3b8991f1eebfc46988db25fe0ded11c3c08df81ae2ca1baf9103ba8259cafc99

Resubmissions

29/05/2024, 12:47

240529-p1nypaeg41 8

Analysis

max time kernel
66s
max time network
88s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/05/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DLL Injector_2.1.0_x86_en-US.msi
Size

2.9MB
MD5

0592ca25cf22e8d5daabacd1130d38f6
SHA1

0a59fd8723de4cb9bf6c3272a5db7771e575eff9
SHA256

3b8991f1eebfc46988db25fe0ded11c3c08df81ae2ca1baf9103ba8259cafc99
SHA512

1be2c9f7ff9fc9cab5e5a784b281585d89070413722cb4584e91d4a4b57e628643871ee672049c32a8b2399c8358f1c6d7df20af1b3c39aa9b669902b71a91cc
SSDEEP

49152:TXt8FXtmZR9m+/YXz573yI2FvlfC+fM//uuEUNLTVx+pv/Z1BWCMnT5ldQqnUIwE:T98FXinYXz5ryI2FvvM/mu/NLT41BWd

Score

8^/10

execution persistence

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	5060	powershell.exe
5	5060	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
5060	powershell.exe
5060	powershell.exe

Downloads MZ/PE file

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_az.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_or.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_sr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\DLL Injector\Uninstall DLL Injector.lnk	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_mk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ug.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_mt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\psmachine_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_de.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_it.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\msedgeupdate.dll	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fr-CA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_id.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_is.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_da.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\DLL Injector\resources\x64_DLL_Injector.exe	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ms.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\msedgeupdate.dll	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_hi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_gl.dll	MicrosoftEdgeWebview2Setup.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B49406D8-4171-4801-8E93-CD18B90BD12B}	msiexec.exe
File created	C:\Windows\Installer\e587b19.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8E51.tmp	msiexec.exe
File created	C:\Windows\Installer\{B49406D8-4171-4801-8E93-CD18B90BD12B}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{B49406D8-4171-4801-8E93-CD18B90BD12B}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e587b17.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e587b17.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Executes dropped EXE 8 IoCs

pid	Process
4080	DLL Injector.exe
3676	DLL Injector.exe
2076	MicrosoftEdgeWebview2Setup.exe
3544	MicrosoftEdgeUpdate.exe
792	MicrosoftEdgeUpdate.exe
1012	MicrosoftEdgeUpdate.exe
1412	MicrosoftEdgeUpdateComRegisterShell64.exe
2996	MicrosoftEdgeUpdateComRegisterShell64.exe

Loads dropped DLL 8 IoCs

pid	Process
492	MsiExec.exe
3544	MicrosoftEdgeUpdate.exe
792	MicrosoftEdgeUpdate.exe
1012	MicrosoftEdgeUpdate.exe
1412	MicrosoftEdgeUpdateComRegisterShell64.exe
1012	MicrosoftEdgeUpdate.exe
2996	MicrosoftEdgeUpdateComRegisterShell64.exe
1012	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 20 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D60494B17141084E839DC819BB01DB2\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D60494B17141084E839DC819BB01DB2\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}"	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3700	msiexec.exe
3700	msiexec.exe
5060	powershell.exe
5060	powershell.exe
5060	powershell.exe
3544	MicrosoftEdgeUpdate.exe
3544	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3652	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3652	msiexec.exe
Token: SeSecurityPrivilege	3700	msiexec.exe
Token: SeCreateTokenPrivilege	3652	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3652	msiexec.exe
Token: SeLockMemoryPrivilege	3652	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3652	msiexec.exe
Token: SeMachineAccountPrivilege	3652	msiexec.exe
Token: SeTcbPrivilege	3652	msiexec.exe
Token: SeSecurityPrivilege	3652	msiexec.exe
Token: SeTakeOwnershipPrivilege	3652	msiexec.exe
Token: SeLoadDriverPrivilege	3652	msiexec.exe
Token: SeSystemProfilePrivilege	3652	msiexec.exe
Token: SeSystemtimePrivilege	3652	msiexec.exe
Token: SeProfSingleProcessPrivilege	3652	msiexec.exe
Token: SeIncBasePriorityPrivilege	3652	msiexec.exe
Token: SeCreatePagefilePrivilege	3652	msiexec.exe
Token: SeCreatePermanentPrivilege	3652	msiexec.exe
Token: SeBackupPrivilege	3652	msiexec.exe
Token: SeRestorePrivilege	3652	msiexec.exe
Token: SeShutdownPrivilege	3652	msiexec.exe
Token: SeDebugPrivilege	3652	msiexec.exe
Token: SeAuditPrivilege	3652	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3652	msiexec.exe
Token: SeChangeNotifyPrivilege	3652	msiexec.exe
Token: SeRemoteShutdownPrivilege	3652	msiexec.exe
Token: SeUndockPrivilege	3652	msiexec.exe
Token: SeSyncAgentPrivilege	3652	msiexec.exe
Token: SeEnableDelegationPrivilege	3652	msiexec.exe
Token: SeManageVolumePrivilege	3652	msiexec.exe
Token: SeImpersonatePrivilege	3652	msiexec.exe
Token: SeCreateGlobalPrivilege	3652	msiexec.exe
Token: SeCreateTokenPrivilege	3652	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3652	msiexec.exe
Token: SeLockMemoryPrivilege	3652	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3652	msiexec.exe
Token: SeMachineAccountPrivilege	3652	msiexec.exe
Token: SeTcbPrivilege	3652	msiexec.exe
Token: SeSecurityPrivilege	3652	msiexec.exe
Token: SeTakeOwnershipPrivilege	3652	msiexec.exe
Token: SeLoadDriverPrivilege	3652	msiexec.exe
Token: SeSystemProfilePrivilege	3652	msiexec.exe
Token: SeSystemtimePrivilege	3652	msiexec.exe
Token: SeProfSingleProcessPrivilege	3652	msiexec.exe
Token: SeIncBasePriorityPrivilege	3652	msiexec.exe
Token: SeCreatePagefilePrivilege	3652	msiexec.exe
Token: SeCreatePermanentPrivilege	3652	msiexec.exe
Token: SeBackupPrivilege	3652	msiexec.exe
Token: SeRestorePrivilege	3652	msiexec.exe
Token: SeShutdownPrivilege	3652	msiexec.exe
Token: SeDebugPrivilege	3652	msiexec.exe
Token: SeAuditPrivilege	3652	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3652	msiexec.exe
Token: SeChangeNotifyPrivilege	3652	msiexec.exe
Token: SeRemoteShutdownPrivilege	3652	msiexec.exe
Token: SeUndockPrivilege	3652	msiexec.exe
Token: SeSyncAgentPrivilege	3652	msiexec.exe
Token: SeEnableDelegationPrivilege	3652	msiexec.exe
Token: SeManageVolumePrivilege	3652	msiexec.exe
Token: SeImpersonatePrivilege	3652	msiexec.exe
Token: SeCreateGlobalPrivilege	3652	msiexec.exe
Token: SeCreateTokenPrivilege	3652	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3652	msiexec.exe
Token: SeLockMemoryPrivilege	3652	msiexec.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3652	msiexec.exe
3652	msiexec.exe
4080	DLL Injector.exe
3676	DLL Injector.exe

