52af9190a47efe33841c5619beb09f9731ed764145ccc3ddc5f17eda1abb511b

Analysis

max time kernel
172s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hatt-windows-amd64-installer.exe
Size

9.7MB
MD5

88eb2a71ea0e2234dd7a2985edecadce
SHA1

2d9fa6604e2c9166c7e8bf18bf316b059c4a7096
SHA256

52af9190a47efe33841c5619beb09f9731ed764145ccc3ddc5f17eda1abb511b
SHA512

01cd4207636c11b5b493ebb56cd2da853f571e6349673df6b1ee3439ba1f8712bce2666b8e0d06b592b0a209f343e5edc85f9fc21f04048256b349c9d2ae86ea
SSDEEP

196608:IB70yAyMGYJ3CDJUyAk7yr+pf89fVImke/J8W1owOy/o2rMNfq:ICOfJV5pfINl/J8W1oTF2mfq

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Executes dropped EXE 14 IoCs

Processes:

MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_125.0.2535.51.exesetup.exesetup.exeMicrosoftEdgeUpdate.exe

pid	process
4824	MicrosoftEdgeWebview2Setup.exe
1092	MicrosoftEdgeUpdate.exe
4264	MicrosoftEdgeUpdate.exe
4520	MicrosoftEdgeUpdate.exe
548	MicrosoftEdgeUpdateComRegisterShell64.exe
2888	MicrosoftEdgeUpdateComRegisterShell64.exe
3568	MicrosoftEdgeUpdateComRegisterShell64.exe
5088	MicrosoftEdgeUpdate.exe
1908	MicrosoftEdgeUpdate.exe
4248	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdge_X64_125.0.2535.51.exe
4052	setup.exe
4992	setup.exe
1360	MicrosoftEdgeUpdate.exe

Loads dropped DLL 18 IoCs

Processes:

hatt-windows-amd64-installer.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid	process
2992	hatt-windows-amd64-installer.exe
2992	hatt-windows-amd64-installer.exe
2992	hatt-windows-amd64-installer.exe
1092	MicrosoftEdgeUpdate.exe
4264	MicrosoftEdgeUpdate.exe
4520	MicrosoftEdgeUpdate.exe
548	MicrosoftEdgeUpdateComRegisterShell64.exe
4520	MicrosoftEdgeUpdate.exe
2888	MicrosoftEdgeUpdateComRegisterShell64.exe
4520	MicrosoftEdgeUpdate.exe
3568	MicrosoftEdgeUpdateComRegisterShell64.exe
4520	MicrosoftEdgeUpdate.exe
5088	MicrosoftEdgeUpdate.exe
1908	MicrosoftEdgeUpdate.exe
4248	MicrosoftEdgeUpdate.exe
4248	MicrosoftEdgeUpdate.exe
1908	MicrosoftEdgeUpdate.exe
1360	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 33 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 8 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exeMicrosoftEdge_X64_125.0.2535.51.exeMicrosoftEdgeWebview2Setup.exehatt-windows-amd64-installer.exesetup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\identity_proxy\win11\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\EDGEMITMP_53D9E.tmp\setup.exe	MicrosoftEdge_X64_125.0.2535.51.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\identity_proxy\dev.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\en-US.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Trust Protection Lists\Mu\Cryptomining	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\sk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_km.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\uk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\webview2_integration.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\microsoft_shell_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\msvcp140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\identity_proxy\internal.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\delegatedWebFeatures.sccd	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\id.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\kok.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\is.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\VisualElements\Logo.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ta.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ur.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_th.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\BHO\ie_to_edge_stub.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\te.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\vccorlib140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source4052_809335317\msedge_7z.data	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\kn.pak	setup.exe
File created	C:\Program Files\Hatt\Hatt\uninstall.exe	hatt-windows-amd64-installer.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\hr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ka.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\th.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\pl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\lo.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\msedge_elf.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ar.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ko.pak	setup.exe
File created	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ko.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\MEIPreload\preloaded_data.pb	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\ka.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\lv.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\telclient.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\et.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_el.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_fa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\fa.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Locales\is.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Trust Protection Lists\Mu\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 41 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ServiceParameters = "/comsvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.143.57\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E0C8EE8-06DC-42F4-9542-FB2275AA609D}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc"	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid	process
1092	MicrosoftEdgeUpdate.exe
1092	MicrosoftEdgeUpdate.exe
1092	MicrosoftEdgeUpdate.exe
1092	MicrosoftEdgeUpdate.exe
1092	MicrosoftEdgeUpdate.exe
1092	MicrosoftEdgeUpdate.exe
1360	MicrosoftEdgeUpdate.exe
1360	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	pid	process
Token: SeDebugPrivilege	1092	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1092	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1360	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

hatt-windows-amd64-installer.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_125.0.2535.51.exesetup.exe

