616cf96f2bcb7b44323ac36196b951cdbc24a52b722b0eef88f2f47f65276a64

Resubmissions

24/08/2024, 17:50

240824-wew6hasbpa 8

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 17:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

walksim.dll
Size

131KB
MD5

25bee46d165c43bf48fafc83ef0db90c
SHA1

b9f3e12f89dacf28b8b6a1690061b1001e3d60ba
SHA256

616cf96f2bcb7b44323ac36196b951cdbc24a52b722b0eef88f2f47f65276a64
SHA512

efeaadefdae04fdd6cd7e9c16c90cc6b9e5775481e01647bcbfaeb2f09cfb53356217134784b7681444e73ae122d5d422f9807da33afcc3280861762cdc62061
SSDEEP

3072:q1EBqfK+NV8jM0R5WScidv0UZ4te9DoalUoYS:akmfV8j/GScQsk4te9DooU

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 12 IoCs

pid	Process
1368	Retrac.Launcher_1.0.11_x64-setup.exe
2988	MicrosoftEdgeWebview2Setup.exe
2908	MicrosoftEdgeUpdate.exe
848	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
2396	MicrosoftEdgeUpdateComRegisterShell64.exe
1740	MicrosoftEdgeUpdateComRegisterShell64.exe
1476	MicrosoftEdgeUpdateComRegisterShell64.exe
1668	MicrosoftEdgeUpdate.exe
2816	MicrosoftEdgeUpdate.exe
2504	MicrosoftEdgeUpdate.exe
1752	MicrosoftEdgeUpdate.exe

Loads dropped DLL 36 IoCs

pid	Process
1368	Retrac.Launcher_1.0.11_x64-setup.exe
1368	Retrac.Launcher_1.0.11_x64-setup.exe
1368	Retrac.Launcher_1.0.11_x64-setup.exe
1368	Retrac.Launcher_1.0.11_x64-setup.exe
1368	Retrac.Launcher_1.0.11_x64-setup.exe
2988	MicrosoftEdgeWebview2Setup.exe
2908	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
848	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
2396	MicrosoftEdgeUpdateComRegisterShell64.exe
1960	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
1740	MicrosoftEdgeUpdateComRegisterShell64.exe
1960	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
1960	MicrosoftEdgeUpdate.exe
1476	MicrosoftEdgeUpdateComRegisterShell64.exe
1960	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
1668	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
2816	MicrosoftEdgeUpdate.exe
2504	MicrosoftEdgeUpdate.exe
2504	MicrosoftEdgeUpdate.exe
2816	MicrosoftEdgeUpdate.exe
2504	MicrosoftEdgeUpdate.exe
1752	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 8 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_gl.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\msedgeupdate.dll	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\psmachine_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\EdgeUpdate.dat	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_id.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_az.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_kok.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_nl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_tt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_te.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_zh-TW.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_et.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeComRegisterShellARM64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_mk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_it.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_fil.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_af.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_hu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Retrac.Launcher_1.0.11_x64-setup.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Retrac.Launcher_1.0.11_x64-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1668	MicrosoftEdgeUpdate.exe
1752	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadDecisionTime = f02855664ef6da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadNetworkName = "Network 3"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadDecisionTime = b0eb2f6d4ef6da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadDecisionTime = 907c43754ef6da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\da-f5-e5-ed-de-fd	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDecisionTime = f02855664ef6da01	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDetectedUrl	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDecisionTime = b0eb2f6d4ef6da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDecisionTime = 907c43754ef6da01	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-f5-e5-ed-de-fd\WpadDecisionTime = f0b4d2704ef6da01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7D9CDE4D-E426-4AA1-9E7B-86E16919E46A}\WpadDecisionTime = f0b4d2704ef6da01	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdate.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Retrac.Launcher_1.0.11_x64-setup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2908	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1368	Retrac.Launcher_1.0.11_x64-setup.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	firefox.exe
Token: SeDebugPrivilege	2296	firefox.exe
Token: SeDebugPrivilege	2908	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2296	firefox.exe
2296	firefox.exe
2296	firefox.exe
2296	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2296	firefox.exe
2296	firefox.exe
2296	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2296	firefox.exe
2296	firefox.exe
2296	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2524 wrote to memory of 2296	2524	firefox.exe	31
PID 2296 wrote to memory of 2600	2296	firefox.exe	32
PID 2296 wrote to memory of 2600	2296	firefox.exe	32
PID 2296 wrote to memory of 2600	2296	firefox.exe	32
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 2484	2296	firefox.exe	33
PID 2296 wrote to memory of 752	2296	firefox.exe	34
PID 2296 wrote to memory of 752	2296	firefox.exe	34
PID 2296 wrote to memory of 752	2296	firefox.exe	34
PID 2296 wrote to memory of 752	2296	firefox.exe	34
PID 2296 wrote to memory of 752	2296	firefox.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\walksim.dll,#1
1⤵
PID:1760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.0.408217703\411549847" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bb8803b-72f0-4899-9b07-75f23cfe73cc} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1288 121d5b58 gpu
    3⤵
    PID:2600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.1.388827949\1749653206" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c8603c-2794-4830-8919-412571dfbf98} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1496 e71358 socket
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.2.539535722\826511127" -childID 1 -isForBrowser -prefsHandle 1772 -prefMapHandle 2084 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10190344-9476-4a3a-aaa1-4b382f379c1a} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1128 1a471258 tab
    3⤵
    PID:752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.3.211594384\605814464" -childID 2 -isForBrowser -prefsHandle 828 -prefMapHandle 1640 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {531a907f-ec89-41c9-9eb9-8740f273cdbc} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2460 e71958 tab
    3⤵
    PID:844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.4.490157857\1092247557" -childID 3 -isForBrowser -prefsHandle 2764 -prefMapHandle 2760 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70442c6a-5421-43e3-89f5-faeb85f0d804} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2780 e62858 tab
    3⤵
    PID:316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.5.27250372\725289442" -childID 4 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6bba61-df18-4264-97dd-a6105d37bdca} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3704 1da29758 tab
    3⤵
    PID:2608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.6.1155679238\1375119290" -childID 5 -isForBrowser -prefsHandle 3812 -prefMapHandle 3816 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eea3f3e-4561-43aa-a9a8-baaefb5fd392} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3800 1ebac258 tab
    3⤵
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.7.921885145\323172783" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0fc39d8-0da0-480c-8f7e-74206d992033} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3976 1ebaa158 tab
    3⤵
    PID:1824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.8.1127712602\2117475768" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1932 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {737cbe09-464e-4179-ae26-dec6dc4a5c5a} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3676 21d77358 rdd
    3⤵
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.9.393736910\1874389789" -childID 7 -isForBrowser -prefsHandle 616 -prefMapHandle 3988 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {572af5ff-bfbf-490a-949e-a2b9391964eb} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 4428 e69f58 tab
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.10.412916513\2140488464" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2372 -prefMapHandle 3664 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b5c61e7-9cc8-4d6e-b31f-b009aaec6e14} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2116 1bc8a558 utility
    3⤵
    PID:2744
- - C:\Users\Admin\Downloads\Retrac.Launcher_1.0.11_x64-setup.exe
    "C:\Users\Admin\Downloads\Retrac.Launcher_1.0.11_x64-setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
      C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:2988
    - - C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2908
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:848
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1960
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2396
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1740
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1476
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDgwNURBRjAtNUFERS00NTE5LTlFMEEtQTg3MENBOTdDRkFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxOENFQzUyMy1DMUY0LTQyMjAtQTkyMi0wMkZEMkZGRjZFRkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzUwOTg1MjAwMCIgaW5zdGFsbF90aW1lX21zPSI3ODAiLz48L2FwcD48L3JlcXVlc3Q-
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1668
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4805DAF0-5ADE-4519-9E0A-A870CA97CFAF}" /silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2816

