2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7

Analysis

max time kernel
145s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 18:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
Size

722KB
MD5

c907bf6a7c7e4bfdd317dc34decc1edd
SHA1

4a8ed0ada69583c08ac198d8f582bd42577b3718
SHA256

2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7
SHA512

eafd808fd965fbefd4d7a01973abb8c175a2306d988f44ae9684c72dc937164db60eb7142c376f6c14a6babfa1bcfa443563f166646ce39d840ec56308037975
SSDEEP

12288:8M0u819hE27aZJIU3IytdjNZjVHXqAH/v9Wd7+xeszQLFWAg+:8uQus/yfNVV3LX9W4xevF3g+

Score

8^/10

discovery evasion persistence privilege_escalation trojan upx

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 24 IoCs

pid	Process
2920	MicrosoftEdgeWebview2Setup.exe
1816	MicrosoftEdgeUpdate.exe
2240	MicrosoftEdgeUpdate.exe
752	MicrosoftEdgeUpdate.exe
844	MicrosoftEdgeUpdateComRegisterShell64.exe
2928	MicrosoftEdgeUpdateComRegisterShell64.exe
2032	MicrosoftEdgeUpdateComRegisterShell64.exe
1944	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdate.exe
1856	MicrosoftEdgeUpdate.exe
2168	MicrosoftEdgeUpdate.exe
3020	MicrosoftEdge_X64_109.0.1518.140.exe
2556	setup.exe
2684	MicrosoftEdgeUpdate.exe
2056	msedgewebview2.exe
952	msedgewebview2.exe
1828	msedgewebview2.exe
2096	msedgewebview2.exe
1252	msedgewebview2.exe
1084	msedgewebview2.exe
2664	msedgewebview2.exe
1540	msedgewebview2.exe
2692	msedgewebview2.exe
2192	msedgewebview2.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
2920	MicrosoftEdgeWebview2Setup.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
752	MicrosoftEdgeUpdate.exe
752	MicrosoftEdgeUpdate.exe
844	MicrosoftEdgeUpdateComRegisterShell64.exe
752	MicrosoftEdgeUpdate.exe
752	MicrosoftEdgeUpdate.exe
2928	MicrosoftEdgeUpdateComRegisterShell64.exe
752	MicrosoftEdgeUpdate.exe
752	MicrosoftEdgeUpdate.exe
2032	MicrosoftEdgeUpdateComRegisterShell64.exe
752	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1856	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdate.exe
1856	MicrosoftEdgeUpdate.exe
1856	MicrosoftEdgeUpdate.exe
3020	MicrosoftEdge_X64_109.0.1518.140.exe
2556	setup.exe
1856	MicrosoftEdgeUpdate.exe
2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
2056	msedgewebview2.exe
952	msedgewebview2.exe
2056	msedgewebview2.exe
2056	msedgewebview2.exe
2056	msedgewebview2.exe
1828	msedgewebview2.exe
2096	msedgewebview2.exe
2096	msedgewebview2.exe
1828	msedgewebview2.exe
2056	msedgewebview2.exe
2096	msedgewebview2.exe
1828	msedgewebview2.exe
1252	msedgewebview2.exe
1252	msedgewebview2.exe
2056	msedgewebview2.exe
1084	msedgewebview2.exe
2096	msedgewebview2.exe
2096	msedgewebview2.exe
2096	msedgewebview2.exe
1252	msedgewebview2.exe
1084	msedgewebview2.exe
1084	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
2664	msedgewebview2.exe
1540	msedgewebview2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x0000000000614000-memory.dmp	upx
behavioral1/memory/2344-1184-0x0000000000400000-0x0000000000614000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_id.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\fa.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\libGLESv2.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\da.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\libGLESv2.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\BHO\ie_to_edge_stub.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\prefs_enclave_x64.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\identity_proxy\canary.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fil.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\msedge.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\resources.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\cy.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\fr-CA.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\lv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\onnxruntime.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\gl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\psmachine_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\fi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Trust Protection Lists\Mu\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\pa.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\SetupMetrics\8c4b8fbe-1f45-4701-8a2e-cd31f0f75cb4.tmp	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\dwritemin.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\pt-PT.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\VisualElements\SmallLogoDev.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\ffmpeg.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ka.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ml.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\microsoft_apis.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Notifications\SoftLandingAssetLight.gif	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\PdfPreview\PdfPreviewHandler.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ca.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\bn-IN.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge_200_percent.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\fr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ru.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Locales\sr-Latn-RS.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\msedge_wer.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge_proxy.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\id.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\libsmartscreenn.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\mip_protection_sdk.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\msedge_7z.data	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\show_third_party_software_licenses.bat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\Staging	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\it.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\EBWebView\x64\EmbeddedBrowserWebView.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\learning_tools.dll	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1944	MicrosoftEdgeUpdate.exe
2168	MicrosoftEdgeUpdate.exe
2684	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-07-8c-02-37-2f\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3D4CF4BD-1222-409A-8B53-676D94A618D7}\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-07-8c-02-37-2f\WpadDecisionTime = e00dc6ecc1deda01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3D4CF4BD-1222-409A-8B53-676D94A618D7}\WpadNetworkName = "Network 2"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-07-8c-02-37-2f\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-07-8c-02-37-2f	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-07-8c-02-37-2f\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3D4CF4BD-1222-409A-8B53-676D94A618D7}\WpadDecisionTime = e00dc6ecc1deda01	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.193.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.193.5\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.193.5\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{513C065E-085A-40C1-B47D-D2F56F9AA0D1}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.193.5\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DA54E8E-61A7-4FEB-A84E-CE76BBDB5175}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DA54E8E-61A7-4FEB-A84E-CE76BBDB5175}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{513C065E-085A-40C1-B47D-D2F56F9AA0D1}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.193.5\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{513C065E-085A-40C1-B47D-D2F56F9AA0D1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DA54E8E-61A7-4FEB-A84E-CE76BBDB5175}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
Token: SeDebugPrivilege	1816	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1816	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2344 wrote to memory of 2920	2344	2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe	30
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 2920 wrote to memory of 1816	2920	MicrosoftEdgeWebview2Setup.exe	31
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 2240	1816	MicrosoftEdgeUpdate.exe	32
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 1816 wrote to memory of 752	1816	MicrosoftEdgeUpdate.exe	33
PID 752 wrote to memory of 844	752	MicrosoftEdgeUpdate.exe	34
PID 752 wrote to memory of 844	752	MicrosoftEdgeUpdate.exe	34
PID 752 wrote to memory of 844	752	MicrosoftEdgeUpdate.exe	34
PID 752 wrote to memory of 844	752	MicrosoftEdgeUpdate.exe	34
PID 752 wrote to memory of 2928	752	MicrosoftEdgeUpdate.exe	35
PID 752 wrote to memory of 2928	752	MicrosoftEdgeUpdate.exe	35
PID 752 wrote to memory of 2928	752	MicrosoftEdgeUpdate.exe	35
PID 752 wrote to memory of 2928	752	MicrosoftEdgeUpdate.exe	35
PID 752 wrote to memory of 2032	752	MicrosoftEdgeUpdate.exe	36
PID 752 wrote to memory of 2032	752	MicrosoftEdgeUpdate.exe	36
PID 752 wrote to memory of 2032	752	MicrosoftEdgeUpdate.exe	36
PID 752 wrote to memory of 2032	752	MicrosoftEdgeUpdate.exe	36
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1944	1816	MicrosoftEdgeUpdate.exe	37
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1816 wrote to memory of 1744	1816	MicrosoftEdgeUpdate.exe	38
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 2168	1856	MicrosoftEdgeUpdate.exe	40
PID 1856 wrote to memory of 3020	1856	MicrosoftEdgeUpdate.exe	45
PID 1856 wrote to memory of 3020	1856	MicrosoftEdgeUpdate.exe	45
PID 1856 wrote to memory of 3020	1856	MicrosoftEdgeUpdate.exe	45