description	pid	process	target process
PID 2992 wrote to memory of 4824	2992	hatt-windows-amd64-installer.exe	MicrosoftEdgeWebview2Setup.exe
PID 2992 wrote to memory of 4824	2992	hatt-windows-amd64-installer.exe	MicrosoftEdgeWebview2Setup.exe
PID 2992 wrote to memory of 4824	2992	hatt-windows-amd64-installer.exe	MicrosoftEdgeWebview2Setup.exe
PID 4824 wrote to memory of 1092	4824	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 4824 wrote to memory of 1092	4824	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 4824 wrote to memory of 1092	4824	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 4264	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 4264	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 4264	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 4520	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 4520	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 4520	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4520 wrote to memory of 548	4520	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4520 wrote to memory of 548	4520	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4520 wrote to memory of 2888	4520	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4520 wrote to memory of 2888	4520	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4520 wrote to memory of 3568	4520	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4520 wrote to memory of 3568	4520	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1092 wrote to memory of 5088	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 5088	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 5088	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 1908	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 1908	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1092 wrote to memory of 1908	1092	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4248 wrote to memory of 2464	4248	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_125.0.2535.51.exe
PID 4248 wrote to memory of 2464	4248	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_125.0.2535.51.exe
PID 2464 wrote to memory of 4052	2464	MicrosoftEdge_X64_125.0.2535.51.exe	setup.exe
PID 2464 wrote to memory of 4052	2464	MicrosoftEdge_X64_125.0.2535.51.exe	setup.exe
PID 4052 wrote to memory of 4992	4052	setup.exe	setup.exe
PID 4052 wrote to memory of 4992	4052	setup.exe	setup.exe
PID 4248 wrote to memory of 1360	4248	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4248 wrote to memory of 1360	4248	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4248 wrote to memory of 1360	4248	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

C:\Users\Admin\AppData\Local\Temp\hatt-windows-amd64-installer.exe
"C:\Users\Admin\AppData\Local\Temp\hatt-windows-amd64-installer.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\webview2bootstrapper\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\webview2bootstrapper\MicrosoftEdgeWebview2Setup.exe" /silent /install
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4824

C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true"
3⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1092

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4264

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4520

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:548

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2888

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.143.57\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3568

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNDMuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUY2MjY5RUEtNzQ4My00MzY3LUEyQzMtMTI5RjJBOUI4QTgzfSIgdXNlcmlkPSJ7OUIwMjhGMjUtQzdCMS00Njk2LTlFOTItMzYxMkRCQzVDQTQyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNjFBNDJGNy0yODg0LTQ4QUEtOUY1OS1ENTE1N0NCQjYxMUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTQzLjU3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjczNCIvPjwvYXBwPjwvcmVxdWVzdD4
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5088

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true" /installsource otherinstallcmd /sessionid "{EF6269EA-7483-4367-A2C3-129F2A9B8A83}" /silent
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1908

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:4248

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\MicrosoftEdge_X64_125.0.2535.51.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2464

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\EDGEMITMP_53D9E.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\EDGEMITMP_53D9E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4052

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\EDGEMITMP_53D9E.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\EDGEMITMP_53D9E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{914B6C57-8D3D-49FA-8892-388876D862A3}\EDGEMITMP_53D9E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff666524b18,0x7ff666524b24,0x7ff666524b30
4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4992

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNDMuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUY2MjY5RUEtNzQ4My00MzY3LUEyQzMtMTI5RjJBOUI4QTgzfSIgdXNlcmlkPSJ7OUIwMjhGMjUtQzdCMS00Njk2LTlFOTItMzYxMkRCQzVDQTQyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBQjRBMTREQS03OTBELTRGRTUtQTQ5My01REE3QTY2MjZFMjd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNS4wLjI1MzUuNTEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGJlMDU5ZDYtYThhYi00NWQ0LWExMDUtNTExNTA0NWNhOGQwP1AxPTE3MTY5NTEzNjAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WGpiaXprbVNhdGJIV1hkc1F4OFpZb3FUc0MlMmYyMThTS3pMTjF0JTJiWDRHZ1N0N2pJRE5IeWtiZERWaFdzWUZLR0htRDdwNlhTNSUyZll3eUN0RU1nYUxYYkElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGRvd25sb2FkZWQ9IjE3MzY0MjI4OCIgdG90YWw9IjE3MzY0MjI4OCIgZG93bmxvYWRfdGltZV9tcz0iMTAxNzE4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyODEiIGRvd25sb2FkX3RpbWVfbXM9IjEwNzgyOCIgZG93bmxvYWRlZD0iMTczNjQyMjg4IiB0b3RhbD0iMTczNjQyMjg4IiBpbnN0YWxsX3RpbWVfbXM9IjQzNTAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Installer\setup.exe

Filesize
6.9MB

MD5
0e2485bb7949cd48315238d8b4e0b26e

SHA1
afa46533ba37cef46189ed676db4bf586e187fb4

SHA256
1a3d50530e998787561309b08a797f10fe97833e5a6c1f5b35a26b9068d8c3e8

SHA512
e40fcfb989e370606469cb4ca4519ce1b98704d38dbfa044bf1ad4b49dbcaf39e05e76822e7dc34cb1bb8f52e8d556c3cbf3adb4646869aba0181c6212806b96

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
159KB

MD5
682cbd01731ad16ee3f89a66757fede6

SHA1
072f549ba575e853228acedfdd091cca1e3ccd63

SHA256
784d1df23f232b5e4d40477d4ed9d61792d30b3ef28de8d40f681c858ef36d0f

SHA512
b531ac8d54966fc6aa9c53c4a126063a8f998763242ce5648e93b5a1571f1c9c2aaff38b6455ef4c6435cd2c8b76624d6aa8c7d939af8b82766cf5bc5c24ea48

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdate.exe

Filesize
209KB

MD5
5492e3d3e8e5c13e057d323029aae7b3

SHA1
f0db5615ff6659ce7bd7891e5345217e0e0bba46

SHA256
bd9699e3da3de952145565d1825da68c3880c7e92af1d5ea94589d0a5820f668

SHA512
3138956a77daf7d13baf155142cb03c804440be71f39fa115565d337c1bd123a2530c69ce80aac64c3e2b018799efed8acf06e84ff37eaf61e72886be92575cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
203KB