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:2504
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDgwNURBRjAtNUFERS00NTE5LTlFMEEtQTg3MENBOTdDRkFGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NzFCNjM5RUQtRUI5Ni00MzlFLThDNEEtMDA5OEJENzA3MjE5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1MCIgaW5zdGFsbGRhdGV0aW1lPSIxNzIwMTI3NTAxIiBvb2JlX2luc3RhbGxfdGltZT0iMTI4OTIwMjEyOTQ2Njk2NzY4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTcxNzMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjM1MTIxNzIwMDAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
b69894fc1c3f26c77b1826ef8b5a9fc5

SHA1
cff7b4299253beda53fb015408dd840db59901a1

SHA256
b91bad4c618eb6049b19364f62827470095e30519d07f4e0f2ccc387ddd5f1bf

SHA512
8361e97d84082f8e888262d0657bac47c152bd72f972628f446f58cbeacf37c05f484dce3fb0d38c4f0da2a2dcbb0813639d201d127ec7f072b942d43b216755

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
136e8226d68856da40a4f60e70581b72

SHA1
6c1a09e12e3e07740feef7b209f673b06542ab62

SHA256
b4b8a2f87ee9c5f731189fe9f622cb9cd18fa3d55b0e8e0ae3c3a44a0833709f

SHA512
9a0215830e3f3a97e8b2cdcf1b98053ce266f0c6cb537942aec1f40e22627b60cb5bb499faece768481c41f7d851fcd5e10baa9534df25c419664407c6e5a399

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
205590d4fb4b1914d2853ab7a9839ccf

SHA1
d9bbf8941df5993f72ffcf46beefcfcd88694ebd

SHA256
5f82471d58b6e700248d9602ce4a0a5cda4d2e2863ef1eb9fee4effcc07f3767

SHA512
bce1447d5d3210c22d52dec3b846db091b65ed03fd9d7cd11c6c4dbd2aa5a943d881360bc033c29abd61011581ff9354b35cbe421719d92568ed99997bfbbae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
261KB

MD5
b07ab49ee8453853021c7dac2b2131db

SHA1
e1d87d6a6e7503d0d2b288ea5f034fe2f346196a

SHA256
f8535d5d73ebebed15adc6ae2ced6bb4889aa23e6ffe55faeabd961bf77b05e4

SHA512
5eaae533fbe71430ae2a717f7668fd0a26ec37624e198a32f09bfdbee7e3b6e93d64e4fbb78cbdb05c4fe390a864490ea997d11849ecd371f5153bc8bfafccc3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
5d89123f9b96098d8fad74108bdd5f7e

SHA1
6309551b9656527563d2b2f3c335fd6805da0501

SHA256
03c3c918886e58f096aa8e919b1e9f8dcd5a9f2a4765971049bf8da305476f44

SHA512
9d8190e5374cd1b4adbbfb87c27fa40d4de529d7c0a20654e0ce189a4cb9a53d3708c4ce657a7a5469b015df7efbbff495fc844579d9cd363b329b7e007e85c8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
4f860d5995ab77e6efa8f589a758c6d2

SHA1
07536839ccfd3c654ec5dc2161020f729973196d

SHA256
9841d787142dd54fea6b033bd897f05f3e617b48b051de0ee3cf5865b3393150

SHA512
0b9a661b76360f1fb2eb3ee25c6bf2cbab7ec74e2363e0af321dc4d0afb3cad301dddd16ea367d588451a40a2c2ed41f21d7afae48307e1e4a4ec5b24165b378

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f624de37750fd191eb29d4de36818f8b

SHA1
b647dae9b9a3c673980afa651d73ce0a4985aae6

SHA256
e284453cd512e446fcbf9440013f8cb2348ffd6b1acec5366f2511cdf88b1794

SHA512
d1d65e29ed59e34d4ff66df11a2368f1a724730e32eb245022d4f3d1fadf16d445ba8532460afb0e6e91f8be60a7240d13577403193042d1e912a67e4bf23b1a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
5de3f4dabb5f033f24e29033142e7349

