5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e

Resubmissions

19/02/2024, 19:36

240219-ybhvtacc68 8

19/02/2024, 19:32

240219-x88xtsbe8x 8

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MicrosoftEdgeWebview2Setup.exe
Size

1.5MB
MD5

2fbe10e4233824fbea08ddf085d7df96
SHA1

17068c55b3c15e1213436ba232bbd79d90985b31
SHA256

5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e
SHA512

4c4d256d67b6aadea45b1677ab2f0b66bef385fa09127c4681389bdde214b35351b38121d651bf47734147afd4af063e2eb2e6ebf15436ad42f1533c42278fa4
SSDEEP

49152:Py+3n/URd7ygwxXXOMzrn7yOcIEjg0VonVl:PyaC75wxXOMzr7yOAyVl

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 17 IoCs

pid	Process
1568	MicrosoftEdgeUpdate.exe
1448	MicrosoftEdgeUpdate.exe
1164	MicrosoftEdgeUpdate.exe
2300	MicrosoftEdgeUpdateComRegisterShell64.exe
2972	MicrosoftEdgeUpdateComRegisterShell64.exe
2564	MicrosoftEdgeUpdateComRegisterShell64.exe
2276	MicrosoftEdgeUpdate.exe
596	MicrosoftEdgeUpdate.exe
600	MicrosoftEdgeUpdate.exe
1848	MicrosoftEdgeUpdate.exe
1456	MicrosoftEdge_X64_109.0.1518.140.exe
2284	setup.exe
1880	MicrosoftEdgeUpdate.exe
3052	MicrosoftEdgeUpdate.exe
2468	MicrosoftEdgeUpdateComRegisterShell64.exe
2708	MicrosoftEdgeUpdateComRegisterShell64.exe
2732	MicrosoftEdgeUpdateComRegisterShell64.exe

Loads dropped DLL 47 IoCs

pid	Process
3044	MicrosoftEdgeWebview2Setup.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1448	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1164	MicrosoftEdgeUpdate.exe
1164	MicrosoftEdgeUpdate.exe
1164	MicrosoftEdgeUpdate.exe
2300	MicrosoftEdgeUpdateComRegisterShell64.exe
1164	MicrosoftEdgeUpdate.exe
1164	MicrosoftEdgeUpdate.exe
2972	MicrosoftEdgeUpdateComRegisterShell64.exe
1164	MicrosoftEdgeUpdate.exe
1164	MicrosoftEdgeUpdate.exe
2564	MicrosoftEdgeUpdateComRegisterShell64.exe
1164	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
2276	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
596	MicrosoftEdgeUpdate.exe
600	MicrosoftEdgeUpdate.exe
600	MicrosoftEdgeUpdate.exe
596	MicrosoftEdgeUpdate.exe
600	MicrosoftEdgeUpdate.exe
1848	MicrosoftEdgeUpdate.exe
600	MicrosoftEdgeUpdate.exe
1456	MicrosoftEdge_X64_109.0.1518.140.exe
2284	setup.exe
600	MicrosoftEdgeUpdate.exe
1880	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
3052	MicrosoftEdgeUpdate.exe
3052	MicrosoftEdgeUpdate.exe
2468	MicrosoftEdgeUpdateComRegisterShell64.exe
3052	MicrosoftEdgeUpdate.exe
3052	MicrosoftEdgeUpdate.exe
2708	MicrosoftEdgeUpdateComRegisterShell64.exe
3052	MicrosoftEdgeUpdate.exe
3052	MicrosoftEdgeUpdate.exe
2732	MicrosoftEdgeUpdateComRegisterShell64.exe
3052	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 34 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ga.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\EBWebView\x86\EmbeddedBrowserWebView.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\qu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\microsoft_apis.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\de.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\mi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\VisualElements\LogoDev.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\pwahelper.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\VisualElements\LogoCanary.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\nn.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\mip_protection_sdk.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\msedge.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\eventlog_provider.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\az.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\identity_helper.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\learning_tools.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\VisualElements\LogoBeta.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\vcruntime140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\identity_proxy\resources.pri	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Edge.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\Fingerprinting	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\lb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\vcruntime140_1.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\af.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_kk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F5524AA-09FF-47E4-874D-1D034712E03C}\EDGEMITMP_A5E63.tmp\setup.exe	MicrosoftEdge_X64_109.0.1518.140.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\sl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\pwahelper.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge_200_percent.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Notifications\SoftLandingAssetLight.gif	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\dual_engine_adapter_x64.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\sq.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Trust Protection Lists\Mu\LICENSE	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Trust Protection Lists\Sigma\Content	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\WidevineCdm\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeUpdateCore.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_hi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\az.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\edge_feedback\mf_trace.wprp	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\libEGL.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\mspdf.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\msvcp140_codecvt_ids.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Trust Protection Lists\Sigma\LICENSE	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\identity_helper.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\LICENSE	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\en-GB.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\sr-Cyrl-BA.pak	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8a-1d-4e-65-c1-26\WpadDecisionTime = 20bd7fad6a63da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FBF082F-6A40-419C-8D25-2D3FB6B6B37A}\WpadDecisionTime = e02c81d66a63da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8a-1d-4e-65-c1-26\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FBF082F-6A40-419C-8D25-2D3FB6B6B37A}\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8a-1d-4e-65-c1-26\WpadDecisionTime = e02c81d66a63da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8a-1d-4e-65-c1-26\WpadDetectedUrl	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8a-1d-4e-65-c1-26\WpadDecisionTime = a02030a16a63da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6FBF082F-6A40-419C-8D25-2D3FB6B6B37A}\WpadDecisionTime = c0a6e3ce6a63da01	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8a-1d-4e-65-c1-26\WpadDecisionTime = c0a6e3ce6a63da01	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8BA747D4-0E17-4C7B-A5DD-6B81BB4A26D1}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8BA747D4-0E17-4C7B-A5DD-6B81BB4A26D1}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe
1568	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1568	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1568	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1568	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 3044 wrote to memory of 1568	3044	MicrosoftEdgeWebview2Setup.exe	35
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1448	1568	MicrosoftEdgeUpdate.exe	26
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1568 wrote to memory of 1164	1568	MicrosoftEdgeUpdate.exe	27
PID 1164 wrote to memory of 2300	1164	MicrosoftEdgeUpdate.exe	28
PID 1164 wrote to memory of 2300	1164	MicrosoftEdgeUpdate.exe	28
PID 1164 wrote to memory of 2300	1164	MicrosoftEdgeUpdate.exe	28
PID 1164 wrote to memory of 2300	1164	MicrosoftEdgeUpdate.exe	28
PID 1164 wrote to memory of 2972	1164	MicrosoftEdgeUpdate.exe	29
PID 1164 wrote to memory of 2972	1164	MicrosoftEdgeUpdate.exe	29
PID 1164 wrote to memory of 2972	1164	MicrosoftEdgeUpdate.exe	29
PID 1164 wrote to memory of 2972	1164	MicrosoftEdgeUpdate.exe	29
PID 1164 wrote to memory of 2564	1164	MicrosoftEdgeUpdate.exe	33
PID 1164 wrote to memory of 2564	1164	MicrosoftEdgeUpdate.exe	33
PID 1164 wrote to memory of 2564	1164	MicrosoftEdgeUpdate.exe	33
PID 1164 wrote to memory of 2564	1164	MicrosoftEdgeUpdate.exe	33
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 2276	1568	MicrosoftEdgeUpdate.exe	32
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 1568 wrote to memory of 596	1568	MicrosoftEdgeUpdate.exe	30
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1848	600	MicrosoftEdgeUpdate.exe	34
PID 600 wrote to memory of 1456	600	MicrosoftEdgeUpdate.exe	43
PID 600 wrote to memory of 1456	600	MicrosoftEdgeUpdate.exe	43
PID 600 wrote to memory of 1456	600	MicrosoftEdgeUpdate.exe	43
PID 600 wrote to memory of 1456	600	MicrosoftEdgeUpdate.exe	43
PID 1456 wrote to memory of 2284	1456	MicrosoftEdge_X64_109.0.1518.140.exe	44
PID 1456 wrote to memory of 2284	1456	MicrosoftEdge_X64_109.0.1518.140.exe	44
PID 1456 wrote to memory of 2284	1456	MicrosoftEdge_X64_109.0.1518.140.exe	44
PID 2284 wrote to memory of 2916	2284	setup.exe	45
PID 2284 wrote to memory of 2916	2284	setup.exe	45
PID 2284 wrote to memory of 2916	2284	setup.exe	45