MD5
8b6401915e92e8dd7c1b08fd7c936240

SHA1
5f58f939a63df11b146153f0533c200355a4fcf1

SHA256
c1346ac1f12d9b2d8ed4a34390498911ed87656ac8723208105ecbb84a6d4368

SHA512
7978c0111b3c7163657d4be384ea117f79717ccb9a8627b8a35bdaa02893ba06850ff2a3d46d123111404d8932fb1d5d598b2aaae6b6072cd1262e25b3cc8558

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
236KB

MD5
9c49e88a984228e1e9139e10272ecf06

SHA1
28959c2e08343095359178b6490a244752fb0a51

SHA256
dcd5baa50714c59de372ea1ab4ed09e5456e72e5b318c5e09d49fd46965a4bbf

SHA512
f6d861ee36d72b75264d66e89be3eddd9801925cfe07782b3fd4ee870f6ba2a63489be1001b9e155d321b4139eeb64e185a6ce4e8d70f200b2f2f4f992ad1160

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdate.dll

Filesize
2.4MB

MD5
2141e11f0e1aaed7bdbcadf58fad0357

SHA1
6589df19d3ab259d41c54338bd42ccbd98a35db2

SHA256
7d3f4e7a5ecfa260582b80d5a04c118320274a5e421d99e6c39d875ff8a80b9c

SHA512
bc01037887a92cd0e43dad028fc8789c7b59d71528396410c793ded43f9d709ace099aad51165e5434e5461bb7769bc786cdb6fac5cbcf63bc0b71598017c939

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_af.dll

Filesize
27KB

MD5
650513fdb8e57e43722139fa33ec4ef1

SHA1
29c9eb770c41381cef2778eba83fab42437d365c

SHA256
a088db9a2a8894f8b5ddad64fef87b19947fa28cfff2106ec913b10ec82242f2

SHA512
2eec1a020212333238619ec927edea1dcb25d3aede6bfc894ce1b2a80c5592a82f09cc42519d8e883cd590c1d1ca98af590eec6ca844f3e57e8c72e14a108d32

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_am.dll

Filesize
23KB

MD5
0b1daba73d7d9a0b83c9f32de9aaab1f

SHA1
7256b18df988a4e04d4dce28028b26e3d3fcf6f1

SHA256
5c6b11c6601ca9fa7462ab3e81cae6a81f386c0f1f54048ae0209a0592ad8bbd

SHA512
d3783fcd25a303c892a49410f102332d2a2ed856df192f5560435b226f16e90cb97ac0be3e4a13aca49e91f6de881b0bbcc63f363a452ab146d64f98c0f09119

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ar.dll

Filesize
25KB

MD5
3cd36dd3fb7dbb8cd57d5bc5b30af46d

SHA1
92c288b5ecaceda4556e4b1b7abba2608f51530b

SHA256
c5f7db9ea55a3c1e6a309c7b2a906f99a9a695b969ac7f1fa3238840644390ab

SHA512
9c3155a2ef86bd7c01e63a96100942728a7aa763465bd990964950ea13761e03ae6fca15dfe031cc69b1ebe1a87b85f52c3f00f53ae7f76a38a501c294558624

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_as.dll

Filesize
27KB

MD5
dfafaa0329d6468ca7d61735bdb48805

SHA1
87e099322ad2f10339504b1e602a94c4505f4039

SHA256
fdb931a87044070cca635d9e9c943fcfa1b01db355d66448465d53981b9d19a8

SHA512
8f140c85d7175afe5c23e199eeb70a104830c9e5edbf2e834e97c93fb5ec223eab43e9e4560167de80d2cd33a7e3ebca0ae034c543efb1aa61a3f4b968b9c6a0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_az.dll

Filesize
28KB

MD5
9c6d060246ccbbae8404ef7ddcc3e999

SHA1
6a554be64db7d9ea72f45792a5ffdbda252d36d3

SHA256
7c8884cc2b3a02e2e40f8b9be13fd22972daf904cc2c9479ab1d671d878ea023

SHA512
4ac724e079abfc6eb1716d556339cb52c233c7d9d4cd3b64051332666afb70e9bf17d2df502edc7ac80595ea76ce10aa099efef2779e7442b9c5e4c6fa644343

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_bg.dll

Filesize
28KB

MD5
f66b0bda782786dad87872cbc61367c1

SHA1
3d762a92e8814eb45f0f64ab004f39c4e74b9c54

SHA256
a9264904354efabffe7d7e6e8006a79e3fc360d720e5939b11b5ed14a57b1b1a

SHA512
96a4fced2979c8c78c42b9387249e4afb13d90294199df95eb588ad7f9f68958bf915a05fea2f6991a1d481a5af8310eedfd4570d5affd56e5bc008bd9dae497

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_bn-IN.dll

Filesize
28KB

MD5
6b9be2f8ca359f17369eed3c31ade27a

SHA1
bccb2f1512615f908e9d4a16c2775e937f3c4a5f

SHA256
96396416d10a0601bba95de392ae44932edce69f081a12302f69a8305fe378b0

SHA512
6a9831189efe07646bba89407250ea22c9c1eea0f5af04d59220692add99b4b67e96c9ccb3635f476d5bb73085dc35a3896b3b7ed72d8544cca276a6b444050e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_bn.dll

