e4642f6ecf8e2fd74dab5f966f6e7cac8cb0435c15dbe24ce8ac7e96708ca550

Analysis

max time kernel
138s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 02:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/MicrosoftEdgeWebview2Setup.exe
Size

1.5MB
MD5

2fbe10e4233824fbea08ddf085d7df96
SHA1

17068c55b3c15e1213436ba232bbd79d90985b31
SHA256

5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e
SHA512

4c4d256d67b6aadea45b1677ab2f0b66bef385fa09127c4681389bdde214b35351b38121d651bf47734147afd4af063e2eb2e6ebf15436ad42f1533c42278fa4
SSDEEP

49152:Py+3n/URd7ygwxXXOMzrn7yOcIEjg0VonVl:PyaC75wxXOMzr7yOAyVl

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 14 IoCs

pid	Process
704	MicrosoftEdgeUpdate.exe
3588	MicrosoftEdgeUpdate.exe
4604	MicrosoftEdgeUpdate.exe
3096	MicrosoftEdgeUpdateComRegisterShell64.exe
1440	MicrosoftEdgeUpdateComRegisterShell64.exe
1956	MicrosoftEdgeUpdateComRegisterShell64.exe
2264	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
4980	MicrosoftEdgeUpdate.exe
1312	MicrosoftEdgeUpdate.exe
1056	MicrosoftEdge_X64_128.0.2739.42.exe
4092	setup.exe
3068	setup.exe
4004	MicrosoftEdgeUpdate.exe

Loads dropped DLL 16 IoCs

pid	Process
704	MicrosoftEdgeUpdate.exe
3588	MicrosoftEdgeUpdate.exe
4604	MicrosoftEdgeUpdate.exe
3096	MicrosoftEdgeUpdateComRegisterShell64.exe
4604	MicrosoftEdgeUpdate.exe
1440	MicrosoftEdgeUpdateComRegisterShell64.exe
4604	MicrosoftEdgeUpdate.exe
1956	MicrosoftEdgeUpdateComRegisterShell64.exe
4604	MicrosoftEdgeUpdate.exe
2264	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
4980	MicrosoftEdgeUpdate.exe
4980	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
1312	MicrosoftEdgeUpdate.exe
4004	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\mip_protection_sdk.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\resources.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\cs.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\am.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\pt-PT.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\vk_swiftshader_icd.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_fa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\zh-CN.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\ug.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Edge.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\de.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\mk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\identity_proxy\win10\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\af.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\mt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\MEIPreload\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\hr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\am.pak	setup.exe
File created	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Mu\Analytics	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Sigma\Staging	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\tt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\or.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Sigma\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\v8_context_snapshot.bin	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\nn.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\PrivacySandboxAttestationsPreloaded\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\resources.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\mk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\copilot_provider_msix\copilot_provider_neutral.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\en-GB.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\identity_proxy\win11\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\am.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\wns_push_client.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_de.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\ne.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\nn.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge_proxy.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\microsoft_shell_integration.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_af.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_sr-Latn-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\gl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\identity_proxy\resources.pri	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\elevation_service.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\ca-Es-VALENCIA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\d3dcompiler_47.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\th.pak	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2264	MicrosoftEdgeUpdate.exe
1312	MicrosoftEdgeUpdate.exe
4004	MicrosoftEdgeUpdate.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ELEVATION	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BA747D4-0E17-4C7B-A5DD-6B81BB4A26D1}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.181.5\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ELEVATION	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{2B473453-BCFD-454A-AB98-B0DE7FDF2A6E}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
704	MicrosoftEdgeUpdate.exe
704	MicrosoftEdgeUpdate.exe
704	MicrosoftEdgeUpdate.exe
704	MicrosoftEdgeUpdate.exe
704	MicrosoftEdgeUpdate.exe
704	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	704	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	704	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 704	3792	MicrosoftEdgeWebview2Setup.exe	85
PID 3792 wrote to memory of 704	3792	MicrosoftEdgeWebview2Setup.exe	85
PID 3792 wrote to memory of 704	3792	MicrosoftEdgeWebview2Setup.exe	85
PID 704 wrote to memory of 3588	704	MicrosoftEdgeUpdate.exe	86
PID 704 wrote to memory of 3588	704	MicrosoftEdgeUpdate.exe	86
PID 704 wrote to memory of 3588	704	MicrosoftEdgeUpdate.exe	86
PID 704 wrote to memory of 4604	704	MicrosoftEdgeUpdate.exe	87
PID 704 wrote to memory of 4604	704	MicrosoftEdgeUpdate.exe	87
PID 704 wrote to memory of 4604	704	MicrosoftEdgeUpdate.exe	87
PID 4604 wrote to memory of 3096	4604	MicrosoftEdgeUpdate.exe	88
PID 4604 wrote to memory of 3096	4604	MicrosoftEdgeUpdate.exe	88
PID 4604 wrote to memory of 1440	4604	MicrosoftEdgeUpdate.exe	89
PID 4604 wrote to memory of 1440	4604	MicrosoftEdgeUpdate.exe	89
PID 4604 wrote to memory of 1956	4604	MicrosoftEdgeUpdate.exe	90
PID 4604 wrote to memory of 1956	4604	MicrosoftEdgeUpdate.exe	90
PID 704 wrote to memory of 2264	704	MicrosoftEdgeUpdate.exe	91
PID 704 wrote to memory of 2264	704	MicrosoftEdgeUpdate.exe	91
PID 704 wrote to memory of 2264	704	MicrosoftEdgeUpdate.exe	91
PID 704 wrote to memory of 4500	704	MicrosoftEdgeUpdate.exe	92
PID 704 wrote to memory of 4500	704	MicrosoftEdgeUpdate.exe	92
PID 704 wrote to memory of 4500	704	MicrosoftEdgeUpdate.exe	92
PID 4980 wrote to memory of 1312	4980	MicrosoftEdgeUpdate.exe	94
PID 4980 wrote to memory of 1312	4980	MicrosoftEdgeUpdate.exe	94
PID 4980 wrote to memory of 1312	4980	MicrosoftEdgeUpdate.exe	94
PID 4980 wrote to memory of 1056	4980	MicrosoftEdgeUpdate.exe	103
PID 4980 wrote to memory of 1056	4980	MicrosoftEdgeUpdate.exe	103
PID 1056 wrote to memory of 4092	1056	MicrosoftEdge_X64_128.0.2739.42.exe	104
PID 1056 wrote to memory of 4092	1056	MicrosoftEdge_X64_128.0.2739.42.exe	104
PID 4092 wrote to memory of 3068	4092	setup.exe	105
PID 4092 wrote to memory of 3068	4092	setup.exe	105
PID 4980 wrote to memory of 4004	4980	MicrosoftEdgeUpdate.exe	110
PID 4980 wrote to memory of 4004	4980	MicrosoftEdgeUpdate.exe	110
PID 4980 wrote to memory of 4004	4980	MicrosoftEdgeUpdate.exe	110