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 492	3700	msiexec.exe	76
PID 3700 wrote to memory of 492	3700	msiexec.exe	76
PID 3700 wrote to memory of 492	3700	msiexec.exe	76
PID 3700 wrote to memory of 3900	3700	msiexec.exe	79
PID 3700 wrote to memory of 3900	3700	msiexec.exe	79
PID 3700 wrote to memory of 5060	3700	msiexec.exe	81
PID 3700 wrote to memory of 5060	3700	msiexec.exe	81
PID 5060 wrote to memory of 2076	5060	powershell.exe	87
PID 5060 wrote to memory of 2076	5060	powershell.exe	87
PID 5060 wrote to memory of 2076	5060	powershell.exe	87
PID 2076 wrote to memory of 3544	2076	MicrosoftEdgeWebview2Setup.exe	88
PID 2076 wrote to memory of 3544	2076	MicrosoftEdgeWebview2Setup.exe	88
PID 2076 wrote to memory of 3544	2076	MicrosoftEdgeWebview2Setup.exe	88
PID 3544 wrote to memory of 792	3544	MicrosoftEdgeUpdate.exe	89
PID 3544 wrote to memory of 792	3544	MicrosoftEdgeUpdate.exe	89
PID 3544 wrote to memory of 792	3544	MicrosoftEdgeUpdate.exe	89
PID 3544 wrote to memory of 1012	3544	MicrosoftEdgeUpdate.exe	90
PID 3544 wrote to memory of 1012	3544	MicrosoftEdgeUpdate.exe	90
PID 3544 wrote to memory of 1012	3544	MicrosoftEdgeUpdate.exe	90
PID 1012 wrote to memory of 1412	1012	MicrosoftEdgeUpdate.exe	92
PID 1012 wrote to memory of 1412	1012	MicrosoftEdgeUpdate.exe	92
PID 1012 wrote to memory of 2996	1012	MicrosoftEdgeUpdate.exe	93
PID 1012 wrote to memory of 2996	1012	MicrosoftEdgeUpdate.exe	93

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\DLL Injector_2.1.0_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3652

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 04CEA396D03451527A5CC79E7CB7C0F4 C
  2⤵
  - Loads dropped DLL
  PID:492
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3900
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5060
- - C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3544
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:792
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1012
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1412
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2996
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        
        PID:3208
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkZGNjhCRDUtRTNCOS00RTIyLTgxNjctM0Q2MTg2NzMxMTAzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFODg5RTRCNC0zQzc1LTQ2ODUtQjVBMC0xQjM3RDUxRDE1ODR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTg5MzMxMjMzIiBpbnN0YWxsX3RpbWVfbXM9IjEyNjYiLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        
        PID:2412
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2FF68BD5-E3B9-4E22-8167-3D6186731103}" /silent
        5⤵
        
        PID:2384

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3416

C:\Program Files (x86)\DLL Injector\DLL Injector.exe
"C:\Program Files (x86)\DLL Injector\DLL Injector.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4080

C:\Program Files (x86)\DLL Injector\DLL Injector.exe
"C:\Program Files (x86)\DLL Injector\DLL Injector.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:3676