Filesize
28KB

MD5
f834309adf53c98aa3c285009750d7e0

SHA1
4e64ffe88825b982459e57a739fa64d8a92fc3b4

SHA256
0e556855e6486cbac2b9015bc3193139c37b8021c3c58eedd8e463709dcb464b

SHA512
a4276d4a9cd964a82bf405bb9579360dd3a61606d303da05ffc8625f496ee685ca9900c6f5f7f06ef818d154f99e8a2ed88f1ff45d30e7272d21c5b9c61d4481

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_bs.dll

Filesize
27KB

MD5
6e9ab19d33decdc96732e5431be31070

SHA1
4aabe0abf352f2012f40513480ffc5a77fb936e4

SHA256
851b7d6a553dcbe1999bb8d8b6edf22619c02a11dc3fbe3516ba79780db886b7

SHA512
9d60210a6ffe5e0b077eb566d9be0f558e8e8e040677b722f895aa807277845ae7873efea33f7966be3ccef2827216f19c737b17ee0863e60464e7897d9bbf54

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
28KB

MD5
ed0acab9db6d01dd57e8e48574a111ad

SHA1
5fc5e58477fc533cc457f63ffcb85ea5a88ec1b7

SHA256
185e534631402a2f76bf09b6e6c036be3907bbecc3f627ffa645ec5b2a610dc8

SHA512
265e87aa7d4f2b23f4b720bb39dcf7c756170aaf1ce43ecb820eef2fea1c3768c3227e20a9de8fd41c7e70afbae462c27006bdf3877d4c9faad04f16bde8157c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ca.dll

Filesize
28KB

MD5
d9fd19795c264ddff0b95710e5f124b4

SHA1
9f6282feeb6d5b16df812b1d78cb2ea52c8da009

SHA256
7b3b9b2bbf6162a2c9c024cc5276985d5ca977e4dcff0dc3ba72b6d03730c1c0

SHA512
0fd5c6fba92003f4c0f84bb233ae191ce7bd4867db24d5bdfaff5cb501b02dcdfef584457846a9f949123842299d793a911d92eb926176c32ee761a499a46004

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_cs.dll

Filesize
27KB

MD5
064f2fd94367c7658b1a3d0fdaf9b892

SHA1
7d03a7d9cd5b887495015678244d57f307bbf6e5

SHA256
782513352898fd1c3f666e047fd8020ac4d99ede6da567b4c48b69d009128180

SHA512
422813cf2c0774488199d919f3a6b7f5cdec79f1ddcf0cdc31d809e079c3ac0e7c2d817cbd2b69c9b00209422174392ddfaf4b88a0058a1e5a98faacf9798474

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_cy.dll

Filesize
27KB

MD5
043accc7748d1b2af58d6297bd58d666

SHA1
225c5ff51b2225111d68f3be51cf259ccbbc7505

SHA256
7959ba8716128d46a92adc53afd149ba8293c04f446d87ca64196e8ad1477238

SHA512
734d25f35eea0b9ea55c3e7bdd6be997d3b23857996bc35a1f59fff7ead8824dba70465570bb3aef0c3c8fe21c05225a9293e64063c979e2e27406732a2a3351

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_da.dll

Filesize
27KB

MD5
7bb7ba0ace4da5724c0d799c187bbf3c

SHA1
ac02a7777144e99a757be9fe0c410fe932796eee

SHA256
6a878779b8c25d4597ad939b5675a320df8d2681f8adb542dee5e270c048432f

SHA512
8a072de448804324fba9b2b3dd878b6d250c5f912ba383780af6b38fe224507fecdfd34be2c1663bccb849f5968e78db03d585e7b55bf3c767cbb97545be64f5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_de.dll

Filesize
29KB

MD5
d92b223966954c7618b4e57474c6cf18

SHA1
d71184385360c5f4ec1ce0a67a55bcec8a9f1dd4

SHA256
bd69f57de2225ae3cddcef6866c34e12dc7afaf96e401563b8070a48b5b9071c

SHA512
315a83393b129e69697ef1833662bd0aa106bdd46e78e2e5d5656ca3ef47dee507d81c8f2725334f60cd771631d1d1ffa49ce211450ce78e04221785c966038b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_el.dll

Filesize
29KB

MD5
09a969ceeb8331e44312d00801a8a834

SHA1
7f7833fb13878a8bab8988664abadf07c9654879

SHA256
32cb1180e063174620c8a5fe5fc6b035a62387e1ad50ac4c42c88bf50c8f3d03

SHA512
5e5405c39ef367fbb64e534ea04d4d60c1f9e3546ad56f0186faf9db2bcac78cc654c9c4510fddd0e22656f657ec5e087be49516ebc239b2dbb8742f559e0187

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_en-GB.dll

Filesize
26KB

MD5
e729e693f3a57dc0fde4417a3e700f2e

SHA1
1715d1e56441cf65aacde9e49a4cafe82c9315d4

SHA256
4125aa8ebd02a8fb0539b77f0b8566df9084ece651defc35fc991365e007801c

SHA512
9bcb07a776b2503fa66d78c946019495243f30c6c0448d54b1dc593b52f38488093d4e88e41338e96c20fad98b215b9bcb305bed4bbf04cfb5795fc1f5006020

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_en.dll

Filesize
26KB

MD5
580e2d1e38ea17ecf3c9f1bb9e1e7520

SHA1
0ad4a7629766e2a4ef42bdd8d945289f400e3992

SHA256
7d347fa9e6482fcc6e93a35f903da2d6a19a429e3cffe4938979876ecc195f9d

SHA512
04b86b67112dc174de821fde975c7365b389f87ba7188e0139589d40d7b14e037047894947a8c8a26f79f923959f43e8afdb2787003f93e041910ef716056a0a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_es-419.dll