SHA1
5c446985de443501b545d75f6886a143c748b033

SHA256
2533d443b68c5288468b0b20cc3a70dc05f0498369d5321368a97dd5bf3268c8

SHA512
c96296e6f67edeff2be5dc03014a8eb65fc287fb899357d4608c36c07b4610827aa18cbec6ccd47b66230a12341af488aca8bd02632fa768f84ca7b1d9c9d065

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
1fb14c6c4fee7bfabe41badb7c5acff8

SHA1
953d94cd73951943db14c08cce37b2d3ac821b02

SHA256
cd32339fd7e4a5959e93eb5bfd6e009e4137e15c5e6c2e861d7891487216da49

SHA512
a93b081935fbe48fafa8071a9cd593ae7b19205c70eaf48c724397019a04161460c66d6d8c6ffd872f4d52a4a7aa25ba1cba04181b9ebaca04b76d111ea588d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
d3345579310f3bd080b406de47b2305f

SHA1
16aefb27ea6d81c684f041aa50ebb49fdd403d83

SHA256
b4ea3c63fa0104093a2b2034f950428e66d2cf3d55f0fc5bd688483392d60d69

SHA512
65e4aa8587bc579b5109d91e02745f6de96a23b6ac2962cdeb6d9d536b51abab12b2bbaeca72572c3ae1971dac5bd24430eb2ae5ccf44a7068427594e4afdd7a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
ecf3405e9e712d685ef1e8a5377296ea

SHA1
9872cdf450adf4257d77282a39b75822ce1c8375

SHA256
e400415638a7b7dcc28b14a257a28e93e423c396e89a02cba51623fdfbdc6b0b

SHA512
37e5f1b3bdd97a4370718dc2a46d78ab5b66865d3cdb66a20a7dc20a9d423ccde954c08f97e574fbab24e8dfa905351cbfb94bd3e6692a9b6526097ea3dc911d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
051c429fa2beec9c2842c403a86c0e7b

SHA1
0a06a45200a1f5c81c48fbd2d03549fc9fac3a58

SHA256
1a8465922bbb05a97a24f6c2200fcc7afd8bd0ace245c2eda9d9d335d4fb9353

SHA512
bb59b41804328f27ba8861af32824266ca69ddcfdaaa11551b1edd4e129dbba630da8070abedb28e180045f8d0ddc1209cd901919f6b9aa421c457188af795c6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
82711e45d2b0764997abc1e0678a73bb

SHA1
47908e8885c86477a6f52eea5fddb005ec5b3fa3

SHA256
2bb7455999b8f53a2a0834588ca4da4703f4da362a127d01cc6bd60ca0303799

SHA512
4b517796edc954ab7f5a26a5d6605925dc7e84b611bcf59352b3b95f719cedc72c77a465fb1e7bc2d2f422d596c97968dac5b57292c82967d5cfaff980128fc2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
a0a1f791984f1de2f03a36171232d18d

SHA1
71f69d8fe47640ba9705725d7d627a05519c8016

SHA256
d2c7da8f4745b81874a9666c7d10a779a9956b4de0ebdaa1647bf78d4e17d85a

SHA512
a4267911846cd55eb91227b0117ccbfdf8ef6c4ed0b8935b08e5d41a91aeabd9259988c71da8606cfb2876c4d69df6ca5a246687440283f1625105624305eb33

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
897712b508931dab76d39b209611740c

SHA1
9d80e07c2dc744e2efce3b67aa9876949fb9edfe

SHA256
ee64fdefdb3381ce61fc445190cc44b015e7b65a3a16d28f3477f68de6079f1b

SHA512
3329e37318dd9b11f282301e453af106168d3d10beff1ed62ffdcda60c6b4edb6b9c69ac6b9bb8abce3c9a9686a0152404524012dbff025e571de2cfcb3b5d56

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
e90155442b28008992a7d899ca730222

SHA1
1d448e9709de0d301ded6d75caaeba4348a4793d

SHA256
6ae98b5e2eda22a0236434b7e952d732e3cd5d9cae2e51cd70222f1fd5278563

SHA512
a91d8357ca976db2eb5a081077304a50edc1b55b2775c00cfde05e03831f98bd04e43f0dba5b3efd5a6370afcb10b23bbf307412467502e9ef57e0beae636013

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
1de961b662a374c3af918c18225f4364

SHA1
e8f1c438e57b322f43b4b851698bf38c129eb6ae

SHA256
bb1365c5770dacbb918af27b47b02f269504f4d2396cf3f82bf5ecb2551c5021

SHA512
c6bf62b684039f62744f1aab07f4751948e0c175f7fb7fe126f20903ce23fcdd2e284f1b794922621dae7eaa15c6dae0177ad102289a18f967721486f21073a1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
29f027d2d5fd486bdc20386ace925603

SHA1
66b8605f23871b4a8302bef0aaccb36ee1e72755

SHA256
03c8566f749e8fa349d97101849bc3b2cc0b7561b565a2b0928bf8fe901da813

SHA512
3348bdf10b2d964b34b791a774e28c97d3caf28d7f90e36b948cc2cb6c21e84cda933b7ddbd51c8fc604a450361cb834322c15ddbe0f4851154d05e5a2a2ea42

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
b0ae9aa0d5c17ee7abfc57d21cdcbae6

SHA1
01019eb6ba9c123be528136e12192b0bb33df407

SHA256
d10938919e3d28d71e8e3ba2d8e02e0f9dc2faf148cdedc21c166fd994c603e2

SHA512
4cba25c8159df865231b08fe650eedfb92d54c3037d28b2b9af010c8a59fa23669041a6c393622fe69b0194c2532f71f02b740f7e26e0bbf7ef34a421d6747b8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
ad5b530eabff0540078c5d17f27b9610

SHA1
7e53dbbf64e70e561d37669e69f50eb0da8e37d1

SHA256
49f512316a51e51027b4e70de4ffe8c8ecb188e126439a90a5d12d52a0393966

SHA512
e1cc853d96589220676d39d91d4108633ce56304640f770e7d22b97a9b3be9452d5fb94e4e7fcd1400b62f0c398da8255c53a31853194a9e7b7784982b5ff40f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
a7e64339a5314e3576c0d170171fa52a