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
PID:1488
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkZGNjhCRDUtRTNCOS00RTIyLTgxNjctM0Q2MTg2NzMxMTAzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7N0YxMzQwNzgtRjc5MS00QkY0LUIxOTgtQzdCNDdFOTZFODMwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjU1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTIyMzQzOTYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NjczMTg3NTc4OTg0MDMiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTk4MDc5MTM4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  PID:1768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3168
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.0.1825219978\530269936" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c582635-9d16-457a-938e-2ed062e2ce8c} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 1792 20db84dc658 gpu
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.1.824236888\1920911651" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b909c3-9e1d-4e2e-997c-67d61153fee8} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 2148 20db83f9e58 socket
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.2.1057288402\1449594977" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2924 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d72a223-bfb1-413a-877a-c7b5b9d7ff9c} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 2872 20dbc5a4f58 tab
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.3.311721449\893277033" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e707b103-f5ce-46f9-b2d0-bbfa46c372d9} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 3260 20dad461c58 tab
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.4.737252460\61472235" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2498766-a4a5-48a1-9282-83163841c3dd} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 4032 20dbdbc2158 tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.5.796832378\1261739844" -childID 4 -isForBrowser -prefsHandle 1440 -prefMapHandle 4740 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ad9f74f-8237-4e75-9004-5dfd6908c7ec} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 2596 20dbc99b558 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.6.164795941\1620892564" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72a36f1c-6f43-4df5-8ed7-66a290fb2271} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 4896 20dbed67c58 tab
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.7.1170944740\425550754" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 4984 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e396a24-2004-4a25-b693-0dee5faab8fa} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 5108 20dbed68258 tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.8.619377758\405281917" -childID 7 -isForBrowser -prefsHandle 5088 -prefMapHandle 5392 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {758d3da6-25b4-4d90-8d77-10db1fddc46c} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 4896 20dc06ea258 tab
    3⤵
    PID:5184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DLL Injector\DLL Injector.exe

Filesize
5.5MB

MD5
c6eaeae3cab85586271aa8e94a1d3de8

SHA1
4b7b23bf9e9e966ffcf21e8306f31765b993ae23

SHA256
c91c71046f15cc7f5dc4bb4e1e14b5a7a3329ea95954a245c47e181c808a70d2

SHA512
6ec08f95e66ec4a00c72a5a257bcfbbacad09b8a2de4168780373e76fef6951dc0a830b2eb129799dea8dbdc30eb10bc73061aeeab4ce8074f3bb6ede9e7cc81

Download Submit
C:\Program Files (x86)\DLL Injector\resources\db.json

Filesize
71B

MD5
a40c7716154f37886ddd4c622f6c77bc

SHA1
61ae9e351b2cd8bfcbd51eda7f21879ed576795d

SHA256
5ad42e7977ef8ec640b037a9d22c992cba1d96c9ff4f81da057574cc6e82049d

SHA512
f591412bb15e06e6286944124fc0f05cd8c397807714e77954bdd9a309c633758e85105fd85a5112709de1fb9865f124c94f52ba2d85d2d2ea34e5bcf76c48c3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
80779f870e88307143083fcf97f251b4

SHA1
e299c63a8745ab0a46cae731514f936f9714d622

SHA256
8a75eaf5677dc11b1c37fbf57ca354b0e3d25c8aa867269c2deb0e7fb7fa0693

SHA512
a1f56f0706cf7cbd35d74840ed58c685f3bf86e35efcbd73ae2d73ca6ce9a8ad1f7ced8528b3d81785e3bb9297023bf42f8e60bc4631232d9947cdbeb56afb47

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
d80d6c8774203980beb027e2192f7df0

SHA1
cadf926c78a87b65289979388c34191925b57167

SHA256
41587c47ed8b365599332d5e321437a6dfca746edfc782a231f5d0d4174b5cb8

SHA512
c7f67d6c11ab42619b10f341bff9e433fbd36c40fadd283485d60cadbffee8f7448144b221416445aab92593a08c42a6639a225f0baa064cb9cf090d9169cbde

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
f87a4644fd6dc581ef7b67062fdb55ba

SHA1
38feeaf764e787bd68c06fe243c6064f130b8eab

SHA256
1c2fd257dfc2c3967f7afc0ee726319cb6eaa0f1db86c34f97d703ce7bdcb5eb

SHA512
1f054a7111c9d7576ca80b3102670786f8d44276d36446c96f1c8f6aa7f51aa4d81edd4cc36a33cbffeba6d5b6b313f5de0e4209f6edbfe291958b2022677125

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
08e9b96eb44be746d65eae418abeb20b

SHA1
eb86e91462752a1187d73cf678671bbe34d16dad

SHA256
39f7c35da1df0dca19b5bc426f0687ff0f8ae8de3ae997857a4672f1176de161

SHA512
70e08d09ef398eefbace3bce84e6b6c3e55b6caad8886002fd89466e455e6ffecbfca8d233f47de5cd99a5f6805952726676c8545c7d4884209355a48a34d396

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
bfc0ece0ce72654a772f425a2f6a7f89

SHA1
a464076f5d87582dce2adeeaf3b522c688d5a14a

SHA256
bd57792535d7f2c75136fe09241fce48b225b7d451b5e6241cd40e6374db388e

SHA512
b027339fe0d73fccbad23ecb34dc8e40f6e0c64584ee0367a2c565802fcd6870fd28563f19789207d2e6a4e13d1ffff515fc10a22193a7765115be927106255c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
91295713d791ad6378b117d020c63444

SHA1
0055846b91740c4631026affb5c044b1261e53a8

SHA256
41d0565075327e4a0d1364eb556a238981659f063054404458c0b7b37ec64574

SHA512
55fbbe74bf45ff9700d5a3b940aac9992625a994bc64f842560a0c15e9a8f85a9cb51db993fc43b412608089d3ed6078a8a81afcba33e7e0b0d9b72a4a5b0358

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f18d85b1e1c45b935e0003f1dbb912f0

SHA1
ba3da8ed55807f6dbb8641620e2594b245e80ced

SHA256
2fa5350047962335602e7a450d1e29951609487e997bf183ce0eb5d01b28f066

SHA512
7a0a22a7efe14f8f8541dd5d59a355d6b601ab3aed2d7ab3895e31d4a1c6531b199243223a3b001dad06186c1f4eca882966c197f2c05256c9f73d8ba96e50bc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
b09436f36b5a4a81a153984bbf3fddfc