Filesize
27KB

MD5
05c8fddd08f87aac5ef60cc893774dcf

SHA1
6b226843ed011952b0520b8af2bb2f00c0d96a36

SHA256
5c728f0e1a2510e83ea178709320adc98fdd05ed5dca72f6087eb3e142e73616

SHA512
a95645c20691ad71ffd7ca60444b9756dce73a0c222de33ace035cf6dac5a20a42aa4f82f06231112943776e612ecd8c2aab52fd7dc328adda02d58bba9d60c8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_es.dll

Filesize
27KB

MD5
35911665447f05be40f9e0df2dbd5736

SHA1
ee42b211f24c59ac7927ad610b07024b56b67dd9

SHA256
3c95ff101e4b0be33739f3fb0eba874dbd8aaf425c93b08bf1201caacfd17f1f

SHA512
3b2dc33854f5a4fc711fd74cb6357461041e5c8f94a6ec0addd8839e55e8309e8352cc16bb78e32893789eb28394ee0749a3c0ae0a12ad07b64dfe58e4eebeb9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_et.dll

Filesize
26KB

MD5
befda80e9e33aaa8b30d8f8c5222cb01

SHA1
ae0c20c04cd06e5360c285311b3d74cd9d758223

SHA256
e1f15fedf49e80b6cf9cb5a670f1142b85ac95e604b32aa95b2377e88dbf093a

SHA512
129420c7e3b56ffdedbda5841535752b385b81cb9a39d77c6e71cb689318e46edf52ee0c61560d027d294720e8fa9764b14607c37ed07db0733ab20573a06bd2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_eu.dll

Filesize
27KB

MD5
e1dec51a10801ad6a6807e60f43f8f6c

SHA1
afbfd51c0ab2c84184055bd5a9cfd231a849bf36

SHA256
99c82e005a3cf3114e623eb61900e88439939266130ffcf208562d4c4e5634f4

SHA512
a9851c07705e96a08186d33849037d0d27246d6e85a00e8476b569954ee16c351b28191caa2f1969200d8e932ba810361ead9e2bb4a98b683e0d144d304d89d8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_fa.dll

Filesize
26KB

MD5
8b70279dc81da52beafe0d9c1c0939a0

SHA1
43fe9f15a747a1f9f9ea31469fa72f6aaf33c35e

SHA256
56f56fb51f8e2d84044bf93a7ff57724524055ff208c153b15250e669760fc63

SHA512
158bb2a2e7ced28f6c3fd1d1a360ee294090108c5f80e91daf524007dd0bd2a9a67e88afa600d109dc3717d9e39da914ae3e387f0ed2eea672e36279a18f4aeb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_fi.dll

Filesize
27KB

MD5
d327047adca9c9a6ab08914ff174c9d4

SHA1
a7de9686c3c75741e4f30b8ccdc2fcf12afe00e5

SHA256
8b36cbe66a3c2c9ca1f328d848110deac23dec59c1f1d9037668cfd83b701c93

SHA512
258c58fb8098d1b195be763e6e4d391bd5d38965c22a2935ce3573f95a1e298b4a87c4352f8644f34340b9bbdf3b61f9ba88f783bf35511fb8bce308a4ed2b71

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_fil.dll

Filesize
28KB

MD5
8b8f70795e9812dca57a6ba955893941

SHA1
f2c7a247181829ad68e5e0d240778795be74f0c5

SHA256
dbb70c3f49f4b92789c85bdff04044a457bf0c5131db49a19530dd2acb676358

SHA512
7ca7898e038859a1d2954b7947042e845eb4b1dc791717c2c87402ee2482383feb1d7fc75ce300e0e643715fe94d4cf462727d305a39ccaf17048d4ac218cd6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_fr-CA.dll

Filesize
29KB

MD5
fc3accdfffc97a4e781775e9e050f459

SHA1
67728990078e5c5f8518dd391ef4206f206aa81c

SHA256
657761168394db9e62602c066d9b7182244a76e58deb6a4016d59542a432cc9d

SHA512
1537d586f44c8c21888c7e8c58b23b7042f6626df57a61158ecf94ea834d26ad5a967afc92ae93a9493e7753a812a43355d98577a0f907df844dc61017cf94bf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_fr.dll

Filesize
29KB

MD5
fc6c4655520a0b2680830955c7a572e3

SHA1
5fe31fc15d72f5748644906409c725f54e500304

SHA256
9a3244d21b361ddbf9464dd8334cb0d9f272b904cd75b7bd682d01af9ae0f090

SHA512
57544c03a2419fea4776f490f7d193f0b6bbd756a7223ff20e88469f39c63a72c32d70e9fffe67bab0fbf83e25b5dab36aef1e62c74cbb4ef701fcf63b61f065

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ga.dll

Filesize
27KB

MD5
7221eda5b326f224e044c30a2964fc79

SHA1
7f1ce6a05a6a95df3ba92e2e3f2745b5d0b62f9b

SHA256
2bf41692c48268374f4d641ca50b0e7b089018d4abd54ead95444366388f9ae4

SHA512
89f1e8cfb46a9e134a136f27002e4cc7ff056a2e1cf1c53ad847991a3a0448bf86ebbe963904014e1a736388171d14a11190859857ea4efae67abcdb9870287a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_gd.dll

Filesize
29KB

MD5
696d493e7def34ee110a6c12690a143d

SHA1
18c1a1d6b6c9cbe167d333520caebc4c1aca3f77

SHA256
fff59156d392eafb0602d5776760e5f84b2d583f3f4bdee884e4bac1d0cd8f4c

SHA512
f5a01efd245aab19e228ac87eb83e52c0e4f6a6a70a2d9c9cd5669d032b3109390515b60d16884ee960fd452c799e43b3d04ab6b09bdee62ef410aaa5faf0a1a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_gl.dll