C:\Users\Admin\AppData\Local\Temp\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe
"C:\Users\Admin\AppData\Local\Temp\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\aardio\inet\installer\MicrosoftEdgeWebview2Setup.exe
  "C:\Users\Admin\AppData\Local\aardio\inet\installer\MicrosoftEdgeWebview2Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1816
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2240
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:752
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:844
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2928
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2032
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezU1RjUxMzQ2LUY5MkUtNEJDNy04ODI0LUEwMkY4Q0RFN0FCMX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins4MzMzRjk4MC1FN0RELTQ5MjgtQjk4RS1CMzNFNjExMzJEQjd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5My41IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDI1MDg3MDAwIiBpbnN0YWxsX3RpbWVfbXM9IjExNTQiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1944
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{55F51346-F92E-4BC7-8824-A02F8CDE7AB1}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1744
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --accept-lang=en-US --mojo-named-platform-channel-pipe=2344.2540.235808123519042075
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Enumerates system info in registry
  - Suspicious use of FindShellTrayWindow
  PID:2056
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.165 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=109.0.1518.140 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xf0,0x7fef6b3ffa8,0x7fef6b3ffb8,0x7fef6b3ffc8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:952
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1432 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1828
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1596 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1252
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=2244 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1084
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1440 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2664
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3256 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1540
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=2292 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2692
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView" --webview-exe-name=2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe --webview-exe-version=0.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=2364 --field-trial-handle=1108,i,9348986223506762010,14836573988087784154,131072 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2192

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezU1RjUxMzQ2LUY5MkUtNEJDNy04ODI0LUEwMkY4Q0RFN0FCMX0iIGluc3RhbGxzb3VyY2U9ImxpbWl0ZWQiIHJlcXVlc3RpZD0iezU0RkQ3OTg4LUU2NUUtNDcwQi1CQTgyLTAxODU5QTEyRjRCQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTciIGluc3RhbGxkYXRldGltZT0iMTcyMDQ0NDQyMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEyODkyMDIxMjk0NjY5Njc2OCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE3MTczIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDI3ODk1MDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2168
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1DA517-799F-4F70-ACCC-3CDFC79A9E79}\MicrosoftEdge_X64_109.0.1518.140.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1DA517-799F-4F70-ACCC-3CDFC79A9E79}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3020
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1DA517-799F-4F70-ACCC-3CDFC79A9E79}\EDGEMITMP_E8235.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1DA517-799F-4F70-ACCC-3CDFC79A9E79}\EDGEMITMP_E8235.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1DA517-799F-4F70-ACCC-3CDFC79A9E79}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2556
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezU1RjUxMzQ2LUY5MkUtNEJDNy04ODI0LUEwMkY4Q0RFN0FCMX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntDMUJCQUVDQi1GMjAyLTRFRUEtOURCNy04RTQ0Q0JFMjc1NTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI3NDQyNjMwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNzQ0MjYzMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjkzODc5NTAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MjI1Mzc1MDImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QVpyNFU1M1hOZDhhMkZnWU5iUWdNcFA1aVIxdEZvQ0tJJTJmYUtDc0JKUGFZVUE2OE5kZnNvb3o3b0lISlkxM1VidWhQYkdIb0w1bmRZQTFFcEZ6NjJRUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgZG93bmxvYWRfdGltZV9tcz0iMTcxNzYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyOTM5MTA3MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjk1MjM2NzAwMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzA2MjUwMzAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjU5MTIiIGRvd25sb2FkX3RpbWVfbXM9IjE5NDY5IiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjEwOTk4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Installer\msedge_7z.data