SHA1
6c12aab6c97c30aff3245b78f7a3afeea604215e

SHA256
4e9ccecb8e4383395f2134347fbad00521345ec9c857d8fa102d5257c7bea9bf

SHA512
a4ca3fb60a7f4bda50847544dd1289d750f0d4b3565929290a8392b92822ef1856cec15a1f63f2c6fe1ef2e7cc0936a35bdb38ee5d904eb08cd32f05addc6ee4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
74d4cf3b8efb6cc3d0acc3eac38bd5b7

SHA1
9337803aadad9042c895b6f418b4c733b81221e0

SHA256
b83c8981d8835e4c78250bf265faa6d64693204b77764c8e349abc4365ae9871

SHA512
e6112ef60d56101aa16327042162d6ef43519bc56668ca8eaa7fd3e1aaadc75c7df75c1e41583a292ff1a9bdc7d9ad9f5c0d97fa84964532dca2d5f3df604c23

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
8f7f515d78d2df371993fd70f863ab8d

SHA1
dfae1b47e80f91abf2d9c2aac009c0a1767bc59d

SHA256
ba57fbb9d3a32b84d6a76054b9ad180b6510e53206b9804bb9ea18ff73c2ae3e

SHA512
308a62af00a4410551eac967bb9f2cea7adf7c13b471dd28b276bda40b1e4c0b4ebb60aec29b6165069d40180bc45b4f5da5baddc374ce7bc5a5bb223afb4e96

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
6af05d448c842027f876e93f8ac58b65

SHA1
f34c988e3875a1d1b267b082476fcfb8d7505a73

SHA256
36876b14a214cf98dda5100a7e7134d7ebb78e895535d6bd7562099574607867

SHA512
412031db59de0367a102a026f73072244b33d726adc5bb9fd079db3dd37b5d6a24d7420a9811576d0a356933b5ba15cc9e2a92046d2d6e6d6fef37e9d840aec6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
ae9bdf6416c3630c4b0b5b119308a135

SHA1
d7218c677b098d2a93cc91ead39c83d3a2c653b6

SHA256
62da90c9417a70632aa190fecc17c31ecf433c1f84f82b08d7d7290669cabf32

SHA512
4333ac6cd3737f25e6e1d429b195da781ced4340b89808cbd5d5d2aae2e79bcc700419d613123d632252e31ac44d95b7718f23da5b82ab5054407e80106a64a7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
fe73dbc305da6223d1e94e1cf548c000

SHA1
b16f2c40d68cd9718eaaa9b6db9c8e5c4b6acb9e

SHA256
1ef64088a613a4e10b4cf4206f95f5414ee27872798747234a6574b7e5c70a7d

SHA512
d9900720d89defffa52198dbe63515995095c94aa0cbbe4f32a1c09d26809cec480e92926d2240702604b8c13fcdc0032cc46910ade8e4c1d2fc9a4bd1b63858

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
367ea715e942c81dd3cb734274969a0b

SHA1
f92f1ec2a5be9b775e67c4252a07c37ed0ca508b

SHA256
082da1c09782c026c9cd73456dc12539a226f0bf5d113e59bc93b29c1e98b37c

SHA512
c94e787ba3bdb56d1827a0477461cbba6b7cc68986722275e0d04ea7dc70db83b5d03887eec810bf9b67f70b18bd3c7b7d28f0e554938b81d3501bc11f97830a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
5a30bc4216af48a493eeb0f3a9f02607

SHA1
2fdf65a4002d91818d56a23fb8bfd08ab715002f

SHA256
5131c23915ad6b5b469bcbff31d0ae31ef34ded28ca0ffff9f1eb998bba98aa1

SHA512
34b3a4865f31ebdb8665780011b384ada768a0f71bff77f91706b140eb8cc07fff8787f710cdb1ee14a449cae8f22ee5fddadcc501cf1c921eea078e97dc2f89

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
84c4736cf301b93998028ed7678caec1

SHA1
3b6f1f6b9eb3dd7d9a13c11dfd3ac56c93f1b10f

SHA256
3c8dcb7e982dac3159298009a86909b1e1000ccf6f4d333341f16d4d6fbd84ad

SHA512
5a1b77ef9450c32802e94e473a5b4e43e892c923ef368ee9bbbbb5b0090429320263cc79a4da0b281930c1a60861519211abd0bd67a9d9ee370bdda2230d2e81

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
8993c0784111fc7cd6a90a82303e5f44

SHA1
8d1ff2fed98ebc608604c555ceb46ca628afb285

SHA256
3d0ba88267018f592141ea86592757cf1ecaac1a3a18f99203e0fc5c5eacbd62

SHA512
124d16d848dc8ea0a93b292b10ce1fbad23b56b13771d904cf14c19d54478614d214441b05f6cd9e1999b8310fdd26d1c6ecae784be00aecee7e80c96ba4ac88

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
a640aa4ff33662e06a474765df0b2a8d

SHA1
c6265225532e389e48c6057bd717b69de2125b61

SHA256
078b1943bf7f7955b90abc40f691b27e04376f8c43dd3abc4791614286cd4f23

SHA512
59791eef021f94efd9c18737d6c46fbc45add582eec92d5b997cfd66993abc7da872720a037766c3c70862f0654ccf30d122d4a5a6b305151bf8bf1c053a466d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
5bcc643a969559317d09a9c87f53d04e

SHA1
3602d51cde97de16d8c018225a39d505c803e0fc

SHA256
b48f57e90ea9db6d6a296c01e87f8db71e47ab05ab6c2a664cfa9f52cf1d2c18

SHA512
4c65772f77e61e64d572df5b1f62733aceb02a5c967c296b303ff17c5d49831e5b7fc3d662724ae3ae1e88cd0fdcb704e838af5d4ae20f2d82b9577f57159159

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
aea23f526ef0c5bb3d2f8fdf192a49ea