Filesize
27KB

MD5
78e23bfa292e020d30da56a4e9e7965d

SHA1
f8f02ed45488a500169d46f80178458f52d8e948

SHA256
06eabe62442dc50f267a18359d6868ceb813339511a21388e26b3d14b797c803

SHA512
b20b4aba6ffd1f3aa54fa2649021009b45a93523614c5437194b3eb8bdeca71f98966704f6c4e69984dba7ce31085ae2d90acb9b9187f2e40faf3046897b5d8e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_gu.dll

Filesize
27KB

MD5
b1b0a1775cb2e78f3ae2281a374fbacb

SHA1
b551519f766657190b29b94b0b594265c10ae6c7

SHA256
b1e8a76cbc734ec5d9669ba0722410dc0f89dac191da86c49ac616129b37b9a0

SHA512
14bfe2e7ec32484e2974a42e931b9eb7e9d7fbd1fe5b75d76c9ff7ba5c68886254395a1bbd2e787f704271d3099c689c22207b2370f09a304bd6063a5cecf071

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_hi.dll

Filesize
27KB

MD5
b0852d3b196fa120049dddf700eb18bf

SHA1
8cb50d1e0ed5ec229f2b29bd26a38e748e9eaf73

SHA256
4348d541061fb81662d06a749552becfd905e0d0f8099ee0260b24753994538d

SHA512
6ee043046d33213f146bebd63b030233bf515a3dff087b5d782f1948b265605636a1a2ce044cec620a4d8f16fd4176a3f7b9c70aaa849542b1411fca2c7a7d92

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_hr.dll

Filesize
27KB

MD5
e79202622b93816402d8418818b693ab

SHA1
4606b52c2b1dc4ba198b4f8df5b12c479da8603c

SHA256
c6c9b481b0d2f4d7acc12de5e3576ae1139b0f1069d4621482c079328492e9f5

SHA512
e2462df3ab452cd67735f83637f7778b7e4f617b2ac471aceef40480226e0509d25ebba39072e73f9b423bd17a5d7f6286a2f70bfc5ff1a8d0d967fbd3e2dddb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_hu.dll

Filesize
28KB

MD5
c36194cdcd5e25551cb33071d2e6dd45

SHA1
6b8e49714febe755288cd93f40990da33e0c8ceb

SHA256
b6b1e6424ce78d9aa2dc65324100f9b6b0f999b398310c20488370c9484bbe31

SHA512
7df9e7b1b40a6bc725a8cda54d69aa1c88b9cec0b1619c052744ea69b85eaa09b588a0ca05c183b5b98671480cdbd7f34ec06ec08a880e06c831243245517ff0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_id.dll

Filesize
26KB

MD5
c4bf7ad6ddcbf26311b3d39719c6a948

SHA1
919d25e1883a6bfd817eeb07aa64250572914756

SHA256
c648ede89abebd0ceeec6ca028f1fe5db9bea6f59160464abd8e0b5adf3ef275

SHA512
55ed86064e58c2c25a3a7030276676d00084120fcdd3fa834490349d2282803790777143ec116e5ab021ffc01f34267b2b9391e062fe103c78303a72a322e3e1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_is.dll

Filesize
26KB

MD5
359c56ed392ac59796f6a28486197db7

SHA1
067fa3a6daac7a15e8d8f99feefb70024401d50d

SHA256
cb55a8e0eb5ec533d028406b9163979da7968d6d7fc8c0f1a68ae192299d1a46

SHA512
536d628b511b75d0425ef036d0cce591ad8d24897feb11b98a1e07856007155552ea525d473e8e7612d9e48db464424f8693e740f1eba889f54e4a816330de54

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_it.dll

Filesize
28KB

MD5
560d099e5faa8bb6ba7e664212ceba2c

SHA1
09935385d8d1766990d9c4fa2ea9d439cb97fd35

SHA256
af622f56d36761cdaedea5d48cf1ff8f4515960d8140249a88bb0e8cd7a51e28

SHA512
44ebb99afeaad1544a478c3f2f8ef6b30c9045ded777c85cfec87f46667560d7c56290f675700f6bd7667dc18d19c943b8f51034f940bc307ec1f0bae71e8b50

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_iw.dll

Filesize
24KB

MD5
45d5cdc8a306b4011f8d47ddeed8d56f

SHA1
4f0b12028e0dfb1720c913364e424a8a9ff6771d

SHA256
1f3cd7a856a0ca42d6054562b5c73350c3a5dfb3530811eff6f0007e15e549ed

SHA512
4c55b57654a60410a2bcbc591a3b7cf2a3a9e7f353f2cf1315d2bda0e7d4a1403782e616f1805d053385597c216b4f8fe53e02d79459bdab2b26913b5015ccaf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ja.dll

Filesize
23KB

MD5
2fc7f0cd1f4c252a87628a999cf4a56c

SHA1
836cda5458118caa8fe1db473901967b0e661c0c

SHA256
c87349a0d2703fb24bfbba603dfe0370965cecbb0da8ee83d30a503429486027

SHA512
64d22888dfe7cfc009346b9d60de8caecc5e9c1667c75d09f3d174aced3f2e7dab772a368377b753125ddbfebdb32cda83d165f2391fa601f896915f22594180

