2e702bd731c043ac257df8b75b39e3b463578d18f64b13574a41d96a9fc6818b2b2f0fc19b4ea944a4ad57dde01e2a123bcaaf3c4f32597fac29b6cfb

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
295B

MD5
9fadcda30b07120e2cb70b5a003acff9

SHA1
a4eb198c6ae011cfb495a25d7c04b62fdd1d0346

SHA256
63ec623c2bda74fc3e3d2796151ffe93255e8bd76b2d8bdfe2ea0b401848b15f

SHA512
e34a8bce98ac7eeeb3416a9d2e8f331181a25e06467aa211af4a12a88cef0c5b2678792d03378f888c212eff6340647ac99f97aa2cadb75c3777527fddf77552

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
28ea2ecbf59506eef5a64d2e8736fc7f

SHA1
15811e52e73656e86bcad5f51820fa28dd195185

SHA256
2eee63800a6d6184a05efb417e90cad719318f10e939ff28bf0ebc350f679c44

SHA512
1896ceba504d0a1690c6b949e555a68e80a30fa3fa85b9a4e65ef4903668b01844b6f6f8e4125a67f673b16ebfa046e71bd17c573682e18a08bba12e1db2edf8

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\app-setup.js

Filesize
37B

MD5
85ccf5b1372be92c3926f0ad28a82ab0

SHA1
328db6d47f7b5768a5b2aa15ca39a1bc25232a7d

SHA256
258a2b58d47d2f7a74636537d257f3d54666c2a5d5201ef919cceb184a3ee53c

SHA512
43a5e12cb36d182b5b3d903fa37290011f67e889cd5fdaf41ea77797c1a5165dc4221bc7262eab1dfb4ba28bed520f72a94875a0efdd7a5e9559b36b65ae8489

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-hub\fr-CA\strings.json

Filesize
58KB

MD5
89c2177002b35fdea594edf8b3086a59

SHA1
a0d9bf1015958c70bfc04a34a7b8844f6cf32990

SHA256
95c2e92d4625c54e1a40a0077a01e21c6e09944e592ee8cc2d668bd25a78fae1

SHA512
a3bf683c6dfaa7eda295153e424a75645aa8c80ad21d5705bd92ff5e43c7e4c279ebb6ddcb89ea1648c48de47ba3f737e4a4c0cd82ac25c8b45fae78905647fb

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-mobile-hub\fr-CA\strings.json

Filesize
2KB

MD5
9c4e71ca53d0cdbb877b2ca86f572c55

SHA1
bd3d002ee7a166de3d8b70d21a1c692e57b97fa8

SHA256
767052f7a29bf7e06374973f6fa94694d63545e8b6573166d2cde41d2dfef405

SHA512
b6af69e0e49d7735299e377389d5d9d0c2af9601a4b3475d97e1056167000495054fb96c884fd66cad6e03243a720e6312bf616d650a03341b1434024e4c8aa1

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-notification-shared\fr-CA\strings.json

Filesize
5KB

MD5
75aac020389ee3a90f400b82877b8881

SHA1
b3d20ba204ce43ce9b7f797874346c476a804bb6

SHA256
d248efb66b2677d50b4e0af3912d132611882d452d3988ee1ab55c0720a5b86d

SHA512
0a36e2180e4540b9cfd78530cb0a4879a5995f3165108070072b6143d71ffb5b295925898562094a1d605ea166dbac4bf1189b4fae29afad336f87724c52893a

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-notification\fr-CA\strings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\json\wallet\wallet-pre-stable.json

Filesize
2.2MB

MD5
545d2b1151bbe0470732a5ec71abcd3b

SHA1
0b58343060a3ba011d72ee42ee2fea620ff6f0b5

SHA256
5fd4740c0728516af8207e28ff02298ccfbc8e591e231b239d3f6324263000f8

SHA512
86971c4a74b78bc7a1618fbd9b9a50e006ed5921c3bb4660ab4d4fc89a16984dadb614b71ffe42208676a3d6b882e959a72125a684d31f789e26ada01363491f

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_321206787\manifest.json

Filesize
121B

MD5
b431cdea751b843cd01d1c4299c3db66

SHA1
1d961bff940ae6a50916fcbded3f04adb9d92e4d

SHA256
f02aa0e095befd7d117c4484d086e170e097a75b93bd22d834bf3a5026a6bfc4

SHA512
d91005cd64dd92d9d03fbda2f86faf18b6bf78b02f67479d365e8fa6f89a4ff653e6f313a4ddb4890fa717b7eac7609c3dfb3a88e1bce282e7ab31057c9fe78e