SHA1
4d7695e33ed43c3efb95f304e29675ea885b2939

SHA256
3cfe866c151a7e8a208af725c0c6f2a47fc3ada35f9ad3509b16b8d5229318b9

SHA512
412e4742ebd46ce38010b4f6a46d8d524025f929ab4658040e271d768e79115d90903403b2f1e51ab910bbdf9677b49439eb3c8afc5959477af198efb0c7c3c9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
295cd30c00f43d9131621baf4859578f

SHA1
cab79a6263b7b0a799461f3e6df41f815029cded

SHA256
b851c5a60cb6d1e8dd9aa161106cba99ccea047d0b39d007beaa7b9ef4a83397

SHA512
5f5c1e62e6c0e11a63fad68928765e3f504f33cdbb1d9a05cd53cbc3ed145bf3528960a10e3d57e8c83b07c030c72257f403b9a57d12975d3ef8bc255418ad6c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
c43c1ab37cd93e54068443bc330fb3d2

SHA1
ab51a2cbc51b3c17cf184c6d99ac480c02eb63af

SHA256
0c26a367355e766402c31fbab102dd1c35300d4a1301417c75be5fc4b3d54680

SHA512
ff0193189fb846eb3c4188bb599dad8e6f415ec9612da567d95c9c513defb148b6013208371798d174569b46f443a744e4e8b83aaf139d68c31f7de0f94e63f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
a5544f517f7c1bfd1ec6a2e355d5a84c

SHA1
34a2a4a576300ad55b6757171bcba0fab005daa5

SHA256
8274c64bb778b55d912929625cd849adfe733b2dd674d94895d53af8dfaabeca

SHA512
9069bcfb736e13499250844dddef40e2cf64937e33ee1f81fc4968f024f7d7b89c6a778866bf1bff98d770686569e4752a473c0adfad4d4099cceda84da3cac3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
c09876a180731c172fa2532f8be90a3d

SHA1
4359c7840ddb23142a40aff85129b9920360e954

SHA256
50fd548ea12e2b72fc563bc082b870a89a523e8b3a4a0e9b65fe673384da2b58

SHA512
91cee1b10fc12a01a2a285e67dba583d6f1bee0716cc89103fee0c7d0f52fadc0f9ac5b13e833834e7279963726950d3897847e7acac61857257fc031692033e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
ee19156c12d2d7cce9b12e515f9ac6c5

SHA1
19ad46e40b3c1cb6195231bfcf45bb68ee1b43bf

SHA256
c290883b4b99758792284755efa52c12eb09039f0f8027d8ba3b1d4bb2f3846f

SHA512
631364472a450519ad8959971d6c319610570ca37b4486ea12d6af5b46aaecbf336aadddd1f3fefba841534ff82adf905b1e1a008638ed784bf08870a3b86ee1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
eacd4638369bf96ccc7c23af37e15b5d

SHA1
15c4878b78c06095981abcc589c4a6f265ef96a3

SHA256
a53c0fd74995090dbf48bbba4a00560e3cc344ce8120b8b2bfa1f9b953b536ef

SHA512
19cc8d25bd8fd84481f77d301f79636208df5807647ddc6cb6beff3882d94672db49daa4ddfff0c334b584742f9d2fea3af73977032d7dfccd0cfd1314af4ae6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
19d44de8f930e07f41f9343478ed5c1d

SHA1
83ee0c5a86997dd491bd8312d221dde2b2e7d44a

SHA256
69d3a21b7723e4df8b7b97e39493081e41231e2d3a3f5a4de462db41339987ec

SHA512
4edb82aedfeca743a03815a889eca766fec8083afd0defa098593297a52edaf1780dbd5ad1d3325c614d815d34d8c57ec2283a0db215f94f42819f1890089c4a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
26cbb965c6976f59ac385ef9408bf81a

SHA1
16bb0530338e600fdfd13a7b03523a715e633bcb

SHA256
bed996b25f77c7d4328d96147ed388f1b457abfc0510eb8956be4339d103821a

SHA512
1efb1bdf0276de17f8516cde4d435e0be8fd066f52fb5d4c9e2fe2e17a135296ab6b34f523284941beae438e97d7e65de26f0541b7c437bceff229b60da4bb0d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
98f79d77ab05304bba8d60e50914418f

SHA1
957590adc0f8a7274e765e2a804c1de7c76e3040

SHA256
3764941b873ed59d5bc1097f6b9382ba59c06d443a96ff71ba6b693f161da522

SHA512
9ca6af5c14193dce7b50251f1b9205870435e60b5495ab1a9f0d42ca14b98b78fef51bf3cd4165394ca5ba28d0e98bea7642ec67039c0f146383136145c7de59

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
b89ba9ecc6d4c77abff61b1c75fff16c

SHA1
f381408f26be2c77c7b59681ad6280a701ccb472

SHA256
bbd2c970f747a6ee8e4735939225f607ae630ddc6e2e39954e0300ca9a7a88b2

SHA512
53a3db82f4cf5a300a5eab7692f4084451b987ad72ae24d9118d80f18692ac3604981c0e871c7a7625c5153803aea0e093d91822d33af0c10a07bcb6e766a5b6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
d464fd223ba898e6fef4e485a3118394

SHA1
59c78983ce859485fea5458ba4e7803c38012b9d

SHA256
066c5c4b4c87ffd201d0dbfc43cb7566cfb03a6ed2fbf8698220fb919637294d

SHA512
6ac1d5fc59e6b7a10532902b059ac25a2bf58b0a63ab586e89b293e2de732c1d5d580c75ff28e4a2660a6ee3f0389f49e388567bcc07dd6e1cfd5d019db3ea52

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
1b1202fc3e46d7b46ce3cb46cdc5ab21

SHA1
e76d1065035d86eef011feb3cad3ac38eecd0b7d

SHA256
b660a0e1d5161765881e0a7fd9d714abce341403b21f63667ffdedf7d5a254d0

SHA512
7f11d5d6995f27bb4f8705ac7310273f070a71adc73cdb70d74766c89437b3e7a10453fc55588ac223fe3b449564758a49380168d779fdb6a4fac3b5cde767ea

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
4728c60a1417437d1e9e9b52c1e0d338