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ka.dll

Filesize
27KB

MD5
af0c3e5241186a46d9b1d88ed3dad245

SHA1
84c6a4bfc5fe90d8f6d4e891199707994b98ff42

SHA256
a4cfd8cf44d070be75b4174e93023d92e0583a41c142982dde334a9ba6aa403e

SHA512
c69e202becbe9183f5ff32f1a5ac5f39d9d79d50afdcd60b5d22aec18d3c30bdd4f9bb6e5c408dfcc598cf2bee8ae38e7410685a26d000f2b2c6b654a9e14df1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_kk.dll

Filesize
27KB

MD5
b7c605e6f56c0a03da4b5eb70cf5d030

SHA1
2ac22aac099ab8e0d2804624f4b822c697873b24

SHA256
f3917751139d33a2c9e021c7a97814badbf2c423d7021824e7bb7ee3e3dd0224

SHA512
73f2abf5a2a3b3e17a3cc4a2453e326f33be7bf679ff30038b5fb405ddc9bf29aee89e176341824fa2ae5ce6059bba8e726bd5e90d0b99fd8c545f0bbcc848ff

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_km.dll

Filesize
26KB

MD5
d932b985960df1b6914abd206e3ef880

SHA1
cc0a7b909c3bb69591fd35a6f8b0c8112ee67144

SHA256
71d7118157cbc2c9b80cb9115a6fe6eebb4a612896822301b80f9416ef312ed2

SHA512
0be9bfbe0e7dda25a9cc19aa31451c111cde546b6ad13bcd0894f41f6485066a14a0d6732f74545321f3790fceaad0e179d09b034f7a47fb8bdb3274b98f540a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_kn.dll

Filesize
27KB

MD5
6d057bc8bf716fad1a252223809355fc

SHA1
3ae7485a15f23d146d8d5f440db5c909bd6756c4

SHA256
c757efb45d5cee0d290b96f6036d170ea7d90ddc10157b2716abadd21a962332

SHA512
fa67cbf09ea862547b68182445e58a5751dd41d4117847d1e74356b3ad8acefc740678564d958542dd31fac2e9990a2ddf4b41a510c6565f9ba9e2d874c36c84

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_ko.dll

Filesize
22KB

MD5
11b1b2c4e3be95f13b42a1faee26eba5

SHA1
db621e796031f07d9c45684cdf9f9e1fa5d77828

SHA256
84afb0ea51e8c191060b5281c5af293b5232f6c63e8b402b488ee12c213038cd

SHA512
3d0fc480e505a4b1486c37fe51c127e63ea8d2f1846bef3c6071c226c3083cae05f20edd9f0f2c6d4b07bc580c5463491384c5c547929f96620d4e256e839a55

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_kok.dll

Filesize
26KB

MD5
16fa027a64737d9a987c50762af96e95

SHA1
ab89e0666bf01bdc126e0be2a565afac5914d787

SHA256
0b388d3ba11969714d583352ada4d4b7f959566e15dba9ea22866c5c1b4a2bde

SHA512
790bcd9afc82ed9dbbfa1fadb4b515eae173860a68a736722a31aac7cf86da11de649fcf72da2964d327f4f63021b1a098c98fc674357c19c8b6d17b999e3702

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_lb.dll

Filesize
29KB

MD5
ce0c5a30712af832cd6a4b2d69cbc908

SHA1
8ec230e57cbffa7b470fda34f8d143b81cbdbdf4

SHA256
f874d8680bee3644bc9de5bd8d8375c58c512b50450a7d7370d09e58f324a88a

SHA512
847fda9f580f41e855d0343167b27217a065d182389e32f25adcde299c8fcb5e8ddb57f3784dd3fc3f6aacaf91d5359c2376e58bafe276151debe53adf59a760

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_lo.dll

Filesize
26KB

MD5
62e12bad14df48f6039cb2506ca411fd

SHA1
5272249d4b6c4a5ad9c0b6f826abeafe4723f83a

SHA256
2996c0602670b94bd66ae836a698da711cc6b6f0d06d6e4384fa652b5c3a1aa0

SHA512
3546f94366d1e0e524e3d2708fdc6b10e92c8cb00a8050014b15048a8cbfe451d5a5ea6cca7ef87fe04c21e15bc5cd557ceaa205e11f528c8ad21ed2bec2302a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_lt.dll

Filesize
26KB

MD5
5c587edd42b9805f6daec307ec737de8

SHA1
74fa02d596f3285d208b9a99c32279c7a0a69d20

SHA256
0eb5937482b8d26618439f1c3c7b37003916d74b11fc78468199f3e4a8db50db

SHA512
2d2b3d9879e50928e9f20e49265feffc07188fc8685e07250cac705a22ba6496657a69d4e0f89e2ec1ce2b980631d01963bfc89021049a28dbd38382522beed9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_lv.dll

Filesize
27KB

MD5
473f4c49ef8989263b0cb98bfd55dd91

SHA1
a5c8f46b8bcb19fc95d468fa3c52f522598cd8bf

SHA256
51aa25d19c0d78102e670661ac8f8e71625ee924487ab1cb6900bd8c6f882458

SHA512
076843463ab5f685dcc68a017cc46f6c7bc2c23a2ef0cd449141004583b9289dd383c4105d315bd6b757ede783a7ba167f25666acaa31ea5ac939c019e6c09b8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9F4D.tmp\msedgeupdateres_mi.dll