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
  2⤵
  - Sets file execution options in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Windows\SysWOW64\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "1568" "320"
    3⤵
    PID:1588
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /unregserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:3052
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:2468
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2708
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2732

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1448

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2300
- C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2972
- C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2564

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{50A3FF40-DDB4-47FB-BA8E-4B01B54F37CE}"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:596
- C:\Windows\SysWOW64\wermgr.exe
  "C:\Windows\system32\wermgr.exe" "-outproc" "596" "372"
  2⤵
  PID:2552

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:600
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezUwQTNGRjQwLUREQjQtNDdGQi1CQThFLTRCMDFCNTRGMzdDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntDRkUzOEU3RC1BQUIwLTRBQkUtOTM5Ny1GNEUxREMxMjc3REF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDI1MTQ0MDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:1848
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F5524AA-09FF-47E4-874D-1D034712E03C}\MicrosoftEdge_X64_109.0.1518.140.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F5524AA-09FF-47E4-874D-1D034712E03C}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F5524AA-09FF-47E4-874D-1D034712E03C}\EDGEMITMP_A5E63.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F5524AA-09FF-47E4-874D-1D034712E03C}\EDGEMITMP_A5E63.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F5524AA-09FF-47E4-874D-1D034712E03C}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2284" "488"
      4⤵
      PID:2916
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezUwQTNGRjQwLUREQjQtNDdGQi1CQThFLTRCMDFCNTRGMzdDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins2RkY0RDUzNC0zMEMzLTQ4ODQtODdBNS1FQjk2REE5RTlDQjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDA0MjI0MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjQwNDIyNDAwMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI1OTI1MTYwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzBjNDA4NGYzLTFiZWQtNDI0Ni1iOGVkLTIwNmNjYmU2MGUzYz9QMT0xNzA4OTc2MDkzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVdYNHlEVGNTbHZ6Mk1TJTJmYjJCbWFKSkI1Vk9nU050cEdVbmFRcyUyYiUyZnk1SlpEVWJ0SlR0NjZkUzltcldKR0ZXeWtySnZESUpyQU43JTJiRG1PbVZXOWpZa0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjE1MTAxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjU5MjY3MjAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI2MDc0OTIwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNiIgZXJyb3Jjb2RlPSI4NyIgZXh0cmFjb2RlMT0iMTA3NDc5MDQwMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjc5NDY5MjAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjU2MDEiIGRvd25sb2FkX3RpbWVfbXM9IjE4ODI5IiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE4NzIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:1880