SHA1
b019b17affa7a7f6f8c8a14e802c4c93bc710b2f

SHA256
2a33db4d478a32be4db93942eda45abbdab908b37bb1b01e22235944de3a9674

SHA512
86aced395a69812675e87c3cbf50fc7f97ababad5d90abe46be694a1ebc82c0244cd8280d44dd2ef27ae9c1818b7e4dda535fba07076a980e4de307c00c4af3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
46KB

MD5
4c8c30e0f38023a95cf1953bd39642ce

SHA1
312ac955057b546d0ba13b0d5e593c29ae556caf

SHA256
5504fc71bfa99ec611c53dc97cfefca2a0fb003c4725601babefbc276cb3ae55

SHA512
8bf06a0cb24d4ae5ed5fa05a5452475dde3b877d1a606e2d90bd063422e07e413c43a85e29191e97c99ecd15cf844e899d2099f066065d2763af600fe8253602

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed\17413

Filesize
50KB

MD5
6515e76433c79a4cd856d4fd789d1a59

SHA1
3df9d77a5c3f08948398748b54ecfacfda91bb56

SHA256
b1f585abfb358190c0335c21bd3c84ab9a282e4ccbec4fd5a4b47c511ce14190

SHA512
6e00c9635fc9845aeb9b3940db00084b3755177b9a24f15729a1884f042d94eaaf66129b99b89618787d359c7a3311197cdf13a9f4f7a49466cd0fc4d3c3b739

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\0FC0D2E39B11CB3765F534386C8F9B92E09CA1E1

Filesize
14KB

MD5
04928f1b041e4409c0c66bcdeadab8f2

SHA1
77f7b5c15b6e7c4c2e8c2eba91022736a27d01b5

SHA256
e4e289d2991d53e0b5c37bc12518a0c3b92bbc3b03972aefa5639fbfad92b192

SHA512
315eb04f228f24eae6084d0df113bb935346809d3dd4aca39a9b2ce7a6bcb7a3063b756658ac744472e1aee4099dd2096020965c6b77656be9a9ff58690a7b9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
327KB

MD5
1776e55dcaad34692beeed88ad0410fb

SHA1
9a9dd233b04a6002ac9e101168f06bc4cf726833

SHA256
9b64b9f335073be87479e495eb47b5dc78384680d1179091385139f975e42112

SHA512
1ba7b60a0ef1c5a71f44f73af07412aaba8356a05a05a5ba335962f37f604d5b9c044e84d371f2f91b86fe2fd54673b066895eacda02d8b0461a02d73cd7cf2a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\49AF65C60E9467DC868F8EFFBC6F0E1FE2D6093D

Filesize
18KB

MD5
eb92c1da3520fbbf84068a01211e7ecc

SHA1
fb0168042087180a64feacd372e3f0f36b5ef8cc

SHA256
cce7b84c5f220dcf69d3d6ea0806ca3cb2a8263022c226f6aa3f7b9e50a8d91d

SHA512
1fcfb50f4d288e2eda76e7ad2d982335666f4bcae24978cb1b8a76940e8daa69b8f8f743ddca9d1a3058feea218e9fc213c127ba7a53572f41076f620b076732

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770

Filesize
36KB

MD5
5f60659c6b5e6e7210063b0c08070224

SHA1
4ca89f2355f97c7128e2e65d2dd3b793ce25c2d4

SHA256
dadc0309fcad8064f99a87cd89217659ba0bd07970cb907b3d470b4b587f15b5

SHA512
5140b4e37083d9aee1a5f5030d0c0b0c70eff91b4a483f5cdf48b60aff883c305d43eabb87f685d9ed90c3ce30f02aa8a820dc0c6d0b924f1eada7c261f002f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\6973955F832C3780D91B32513BB9D0AB49A2165F

Filesize
19KB

MD5
b3f47526a8410e2fd55b527c6196ea70

SHA1
d93263bdd3a4f51ffeaf02de8cf9ae13458112d1

SHA256
b719c20e9167d448fa5cc9af46d219dac511e9faa9c806f885a9c318f7caaa13

SHA512
141edbdb32992f11756caf85397b1626c511aa0009a7c87a2b940236dcba43e8bbb37e6db235f241f8b4e97731eb6a15441bee54258644b70bcafee0c6e1d659

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\AC6959268E349C7B5497A3867D6DCDC4D543431E

Filesize
38KB

MD5
4dd2afeb7b92fa0578b14ad161314eb2

SHA1
4e0e17f94fefff232867baa537ac9309666e2491

SHA256
cb46b3da51db5ecada729fdc5fff36c98b1301ff3a365d5e2cba784f93d14aa9

SHA512
6876959a0bfa23bcf7f5978e82272f88295cfe68b7c7de631235314d9458ef3fd373f3da983bd3deab938ea3865ffa632a7e939abcc43e1c45330762d30d2695

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
38KB

MD5
1a24418d8238f6888e7c708cdcba7aaf

SHA1
9531461a7486df1e461d2b0d32bb8063d345e9f0

SHA256
2930e92999d65c42e2e25bac9f6b6e617658ed6043caee964e03ee150444e68e

SHA512
3c46ce92ed2e95d7f79658cbb1e46f56ea4c308c61f0fac71a7af854878a80feb869e18b2f4dd05b91ce315091406ad241fd2344cf4083504a85012d78383f94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
16KB

MD5
82b60ee9d756a02098460160cbb78040

SHA1
6f14d86014028433926f81cb3c52a215562c1ffd

SHA256
999b8352a6a9ff81fbad150c01d28a583311fba7e44a0053d45d66cbc7ea941b

SHA512
cdb23b64acf7ba220e01b23c91450f5229f8408ed979d712ebd901a74b4abbea67217afa9ccef1a382a4aea1a61bdb7960eb30ba04135d779d2ce62238887652

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\C88FE6FE8ED0018995E76FB6B4CAEB37655B5835