Filesize
3KB

MD5
bd70ed26e6e6f3193043ac09c58c6a1c

SHA1
d733a65e17f2851d5116598dd80533efc1656468

SHA256
7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448

SHA512
3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2556_15182304\109.0.1518.140\Installer\setup.exe

Filesize
3.8MB

MD5
3a92a61a6e01c80ecc7d9499abb901b7

SHA1
d89d05802d937f9c71ced14282b8a19623fca7c8

SHA256
b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e

SHA512
3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
181KB

MD5
5679308b2e276bd371798ac8d579b1f9

SHA1
eb01158489726d54ff605a884d77931df40098e4

SHA256
c9aef2d24f1c77a366b327b869e4103ed8276ea83b2b40942718cc134a1e122f

SHA512
9eb5ef48b47444909b10bf7d96d55c47c02814524df6a479e448e9ff50b9a462ac03c99f57258d0ed8fe3665fb286dde0d9be5a47019fb4d9c68da2b2589e898

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
214KB

MD5
8428e306e866fe7972f05b6be814c1cf

SHA1
84ea90405d8d797a6deba68fd6a8efae5a461ce1

SHA256
855e2f2fab4968261704cab9bae294fb7ec8b9c26e4d1708e29e26c454c7b0af

SHA512
bd40fc5fb4eeca9e1671d0a99a7ccd1d1ab3f84abf62e996827a60e471adecf655b5ed146cdaefcb82d29c563e4eeba7c1b2da243218cbca55009064dcad1f21

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
260KB

MD5
64f7ff56af334d91a50068271bed5043

SHA1
108209fde87705b03d56759fd41486d22a3e24df

SHA256
a98505367c850b6ef6d2df68d24d83643767a6fab8f0dd22cc60509b3363ce51

SHA512
b70c1d2a26f59e94b31beb3151f69d7eb9de8841399b618730d94263cc5402f391cd5cfc6621c8666e5e073e6f8c340d6fd3511f1cb1cbbf6ee75312598f56d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
d1175f877ab160902113b3a2250d0d78

SHA1
7fc668cd9ed31d093f7c88dc4803ce3f3f833796

SHA256
5ccf3eedf6f1f57d386cef188f070c72583d9a96ff674ce91e8776ced8e989b5

SHA512
ba1fa4f61c3ed3766e6bd0ae95e36d7505774c463ff81b989e64acaf878cfd59fa41109c696ed16a122e68edc2e0c9f96afd9cfbe92bd7351583719b028c1604

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
3cd709bc031a8d68c10aaa086406a385

SHA1
673fbf3172ec1cee21688423ad49ec3848639d02

SHA256
54dc23402365407bff46318ac0c8cb60c165988f4159a654b5d6013e289f888e

SHA512
04e51aeed7c535616f1db7f92841bcda2bc22f85eb06a7ffc5b626f9f69be0219a042e8ae4a486a2f753b7f65901a082b81f5ba72113d9df9ef123b32367d7d6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
15abb596e500038ffdf8a1d7d853d979

SHA1
6f8239859ff806c6ad682639ff43cedb6799e6a6

SHA256
19509364513e1849ddc46824c8b3bbc354bfc4b540158e28e18abb10b8537dda

SHA512
c4642146979700898ad3adeb0160c8e9d7bb56c1e224a778d400764750c9d9cbd7c4ee52bec0853cc0e577884515bd40a1b0fd643cc0b66b56d472e0bbb1c23e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
61c48f913b2502e56168cdf475d4766a

SHA1
2bf4c5ffbfa6d5c5eaf84de074f3ad7555b56d5d

SHA256
8fd703a50d9cb19e9249cf4a4409da71104c6a16475b9725306cd13c260cefd1

SHA512
d8ba17df865bff6e2785986d9a8310ec7b0e530e389bf7baa719e95b7effa84b58c7102d5f9711fbaebdd2bbcb3cd66760f9eeed92c1aeef06b85d3724028d2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
2ba6aaea03cf5f98f63a400a9ca127ab

SHA1
807c98ab6fe2f45fa43a8817f0adf8abeec75641

SHA256
509cb950d7f5d8f99adff84e6e381001f14571529571419fd5452b48e24c7291

SHA512
d4b91512b586dbc1cd0c63aaa7bf82900ba80de2b3e265b0200f0a4e2bf0c0a3916675fb72f9bc0b4eaa5d9cc07ade94c8210ad2156fea6d3d2416a5cbf98c24

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
d624c5abfca9e775c6d27b636ca460c4

SHA1
8726c57cf5887367c8aa32a1de5298521d5fe273

SHA256
7023866e9644a1edb50f0f388bc3f2aeaab561822e6b7d75ec5c66b151f126c0

SHA512
92d0d5605336c329359f7c4aa7eeaf972f21877ac61f377e7a2f3c6d66f5d6882be649b765e4122043212381034b4131d44ae996dfc1df4a2e248babcb076c30

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
6ff52c5cdc434e4513c4d4b8ec23e02d