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_434131151\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_440820000\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_459300787\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_823094858\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1164_858968899\manifest.json

Filesize
118B

MD5
ba4567388c38cd975fe4288633763434

SHA1
0cfdb35b199cac669fd61d4231657ed095b1e9bf

SHA256
dd4f941794a9bf67fbdaba16e50b061fda3e08bf3128e9eda9c36fba7f1d7bef

SHA512
d5bd2d0bdcf1f9225f4ae4047d97dbe29860bb432af61d907c8a60875bfe1735564d2df41a9101c80bc0b329f3b18f208756a3d86b8e35eb9b09548cfe7536fa

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
64KB

MD5
97e6fa5103028949b2fa2ace0ddbbea7

SHA1
d2842c9e170f05640dc6581adad2954c3a30f137

SHA256
7cfbfe714d85e9083c4ae948b37765a3b3257245afae8b52b46994b9e3fd3ad3

SHA512
4741901268f100cfee354036fdbd81a04795157475817a4766b28656cbcae807fa67c3b3cc98997c06fe294e31de688a302ea99e7cf9f8810f18759bbf011ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Autofill\4.0.0.4\edge_autofill_field_data.json

Filesize
212KB

MD5
4a19a53cbbabb95d377b2e3f3468460f

SHA1
5b7b30aebac31abd636a890c2d5bb23522438fee

SHA256
5f3a7426de195d7c991aeabad4886e7dad32ff30bcfb4058745a1accc96a64d3

SHA512
713280e28d42431f05fee1a37f019bd84c768dfcf293ca4f80644e2a0f6c1fedbe55d155083f0c980143360025469325d41bc216ac8b7c4354a120fe1df242b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\CertificateRevocation\6498.2023.8.1\crl-set

Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\493257dd-63bb-4b91-ba27-3d5e51e48327.tmp

Filesize
68KB

MD5
2e40a519903d97737fcbadaca653cf11

SHA1
f2653ba26e4b85e98a7e212bfa8f4934ade843cf

SHA256
5809816073ca47490a541336a8a67520aec84334aca5746be1046292f5dd68ab

SHA512
8ce1f1a60cfb4c9d367a6de6969f0cc0b3e708ce87fe6e2400e16cb69bc2a2f7b5ee228de2204eca3952b1be318e87f8dd12dbde756bb5686269001459692ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
247aff2750f2269c92e7e6ff74672b37

SHA1
9f58ea7c768e38cc7a3aa063e8eab4a153bf4855

SHA256
e26d39c1941302b503c7f578904598dc08b2e3c01ccadaa89c2acfc4f59ae4bf

SHA512
57318d6cdf26ba71d317a70f5791bcb25693459fbcbfec93bf84a5e60d8f909d416d34daa86782872e8675b65bf6dde45ca37fcdceeaf103a828938c7aa5be80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe598cc5.TMP

Filesize
48B

MD5
4b51429408e200b4673a5aa7961208a6

SHA1
56f7e05b63285a3b63d8b1633f4321477d1161df

SHA256
3dc9f9b3e7f7f0ac3e47d77365ec08857cfe06dca4a7081f18a457dfbb4046b8

SHA512
a91d9ccea2d84448cb2b8f45c321f23022bf7b72236325cbde2f6de5c7e988e1436f36df2ee06221ea9dc4a743c4cd646d4b39a978ba8b61a9e3734516c27720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.1.5_0\content.js

Filesize
7KB

MD5
ec2d2b2e8b6c20e36f05ab7653a47169

SHA1
216fa607b4fff4b0f20ab1ac305cd3106c86fd88

SHA256
c0cdc136c15b5853b5da07746885624d636d63c14804bd99b8bdc4870d0d109d

SHA512
4a4026735a38fc8b9dfac27d98d68a600d3062b3fa51d546b642b23622715b86916ba17088c4d085e5b9593fb3e3a9727201c3143e4859729c15a53ff156e948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Network\Network Persistent State