Filesize
973KB

MD5
d6e86e1e037cb323eef89563e3b8dcc6

SHA1
dd588aa85c08c91109f3ae96d3b63c0c333e59a4

SHA256
a2206b84a3a18862dfcb6854eba441fc347954927fc05f39bade2f950549a3ab

SHA512
7cd28b04d72dd3d5a282e9dd59e17836af4a911e1d8fc66a0ccc0e8396d38f2d363cb4571d157f4a6ed7ae028c2371b93effb8b7a7f2211807c7138aa1bb2ae2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

Filesize
14KB

MD5
11cfc09a290eef51edf2d28ffd75b271

SHA1
02ecf2a30f3e1fbd86d4fb5e073a0579bf01e330

SHA256
148754421c9fcf4783217d913828953bc170fe58d55e5187670361780d86cffa

SHA512
68af895f150048fdb45e9c1b0f252008152e71aeebef043770ef72f70bd3d4328a6bd3a479e8739ac76749d96d5116687c38daff6f784cf899f1c76d829a6a68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab787C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar787F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.2MB

MD5
8bec1da8637a432d7c7b123aa78078e2

SHA1
bd1cc5c2467f73a3dfbfee8dc9e8b1fe17334e86

SHA256
3836dc453888b923e7b427899d2706c310f017feb20a20134a8f3138bad9f11b

SHA512
2eecae0e9c29f7c35543e60884974a08a9207ecac03af69557f65d110b99d56ef2a81415b6bca2148d7b03eeb0eb7adc7c49fd3097ebdd11dd48a14c0f4656c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
110e27404bf517eb3c893c11a5b4c187

SHA1
9fbeb9010c8e5c5a99ddeb4b10a6eb71528776dc

SHA256
50e6b75ceec6a6a122d571ac1ea444026f54a047ff90b4d38a78e79d7301cf52

SHA512
e760553a3c3e4fe8c82a2c9b890e2122f31de630c593ad84c71abf6d07540050988a4236b751ef8baf09b93bfef77362291ff9e60040d5801916efd4295cf914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\06ac486e-6336-43e6-b108-ce53105c4248

Filesize
11KB

MD5
8f16e039412a1dbb3776b24c6941295a

SHA1
595e63cad0b4299e22259b3e6ba6114ad084a6af

SHA256
ea2fb3eb2e8d3fa274e0bf66a4d3aa32831d72a677cbf41fcad297eb23c4ff64

SHA512
2261acba4908ebcfd677300281133f8ebbfe3ccad9f03c01ba7a00fe748deca03cac2bc3a0016b2a7068c6c73e422614048eca0db87d0c8748dffcd71fcede10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\106366fc-f560-4458-8b94-e80efb791e19

Filesize
745B

MD5
c881249a0fccdf0ab47490efc53649cf

SHA1
0986605fa136859e84b4a610372a7234d79333e6

SHA256
97544395f311ac267fe022a1472b91a4eca43d134be018792b2aa97dfcbf1ffc

SHA512
4bd39f88fac4a7ffe4c29a70e14975a1fb06571d6d790e70591835101e6de3d1e72e94a9426932293d266073e3c1f45ca110068b24781fc45360a4a20c29b124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
3.4MB

MD5
5d31ad81d3b11909110cd69baad7fb40

SHA1
146950b41a5e5fa585d22f12807837dd3c7dfc70

SHA256
eb76a9b5a23b808f76bec88efdc638957c949e200324915802afcec3469734c5

SHA512
25eecf126da8b2355af181634f5840f8e316be9e0b468d25375c16cd36be20106cc1cbe34ac399413499501e7f4e52c13202009ea0a332f63210e8c0acd244b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

Filesize
7KB

MD5
e89fac2e9b3097083311aa67e87fbeb9

SHA1
8f27c736465d144d662df07aa2ce0ab228e0b83f

SHA256
97300aa201af27868707bf048ea7e00ce2664df6dda084ea718c7fb57b57cde7

SHA512
0ade126890e3bf9e26f6ed863a760e2a11dc03cdf9318b44a0abfa460538ac3884997deafee818261710a3e7388ba8a38bcff1fea15fc600923e75971b4408a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

Filesize
6KB

MD5
a98eef1133ee673261457a2ea9f3b586

SHA1
d4eaf28dabfd374e255030e1f83f34e63855bc9b

SHA256
6137eda98a29a5427d5c4129c74bf71e3914edc385ec41c412d9085643230c65

SHA512
20d348bab5909e58fe051e635caba8478e4b1f328aab8dc1420c4f5e6c47d9bd917770e9abc1fe386119294fe94da8e10dcaedcd144bd7f4c1eaef2fdca68b90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

Filesize
6KB

MD5
7387262cb08d3afdd8a4155aa5f5d8b7

SHA1
93d3bfd18e27c0546ac8a259d4c29c0d991cba50

SHA256
f12168d520495fd100fc31e9fed99583fbbc9eb0947836b64b9e2d9803c95dee

SHA512
2a55ad88fd7bba77e19d7792afe6ad1502aa71b1110bf0388d1084e4b23635fa8156b21f40652025bc0b432faafde12f61002d4fed498cdeaa5e36f91f164af2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
104c1fcc87ff9b23b70ba8d9afd7b5ec

SHA1
8f40703370f2177ca9be73772df4717eebf08e42

SHA256
f7a42bca38ccd48867e25f688eb7e76f9ed4c1adade51cccf9d014475f02d789

SHA512
6b3a02a71179f6f34da30b89051013b62ba9138432fedc1f4e9fad21bda196ad20d3a479e06fd8d998e10a0e20c0cb1c57fc204d9594162fefdd7265b959ba81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
8f328361af1248845bda3639b3350865

SHA1
1dfee6e461a3c0037f8c63d13eb279c1e2836146

SHA256
bf4870239606464bd3464553ca8df85484642c86acc634ee9e69429f8c098d9c

SHA512
a41f8cb804c5f5812282ca7eaa53437194d8927e24b7ee22fe624cbf83a379dada85edae6454aea0f378b79eb76bbcb5edab28653018dbe1c5ea518d5cb0808d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1474b70636f733a90924483cc6ac6b10