SHA1
56b7b73e3cf2cf13fa509593f7c5aebb73639b83

SHA256
414269530f9ecb045e2049266ee0b58df99ac37de75e0e127899eb3218371555

SHA512
adc3b5593a69dcd0a894ed6bc1160fdbb0d0e9e96e83ca4430ef28e9115d6023f54f3e3fac3cba1ff4497e486991dc4e7e40c7b75ce7796a5044f1ccc5411371

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
c52c76a02dbfbadd6d409fcc9df8dd16

SHA1
d406010ac12ed41e6cdc75eaa2daa231a1d6df6a

SHA256
91843e7eb2f1a9e14f51f2b552d8390cf7846b4406b97ca98b105beb40fc461a

SHA512
28b24bbe03f79a7e4ad51e0e15a664cd783b527255ff0952d43086071e494e7e45ae50d8c378f69abb22942eda2e8dcf8421e2922dcff9ff9cb851745750d2ee

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
eea17b09a2a3420ee57db365d5a7afae

SHA1
dc43580f87f67a28c6fa0b056f41c2c0c98a054e

SHA256
b86d6df0b608cbab18ea53c31a9a17c09c86e90e8592f3269af0517c9756c07d

SHA512
53a199b1bd82ddde65fd6c9bb007867bfa3b2c39e07817a7aff39b7596f00a76bc5dc23687c7fb41b75b00b30ddfdb38a76c740c38bfe41dc21e1fa2d698469f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
1a3815be8fc2a375042e271da63aaa8d

SHA1
a831ce72e5fe3c9477dee3defc1e8f1d3a11aaa1

SHA256
e753e2315e26bc7b8334077846dc91a85fd89f1e483b305af8aaac5b596585db

SHA512
9642fdc3cb49c6d0e4b1c4e1d636007234b126f48da1fe77f586cb8f9403bdc786b54d4bcdbc6175214b7d06a1879f2c809d3fb7e1b920ab36b29a12afe92fb4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
253afd1816718afa7fd3af5b7ecf430d

SHA1
36e9d69eb57331a676b0cb71492ab35486b68d95

SHA256
53325e46247a616a84442abbc914b8fa08b67800ab55d5625e43a58b19d44767

SHA512
649b292b80dde95c195b968b51dd168f6f5513b179a35832b5e759795f04e6e6f326a34f6f7db37d12b8c322ccae197455565491c2484b8237c82e1bb2e77ad6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ca.dll

Filesize
29KB

MD5
7653243e1a6fbb6c643dbc5b32701c74

SHA1
fc537eccc1da0775d145b21db9474ef2996e383d

SHA256
9df1383dfa81c5064acd9130555dbaf2e7413b6e2bc72b1d2340a6013387061c

SHA512
d7834c02a3891afbba040c943ed4255041a6c241d76ac138ad0c04baf589aaa355067395c606e910ef6b91d64042bf9f5c39bd01320d9eaf4ef850a24c17d1d8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
a2c7099965d93899ff0373786c8aad20

SHA1
cfb9420e99cc61fb859ccb5d6da9c03332777591

SHA256
1343867f317fe3fc5a2328d427737d41964188aba50a9739fd0ec98319fec192

SHA512
d2d1cd41bc425a1aa4c491d65ba9c4ced9dcb600f1d60af76151216f8eda310049002e5ca360d1df8f59d6334ad87b950c67a20a6d1c7f8a2ea322c9980b6a8f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
8fc86afdc203086ba9be1286e597881c

SHA1
6515d925fbfb655465061d8ee9d8914cc4f50f63

SHA256
e8dfc22e5a028ad5d423634bf4ed96b90841fda6ff69c35469509f9a988a3269

SHA512
cbfcdea1b4cb5f404553ada87de1240a3746306563f5f200582a21be656b43c0a0e5dcf25cd5ac49bbbe72abcf8147e62aa8a5e0a810bd6fbc7a1eab3e6029eb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
414adfaec51543500e86dec02ee0f88c

SHA1
0ad5efb3e8b6213a11e71187023193fafc4c3c26

SHA256
32684d2337a351ba37411962710983538341012e6526a9129161507aea0a72bd

SHA512
fddc2123237a9357667bbe6b91f93b5a9ba276533b9c16d98adfa01045fca375a7aef5cf83e175c55382a387a16062661a4797da81f39881ab379c7863e2b054

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
d263b293ee07e95487f63e7190fb6125

SHA1
48020bb9e9f49408c1ce280711aa8f7aaa600fe2

SHA256
c4a3198c15489ed873dde5f8a6df708cfc4a6d8722f3f1f63793863098509af3

SHA512
69a851e77124e55f3ee4e3fde169f647731a514dfd16a22013a0ea520b9d6eb9f2aacc9c48a2a812eb8285f46db1a27d196c409587f4549f4e122fdb59ffe1b6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
8708b47ba556853c927de474534da5d4

SHA1
a60c932bef60bef01e7015d889e325524666aeff

SHA256
720074fb92fc405dc7a5305e802e2ecb7d948de58c814b0ebb2c02a0052a6894

SHA512
58d7f419b26a95c986009af9e235fbaca67bf6b1883d8c586c802262fd9fbeaff56b051bf8de8e26f2e4ddeb803bbd4f87c84b1e02f5a43b6614231c59ab258a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
511646c2809c41bcea4431e372bc91fb

SHA1
5b83f1c9de6bfa6f18ccfecf3190a80af310d681

SHA256
719a5c47d3452e3dfda300788aafeba963c588cfea31d1fb1021f846bd6742cc

SHA512
0b45cadd82dd534ba9d4556498817c712bd608b645faee74034c8c48cc39c13c0a8530826690a5c5ef42eb36e3f15f3b97e75625eea8902f12c21291df4cd211