Filesize
26KB

MD5
7d60b99eace0874db4463cf4fc3ff626

SHA1
678fbbe7d79cadb1a939d678d4f972e3251a2c99

SHA256
ff3fa12275ef8076e5400b1077c9d047ef7aceb1d714cd278513c0a640fd0f72

SHA512
0237ddd80fbd4c400571b8d2efd8fdb4ba0ef0a78dd6843cf707eee4d15ceed0389133842c2ad304dadbd90317e0c0242e9dc7c300a7fe31313302083972e52e

Download Submit
C:\Program Files\Hatt\Hatt\hatt.exe

Filesize
19.0MB

MD5
8b616c5a474d9177664bcd80fd5bf600

SHA1
db40d029a103232bad4785de6d5d4db3b1c74c67

SHA256
46fdead1c40748bd5fb71e267f57da17cc927e78dc8f2265de7f593e9f38690f

SHA512
462213c7a4c089665fe2a5e3c5e649618c4cc77057019a444377eb284cc8e4f17373585b6b56733cd395c704500fb641cdacd056151954ffe4c05043d8217ee2

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
f9f50a71c567e1d7e55046b73a794d71

SHA1
426692a2c132e03ba6660424e70a7785c570a3cc

SHA256
db78567c4696b4c5cf08e05cfef5e7da567a73acf4d6692298ac6229fb3f9c0b

SHA512
0760ed6ed2023b29381570593e93ab5ccc6efc8cda4293c916a162c5c417e7b455da5026fbf9307a7423d04972d9a9c8d8fd5b897ec8fb74bf3ad585931f1f77

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
130KB

MD5
078a54f2fb48ccb7594f461c4f14f94b

SHA1
1bc218aa5d16c2bc02d0093b343f00565e02e6d1

SHA256
a49cc627c747e7b02fe6453db8e50000bfec956d7f4a3fd8e062a3be8fad81a4

SHA512
e03017227c047d331e342aa7079450facc449efd09d39cf5350017fccf5d163a0a60d1ded8db4bea5244506e4f24cdd5e7a8d08b40ad7a2d8d71ce7893b29440

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\InstallOptions.dll

Filesize
32KB

MD5
d64e73ead7cbb8eacb554daf5be57c82

SHA1
e09821ef6c5f47e962449586923174e7130be2c4

SHA256
dd8a9dadb32729ee9c36d4ae1c0fe5cec1f4ef0530fb0b0a85117a47cbdf8c99

SHA512
b8959c8ae7dfbe2b423bb98b39a1b5ced8cce19cfa5e826f5fd56ba69ccbabaafb49cd602740ba59af3ff0e66bdccb13ed1c8184bc76b00f9a2cca0238ff351c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\System.dll

Filesize
29KB

MD5
5350a89760fb305097c4f2d53ea8d995

SHA1
b6149631125d69730a27c94c23b0943bfc495151

SHA256
dc48657ed25664bdedf8935aaebaa9a6f624745556aa074b395eda7cb11ca9ba

SHA512
290cbaa7dcaca5fc01918432e8b7047a2580e377442961fcec3c9670990c5fbca4e645e7926e1998e6f251b41f8e1ab56b7200fc400faaf7f97d39c1496aaa2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\ioSpecial.ini

Filesize
1KB

MD5
64a5b62c0d42124f5ba7145d369d2cbc

SHA1
2cee6020050e9efbd384742481c18c26cb4878ca

SHA256
094bbcae4d30e9ca00962e5889a566a94a19228a718c9abc7efe3e4e2f1e8161

SHA512
2c7f2f7868ebc4196662271970973992d5e19573fd68a0b1290f6c8bfc9b8de5bbbf8cd97d227f223ad4b00494f40d74391037f608826d2056108e35f3387f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\ioSpecial.ini

Filesize
1KB

MD5
5e52a68f648274fbfe795b8984514209

SHA1
57545f869e982896557917cdf23c3ab8b42adf48

SHA256
d9acd579cf9372056e8ed5c0dec1cf650890c8771f17ddf754f85f2c3d380a22

SHA512
ae3864193baf2b635ba80591fbdc77c9a8891110cfb03c816108717f195db0cc3da89467e7a4614fba74b26032120b8d84d0bfe289ff4d3abecb54c7023029dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc667B.tmp\webview2bootstrapper\MicrosoftEdgeWebview2Setup.exe

Filesize
1.7MB

MD5
60366cbf515774ffde2b49297c3d2e9b

SHA1
0158273f35fb5069ae6ad2950045d3656e86b444

SHA256
7ebc4ce80143ef89cea86a61ea151502868db6caaa678b8b43660a66ace11c3a

SHA512
b6e1142835e2945f38f478d1ffb9d3f551357d0a65efbe23f4d0a3f4bd4e1933542251233f37f2c47ab5a6cd6b959164b813d43756b49ef72d7dbf73669fa99f

Download Submit
memory/1092-292-0x00000000740D0000-0x0000000074344000-memory.dmp

Filesize
2.5MB

Download
memory/1092-281-0x0000000000360000-0x0000000000397000-memory.dmp

Filesize
220KB

Download
memory/1092-282-0x00000000740D0000-0x0000000074344000-memory.dmp

Filesize
2.5MB

Download
memory/2992-85-0x0000000074480000-0x0000000074494000-memory.dmp

Filesize
80KB

Download
memory/2992-84-0x0000000074A40000-0x0000000074A50000-memory.dmp

Filesize
64KB

Download
memory/2992-83-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download
memory/2992-280-0x0000000074480000-0x0000000074494000-memory.dmp

Filesize
80KB

Download
memory/2992-278-0x0000000000400000-0x000000000055E000-memory.dmp

Filesize
1.4MB

Download