SHA1
6939928c6c5cfa89525e728b541568869de2804b

SHA256
b4e66f907dde78b4d4f85c5c44656667b7b0fa0659eb56f7f96d974cb66d4dd0

SHA512
472798b8419b2e6614c72eac27bd3c3a2ac0d93b3a15c992d26d44f1ee3f628406a405df36145bdeeee45b2e96b2def9058869dd2dc857030ae7972e0b0bcf52

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
7b0f190cfa90f9cfcac3f22644b03559

SHA1
de5aa579ead3696433d5509d922fab6fc4954746

SHA256
68a495ee65652ebb55f856b7a82dde20fdda0b38880019170fa5cbafb336c123

SHA512
62572ed3b1cef8d8aac514c9224c4b44546b4c935ab141eeaa696a69caa88b3525199d75fd2f5edaf15fae07b354a7c5e7df86d50dbc50cc093448640b95fdae

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
f4c8a5f7bc960a03ddf8b74dfae1b060

SHA1
74ee2f8420d86652cb4be3b72dadd52c31ee6689

SHA256
3ccf9900953a871a129280260909acfc20aa23644181e354847fbe6b2e005110

SHA512
c9c1b64a5da33130be847f0f2e5acee2af78ec84df14c873d1413a495c40a84c318435c43b5e17ccb0fe2929cc97350bef882b68632f1a80551c0e79ff2bcdcd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
e53485ec77800ab9ea0283aac2d0aa89

SHA1
7b4bd4a142a78a95273a91396fbed85432789f34

SHA256
6b380706e9273948be9995da09e3aebb71e7275ba6852086cf5bd1594c7d1232

SHA512
514617c4142cb5f1eb2f72be50d81158136d427d83a8d4f93e6c0c08c30fa012379453a2046ab068cb51853e8c8b12b81df4c18ee80cfb279d80ce4ba5d65b04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
c00dd2c1ada230d747f4914e569a4766

SHA1
3c71082db0a88876fd0c929cbf2e25969669c395

SHA256
19fecbe5aa1f007f5f4ed719ad474b3270603c1535f187067c30ceddd4444091

SHA512
5a33f9b756ed41251f4e85a2b85489c679c350e2838e07b1df00b17f655f73d4b16783cbd4031863fb9c9851815ebbd5bb1f58c465e7d88a41d642d0118530c0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
f010d0ef5fa1c42df991e6a0dd63ea85

SHA1
ebb19b0804b99f55c41754bfc43d654b87f86b14

SHA256
97e41d2acb8b638ac2a039da4f9750a0e9387ac10433cb68e0415c0093695ce0

SHA512
31fcca5c46be1967696fc9b3e9d23a4d81700fea64a826245b674dd1a0c4571a4515ceec6e9fc7d3c9d6bb2a7b7139082bded78847d614917e605b806597ce84

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
cfdfa919f3f9b33b9e75f9e22a023063

SHA1
2bcfdf9abfe7c13b8883da19cb973da2156a93c2

SHA256
4d2ad964da1441bb08800618db62f9e8117751a4a78bdfa3ae1c2dcf903d6d43

SHA512
42481f9700d2afa9d28d7d4d1d1937e1acd569b3039230fb6d7c52de12d473e708324d1cd285985186e2531831004d5ec2b801f48a0ce3dbf53549fb88ac7793

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
acfd43f9fb09dc5e05842bb8dfa5b3c5

SHA1
e673afb66da1f0065bee5da6d52ea9af75e7ecec

SHA256
e703d0fe2e49eef7b8a072830e76143281039527d9c2873c8162f18217b0ed5a

SHA512
df2416d672f059451607a6aa5752bdfce1989fc461f3781033ae8b000941ecc2a29920e7c2c61f7f879cc2a9a63aceb390b627aa602506833ae41f8e574c66aa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
a1f2eb33a406b65da04306f52686d6df

SHA1
1a5314c97f23df4ced0466c46aca61286f87d9d2

SHA256
d75877f6cc1b4be175872e8d33778721e3e5acfe1a1154772a68c799f2e3ee1a

SHA512
4d0bfaf9fa80cf308c629eddee7a850dd485d36753fa5c0825b05dd680998aba96eaad7835de1ddea357a124bf5107d3f10b1b71c0ba4fecdc4fc362b6f326f2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
ea83abf1891a11ff03172d0473a64923

SHA1
a19f2e3a26467d8dba5eb73194be1becd0f5563b

SHA256
8a981d1abbd9c6454d2798c7df5708e4af44f54991ac06e988e4e66022c15489

SHA512
f717431b7fca156a476059525307c7f82c74570b1b9c41d6596af14a340d8b3c26493f962c4f4cbfef0d6971d47822e91111ce2f1204c7127a6f6503942bb39c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
eafbe4b540d5717792cf9e1107aaba90

SHA1
99daa2697b99139c966e58d8e89a64667a9015b3

SHA256
a12771439505f2d419b246d6a974fe8937e0aa5d3b1f9863dbae9f4b7e6197c8

SHA512
d89ca2292190b5914b92f11087970910d18b5e60bbc853466d2439b84612f74248f57b8347c48ee3b1f11232771f99ddb07229cec4beb206bcb1bcee68e6183b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
887777535ec4dafc37e04009dc33d46e

SHA1
87755165910c80b6451e6e49c6a5dea346f949f2

SHA256
8123fc78e3217a67de7051574abc16d33043ac9a1d67fbe1220a51ef92c8d80e

SHA512
a67f21474ffdad53ffbdaa8cf8142b399eba399daedaa7c82b62b4d4629b1d60bcb6f04e87ca030299c14dac9f6c291c5d4069181bdc14c83def63c0ac0c68e3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
88580c499f109cef95f3020b64266097