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
ec991a4becce773db11c6f4e640abacc

SHA1
298b5289e2712ab77cecfb727c9c8d47740f6fd3

SHA256
800fc7987f7ac32267e84122eb94d8a21b83c481c2a34b03d832d57debc2b930

SHA512
3e6066cb89abafe963337bbdc371b941ac21b69ceaa19f394512c84c0c06ce9d03141a146144d24172ab6e94f5900071b5b3f38c49f3a079c03bec24bd0418ec

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
9309baaa10c227af2773000a793a3540

SHA1
55032c43f7a7eafb19bca097e3de430aad3913a4

SHA256
a35fa7145fd3bfbc0d71cfe1bdefcb506cd02f0939dbeca83644978af8f896ac

SHA512
21a05fe75d6115a7a49e779c9156ec25880393b30f69fdb80dc0dbe1c3bb401790c8e62525c0e6625b141cecb970b8d650527d73d2d86afa5056177957c44c24

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
1c48f6a58fabc2b115dab7dccfae763a

SHA1
c60db12b55074013293dd332d2736d251beaeb8e

SHA256
0f6775450c40baea4e72d1eb45cff7c1daf2ac1210006bf7afcc91975467c086

SHA512
a84a0ffba4f389698941a497ca6e63c6c632d2eeca788bcf970ea35f1083076950b59b9baeecab7ae17d06847f4675f748cc25b904b03f679801dfb3e2755c13

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
d591a3987492132f6ccd7968a8176290

SHA1
78a79e0e3935dee509938c9a3b095ef486283793

SHA256
02380099a6a942004b0b0042f071108f4896884d19ec7c4cc1264200a8e0aa6f

SHA512
7487a0e63a17cca85a127c8880e33c30fb192fb83bd05dad67cb4a3b9ad6ba84b594194f7126acbfb22ead2c00d3bb776557a0fa012ee1b7d43d88de2c7eabb1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
67624d2a8017a9c5fbaa22c02fb6d1b4

SHA1
b39c26cb632d6e9cbdbe6f0490e80c11a94782e4

SHA256
eb0033a91d64a80aaa66bd088692a8d089169524253b6286b5604ea1aaf0bc8f

SHA512
f2fb8edb244d781a77c67ab85c40f0521ee80f0349ce897860542b6f32e134043afdccd50cd17e86c234000493f5c3b1b75950d1eb12e4d088b9fc7e012f06d0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
0b3cbfb6bc674960c6da5c47689e45d0

SHA1
f91aa435a0bb4fefa3f7568d8f7b0e2022fc95f4

SHA256
eca2354e58a321a78bcb21c24beefa050758c08e86218c55c12434c8ce715942

SHA512
3a0e819ec96ec05bf0eb7119687be1a408330703a3c888e49a19fc0bb8ee62f45b1c9a9f24d7593e0355177445e566d6cba62d0b7d437b139eb08b274d3bf13e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
73650ec3b5bf0ac418d06ff2cad961c5

SHA1
5580915cc24402c72c49834cd9bfbd7c845de468

SHA256
6817e994def058448407b6320f325f75dea6e2e561ffc747d0486a716d08384d

SHA512
c08b069993790440f1baed5fbfc07368e9564d9bf0c16007968569b433b0b18ae6e8184f3073d522e92b6a7b4454ac21998b8f4fe80946273710097c659e2639

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
6f2865bdc505a8216aadea20c0a0c6a6

SHA1
a93b8db9aa8f2b2887ad43fa050f98584e3db06b

SHA256
95b158fd84806d0dadb3d9a90f7b8a78040c1ecee5ff4dd266d407848c9f3a77

SHA512
fc9ccad02d6c04e6d2e76b06d5cd60c486b4a2ffcca1cdc638cbeceabfeaf258c8dbcd5ea7fd3f7e2d288577c90565de7005c88638531ff24bfbaf2fba704c69

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
93aa56aa0165d137e497c4b77965a6b5

SHA1
5e1396c24c76dcf8dad5d97e57cfed7372e7b8be

SHA256
aaeaff8fae26262cdb2ccf1faf84bd202ff2a90d9fc95575770bc53bccee2c54

SHA512
adb8e9aaf493a62a930398682522b8e9411a645d85493ba4e601d6f4eebd48fba982c6df8c5d01a78cc135d03bd3aa912fb71c3c8e26d1d99feb898e0a422a42

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
a4aa60f4891441bd2522d577f14164f9

SHA1
19f8a517c449b65967a1ae8b1b6a7f492ad0199e

SHA256
7768c2b03810cdb491986f349992d32717c4c14df6266d5f70fa89aeb01c5a60

SHA512
0a26fc4bddbcb0078f9ad0c5c9417b74f7c30c6a20e1272edbc20a3b0db29ea17dbc3c9224d2f131570444ce4fbf6f20b0b96e720d2b53c882b8735f444091c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
302403f155be43251104dadaf07f1c1a

SHA1
2f4a21b1e7aed5792b269ebe7a81dd29c3a6182f

SHA256
3b6dd91cdb5cd4abedff8940c8a9e0f38cb3f8c49084ecbfcd59b788229f3230

SHA512
742c2bd0cd9bc7fb75ee1fea45e434fcb40aed839f2854e17267382278269dcca640b3599823b0e4d04350bef0a0450bfad627586ee49f031d1922d73bc74fd9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
47fcec572a8eea3510596c079c431412