SHA1
8c9bb05365b27e363634f62ed7b09e61afc07911

SHA256
18e57555f9489ef8cb3158f8012710e418bd8a59df708bc6925f34fff89f812f

SHA512
db7bfb898be2a15dbea572abcf43d910e3e3ec972dad4180dfd0c6fdede8091ad80f23bb060fdb6c1bcdfcc998d6a111510261af1d649fbd10d23038a60e1602

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
1ef713595c1126a16e7b6d7ac75727e3

SHA1
040191f5018a937902115e0137eeeb3742762d35

SHA256
d63c81093b8acd72d0af5d36498db82715b2e5929554fde569f5afb03fbfaacc

SHA512
4dda8b0f4da5743ea92faa77514fe2e390a7078650f772929e2df8905a6d8f90dc273c01fc021f7587fe1919266299328cb16a38a51bb5faa9fdb3ae927b94fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
2be45d6b9a2f2546bcb876a76a0e642d

SHA1
a15013413edb13f53f56522890152f7adf5e97e7

SHA256
bc73dfa412275992df3fda64f1c122f4ee0ba45371f186efab033104d48322f2

SHA512
d6a503111ebb03f7397f47c7e330b998fdc84205d804e86d8515804e41df67ee5c952328efd64e50585a555cd0a51e908582fb87f167765a3dd7aa4a0ec5e600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e9fa8713a62a0a535b9e6fae9f3b6b7d

SHA1
29406f8b012a1699b847923de3b4ad6c88f37fb7

SHA256
6bcb4717b051587d2e9fecb1889a45a2952e52e9c512cb5fa7dd335704d1f35a

SHA512
dd0e7048014f0982f2dbeae7fea45779d7b2ba93d2c779b978a58cf49f5bc4096f8c29df4b975f890f523a4cfbab5b72439428ab91322f2330896eddba0f6e66

Download Submit
C:\Users\Admin\Downloads\Retrac.GyrOYCsX.Launcher_1.0.11_x64-setup.exe.part

Filesize
5.9MB

MD5
c3f71185f2e589ceea7685cb2394a842

SHA1
d75f690e283cc69316f2d80b31447a7234723543

SHA256
01181efadcf49af5192c9bc1aa0655dcfb575f3360b9d4f6a460b5d88f71886f

SHA512
e22627b7ee6a2bea0b2f88c84d5bf3ce13e42f04d520c0dcfa863e0440722a8ea1f0d7499342c676189c46d5069f84c8f44d7e80cfd32def1c18b5c17b7a5770

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
dbac56c6915743bd4e3f99a144b9fe9a

SHA1
45af7eb7841ee8733d9f85da2de0bd0494f39496

SHA256
180efa4a783d4c9980136032f091a11e91f44539a40cbffedf3ac9c198ec4eaa

SHA512
5718db1bc48a47b2ff93ee9c66f199de0e02384a398fad75feb1cd5a3af9c06f5d27aeb488ea1e4bb50bbfa8e39ec230b19023ca87e89e3df57a35c028e2a012

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
78aab091866f6e43f1e1dbe89c9f40a9

SHA1
c4f628ff099a6ba83a7583c81c26c4f9d094b2d6

SHA256
7255df1209b317a8c043d2586d858a83d7fe08f2b87b4ca67d76ed0429ffef72

SHA512
051c294a620bdb6472eb5a73a8d25ad6a549b5f770b6dddfde96a8cbe13914727bec455fa3ad9e1bdd4f456a41a1f3af5a70c42ba2d94ea4b7281b992e6e4f70

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
70b8f653b031d7cb5a72437362a54ef5

SHA1
b96e53560756d4f6a542f4e893c6f25aaaecf950

SHA256
b42ae4521a6ffa2e8223b32a345d97ce78e1f03701bd33d85338495a4bd1fd53

SHA512
6b7a7fd8cb11af86e1cfa6bb73a1cffcfe57fbcd6457a9f0dd8823e244f182fc6e4eb8b38096be2d98b7fe939d0fc3ca4c2e417329037b97a4922436eb3db222

Download Submit
\Program Files (x86)\Microsoft\Temp\EU6AB5.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
19dc1f6d1f309eb7abf1e0c8257f41f8

SHA1
e2d3e86fe22c6af6b8ee5b359315dfa6ac4d52ec

SHA256
046f6c532fcabd969c6e63bb7ee0d7a83d806fa659006508e1c3a9485190d6ef

SHA512
478d6a84452cfadc48547930e336ad459eec188dd3d9e4c778cded4ec3d34e00b2b8c0538366aa644ee67f878b29c5c73444c1406c66e8394761bb0979c6483c

Download Submit
\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
45e5ca74b9ae3c3fc6f6a63c609783b6

SHA1
f36715bea96d69bb18075fac30b90502c6d2464b

SHA256
b4afd37b9087df7e041ae749fd0fa342926d9cce533bde9cdc4283132c3820a9

SHA512
014fd398d456fcb118dfd6b038b6f96008ca209d44d9707e175e85e7f14cfb3f2886deaed0d8ed25971813035e8dd7f88142c06972f3e2c9b4a534d84bec661a

Download Submit
\Users\Admin\AppData\Local\Temp\nsz51AB.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
\Users\Admin\AppData\Local\Temp\nsz51AB.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsz51AB.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsz51AB.tmp\nsis_tauri_utils.dll

Filesize
968KB

MD5
0ba06473cec3f0e72fc6865d870b6bd9

SHA1
16df1d1a5b4d5df3859447279c55be36d4109dfb

SHA256
2b454443f12806d9e531e18bf19933c0aad1cd8ae397c71b99e814566e6bb5fd

SHA512
42b3c4ce685afb43b8ba235b29919f7fdbc1997618b74d189817d14d1d80e52ea67f6e614d4097bce6ca53b90d46a6d6a54882cd2ea176134a308b64a2b882cc

Download Submit
memory/2908-1219-0x0000000000C00000-0x0000000000C35000-memory.dmp

Filesize
212KB

Download