Filesize
499B

MD5
ee96f8e92cac66457c5f160125fbfdaa

SHA1
d3aff51109c99b5ada7501fba22ba2d3bd9d2c73

SHA256
74977750d31fce82050c03cbe93baf2de98d5d4d0e7d81dbafd9ca86f02c13ec

SHA512
0b804637a95bca5e83ddc177bb702b8a9bacc14543517fbff603ba72a6987f7897bfc68de08c76258ca454a2ced4f8f962141f0af1e57c7a2652663f1dcd24cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Network\Network Persistent State

Filesize
355B

MD5
95bc43a74187c5ccad90857aece8f066

SHA1
8c7f2e1a4d8ee59edb4e4dbee017762188636ba5

SHA256
ae847656add5a0d846aa06508163d715c3ba59e90b0304fceea0e204b3a80284

SHA512
999350af89c1cfca201886998b46665b4fc3a9e4714e537ecc81323b773474d4a959be2b174e9ecb8c55062be7d11a44c53de30e5c7f093a5b3cc69212afeb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Preferences

Filesize
7KB

MD5
b4e614c330a4bf96c47da79d8d69887e

SHA1
5d26d52d3294823b70de82b7f457c7b956156905

SHA256
959833d14a2afd3c235c4ad7fff99c1dd374251f1fba07395916acc90e9c3d9e

SHA512
3a2a297a223366b80f798c3810d8979416d3d833a716ba00fcb0d632e36d51b6b629f5f995fa60c6cf13dd10fb6db77298db468af906ab618847ab62f67a787e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\ba08964a-0813-4b40-a4f3-e0abdb7502c9.tmp

Filesize
25KB

MD5
51211f5955a4d45e7b6d4ee5d70950ef

SHA1
217ac2ada5fa09799eb0e175e8822add129d42bc

SHA256
dea8acf7d7a0a43e0acdba6d88919bd14a7785597258a8e2bb25ba0d8eddc9e6

SHA512
65f98449d7b479aababd8bfa5b6e7d7f87efb35ef84f0b44ebb32e40757bb8442147d4dc8e63a0a1bf4cabbd57f118d8ba662a80c78297c4157ef7a624cdbf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Default\d0a2176b-d3d0-43d7-b2a6-0b429060c480.tmp

Filesize
7KB

MD5
ae8212139c7a56f4b5cf590d3f680c61

SHA1
6fc0f5ae6655b07234265c07ab6b18f304691e02

SHA256
dc3c8a6a42f43c539e1400a735c7f133f8ba37ba1a84254fbc60b00f177abbda

SHA512
c2dda598e120a2c03e5843e811aaa24225ee252da64fa574105a7274ceb25240d9cb4e9927acdb9398bfece2672b08daf9ccf8f2de27bf0e4632a84d4183db3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\EADPData Component\4.0.2.31\data.txt

Filesize
77KB

MD5
82ae82658f56d1a1a21d8b52b3bc344e

SHA1
7874b51bd9310950ef1d03f69da1dedf12b56057

SHA256
be0729ff2b6531cc1aa6c2ae13b0fd557acc196470e1fdfb87d3c11e9e0ae42c

SHA512
eb3265dc8bb45210e5fbc97176e4040269dd42fa82168f144bd4d68bd59512a7bf8c7396197313250e9255c69f20118484cca070fa091d39296972bac8726298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Edge Tipping\113.0.0.526\EdgeTippingBloomFilter.json

Filesize
218KB

MD5
7d88043189e75d62238183c53e0fb1fe

SHA1
41d99b830b67b722920e5b0e1bca1cab652954dc

SHA256
03c680852691ac0ef2995702d5bcaa17453c455ab1458084bb3b28db9f73a6c3

SHA512
34eafa55c72f902105a52824a3756a3cd33819d91b3c088b1779187c82add318f0234f3fbc74b8ec0563b1a9c80e115abeb1ca79d2b3c03691f3580aac78d7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Edge Wallet\115.16099.16063.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
625KB

MD5
11d4966d982415e2b195864b0da6208f

SHA1
5a80a3215ba78d3d76624bfccb251278694b2851

SHA256
fb81a59f002be4ba3deb26922e51b69b07de5d06c540616dbe341617b01e74e3

SHA512
29cfca58540360b1b2dd3bd6586b79cd1c82e44336229beb37353726da9cbcedffc81aea433adc9292d95ffc43b0925f4eccea751acfc45b7c043b77971b2f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Edge Wallet\115.16099.16063.1\json\wallet\wallet-notification-config.json