SHA1
da6cd858d8e9715a82a792da35a4c97b76e341a4

SHA256
444f87c7ab5a89e3d423b497abf05fe22ae4605569abd83f3925d3a50a74cd08

SHA512
1838d59b0e414b68b785646b01c8c5f6ebf0466e59c946ebf845782edeca76a396609ef2742341b4d89fad58468d9f0e0e24492be78255ac71a3e0e963e1c999

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
f9bbe44306e396b4f5828033d4a8e129

SHA1
2db819ba55ceaa502f7158159d1d6c3de8844ccc

SHA256
3723b0bb625284d49824ab7689721e180238e0c693fb41d9948920210fb171ce

SHA512
608e1122641ff864627d144925d853bfedb7704cda6bef9257d6ae2a6c5d6eb4e2ef773f717cfab1f9c463b17997acf8762b08ac24412ea898e4cd690809d1fb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
f80b43c11b35344c4601f91d61ba01aa

SHA1
9cdbe9b73dc803e642cdf8fa7c9be3ed13928009

SHA256
18cc6c1c2cb593f1f0450745e5ad4d5d0be3b7d6d3f904b907ffb863391badba

SHA512
be390c82be4956090d55f96ef78387d3fe4abb149ddeb66fa6e61c52d2c480f0cd7cce580554ad2743c118697a2d761e1f0ff37f7f50ac437e6f154143fc1ff9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
7f82701452b6dfdf75c83df9b865a168

SHA1
cbc560711f74a63781c5de971421a7c3d87452de

SHA256
fb69f9c72a5026b21ebe7717e58f7382ac8a960849c4676b5733948aedf186a0

SHA512
be6ef129d66a0413edb0c67b82bd4fa3d58e63f61ba5969781c19fee11b37fc6665dad3f99331e5b813e40f9b5a0ecf80412712885b8cd920ded6b7d43d2c82b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
3c2f0bf38763071676a0e2d3428d3ce2

SHA1
d7f550ad1b00df2ef3dc962ace455958e0c715c3

SHA256
0ae0b861bc4079593e4fe9a2721b187245a80afec33742f80fa7bab4c63928bc

SHA512
9317ae64848b626b95c7f129c4ca30ec64e6ae6f686b4a71a9a31d2cbc1adde352001463421a5581324a85d4492b9d06f58698fb89c4c80775fdb1ee91eaf87f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
19d6139c5aa6162e8a2a8ba17ec81822

SHA1
d81f95f5e4021c4ef9b9781d32a729782eeccbbe

SHA256
f9ba82d35d780cf5b4819570e81933b06da524eacb5d0eebeef4276aafb9c96e

SHA512
7b287470db50e78bebe8c0906d5f0ccf3aa2c20f70948f7074a8dad29eef40d850c996a790eccdef6ec3d5271a22a5100cb96720966cf0fc032c139e42e10e37

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
bd8f9362d99be154cdd697b8120e096d

SHA1
c15f2533bd74320a85cafe96b37947bdc3d7cdb3

SHA256
49424f739809b3d7fe874852420cd91752cfa605005bf6186c9f89b1b704f40e

SHA512
69341c9521488c26b16740e9a5501ee6f0a95689d14aa3806df06bf1a21e9b902743e24d3d169a66b5a19c28a6c9217538162ce4fa6b2b3f658e276327de34d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
e3db9c5ec70ac6c8bf69272f3596c7bb

SHA1
815d877bfe2dcf83a5387da48c3e7534c97f0bb8

SHA256
0aaa5b02f2541fdbea4357155e3ff28c4d715994646364fb9cff591c27c8150a

SHA512
b6d283923b7ad531014f9113dc95c8484deb76cfffd738f223057839de0b163053b5fbb2447fda238369275637870b3e5e911b8f4ab04e4115b6ce7a7f84cd5a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
3aa4579d9819617c80568f1f2cb1e287

SHA1
271fa4f97b32d76fa890c4cb9c30ddb2e0298152

SHA256
77b558ba96080390a79ec321af1579b1d17b7179e8a893e10462c7b22c8e8a5e

SHA512
aecf49ff9385947cd7b5c9c0626015c36b106ef6482ecc47c8c189e5d9e4d670ef119e47302accab93214e6b70e9641aebac552d0b2cde4ef4ac252d3ee8d465

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
8f5be4d7e225f2cbf66f3960b56502d0

SHA1
f43fe1f55007dda26ebf78711ebbfb512390b7ed

SHA256
a121a308be48878337fe8c68a45aa10ca898e39c2d195ef244bb657755327366

SHA512
f92088d7babe2d0f4eee14e16f6d67fab8225dff0d3798b1c47f5a291cc9b820c2a7a0c2eecaa97850fa6998e260932941364b100eb8047e5e4bc9e1432a3c06

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
49c11b98ab805533476c335f62502a73

SHA1
74bf2b11f0a695f5581ede4f2e4215decd5e0409

SHA256
6b982a78ff95831477342ed6935dbd3abd1f730dd9bf364afc2556ce6a3afd50

SHA512
3e64b2f1b15bf4436368732757f2a92f8983da5a996dd179824e82205041c41b2235a00c3bd0d765d5630d20902dc978018436657114f569aa89e09b3bde69c4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
f5c88d98f81d525185f5ad8ce5572e86