SHA1
732395d8698191610bfb751e1466a868bca9b839

SHA256
4a8c39680f188b75691e80ab5938e34aff83639c06a9722e30555c1cb8a927c7

SHA512
1f18528128b6675f51a91c137e328ea06009636ef5c1970a8a4816437f445bdbf96428a3d310b04cfaf61d0a4adea7a4efd4f9bbd4dadb3f320366f39e40fc7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
492d2c11ad558129c9c687641bfafb33

SHA1
c713926e13f062106937419975defd7e69228b35

SHA256
0879c36a3c750ac9bdc4d73ed0ffb23d9c67e6d486291d56d3c5bb60073677c4

SHA512
08d0e4664f07f05f3dea2dfa3d64815067b41cd63701b948b43016369a64151ae515f8c877460037b0f5306c8b080756321d2d6195fd392d86d0e9cc61bc1856

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
fae86d2dc9b09f0d8c0192e2bb53d929

SHA1
e5d0dc95449d533785367d088ef5a357ebb7dc08

SHA256
5d0f9f75e78fa5c0b0bd2406d6c671675492d92d3dc2515314bc79ba3132e540

SHA512
01c7ae01172d98fc6cbc92510b2bafdc56f794f290139e3bf87952bc98b27b338e31899dafcd36f965e7240133183c5dfd6cf6085468fa779813121a27d7cbbe

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
8d88faed698fbd4895ad6786acdea245

SHA1
88cea6fe82ac4970a2dafd971277d458b5aef61d

SHA256
c1b2203965c8fb10f6faf65d591400a2da7443d0cba36aa8bde147e1ff6aa0a1

SHA512
0a6eacb240a75135a7c651e524888462be350116ec19522c079fccca31a26904266e38add42eec5ef1036dcaa05ccdf9faf9d3b91923018d1aefbe8d63d1a27f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
d9f0084ca7d58e6cbc12b7111b9f4be1

SHA1
e96bd472daffd3569551f15eb602a7ce66da8935

SHA256
2d45ff287b4dfe4db12cf83a88ddca14b560d991ef28dc6f5078b44d2603fd90

SHA512
ba7e017b6cfb11a7e1f4a22c28ac8b4d4dc571a91c32ab6d63a87ef9dec334fee0062c5c764c662b6f8f89b80758a7dc1781858d0455ab3eba455c8d83134418

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
aace1b6afd05113ffe736206e32e8544

SHA1
48fe1f61e565f99ecf6365ddc6c2c24b2f38db5d

SHA256
e395b29108a3a93fcf7411311d4f478f847f0d8337d4a2cefd64ae6bbfd21110

SHA512
be7ae77ce69e6ada5a6169a0efb858723428084f9b7818482f2eaf7d5243d24b9c8131ea01e3f94cc9766d7462e5dae0ce5437247907f764ecff011c866bfd81

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
469423bc5ecca0db996ad9fe789fd58e

SHA1
dc68d62d25ed917f836036911efd5067f9062c18

SHA256
a25d798ed22ad51682aa90f66e5cca638ae095f4141eba6ef7ca45eb1ef217f6

SHA512
360717c97b2f582843de19d819a5dda2cb2f8090c6542c0d87ae1a27cbf154cfd0b845d7f816ca236e65ce17013bb8ca640a5af2c9e5fe4fef05e94405491df7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
5dbbd22cda9cd2e19aae769dc7b083b0

SHA1
53fd1812647e5e413531d8e67e7970d3e22dac03

SHA256
973c96fdecc4a157782414eebb1b17a94b146efe1a97b707043953d0ff1d03aa

SHA512
774a5873117c98096e8826f7b03a8ddfd2cd7a1f815ee855a591f86f68bfd6bdf537ed49c9d4094fe931aa592da3eeefe0ded3625a9b811aa2a55a129dd7d9ec

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
2f7b11cd7db9f173d040519ef0336ac3

SHA1
95e753d8bf61ef56dba6807bf730a42d390da401

SHA256
8f7b44e60f4450655d963cec393fff3fab4f283672a8dbc8109d1ad967671171

SHA512
ea60bff57fd53ab2cad475d753066d108c2108e41e7e4abb6b1bca153d04e07dfbba386ba73efe9b8a84032c9bb4b35b3c655280b43ee93637c5b388d1dd187f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
54519f24fcf06916c6386f642ebaf8a5

SHA1
2a33c7770c49bb3046a2a78a0457d6dcb3a23f02

SHA256
1b0adf22a09097ce9ac5d102e0f102e6d3f2238c21b6d38fbec3c269bbf87c44

SHA512
704684c706c9a40cdae8a68615a8a9782b29d177bb5c58e8c01e37c139296d6f1d48a446ec211d746aaf341b06a9148e246dd79b0a8a9098de0f66c68ae74eef

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
12de274382418dd99d1125101d1d63b6

SHA1
4a9b0be76a7136f3b64c7bc53724dc2acc798c23

SHA256
7e4f333b20f272bd86182fb3fa191e8ac6bc84c301e28886edbcb92e6e5e1eb2

SHA512
9b05f97ca079d30560b09ca22efdb314dc7e36cf601d672a260f4c064d7841776891374a18d8ba1fcb4238fb854187b95c2d5643f428277e076b734ff477267c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
e0eacb57da5404523e0351b0cc24c648

SHA1
49ce11a94c2751b7c44914ceda1627fb63651199

SHA256
1a269d41990cc81b01b77f0981ff4e9ee31fab50cbe9f0ef437044b40ff72c79

SHA512
735c37d267091491f55d80837bc4879a7a2d6dfaec6c3d2873770cd7706a39f29672eefa2f8a27c6038f84069517a8172cf929f48e637a9c65803e5f49525d54