Filesize
557B

MD5
db1d62fc6426637ec03cd5e9ee581e59

SHA1
790f00b117d8fe23fe29747a9f3290aea7f02c08

SHA256
d9a4647fdacf31ea71e02f29c51d4771dc3b5849eabaf67b70acccb940902de8

SHA512
e97f849cda253a71b4655057efe5c264ae305181f9bea5e3d831df1992c66e1fa40418a627a5ffc039c2fb02907b05bf718343536d0ea0ec5fc10f6a86ebcb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Edge Wallet\115.16099.16063.1\json\wallet\wallet-tokenization-config.json

Filesize
23KB

MD5
634323483c6bf97f0d946912b3452604

SHA1
bd41635b68e90db709cc328307ea19d561b9b92b

SHA256
ccc9802d871b81d34ce2433865ff817dbed0dcd4d8b1b4c1746d03dab714e185

SHA512
bd069f141bd0d65430365b088ca5d0f33bf96ea0d5d0b8236657a60964705366f852e7d9813d56571df00423668a023162f6c6ce4fa9b4cfad5bc4629db95db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Local State

Filesize
3KB

MD5
a5e4eca876c1547f8390f9126f051242

SHA1
ba30b79f8ec3cb9350b23e9ebe60c28ca2a55db1

SHA256
7309bc2a81dd29c1b2e0e49baedf4dcce723ec996ea0aec5e170ee1537d4fc7f

SHA512
b728a6e0a89409e4892fdc3a0b974efccf2c0695273f81790933ca5653c8dbaa09cb81fa9951016ba86127114147ca9c0b90aaacbedb5806c731a40231dacf9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Local State

Filesize
25KB

MD5
d4f5b36f6098da106b4adb0b668c4791

SHA1
537ef4e8cd9773e3deb461cc8df127f42f9d1393

SHA256
286fbdc6ae0b9556d9b044b3f6c6d643d50a273cbd44f415a086898f2c66b0a7

SHA512
feea27410460e48594017229668d2c4a97fd1a84942c02d5c3fc9156492ca1a1a24c5335f6c9d44b3948be8f016616b624e858f687130813483a627a6b1e22d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Local State~RFe59353f.TMP

Filesize
1KB

MD5
c66309a2ceaed0c30125be2a0a8c8ab2

SHA1
9cd48abf33e882e932c3d0baa1175d0123702f61

SHA256
00f2438335bc24c6ce3b2a5390c14507ceef01d95ec17a6cc3d1b44bf17c9fbc

SHA512
8677a5c338f75f503515303b689a21c7af84fde670abc22b442227faf69cf40eadd0d4e821b4d93b9274948081be989479c2315052dac6a9ce787dd8e7ba6885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\SafetyTips\2983\safety_tips.pb

Filesize
125KB

MD5
60cb210fbcea57b8fe7960a181fae083

SHA1
fcc62ebd03bec2bfa84e55d6a1a89660d09ce1c6

SHA256
cb26cdde3d8ce14fdf5c7adff4256ed1d2b30837f03896248b1fef5f1bef48fa

SHA512
29c02bc48a176d5850c43c4ac75a75f138fe36357abac93934dd6ded0134c49e201f45da892c87f8acd483dccf9d8c4676d12f4feb5a4786f8134a340337e9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\SafetyTips\2983\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Subresource Filter\Unindexed Rules\10.34.0.48\Filtering Rules

Filesize
1.8MB

MD5
a97ea939d1b6d363d1a41c4ab55b9ecb

SHA1
3669e6477eddf2521e874269769b69b042620332

SHA256
97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

SHA512
399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Subresource Filter\Unindexed Rules\10.34.0.48\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Subresource Filter\Unindexed Rules\10.34.0.48\Part-ZH

Filesize
839KB

MD5
35488dda885a4de38b56edd487f1ed51

SHA1
3c85fa1afaf24064437abfd72530aa1e675d58c9

SHA256
04ee35c1660783cc17d89b80d5bb76c9c92a4e052d52b2e4cab00897d9c5655b

SHA512
0072570e9cbd6ed811bc22df5c664a152f1c3322f08b43ca9df6daceecb64614198f5600c964f1abd7890d3e811c57dba54bbed763c12d3e245bf7db5dd4d898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Advertising

Filesize
24KB

MD5
1cc67aa27d683e35f6e2d52e27794fed

SHA1
6061d27882d9afb4bb885ed3be65b0bd44341e4b

SHA256
3c2451d0820eb623c7e95da72017071fce5c5091c168f1b18b3010e914ef84d5

SHA512
34776fb3abd952aece898051293773ac220391e6b114445317c9b51757a858cded9596e84c32e3019b7d9d660dfa880456b5b6c0ee6e10a64fe3431340132deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Analytics

Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\CompatExceptions

Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Content

Filesize
6KB

MD5
de67adf873370835f12a4962fa4b3a85

SHA1
99831e0a001b8604b5b431d09307273872d5f07e

SHA256
76975bf9dc15a979cfbf917496c385767357e1ce7ff30ac94dcc901cbc74607b

SHA512
f1ea69a38500afd96903d60f9bb2308ea1c368e28e970669467e8d7c637268774374dffe92fbe02a6d043ff0fb763913790ba617b5251cb46ee000423b591cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Cryptomining

Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Fingerprinting

Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Other

Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Mu\Social

Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Advertising

Filesize
997B

MD5
d81750ec7af7709a55e2d1c830d123e6

SHA1
c2f118b9c96d8b793ea751ff17fe4e2b945bd8a5

SHA256
28ca4a595aea39469c715d2a64d026cde5a5fba021d8471b7183fdd019df2081

SHA512
a6b4c4c97fb47a158fe5eb2125cb42b7ea1d37df90c652ce31396a29b224f94834a4ea36d1ffc61bf6da4316e8fec5f139054be15466193cf6080621286effd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Analytics

Filesize
126B

MD5
c4acde1c5f5561bdddbc9846e9f3d2f2

SHA1
520973b512aa1a374e18518f85dc801b3fc1767e

SHA256
9fa640bc46d85197048b78253c2745aca7c7d48d023d55269c11e9b8d66ea703

SHA512
d938ae798f11b348bf2c57995fd3731c4ee24d03fb59fc2708bd15fdbdacae21ada1123e3ef08b328ed140366f590d4afc4799ba77a97cf7fe186f815d107a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Content

Filesize
36B

MD5
7f077f40c2d1ce8e95faa8fdb23ed8b4

SHA1
2c329e3e20ea559974ddcaabc2c7c22de81e7ad2

SHA256
bda08f8b53c121bbc03da1f5c870c016b06fa620a2c02375988555dd12889cdf

SHA512
c1fb5d40491ae22a155a9bd115c32cbe9dbcba615545af2f1a252475f9d59844763cd7c177f08277d8ef59e873b7d885fda17f2a504d9ec2c181d0f793cb542b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Cryptomining

Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Entities

Filesize
16KB

MD5
011dd90f861d72166efe3a81634e69aa

SHA1
7219b5188a6bc52f22864a8afec7906b3225b40f

SHA256
46c606fa05ccd710c8212f816b3db43ed5a2102e2239ac508b6797a2d83d5c45

SHA512
4d41d4a97fa741da3f7a9530f6e5d02010efe57f2c15d4d91130c06931b896fa116294fa441399f2d7eb16cde6a7d11ca7d5781db3e3e18f31704528abcedb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Fingerprinting

Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Other

Filesize
75B

MD5
c6c7f3ee1e17acbff6ac22aa89b02e4e

SHA1
bdbd0220e54b80b3d2ffbbddadc89bfbb8e64a8b

SHA256
a2f9f27d6938a74979d34484bced535412969c2533dc694bfa667fe81d66d7d4

SHA512
86ed28ffdd00b4a397a20968792fcd30dd4a891a187a7789c00c88b64689b334a11fa087eb54ccee813c181cf891b43184dde7af9a6f33caed2a71e2c445a7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Social

Filesize
3KB

MD5
ae92ac226ba04a34a6e8f1140f04bbbf

SHA1
db368322491478a19ca31244b2af1e3988d8645d

SHA256
19031c7f1b4ef0c92222723114164ed772c7811205f646821ddc41e4901480a0

SHA512
1b6b5144cd87d4e06fe240aedc6e46cd4019457903ec267be5b450690cb56c88430bd43bad086afe13c122d93e2b1aac50c129033a9a4197ec3e6ebdb161e038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\Trust Protection Lists\1.0.0.25\Sigma\Staging