SHA1
5cd1375cc42a430aec940e4d73b90748890abc79

SHA256
6f6eef8c4afb0deee2497a55854f10407a69dd76e2211c83dc33546f6917a7ad

SHA512
ce41a2dcaa35145e4a638af9e70d3efb9ae5ba8357d0ad3762ab2dd5ed7a1bf141efa83ad9922e0aa11d73521d498226e83515b0166611e7ce1c81f0be9d4ba2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
24d190e6f80c7a09dd0ea52db8dc3495

SHA1
02997fc50123612e7100aeca728153b62de8ca52

SHA256
f3cfc3eecf03e256dd6df7d95fae127a4e2c86f3dce58545ae16c422fa8f562b

SHA512
0b5f2c59c3e740c70308174757015f25412f64643abd6fc7965dbc4cc1fd8540a06550b983b62d70dc77cbfdcffc4475143436eef76a07ecb23485bbab054f03

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
d6ef74d45d1dd95d9c3c07abc6ec2b85

SHA1
8a161184979d02361688f4214a415ee909c58401

SHA256
f595794586d38fd55bee18c9dbd21c87d33dfc0d03dfe87ade8b0bef5e97252e

SHA512
3f74f4c47757b3a0c6969dc1e9ccccc6c03161014184232430cadac4c85a8fb0748d6f894e99b169d4fcc8190d5cd20ff03157e0d155c3c6e40d4a212e981cdb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
0be6761d833c240b79c092afa2f4d4a0

SHA1
3f13b2fb19489bba686cd681b00d6178a2ce9923

SHA256
248bb8fba661f7b7d4045331d1e4ad808ffe8f446f732c14d2f3a6857f0ebd4e

SHA512
1ec9596ce5ada65ba5739ed11c7554133217d9352913e109012f07d810883080d613e057ea75df6c4cd6a4150e669e55c5100b07026073e9bab68af44974e56c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
4ce45acdc229b38aac0b4849c1f18d94

SHA1
d43eec8a4f689be874541a0c0e6859d3acd78a95

SHA256
cb37f5288928cf0a89f7711366b70c943f7e6ade43e73b8bfee5e1660cc54032

SHA512
43a0c7eaf20b3827d8a33b1fb696cf9d3eb596b975b24175cbbd28090fcfb090d6bedd59d2d63514c9ff334d1bb0ceaeb77b61c632f9bb8666346abc1b384945

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
5ad48f292a34d8a600f3ee5b02664536

SHA1
bdd7bb9e1b730cd63de7e8a50f9c3d76963db4a5

SHA256
faf2d0d88df753be0de3fa0218b78c3582947ead0be012c0af30f863cb3dda2d

SHA512
527c425b5ec64554154bd226bc6488fd4c1af47db67020d865cd1f52400e55c01797a0fd38422278bfc2d481a293902b1cd51a4e5882e3cc6b4ebc223384c38f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
00661e0428373734fa46030533215a12

SHA1
5af1f8606a60dbc8126431d568acc0ab9e48e164

SHA256
4e2b724f581f3eeb2a3bb7c561d635741f515bc01be84c9d6ae245e5c7ddd37b

SHA512
7c7b30ff996d29efacb5877edc6840cf88a7148c7f9f42bae1fc2f142169867fa2a66863a5b01a0096b01ad18d9eb9fe6eeb2653879cc8f7519634bb3c49a133

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
846b9b5f9f5ce6d8e1e18b053ccc96e3

SHA1
be17600fb7f1f305158eb735206e1c2a6eddb410

SHA256
10e40940f8dc323c6e1fea3f625de0cf2efaceb266b64e81cfa66a2eb51d1f0d

SHA512
148a48489b2787051074ded3a0f38f03b0b034a8b2b1b991ec833848fdcb307e3c6570d829439dc2205455115aaf166f845866cf7d89a07e011aa8d822e9bcdd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
cdff9cdd17e3950f3d274e1be976b2d4

SHA1
41590b06ca7e74db8d286e5952f32f5be47d7abf

SHA256
7cf8997e700cbb81931bc9becf7d0887db7477d97c9f88718c0c2d7849310048

SHA512
e0386fd5e0dbdd4e65fb04a554dc0e3d5ef4f862c685614abbf66e8a14cfaa3d2243e77c3d6d14d56aaf1ae38465aa0762a5c3d32a0ed81605b1c7b3274562e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
65fb1c07237d63bc38d11a2416c34ba8

SHA1
8eabd2b245511809e00b78b06b1985152dd2578f

SHA256
57b01bc5a7b4e8c656b08c89213278f81ce264cc399999e76733ddd90c580f26

SHA512
e66cba2a1951706186ab1b13b85679d0aef21dbe56bd3c15e0f2e76ba25df15dce0826ea050b40c8e1c05cdbe257f629fe018096bf488c6845b0a9f5cf565e8d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
1c49739edd71f83f2adbb770616bfb41

SHA1
83b0ee79f63f6ec24360197e20cbac24ae02b688

SHA256
0ace9ef559a167d3f36266c036306473a5cc2161ad12294217e2d2061c5a4e0f

SHA512
f3316a96e84a5bcbcb176387540bfc0397855dcf049975d0b1dff44d6bf75a0dcefd34d4e914cd760772ff295d979dd7959b64e0eaaf0e10f7e6039b23b7478e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
b73574b5bdfa3126045dcf4b489df505

SHA1
7cd73a13d1f0af197637b14977427f9df761e29f

SHA256
2fb9bcb4826b747701d41ed53f1dc7d4c0e2f0b2c8d0b1b7a6dbf43fa5349197

SHA512
13e6dc225cfcb2292d72a161270d6ecb0a0c1b6b48ee1708e49ac64000e512f7f6a3984bfb680add36a34d44bdd7ba619da873eca4aa63f53215074f420f576e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
87c3c118e280e39eabb8d545617592e7