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezUwQTNGRjQwLUREQjQtNDdGQi1CQThFLTRCMDFCNTRGMzdDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntBQzE3NEVDNy04RTUxLTREQ0ItQTU1NS1FQjE0MkI5QzdDNEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xODEuNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAyMjY0ODAwMCIgaW5zdGFsbF90aW1lX21zPSIxNTc2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\109.0.1518.140\MicrosoftEdge_X64_109.0.1518.140.exe

Filesize
64KB

MD5
8086e504417a0306d93055c5c18552f5

SHA1
2ad46f8dac6e378831086d8f22502564f4431c5c

SHA256
9b6ee5ae71795d09cf4c4432241c07c52beb7942c7687815a3ced970c0c68ec3

SHA512
6e77a03d32b0ddb7d465b7bdc2724a6dd33f2457ae39301740eaff5d5b259077c97e15e360252dfbcdedd5d2781e4647bb8efb634a82ead29fceca6e5cdcfbc5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Installer\msedge_7z.data

Filesize
3KB

MD5
bd70ed26e6e6f3193043ac09c58c6a1c

SHA1
d733a65e17f2851d5116598dd80533efc1656468

SHA256
7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448

SHA512
3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2284_2145376477\109.0.1518.140\Installer\setup.exe

Filesize
345KB

MD5
408d9755b4403e7adae75a21e388713b

SHA1
910b570faf52269d30e3da982a8d6cea6f829d00

SHA256
c9c84dafa250a55e87c73b1d805acdfef39af7e0c7aae7dd2935a9371ba63fb5

SHA512
9d124104e7df26f7635bb36ba19e8759c5829f471e505184da774795c4791b6ee0841f788436bd57d49bd6a6a51c89677e40a8bdda7dea7b95b356e5a797196a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
9540ad83a08605ba1f52196424ce3067

SHA1
a533eb61319bce1720b55d8921691323a4178c3d

SHA256
b0b5d9eb6f4b176bdfbe4da0a060ad1b76c813186fae3d9a6e1b1dd9ee0d01d1

SHA512
bb00ee12c353c9deeb8105399b2a956343e4a1c13dd1198d0f481c4f699099a34ede80f15bb4efa9a1f68c2c12ff75da163b48bfdf30353d5ef5d4bb7c174493

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
11fe091ace9d03b9ada6d5a22d12c0d0

SHA1
5379ebe84500d425586904e7f9ac0393ab2a9d24

SHA256
50f4ed60a507ce9dd1f3f4e7d53053d923cb71594374a25251746a9b2271e4ee

SHA512
0f39af99697332c697ca62e2708e0a9200552a55f2d3057b64e9b18df2fe2828be750b14b5336ac9518b4c1282e82cd170b64587cf56b45b840ca231108b7fdf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
7750d94e4719ba69f5f83213444c0015

SHA1
f2d49b2d5c3bb372a5c74513de0744f2a5f3fe5e

SHA256
1ab31694ff0b6283fbb6ec062d6eab9ffb26df9d6d1ba140cf60a8e7a4cb9fe5

SHA512
4aba2ff17870e6e20fbcfe8d31036d52d9b2ae9df1013e1140cdf321bb4da0a8f5cdbbabfbee758cd2f2bbe2a3b10f25351f9e29cc5f5d91baea6dce2c83e714

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
258KB

MD5
3fa9ae698a600ff3422995504cd088c4

SHA1
bb0b798291c7e37c514d8fce11b8c777d13a6b2e

SHA256
a8e1533f87ac5273f908fbb67edb786f231fcae44b49dd5e6ceb3c777c1f01a9

SHA512
3dea12c2f30fdd5cc4125de40ad26c9f1a69abe8505c863b1469f47349d79f2b51ab037009e500291085366abf0ee2b24d16a3eb419b715894b924af656d2b04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdate.dll

Filesize
635KB

MD5
6dfba8d789876acc9d22c5f070b0af0c

SHA1
cf7222585d125c52a55b872cee8653eaca2b3f57

SHA256
fc67732cef63e5766a567784a31fa9abb12d40a400d0c57bdb43d964240b2206

SHA512
4d4a3faa46da30ee292df3470fb498c90359cbb115352c6bbf088eb4cd176b58203fd23b1a2d8c450485c9d89f3b43ba8698b9601db2a5bfc8e3bf705e6b4f8e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
ca3b6944f47fb398e4656d7076e3d247

SHA1
592c966af88cb9fd39250d917fe4876bb213d36b

SHA256
d1d58d338db2f0f885d7e945613c2e6b98ce02534a2635c392cec04e8c8b5f71

SHA512
5be93716c178401e809aba922b05abfe4c6585ac8544ba6fde1ae16af87e571ef28d51f8d71946d5acde96370d39bef8d85349677de16b3e8009ba3f57802b46

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
27b4625745b0d9036faeef288dcdc71f

SHA1
79e2e6590a0f4b6af97796058595e8df77bc4b8a

SHA256
74fefc1ad1bca85ae3cdcb197396568e9ccdc3de9095cc3e787e6e28f9a04487

SHA512
2f4e0c4478a244c3b1632f282c7522efbe9b2f03d6a8bb600f0d833c61fd74d7bab32683b1c0e40e58b2d30640cbf6e9b28c03b179e168a6cb7bd3512bae3f2e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
07b160c1fabcf30a0e3e907f1b12177a