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
f1c5f5604f5c2c0cfdc696866f60c6c3

SHA1
25643fc3eef898f4288205c711b693daaf8e78ee

SHA256
e46eb23160f9e87a0d5aab8fee0e1d1aafe7299964864a2c59e9b9f718105406

SHA512
0b562af8b178af10af225649e6c043bb848cfff81a5fa19cac9614eb8f793a97de25aab302bba69c7c35353dfd62baa0cadcc3635c773be1fc10d180241dab44

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
64ad801a1ae3d24396147603cd5e8b41

SHA1
e9bade01b12321017c450990294b40232c3f7e92

SHA256
43dc5c7067bf4af7e8b67b472ee73143b74f4e65efa51e9049476b5bec568645

SHA512
37c761400fbade30b06cbb036a288fa9585ed2e067834ff62230097151a4c923118811a79b126a775a15f08238fc957582b3ac41c30d2834d2a7d2ca6dd449a1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
b772db9d925f936765055000bb2a4467

SHA1
3c85a28a6dc67e376cb72e25064a5e775b8fef87

SHA256
df7dc4e535280090722edfea9f3de3197d1e35d3c8913ecc33285aeb00977e5b

SHA512
00c732875c30a4d8dab0582fd9255d9963fdeb0e334f75394b6992c9a0620a7a549ef58076f75bc13b41855b356db08b49959d65695ae859b64f4c3caf6c4b0a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
149ebf8a4922f050b73f3fb40519d0d3

SHA1
141e3cff4b20cce5e3d667d9b56826a5947b040d

SHA256
6d42d10a0e2f8cdfcc5fedeb52ac351c2a28e80d2e9e4c59b5a68ff5c258f418

SHA512
65b5488070c58b5593ba8415c3d6834a6aa7bd17f39fe8120b509762860a5386a1a2a975b740bbdd9abcd3477e6ca9bc98eb35ea46cb148eed0527f504f1e737

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
b618d09cdf4473a17d9041fdf3309682

SHA1
7a36cee82849e2beadc82b88640ad25bf6eeb0f6

SHA256
cf5af46c9f3f5103c291b80754703d7c4f90a34b5a178631b6b018ae737608c7

SHA512
788adae6cebf5cbb8502453655f4e09ed22b8176bc071e4af5e82cc52ba34cc11fc6a60e1e5085a6ddeb7d16e4f342c991125c08dc6b1e7b630f65b4a567d346

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
2098457eb957f51e0a4d01c0f7742483

SHA1
5259907d75441a249d7831739a3e425de7a95fac

SHA256
aa0b46a2131033a170b893e95a2daf4fc66d0d9bf30dca2e6e22a4aabab51b51

SHA512
a014dd1e4d3433c9eba9e98cd3b491a4b9e227cf414d37cae197d5992c57d4583452a1676828b0a44ece02be373dd2a44f6708943c3b6aa1a99dedea9aeb832b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
f05c5afd8fba163d63a0eadc15ead729

SHA1
37a09e16164761234dbb12a0ff05051d21dee28f

SHA256
8b9e0b55dbbeffb8cfa9b14cc172e8257597aa52414acf6e08392fa5aa1bce70

SHA512
44d469976e09694f12335b5c66f49873c75d5caa181b1bb2e0b2cc174c630143cb3f067c5937e020794cdd2a940d86e45ecd8672fb44e3c4a20193c41aa43f4a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_lt.dll

Filesize
27KB

MD5
14a6bd067536c13b7bd33830584567fa

SHA1
47362233c439cf398c2898bbc0ca1bd0b39db55a

SHA256
28a8fcdf0639f8a456c741a889a994b5b13fc64ae87e294a67afaf28549bf1d0

SHA512
3e03a74b14f3efb9529a2b212f1a2fac5ee5b7f11ae579b1950d1d53e9ac1db7e9424acf58a9a68c9bebec7d2068851a4e9f8f88e5fbfdd16206c159b9301bdf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\msedgeupdateres_lv.dll

Filesize
28KB

MD5
3b20fd47caf6b5b640334ec6d5b6ac20

SHA1
55929aeb391a0fa49daf8c3d281c1a29aee17e47

SHA256
d67844a5bc828804efdcdf9d7049ea1723f683ab62bf131d652da2567866087c

SHA512
788987f4787eb5945b397f331d8b97d58b0b4089086d67acada92fc9b6b5efa63e603403ca9ce092ae296b0991bb981a4ae8f70f80e81afa2a94b80f8a3b4aab

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
1b03a544e35371e186d4f9e379977d34

SHA1
66ee883f9c7e03dbf6849e9da799c43b6a9f3818

SHA256
5de334cac1604bffa505495b27bfbc46ccd3446bb487a25b135468892bf70dc4

SHA512
85e6e29a65274054cfca911ed9efcb72c01f59443d0bc3efce8eb4dfb4124052a5881daf2998a09170c1ea4b9fb7440ec274013862d36be3f5d7eedfdd8b94fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB6C3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB6F5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
6063fe1d7b63157eea969e5e3e8d609e

SHA1
ee011618e9fef510c24aa630d62b3e38b6ae6643

SHA256
c74925b40dd2670289cf458e8c15a7a78371a6a7a16091b0fcc173587d8cc448

SHA512
37519c3d49818dd2222522345c2cfac976f4fbd2ba27a03eec1eab29ced49fcc4ac04923d795e2a167791ef34ae8e062fdea8a3ad84e34767a93dcaae8583cc5