SHA1
b952980c0436df129e10571fbc79ae6dd78aa5a1

SHA256
f14b2b780c72815e2e398816867b6dee5afcec9eb5e72efe733b6926f08c9d14

SHA512
37469d8fc4cb037f057ea96fe49edbb02515df2584018b04dd7665c6544c1fc140430cf5be70fa99e6392227f92e7383291570c32f79b271f0f771a8dfe93b53

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
0a4f6041656b7441e2aa9184163f4b44

SHA1
3f4f700e5b9b82a661681d37a4c321fcf98e1bf7

SHA256
53e4719733ae1819d642815bc27e576dae5cfba1e592714e2c9976bc2f1246b6

SHA512
f63d1873f4b364d7eadb26bf0a2fca2146e7c4e4ec17350f1adfba82b76cf127c5f1983bcd12895713ec3299624b6f0fe9c09ac4b58add475e4b633938ade235

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
ac87df6bb94463336a09c2cbdd17b23d

SHA1
71b45a3e00d593aa0569a4316d9f48dd7ae6540d

SHA256
f97d24c55a1563767cb606ab7644ce10c871989a8fe86786e27d17dbede4de7f

SHA512
391d352fe0d997db1462e00e19da52c48ae79225afcfb083ff1e10a9f005090b1de0b3e1f5129c8a2cde1d2264dd4a91398d8d1c121c24e7d847eb824028a38f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
1349c9ae143856ff8af98d8969f97964

SHA1
b0774042bee34fa2d1fe2bb65ca21a71b6a5e630

SHA256
d8ed80b5de016554f15b67c68dbcf495807697f56c3bd2ddd3c587719b870c9b

SHA512
912e36fd2e23d4508a89392e713ebe6e8fdbd99576afa1a12a743cfeb3e1cefbbe024d973550015f9dea8bda9309d353871f3ed32d7a51b1e44ac46449b72180

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
e133ef71c5724664908ef2cd7af775b4

SHA1
a30990a3384c62b04259c10d7019ee41fe517c7c

SHA256
0425f6ec9cfc4f79a43a2963903922526fcd877225da01f88009c7380a0678b8

SHA512
86e7188d9faad6635439c9518b5d038b5f60bec3de16b18ae9c1a6574bbeb76b8ba677bfd77b24329a4b6df00c4571a7a932d9afd025d43747007b73fbb419bf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
055a4f614d8056ae16ff91959a0f3570

SHA1
48cbb61f7f6bdf5399cb9aa0f512b78a57ba1e18

SHA256
458ede85c40745a5f79201bbc8b0785549e2c13be8ec726d32e4ff2e052db27a

SHA512
2e2991582c5d0776880063052d483feae79d7d97a45580465e134c517b080fe7761410de8401722dbfaa3211aa7ac1cbb030d5002e544fd196735bad3706767a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCB1B.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
b2d7a95280580a921ece1f65593e79d0

SHA1
b611e29593788ab46b3d86f472d08e90a2a3ca88

SHA256
2f4221684404a9a0dca802102ef5e1bc263d5ea4435265384cc85d55188dfd3e

SHA512
bb6cdbf4f8ea20bf39bd24801d0a8710c714b9d7070776178810325213f8c797978437f9e647510a8ff613ae8245871bdf7daff7e48372eb395604022442aa1d

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
16KB

MD5
6ae0f07152c26ef539714e6c772528e9

SHA1
661b23cbb0d49556257b0803b0d370e59417f318

SHA256
42e878036c6653d9903337aba268f5570d72bbb799c3d93a0dc80d7bc0e8de91

SHA512
5c3b2f24d7d8c4aad86078b94e6f046ee8662365afde735073c2e075739d1fbc4160c6ad04435681952604801185f3af8d400b72b8e79d76f76f3c2c1c5c76c6

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Injector\DLL Injector.lnk

Filesize
2KB

MD5
0e325e7d988150bddca9b582aa309c4a

SHA1
d6cefe16e93b48d82d3e3e46d09174f1664ed048

SHA256
eeab43d54bcbfcb53619595c0aaafbf3d09594732a51a372ca6c8a78333a6817

SHA512
c1a5cf635bb4b7614ae5f61e4e1d7d867c15f004910631d6d1f06942b216a07e4e0dc9c21881941b70a60429e3c6205421d071d103246ddfbfa6142e57900338

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Injector\DLL Injector.lnk~RFe5891ac.TMP

Filesize
1KB

MD5
1ffc9df8e786ad36ff8c04ac7008ef1a

SHA1
49ba4e7dda5277944fd9f043229805d30af9f52d

SHA256
2bbd414bf9efe58608b432abdd9ca5209207d3d7d06c826cacaacc0d0c3a11ce

SHA512
60caf094ff9ef57312200e440ee5d33662a9f58579434832d5db215ee47595252f79b18ac839a3cab849f9ca22a37592081e78f6d74c93039c39a85a25d26de0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEB79.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
c06e9135c420469715d4310bfb3c1b33

SHA1
08b7b18662f19a5193ef92cdcdba63eefb7d80a7

SHA256
34efce66f80ccdf56ec4697d323922ca751c783099b9e0d1a38eec054776182f

SHA512
56260285eb6c19698daf7cc7b74e8b4d4b11a5f892c7d22c62ccb51353947d81192790957916a52dc4eb579f27cb38ed67c5b4fabd449850c8949581f07e847e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s5xw15h0.u0m.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1c5dd2c940605fe89e6f3f40d1c21c7b