SHA1
c5435df1d9bc93ac87870c5d8894de8481456de9

SHA256
a78619b34f4566ff3fa834111d6f02fdeb5e82ceae2167f51a85aa902f4ad2dd

SHA512
cbf2df29701b0dda648f2e208596c691e1caf97d2e3314749b6a3ad899cc057f66cedbbed4d6362b987173a925e73ea266d238c9d985d03b7ffd5c32b0d0b3c8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
0e38b9e9fde2583f8dbb61f2522c1996

SHA1
9e6a952387380bcf54dcc9d040a2d9051a63a1f1

SHA256
ea9786491db2b6548e3c935cc4f8382fb1534b3b67dde1ed6b9aa003c9a7152f

SHA512
f17d95eff5b23d2d11f161a66ef67c61c34c0190ca7d11d8e30f4504f5ecfec87a02fd474a08061433e8a431d78ed92fa9cc087863f3f4caeb2b5616949bc11a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ea96f65e817ac6899d6732cd880f744e

SHA1
0fde259d82e3c300ef2461e660208fdccc339e64

SHA256
06bfc34d181852321498c49fad36701a5f854ad6e5588af9e141a5cef838165f

SHA512
f79099fae7d98b9208aa5be96f28d9855c5e81cd9dcc5874ed2e41c8b720f32e54fcfdedd44e075892967768f42833f9fd99657096ee10af38d3b663d48bd603

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
4328bf6228c408cae033fb4acca65640

SHA1
011fd7ddb7c4551abe683cb005920d85cf3eb10b

SHA256
73a10a15a4be54f85e4103a994c8a628c34034d085c40627fb4f18b499379de8

SHA512
a50a74fd675ed3b791bfa5a93ca9f910c5a9052e9990de0132606779a333007d305f4fae1ac9f193335cd8207a17b00e2848a87aaa09e7900df189103fa0cd92

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
c4457c581afbf9e1903fb309d8d08bf7

SHA1
fc52fd6cc2de7405ac69674f74cbef43c92c5295

SHA256
f409b1cce73799d3ed0fbaab72c3331cc597787680e2fc9dcd9e2803f62e006e

SHA512
b8bc722dc801a9c50a972dc9ef5ebb31b43bcbc7d12cb84d0b3e64749781818963573f0bafe646160ed9edac5db5b72d7968d3e5ff908da256079e8dff4ec2d0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
4ab2b866301da9ffd1a2d9e1d2828698

SHA1
bf49d684e192f14f96ab03dd0f8d9e5817a0f1b8

SHA256
cfffd594b203016e13fa74c5382c1c6b46f7d3f0817eb4d649feaf3350a401f0

SHA512
60874a1c999e646a11217b3d0c68af03b7b2e1210f65e8e922a2cd8741bcf1e687bf74b97ffa0082962df2f534fc4c2ca9c28c4822a7e2c50474810e42de9d24

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
139d647896af07432b0c810977139fdb

SHA1
27b2f2915acfb3a740c958282deb2f418df83d49

SHA256
0f3d5ea311f13f94b8c0f9bd6c8fe8351ca85a9e92d96b3ac3a54e87a2167833

SHA512
cda3135620409f12fc7ee77c53233af4e64ea4a7e3a7b2af3534b015b410221e500a1820cd5852236236ca8820521072eba4128efd6316e1bc7863360c07baf7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
5801a2b7df808227d967d2e0d147fa4b

SHA1
dbe2844fa8bcbebc227b9817bc0ea8dcd1634b13

SHA256
cc02b8e56ebe97d640eb3241d6dfdd76c36d8ad9dc6fd70c11ed6a165f87dbf0

SHA512
b6f77f1284a05aa4d9e69b2f459691f8bb79466242c13d1bf011d4edd6a43e742b4541ecfdd4d7aaf7b6e72b3540d41ebfd6074086ed1a4b56ef6b852d91ba0e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
9cd4f750ad9c689151ca0a278c3774bf

SHA1
cbe0a7601db4ce0aded6e18c9647750a4e03a8c5

SHA256
3569e7eafe649d9b4e0fbea1db33d4a7e6c350e4031f9ac40506df4828892b0b

SHA512
38e723fbcc1ae59e50d8f8ffd53cf77fd32a64686f24a0670287c25dad7fbe4852ba968f223cc5936b2a1af453e5d2d5f3cc190e07ee0a78c55f88a0c3ecb940

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
14fcd6216e82727e0a757f0f6a04701a

SHA1
ceb886836ad9dc04b2758271d55cab0f6c6146aa

SHA256
777b0583744a3ee8e32586262d34a3d231482504f37d1b0679e1dbd1e10bb854

SHA512
e963ba587017d3e579f3839a0fa0fe5be659cb749629a5b98e7b02184e811a943ac18d66c927ab45c54869650289ec6e3a9661ec40532fc2ae578a5fb15606f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
d082255c15ca45655f999c60c7e44653

SHA1
337bb7b65c8db5305814fa8046da0d790c5cab59

SHA256
31c054f8b4c974d6ac436ee21828121f600a1dde0eb5bb8c7fb41c47ffa9563e

SHA512
662db73cfe28995149aa4a3d2f877fd7b9a027a4f322be9ee6ffb19b8aa4d97ce3ea1fcc13c85c28a9ab815aecca1b0baa69109f20cfa73a46cf8c1be586dfb1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
8355353da56dd6ba036eeedbb10ffa68

SHA1
3e20c8f35cabebd04e7162b9567fd3905174127d

SHA256
678888dd82f5cb04b5727c56699c70d442b35ac65338bbe9ac45ed8d2a32acb9

SHA512
000d0a8648ca4e8433568efc422f3caeed7c53e764878aca11f8b7405850863f8a7bea4a97fbb0076db961d3f09646a00bb3eaa0e4e3b81d949ac2aa033b0827