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Default\Extension Scripts\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Default\Network\TransportSecurity

Filesize
199B

MD5
1945432538c7632c09e4d4849f0dc2b8

SHA1
81155a6eb07fe1068354df14854f361b2b85e375

SHA256
7f2d5ffef5d982e60ba3ac2fe8827253fc80e9826dd4b99f16ee7b56059f5bd3

SHA512
ee27cc4b80791da91ae9d515203661868b2fd03bf2c5252b61372d7f6083ed5307ef0fa7fe954dd1e1feb48a2887707a5c785d3c37ed294458882d1db8be71f1

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Default\acd63de5-9062-4361-9f01-12ff2c600013.tmp

Filesize
5KB

MD5
f797061b3b940596fbf68ee9b4678096

SHA1
4fe132e9e74a68927c9d86494c584f78549f0e44

SHA256
7a1eac30cf3e4ebe8e789fc21f4b7f5f92ee2fa8c3c6078ae37587aa00af4b72

SHA512
8e14e063cf4c89aad71261c0aece335ed4b9e200fbf18088d76376697dcd82394507d50e59c8a7eae8bc0b609b63e0bb0d5f65e02285aa49e3e52d822ff49593

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Local State

Filesize
1KB

MD5
e8b539278605ae61ba8b3cad4ac52dc0

SHA1
3fd3c0ab60e2225579a48b0f264527de79e6cfa4

SHA256
37d10dae10334bec026284ec6a9cd4d3f7914cef6fe975a2222583c9387b9b7e

SHA512
06d4f66d5b81edda15b931cfd24fb63cd2ea18fc8932ad9692fc81c2bebc00ddc70acd3a2ee3c6ffa10d66961ffab53c8c9f3965321ce8027c17171afd33921e

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Local State

Filesize
2KB

MD5
d000d41d71fb93b798e71f23995935d1

SHA1
7b1b63df0ef7112a20d755766792689bfbe4c68d

SHA256
9043fa18ea915cd755dfe5f77a141256c8a5d914ef2d829d4721129e2de7894d

SHA512
71cbdd0cc842a941fc3fd58ad5087028fb8818df39f37821babb9ddc4f5417e919a84b0623dd0de5a898dedaa20b1b1da59d0dc1bcac3d0517d8ded04efd1493

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\Local State

Filesize
2KB

MD5
8fbee50c624d7b5cf8fa58e2ec8801f9

SHA1
1222acd76554c1efd4ef863adecea4b40bd99774

SHA256
5172542ab9a7f72564b97653f1eef154f1f543c0ed50d3fe03740655c23c1f36

SHA512
5b771c3e1edc9d2fceeb6d3e5d15589294cc6d45077281018de81daeff985da937757dbbd311322d3e45d3798554d80f26b587c3f2a9d8aa526eb2c266be89e6

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\aardio\webview2\user-data\2fdb818dadb0f5e4e3bb6bbf45deb344129cabd1f30199a93f89556b4d5213f7.exe\EBWebView\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bf39194be88312c67ace74041c3d45b7

SHA1
28d868f8c5eca68b96a36151f21e8870888823f7

SHA256
0e04912eebaf3a0f7e396e809aa82f6328b59d0210a0cc94b31aa36d516c416b

SHA512
4bccf8bd447cb1b4296e64ed6532e86c11d7c4984969d13aeb8a23933f67c2bc97dec77d54fed278b1add85606e04fa313da7230f4d97a5f1fe9df4898e487f3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
12dc328e4bebc336a9539a7be3d9b668

SHA1
ec0a9bfb6709f269a1580d2b0cae2b6298f0acf0

SHA256
18d7e960a2bb1f96e294e0d2ec50636c20f4e8a6d91c611a2962fa5b59bd2771

SHA512
f922dbbbb1830575d2135452544b3bdb13acc59fb639f904874f8350c1385f20beeffb19577b4a6361ebb2a7a6b658d7915b59921d801cfeaf7f33d43b9d22fd

Download Submit
\Program Files (x86)\Microsoft\Temp\EUC0A1.tmp\MicrosoftEdgeUpdate.exe

Filesize
200KB

MD5
090901ebefc233cc46d016af98be6d53

SHA1
3c78e621f9921642dbbd0502b56538d4b037d0cd

SHA256
7864bb95eb14e0ae1c249759cb44ad746e448007563b7430911755cf17ea5a77

SHA512
5e415dc06689f65155a7ea13c013088808a65afff12fef664178b2ea37e48b4736261564d72e02b898ced58bfb5b3a1fcdd2c7136c0d841868ec7f4f1c32e883

Download Submit
\Users\Admin\AppData\Local\aardio\inet\installer\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
2aeb55b75f68b4ea3f949cae0ceba066

SHA1
daf6fe3b0cb87b4e0ad28d650fc9a190ad192b1c

SHA256
22484fdf3008a593e7ca188863d423b8b2a345391120ed296ce8b156cfa983ab

SHA512
3b6a6d6c87b8d9ab06fac72fa38067df4c7d4385d37d391d7ad58a623215681fc0366621ce3ce5c08af25e11cc468b18844ea5f7c8ccb71473c956c29d20188c

Download Submit
memory/2344-25-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-31-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-59-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-61-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-63-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-0-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/2344-55-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-53-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-51-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-49-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-47-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-45-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-43-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-39-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-37-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-35-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-33-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-57-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-29-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-1184-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/2344-1304-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download
memory/2344-41-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-11-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-27-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-23-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-21-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-19-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-17-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-15-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-13-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-9-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-7-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-5-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-3-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-1-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2344-112-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download