C:\Users\Admin\AppData\Local\Temp\$TEMP\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\MicrosoftEdgeWebview2Setup.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:704
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3588
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4604
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:3096
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1440
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1956
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezFDRDI4RTE5LTEzQUQtNEU1Qy04NEFELTdDMkJENEQ5ODFFNn0iIHVzZXJpZD0iezM4MTlBNzdGLTFBNzQtNDAxMS05ODY4LUIxRjEyNEM0QkY2Mn0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins1RDY5MzBENC0yNzI2LTRDNTMtOUNCNi1EN0Q5MzA4NEI0NzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTgxLjUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3NDIzOTc2MzkiIGluc3RhbGxfdGltZV9tcz0iNzgxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2264
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{1CD28E19-13AD-4E5C-84AD-7C2BD4D981E6}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4500

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezFDRDI4RTE5LTEzQUQtNEU1Qy04NEFELTdDMkJENEQ5ODFFNn0iIHVzZXJpZD0iezM4MTlBNzdGLTFBNzQtNDAxMS05ODY4LUIxRjEyNEM0QkY2Mn0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins3NkYzQTUzMC1ENEU3LTQyQkEtOTREOC1BMEZFN0Q2OTY4RTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzQ4NjQ3NjUzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1312
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\MicrosoftEdge_X64_128.0.2739.42.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\EDGEMITMP_90669.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\EDGEMITMP_90669.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:4092
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\EDGEMITMP_90669.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\EDGEMITMP_90669.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{07F94F96-66FE-40FB-A4B9-F9652D3118D9}\EDGEMITMP_90669.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6a46b06d8,0x7ff6a46b06e4,0x7ff6a46b06f0
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3068
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODEuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE4MS41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezFDRDI4RTE5LTEzQUQtNEU1Qy04NEFELTdDMkJENEQ5ODFFNn0iIHVzZXJpZD0iezM4MTlBNzdGLTFBNzQtNDAxMS05ODY4LUIxRjEyNEM0QkY2Mn0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntBNjI4RkM3OC04RjEzLTQ3NjctOEFBRi1DNjk5MENGODQ0OTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyOC4wLjI3MzkuNDIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3NTg2NDc1MTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzU4NjQ3NTE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk3MzY0NzcxNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYjBmNzMxY2UtZjcwNi00YzgxLTkwNmUtYTA1YWEwMzQ3NTdkP1AxPTE3MjU1MDI0OTgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SllRZ1JYbjMzVWVINWh1Um1oVlNleWo2Smc2bllSMnMlMmZFNTZyRXNpcHdjWnJwVXRoYkF2d0NpbWFUelJsa2h6SExLVU9XU1prMm9PdXVxc0o3VG5OdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mzc1MDM0NCIgdG90YWw9IjE3Mzc1MDM0NCIgZG93bmxvYWRfdGltZV9tcz0iMTQ2NzIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTczODAzNjg2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk4ODE4MDE2OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ0NDc0MjYwOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjY4OCIgZG93bmxvYWRfdGltZV9tcz0iMjE1MDAiIGRvd25sb2FkZWQ9IjE3Mzc1MDM0NCIgdG90YWw9IjE3Mzc1MDM0NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDU2NTciLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Installer\setup.exe