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
9e0645c2970492f18a9c16d053ae47cb

SHA1
c91f0ee7dc0dc0213776728b152a5c3597b8e1c0

SHA256
7bef8830bdf0fbc8d84d85946a28cafe05fc47528741bc11998805982a3b421d

SHA512
c4277b7e7652bd342dbda6d2d22acbaeeb9ec1321cd91ad236575d0c8f504220736218711e91f0984e3d2f06652101f52aee123163d7bf3cd173c7ec2d1325cc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
8b692911c2eef0d2e2fbc8ee84c39e03

SHA1
b5f558a2cbfee2dcf1cf5f7e5dd229309f5bca1e

SHA256
68ff5bb5a44f019c7c8a50cbf9ee0af264b4782e6516917b4760c0b05d247161

SHA512
6a4118eb9d1bdcb4031db82682ee919f62d575dc765ca0a65028bd31c8bdc061155bc2139318916b3be3572b6a3656d194e3a925b5711241f436267a9af1109f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
8ff46334ccb442dbdce0b04e84cc6364

SHA1
52a7dfd39529c0669d8fe72416876bb2b241741e

SHA256
47c08c6be842b50d119c4921ff860bfc1739efdb017de42c1247bf0fb5c1e254

SHA512
b23b74b2c7f76abb613630c888eff8ec2fe6c28138522ebed478f6d55e21917e658f269ef0d6014e8778225b81e2839cb965a1ff243b5639766bdbcd52c28f47

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
22b0343d2498e2a0b9d4168d480bd6b8

SHA1
d4dd3b497b262905788c7abdc791af1cdd80c6a8

SHA256
094dd4e1d9cf8114145c254372b0ac20f6593f16f7b53e02953bd21bbe26a4f0

SHA512
970fd6cb5fa68e2e12a6288b00250a3c400939963298bfe7610edced53036990c51edef7f5054c371b12eb992ce8e05b1eb7af4d9ba61e0af41096a9ed64957a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
17006114f71cb462041e1ec50a952047

SHA1
3062f6d33dfa215b18492a3e0a2d0fdf41a08429

SHA256
bd195bbeb179e478cd1dc4bab518568edd65603e3d33b11b3298ccd1995b183f

SHA512
5d7fe67bc1d6e22c9e7c13df5a5b9dd039eb77d94b991908a6e23ae703295d2c857b38799c30b40cdb2f3bf503f951de54e11fd65e6f482bc184ffab54ff443f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
e4a76fbf2d73c51f37bb96ef5b76ceaa

SHA1
5bc9a30d11fae80286f0a73db5900e9b2a94fc30

SHA256
a1c067279ba80bacdd975117ae5e6aad9923b3138340d25d08742163107d7313

SHA512
0b4751d5a7914daecc8f0f620dff0228bfe1853af901c6ec277656f3c568d916bc1e1d22bc737ee3f54107fca6ded731c73e80147e34ce3b81c276f8b6d2b2e0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
a5824f125e7c5a363618e10eb166cfa2

SHA1
b9265cee687f031f52eb6cfd6ffacd728f7c9c71

SHA256
3fe2d705da261a98a8cb375d59ff98b0552b61e7c57132d46126fe4646b2cdd7

SHA512
4b2c4fc806097320a56c2547d2962f21e99e6e17a211cfd9aab1a7845dce78d958ab6a03481cb2a827ab233afb2cbcd059bc6e211f8951c1a2e3b7ac51825b8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
96e70c3aced49e26c5938bf5ec7e7a7f

SHA1
5fe35ee220c39cf8cad8d434b49ec31fa3f729ba

SHA256
5f8d8a9d207108426a3f4776786c4a7b5d70db237ded870b9a7ab191602fd83e

SHA512
af6f420164c2504a6c0fb3b62c89790dc3e08ae0b847e0a888c2c793aa6198134a8c18914fa0a5f3153dcad51698cb7125d2c90ae68de221042cbb97b7f8b78a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
5ce5cf921d0e522b8a05efa79031cfde

SHA1
a081d73ab637ad63831b0e05d0122e8e9036a41b

SHA256
6d049ab238bffbfaa0408460f3d76bc23bfd62ccf57659beaa81346e2dd69e98

SHA512
6ef468f6f6b6186fee208b3101c089a168bfc286fd7a84c220a72be085744c70b30a299cbce1bb0c25689da1f348552322a6451277be604f211017ce6d16f989

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
4bfe23c9930f814f7c9d977525cf2046

SHA1
3a6147006bd805a33d7caa647e8088a257061781

SHA256
a9a40611ddccf179b8cd342c07d947af951f85072b598b5332ca772a5ce7729a

SHA512
a235eef64580b8922e5f507f9bb2080800dcb4ea6b156150d2266748ebf38c2eb1e39342b01856ebd9e63b6e89c2104b434e444277dfe03e549293c928cb89bd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
e22edad44e45a6e1da46e0afbb318052

SHA1
d35c28b112fc386c6f4c52e4faa2ed8a56a4f6eb

SHA256
a7a163fbcbeffbfd4655e41d162817a56b8da8b679b139a04961e830ea5ad05a

SHA512
e750271aa41b402a5682f6863e95756c91afcbd5a994453280c7dac3973da3ecaf0fa0689b962cadab492ce90d510a436bd773c995b93ff6b40007371cdd2713

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
86e02140bd5ea5090460ab7ac5c5cf08