SHA1
a453cbb32b83551ee0da9e7c28456c315263b8a6

SHA256
b33050ca56f594ebce02720baa4e275b94bca5ad83333a8ecdcabf63f021e1fd

SHA512
1d5900834a41232782429357185bff12ddabf3b66968ebb2246940ba6284001ab784e285858a100586065e89b0bc35c31a3046cd0b11bcf5c6a59e9815c27615

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\545e5a95-4a51-4eab-99ff-4fc7f1ba8ca3

Filesize
11KB

MD5
6c576dc7c13857bbe08a24d0b7c8f1bf

SHA1
f7e90b989358658272e8c87a94290adcd8e73764

SHA256
53e9c5b932fdaed876d1e751bb577f8ff4e1f6c9168adb0b9fc227cb4d6990fc

SHA512
502c403ae75415fefc3e7530c0c8f105a0bc8d98f3ccc7d5d6069525eb59c5196bfbf4bde54d42338bd582c2f0aa56daf1940b7859368708fdc5dbee8309d102

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\dbf5f99e-cd1a-4aa8-97ad-82d6a5d1253a

Filesize
746B

MD5
c75118b6800af931f088ef8c04214858

SHA1
1a75e8b8b86744609de94043e79b4b1742779ac5

SHA256
805e71e77ff5c7d1fc86abb7be6ab4f923f1c060e86049c9809454074ec8f751

SHA512
92a407900cda8ba4db942d443c8bd826d0ea2da7c11875005133f445e1ca5d4427902352d015d5183eef35246cc8db744705591c640dde06d3ab565582acef02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
6KB

MD5
d4017f3c8a67eccfe2319b7a65a9988d

SHA1
b2a5d36d14ff6d1797905e25c81bc4426fab70ca

SHA256
84a78a0dfd64dcaedf3869f88e3b506aeb7fac0eb9f2ba0b5818256e59a456f8

SHA512
2c0ca5f1200b50204c3d3f3b8aa3361b09cf940fae07dc0d4610a689b5c96494943578629ac2ddf548851425d81831da562a1adf58011fcf6db94bcca84c19d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
6KB

MD5
c12b8c2e869ed3b79a136ee254a7f2c8

SHA1
6024d34cdd0a064ecb2d637bc09b702d43edd97c

SHA256
feab8b6ea9b6f1375b4a55ce79ae7284e8856509947a5693b6199eaf67c191b1

SHA512
1b71876032bbb69d568c90ab0c8c635cee75e9a5119142b197bde231bd961183e0e9159bf1f9825bee075dec2334baf1dab4fc5839ecac281d371330e3413de9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1be4fc3a2502f3563489a7c5b45054a2

SHA1
ee6290e6d1167d0ae1ebf928c9af5ba0a61d87b8

SHA256
dae16c057985147eb67642bdbcd370f7af162d99f2e1f3ba0db724bf36ea3f05

SHA512
381868e0292d7e45c40d195bde7341c3eaa9a8e3282853b029824a02a9511dbbe0a0347eb6a34b8c122b011f39a2b3c88bdcc54a95c9dd08b021189b1fcbdb36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
2bb6283eee85bdcfdfa3e580e7bead23

SHA1
b409e7cc7131917b5cae040426119c2c5e375fa4

SHA256
77c70c9cdd5d58a0dbc4ed90630fd0785b1018f8cbadd87164ee77057a2fc56d

SHA512
d1fdef135f665413de640024defb02b0781d5f321ae2e296fc4e77c9895f89a2ddc8df332c92099a15ebe461098cd493a1d51cc88fb7121e7f39e5cc2731dba9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
637e42544bf4e4e5c858d87fceb302a2

SHA1
1d747ea0d89437cd39d02c76ed70df3b7c505ee1

SHA256
5a519846989ec4eed303d9fe8b5554410b502177bb6b4199c6cf25290a4913c2

SHA512
bde691d8015773707c4445155ba1ad419033c335bb11ca325b9c249e8aed83fefd096bab28806213ad368508e2a5be362c4a5a8038dae40246a8bf0a246cb8cb

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
26.0MB

MD5
5cd44da2a024473156dd88a3eb2d9fca

SHA1
876430e0132d1b80fbb44ccebb30cbea87eb603d

SHA256
57c0032ddc5c3ab8d653541d82b1dafc903f5ec3af632f53dbbd1eeaed6b49a9

SHA512
8940ed8842a3d1679181abc578162ba4df8666a676b316008941d3f468a6f6911e49d2a98ee83b4e6900858545e6cda82f29af0a8d207903f09db0565bc77841

Download Submit
\??\Volume{34d48da6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b31d7702-e62f-4c17-973f-9fac4d4efd13}_OnDiskSnapshotProp

Filesize
5KB

MD5
14dbebb3538856a97a57c6413f098637

SHA1
67d2bc3879938dae0a0d1e4ec05b9e7091f048ad

SHA256
ad7e51395cc3657a36364c6931fa4ef97dcb1a428b886817c159ebb783c489c0

SHA512
c8cc295b84bd3abf004f1cb0406ad55ee68ddf57068de8e01ba64ec4ece9a42920a5c38289ffb98c0d109a37f7f4d40e864062cab87562d437f946fe276f76b8

Download Submit
memory/3544-501-0x00000000002A0000-0x00000000002D5000-memory.dmp

Filesize
212KB

Download
memory/5060-48-0x000002234F510000-0x000002234F532000-memory.dmp

Filesize
136KB

Download
memory/5060-53-0x000002234F6D0000-0x000002234F746000-memory.dmp

Filesize
472KB

Download