Filesize
5KB

MD5
61dddcad6e2e3bd2b440facc1f56c7a7

SHA1
be7750704fa3b007e20c7366e364b3194e4d5587

SHA256
35a7a93fe66261463bdafeddc46bf9ddcc79f0ef81244066b9332f71da23aff6

SHA512
40d87f54c00825ddd5cf96d5fc4760835520d008d884fb2d35c28a1397946e491a156423cf28bf29bdfa1cb669694833786ca273bba91176b8586ad092bd7927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge Beta\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Temp\7221582d-7b2b-44d8-90e9-c4b65c9b3a4e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1164_883894124\9a9de975-73fe-4177-9b76-b20bd6093196.tmp

Filesize
6KB

MD5
728dfe05ac3344eccf5234675755e368

SHA1
04fb3ff7604d5364c5923e29a70d2714c600c60e

SHA256
c1f2e216c2f1ae169a25571f24932647d78d1a873d1a00acfa864762263b8284

SHA512
31af5f6e07cd5519458aa6950a8e301e9fe5c2acc83bdac3e25b0abb70701dd7ecd516223d6d08305eeb6d90f0e0c23058a80fb2b35aaa62e24b9095c4980a5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b83411b57700da9b.customDestinations-ms

Filesize
3KB

MD5
0a39e54590c365b1f046fd0dc61fb9d5

SHA1
1865bfa610dc31ddbeb042b57719fed659d882f9

SHA256
d73c41bb3cd641058b9224aabcac4079c8778112ce59522ca7fc7523957c18d8

SHA512
c2234caab640ffda24a1dee4c2de78219122f1f9b4f11c1221eb42ab8f8ee8dfb662872ff454b9f491eac0989b3f649160a5f0fea7f180a52d3b94bfc14220d4

Download Submit
memory/1192-349-0x00007FFC12220000-0x00007FFC12221000-memory.dmp

Filesize
4KB

Download
memory/1192-377-0x00007FFC135D0000-0x00007FFC135D1000-memory.dmp

Filesize
4KB

Download
memory/1356-472-0x000001A2D5FC0000-0x000001A2D5FCE000-memory.dmp

Filesize
56KB

Download
memory/1356-473-0x000001A2F04E0000-0x000001A2F04EA000-memory.dmp

Filesize
40KB

Download
memory/1356-533-0x00007FFBF0330000-0x00007FFBF0DF1000-memory.dmp

Filesize
10.8MB

Download
memory/1356-476-0x000001A2F0510000-0x000001A2F0518000-memory.dmp

Filesize
32KB

Download
memory/1356-477-0x00007FFBF0330000-0x00007FFBF0DF1000-memory.dmp

Filesize
10.8MB

Download
memory/1516-342-0x00007FFC13520000-0x00007FFC13521000-memory.dmp

Filesize
4KB

Download
memory/1516-634-0x0000022597C00000-0x0000022597CAC000-memory.dmp

Filesize
688KB

Download
memory/2024-636-0x000001C5F90E0000-0x000001C5F918C000-memory.dmp

Filesize
688KB

Download
memory/2892-637-0x000002781D600000-0x000002781D6AC000-memory.dmp

Filesize
688KB

Download
memory/3020-640-0x0000022A07A10000-0x0000022A07ABC000-memory.dmp

Filesize
688KB

Download
memory/3044-633-0x0000026919450000-0x00000269194FC000-memory.dmp

Filesize
688KB

Download
memory/3044-285-0x00007FFC13520000-0x00007FFC13521000-memory.dmp

Filesize
4KB

Download
memory/4184-639-0x0000018282E00000-0x0000018282EAC000-memory.dmp

Filesize
688KB

Download
memory/4256-638-0x0000016FA5C00000-0x0000016FA5CAC000-memory.dmp

Filesize
688KB

Download
memory/4568-635-0x000001E5E7F40000-0x000001E5E7FEC000-memory.dmp

Filesize
688KB

Download
memory/6024-539-0x00007FFBF0330000-0x00007FFBF0DF1000-memory.dmp

Filesize
10.8MB

Download
memory/6024-551-0x0000025E70250000-0x0000025E70276000-memory.dmp

Filesize
152KB

Download
memory/6024-556-0x0000025E707A0000-0x0000025E70848000-memory.dmp

Filesize
672KB

Download
memory/6024-559-0x0000025E702B0000-0x0000025E702D2000-memory.dmp

Filesize
136KB

Download
memory/6024-694-0x00007FFBF0330000-0x00007FFBF0DF1000-memory.dmp

Filesize
10.8MB

Download
memory/6024-713-0x00007FFBF0330000-0x00007FFBF0DF1000-memory.dmp

Filesize
10.8MB

Download