SHA1
3cc00afb1b108b2247cc38211b64bb360c1419b4

SHA256
4edd7b2ec1438f6a5d56eb0b7fcd7a42f2110eaf57439283afe85f527f9c1574

SHA512
a0e6177a3791e59aebcc960cdc2861e10b6a20e0169940f219c92cccbd4827afc47bbd94a5629d25a9f2d547e8e2094a3c96aa55a1bc3fe9b744c07436359e95

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
912713dbc1bf81366497d2c10ba3783b

SHA1
cd42a85838ef70f72c2faa5a149bc6a904f81585

SHA256
f4b3c90ab375d5f465e2abc2bdff37fc41e4a1ed44ebf8370cd9eba7408fb586

SHA512
11b2b1b726b314a725d24fa3c8b85f9c05a1643ae768adcad4b7006870b728db8688cf708f355ed8ffe2cbc24fb874dce2dbad86231c045b454dbcddfde35225

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
03cf202f9262f42dff2b35987eed7c95

SHA1
2ccf4e4b8f55d61032048101c18a4b6cc7b6a087

SHA256
6f033953fdb5ad272ddf29299577a4bb8d9a53bda4b3d8ffffd8d56c542c2c56

SHA512
c1d65b8457fa2b0998aa6500b585c14e177154ae5cbf08cbb0ff0fd7a1d82e31520f4bee4ad20badeb91784501057b1a968c7d7d8415a2f7683f1a434bbca30d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
e2bc2cb179b0758f9deda1fde5f60ae2

SHA1
71367f007ab0daf92d954b7e86eae037ec2fa8f4

SHA256
6a2342b270f775433bc77f9d48ab8f71b221c3cd60d84e893314bebff19c4801

SHA512
ff3a3afdf1780d6351306c0e00fedb59c020de68499005726e57487e9c5045636e59baffa487ffbcecc95f9bace000f66d1c3bf3b107e309e3cb522d45dc7b7d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
34b01daded37b4003b71c63712ff2577

SHA1
7cf99924ab19d94dca8a51d00f95ffc29b9f8e98

SHA256
11ffdf625eb3de49818a1a6288e9d7a60f4f3c8951b163eea84095ffd4ff871d

SHA512
6a865be6b2c5103db06dd14777833bd4835f10c2a282c5edd43325fb0c1669fac875367f4a4f3d98c26c55449682ee406e7c882c16d9f48b41f3be533d82f161

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
1b10182ad3f07c112f26fbd9f7a43848

SHA1
b9b9b4bc37a9dc1f9a9cb11df44583594d72f6e1

SHA256
381cbc579d5200ed6725a0dc149dd04703d157ae793d39be130d68eff7109c02

SHA512
1575d4f0f756aa5bee99c0b1f60ebca946abfcba08b180b13eb9fd966b05c44cff94ee2db6b5fa7025b5f0247f06d5bcec3c790a20c1086a59933aa7e5cf7097

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
e03b903ae9e8a21ab7e24230c05ff0f4

SHA1
6c9b3354c0b5a96b7f062d94bf874c67ebbe4c72

SHA256
9fbff63d4b7dc5e94958bf657321ff8f93de76394f78ed679863072d4ed3062a

SHA512
31b7322288802c58e7b287605bae0899bd4bff0b3b1c1daa2898ed32453b5e8d0d4d5b508c79c6236e924a23d61321981d80a80929dfe875bcbe6fd0b4400b04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
c4404953c519113d70e8fb19ce4b23dd

SHA1
c01ab7651ab1e3ae24f146ec72bf53d64001e14f

SHA256
e903ef5c4ba6872159e21dc6f4afa9a20113868cd99ddb8857369637053c3b05

SHA512
a575ba69f83408b219a6b3b63e031fe37d691de67e9b069daa43091b6eee3089100c1f15d34c36f0a40e086d97568866386d52cf60f0160296ea2db745b8c567

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
cad5e407dc341f661f3675c821807c84

SHA1
8581e431be8308b4a0746719898f66a2e4efbfd4

SHA256
df5d8fc7010fff00081f71f3fa2f8a384f45f077caa9afb066d45a070308581e

SHA512
6fcaf91c27feef117430a185d6189bdeb4c438186e4307a6c91c43cf9584c236b93ac04fa549eeb7f63e13494e30d58fd295068d7572cbe8beb438666a4fcf4f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
fcf71fc0b6f12c6d3ccb03418228a538

SHA1
90afa2cabc9eda94a7d01689f605e59601481cf3

SHA256
a3b8c23468dec69532ad374b9a3475e552b941d965ffcbdc6de0f23d58baeab4

SHA512
ca804da85ac67fecd46a5820328f5f209ba08e3f2ef587ce1021754928de36f14f47fe08ddffd729d1d0ff64d5c7dcb0d508818248ceedc5c83fe0a6017aa031

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
8986d1d9e5fc10d99a45d00f2858ef5c

SHA1
49102f4cfe2dc62ef633fee73678a16f8c06c136

SHA256
64576a5588c0facf99197d055c9a6a9b0db9a25c5601087b94407dd79fe44ce4

SHA512
30a094bf7d0db33d54581da8708f5f19cbaabca041e7e559b849f9581e22b8d3415093461e33fe7091acf643e02847c6edbd71a107f462f0057a4e9018266f95

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
785d4681543392b616bcd95e52da7998

SHA1
d538f78f7323f50d01f2765432705ff30ce47930

SHA256
b05c9c1312c869cd6ec5682372bfb01b3e52a60a01ab2fe68afcd6fa20a8cef7

SHA512
8031fa240100e6fd6721affa3ca37e6d88b6341b51d299f03736c31c67fcb2e3c105ecd8f27a6570e69a60616008c9868da424615f035e3d25a89cf95e63e622

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
ad20644a4ef8b16c043d4c1b68a0e771

SHA1
d1bd42edd650c3141a58c6ff0aa858709b7e0258

SHA256
7f2eacecbcda9339249b386ce8e23611e94d2fbec3d90121569d6f1cfdf6f9c0

SHA512
8cf2e34a23f99bf8c37bd5727c8ff6b7666f7752427df8b05d8d82e5e7d97786b4ecded4031bde32d91e46627b169e8d31b2bdd2119c6b755731a787364c0e1f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
29bb41863ca31837876d4acac58f8a47

SHA1
04add82abba27c6ce6922709ea864ae4b40fa8c7

SHA256
20fcb7142b72803b1f74e52d434cb28eb09fa8ff2d178e5edfa7fa5885552e5c

SHA512
00d3a9c33ba5b7b995cdcea97e708fe4b9e14883e0b14f0547cbce5b1ba54c338cce7ae81b18e53ab3072152e748528710ff0bb49197970d4f1d1fc700a1ae52

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
f53a96193b592c3b5fb18292d59c9bcb

SHA1
5a218c70180f408d393397b9a9c2c34d7deb8992

SHA256
e6244f73585ae3c74a0df8e077a58da3dd7b7d914b991747686edadd6de7f87a

SHA512
4f1cf04a8f50f3c9cab562d3df52dc10cc98232a50fd99a61d4e7557a3c1cecf5cf89d7db1bccb42467f1e3ace2057f2359007ddedf9f831e4e9b16ad2c046e3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
8cb769dafb0dd354d2b567160bf82a63

SHA1
beba881af68b4081ece5c3baa70864225c0c7472

SHA256
926c2fc5f0dbe67a1da03125ca00fe6fad055e9fe65bedfb75aa23fbea289e8e

SHA512
3905e30b1c47e4bac91ec09bd08f9c23bf1a5015f58ac843369632d58315c53372a2b87e9d0560b95803941be26b066b4b2413c9b66f2ab9288bda1d6a99b804

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
790d15a76ad2a23841dc9fac85ddac88

SHA1
cb30bb84d28d97cf96c767833ef6d2357a15b437

SHA256
927c9d8800e490b0f6affd0fd93dc4ddc27348ec7bcbf594b0866b7ece46e33e

SHA512
011806c6059c1a25fe451d04339641e52e94f8b582d1a60a80260584e8aeb012df30d01496de7e7cce942c631922d12271718806ac3656e207775e98b2cf8166

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
23a9415f5fa8793237b1a6500d683189

SHA1
e8e628e9237402051f331d01e1c3bef4ac407a9f

SHA256
d56e63986eb323739599da79b3a8b1db4fc616668dec44dc878195f2b86bca1b

SHA512
615a50c7e062e7d75e13bad2c23867fb6b543bb2969e5b32bcae0b1874f1cb15179021599507c9b1bf16d7dae0bc22c1e246411c9cd643772314a7561a5d7140

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
c912101b5b967c289e9a74d5bac4b21b

SHA1
16885dd84c387e8d15da2820a0d46d5e890b3fa0

SHA256
b5d71221182a4444c673670dd1b3714fcb56bb800700382b71f0ccde2c2f7fb3

SHA512
c0662ad808f6859034b7081e19c1991a2033a1d5674069cf1891018daa0b2381df1a250f4c54e374fe363eb2090bcf10a7b7f3beaa05a2dba6d36af20cc54b9b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
cf789b5c418cc53b1706dfa2d8ff0332

SHA1
5b17e020b2a83e182f8137777e926a9c84545660

SHA256
9ca3c9fc60d6947046e2a3526eb24fcc45ca152bd9bb2983a6d5105d3649d579

SHA512
52e5b1df2b3167308b9b6e5552311db906acff0e9abfd03db307be6977344592977cafb04c0dec0abc60fdd3e41a8724fedeabc9d2256d171b991e8aa0ab835e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
8d673b29833feaa76ee739c62d827ade

SHA1
d74d90db9d88fda7de2ae1573ca74ceeb93f1c06

SHA256
53fb9df7b1baa733c170c72a194958349f740396a7ba01a88c8f83bf24b78718

SHA512
44599a57b12b7b8cdd79113f5059b5ac85c28927787929505e511e19adf304d3f26c03113a56ad250f2828dcb163233d4eb4baea21c4c856d6cb17d98ff9a165

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_lt.dll

Filesize
28KB

MD5
7c6e8c05a8f9924836d3a351f8351edf

SHA1
f284487780f2da4317a5dbed28be5dfec35e5717

SHA256
71ad0e4e5e12d815cf1c3ea68e6031019993bad8a87b80ac2784f25986be0453

SHA512
92f31e19ec3f0afeeca2f7de0d058066b489b4a67aee983df32f32a4c96186af9d2236e33217aab050a39f90845fb6b15adeacc9bacc0392fbab023d81a9f5a3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_lv.dll

Filesize
29KB

MD5
62febccb48955668ba8c86328cdfc1dd

SHA1
995c1a5b919bc66da3eae5de21268547276348ad

SHA256
895dda8bb6b6b6778ba7fdb4f7c4267262ed4c3b584c5f7955fb40723e802d79

SHA512
0e5d0c0e4a57b3c6bec70f5bdfd5c95dfc83bf6552dca81faa0e6a7d0276ea30598f26028caed4960d5ea2ec527504386a9cc601c3c03680be33188eede1378b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
a331bc8f6139ea072a0680ffd3bc86ce

SHA1
d6a313dd2fc8ad5be07bb3fcd772cf25ba2fd5d3

SHA256
290ac7ab8d4fe81cca87fe0deb254261f165247f2156b1f3ffcaf2b90f97519a

SHA512
866d09542104a8dc88dea6c86129958bd327eb910b657a73e7b4b54eea78c6a2a2933cc43f3ed7710e80dd1c9f2ec078ca12eb066c03353133c80ae4e885dde6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
98e4d89118ff88ee418b432895ec99dd

SHA1
8bd81c94c086147182f9c3ab5ca2b5445b016a19

SHA256
b3188679b1b8ec1af27994b57609f5c1821c000b866920aa752ec9931c4541e2

SHA512
30b025c14f4e8cb3fdc99db8389a00d61af5c9e07ddedf973b1d78d17fb9d0fdbc6b6aa750015379211359339b86c7f4cc3286e591d11e7a1d14fb1fa1776af4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_ml.dll

Filesize
31KB

MD5
1c33a09e597bfae959e69afa1a88afc8

SHA1
54e5bc4aac2ad55ddfa7d6edc7d14feaed0d4e88

SHA256
a9baed70d3413ac151009bae094c2be8dd0bb8aa370ba7930300d42d50212422

SHA512
4757ddc122b133a8d816b56bb4fb6404d46b18a73602c8d6a74c27113a1d50a781e9bbca2396338b4c3fa84af872981da3d426d749a0511e32dd7aab6ced6330

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
1a923bc9805e568f2b2e7a46008509a0

SHA1
15f4172c803e1a0a8fe23f99c9130ad5789ccd9d

SHA256
22238fd90ad91cd6739f7f54bfc19a806fbc31d7aaa956d25a0baf35254ba67d

SHA512
fcda263c8086bca800e72b1487b61d60dedfcad5fa238ba7cd542e32e33117c8e328aeed09b86ab015f4482f5e7fab22c381a45797893ab945ff6696c32db6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab33B0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar33C2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d8c3a6face019f03b2b61059064abc24

SHA1
fb845fe5ae7b483a64f38fc3355652c9c62f0257

SHA256
ea4dd1c5f646266893cd4d2f12abd2e5729d2236f392f54c484d9988dcee5ec3

SHA512
55eea3e63898283c813c5cd8f23af5ccbc40176b687286bc3af9626ab0b3b1244e2a4657de7a4a479903aa0933afe5552971e7e7ec8ac521b6848da853fa7da9

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3054eb96df8e8161f0d4ac0c97ba0d28

SHA1
cf81cce29fbb53430b9d98b2f25886c54fc72cc8

SHA256
d153e24283775fd647b0d2ab17ada3a5f40f15edc2338d2cdc0328cf4e89b86a

SHA512
fe81d2c47a8b4348c4f5242bf8619fdb747e0e205317246177cd140c23ba2635d9f15efb5040ebf6e0bed5ff396c568bdceda1c36b6191f970a9c87d6483d0f6

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec20c680bc55764f18ce26ec8ea358b3

SHA1
1d4ae14748098fa26cbda962f77b4e146c10eb4f

SHA256
41dd0450bb0e34f57e43a1852edf66ceaada24cb3c36fe9dd0c15e12e14f269e

SHA512
9e1fc0b2d0919d041827fda9f0f806cf1f43294529f281fc333cc719596b5342dfe586653da7d0311e1e7cef16a97d742fa6031bc6f00584fe94bfed8fa44473

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27c50ab143abb4acdbe64a052f8f2eeb

SHA1
0b082881a8939b334e736bcccef46a8abb2f36d2

SHA256
abef12927c679a4ad2534522c2fbbaf1a592aa7f14517f09aadda735e1ff42e9

SHA512
604ecfdaa17df5b32ab7d5f2fae50f855427183748b3bae7d07212f15d4193064feb0fa384ed969797bb1b6a625731a67334109c82326b42b2f6fc3833b78ec4

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ba20d962bf194b19ee34ab3b508e36a1

SHA1
1888e26c3f835aaaf6a9d61ae75154c3c4e24aa5

SHA256
43231d35346bbca2851010e92c2e831770b39a500e12fba4d5480105b737bf80

SHA512
1589b42f8609aa5e50f7c65711ac8b69f30854d53fa4819482f2bc07bd5803d4dd56fcbda329c4fabf955f748b5e32a4d0849ed09a3067e42ad95032b279bcf6

Download Submit
\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdate.dll

Filesize
525KB

MD5
f438d1e36feabadfb0c6e86151e8cc58

SHA1
0989d83457b90815670a0b5041470420a60ccd46

SHA256
801233a353f3ad14acf641a79ee795d434f801d954c79c2ce33b7fa38ff281bd

SHA512
60b0ba1d395e83e0022c885fcd77be19a7a999522a51b427f35ccb1f213b7d25f145491ce928217d2282947abc6c623a139d88d8dd62fb96e5e3d8201d466cd7

Download Submit
\Program Files (x86)\Microsoft\Temp\EU21A4.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
5d365ca4dcb28432aae57e60dfae29f7

SHA1
76150d3ae3070e10f378df87e433b1324f5f008e

SHA256
990051016c4d565d20167c62be48e92ecd840231bd0ff21838d105cbea750ed3

SHA512
f46fb26ef0ce04eb0655cd4ed769b5af055ccec0a15cacc25c9bdd6e3c3a4ca501164e5093eb7381d00ea28a3be59e69762ade995a421c7ce8b1944fd2446465

Download Submit
memory/596-189-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/1568-914-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1568-114-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download