Filesize
6.6MB

MD5
11a19165aa72e46ad47200ca46760c87

SHA1
2fe4616eadaf543846571564ca325e772ea5375c

SHA256
eaac114b05373d005f91c2824c3b907d01842056468018b95a688e82ffcc95b1

SHA512
5b4074ba1598c7441fd3dffed54cf0cea540a8e58ace339254b9a29bd6709a8e64458c10e9797a75ba8e0e84566e8c5935bf4891b0115dc02017396d70f47b27

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
9540ad83a08605ba1f52196424ce3067

SHA1
a533eb61319bce1720b55d8921691323a4178c3d

SHA256
b0b5d9eb6f4b176bdfbe4da0a060ad1b76c813186fae3d9a6e1b1dd9ee0d01d1

SHA512
bb00ee12c353c9deeb8105399b2a956343e4a1c13dd1198d0f481c4f699099a34ede80f15bb4efa9a1f68c2c12ff75da163b48bfdf30353d5ef5d4bb7c174493

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
11fe091ace9d03b9ada6d5a22d12c0d0

SHA1
5379ebe84500d425586904e7f9ac0393ab2a9d24

SHA256
50f4ed60a507ce9dd1f3f4e7d53053d923cb71594374a25251746a9b2271e4ee

SHA512
0f39af99697332c697ca62e2708e0a9200552a55f2d3057b64e9b18df2fe2828be750b14b5336ac9518b4c1282e82cd170b64587cf56b45b840ca231108b7fdf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
7750d94e4719ba69f5f83213444c0015

SHA1
f2d49b2d5c3bb372a5c74513de0744f2a5f3fe5e

SHA256
1ab31694ff0b6283fbb6ec062d6eab9ffb26df9d6d1ba140cf60a8e7a4cb9fe5

SHA512
4aba2ff17870e6e20fbcfe8d31036d52d9b2ae9df1013e1140cdf321bb4da0a8f5cdbbabfbee758cd2f2bbe2a3b10f25351f9e29cc5f5d91baea6dce2c83e714

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
258KB

MD5
3fa9ae698a600ff3422995504cd088c4

SHA1
bb0b798291c7e37c514d8fce11b8c777d13a6b2e

SHA256
a8e1533f87ac5273f908fbb67edb786f231fcae44b49dd5e6ceb3c777c1f01a9

SHA512
3dea12c2f30fdd5cc4125de40ad26c9f1a69abe8505c863b1469f47349d79f2b51ab037009e500291085366abf0ee2b24d16a3eb419b715894b924af656d2b04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
0bec55833f356f89b8d9d63727ddc43e

SHA1
8dcfd2b8292ab7a585a8a4e40d61b81c96b63f5c

SHA256
b360afadecb2334ba103d515c506e792cb9aeea5925a6cf85dbfd786a225ffc3

SHA512
6592f21800f91474d2ade6102a0d0d36097e5552278e5aa390e52dccc838b323f9a4b89b6c879c56621d0de84a9ef054f695a6fdc267c9142a3d234bf3a2460c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
ca3b6944f47fb398e4656d7076e3d247

SHA1
592c966af88cb9fd39250d917fe4876bb213d36b

SHA256
d1d58d338db2f0f885d7e945613c2e6b98ce02534a2635c392cec04e8c8b5f71

SHA512
5be93716c178401e809aba922b05abfe4c6585ac8544ba6fde1ae16af87e571ef28d51f8d71946d5acde96370d39bef8d85349677de16b3e8009ba3f57802b46

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
27b4625745b0d9036faeef288dcdc71f

SHA1
79e2e6590a0f4b6af97796058595e8df77bc4b8a

SHA256
74fefc1ad1bca85ae3cdcb197396568e9ccdc3de9095cc3e787e6e28f9a04487

SHA512
2f4e0c4478a244c3b1632f282c7522efbe9b2f03d6a8bb600f0d833c61fd74d7bab32683b1c0e40e58b2d30640cbf6e9b28c03b179e168a6cb7bd3512bae3f2e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
07b160c1fabcf30a0e3e907f1b12177a

SHA1
c5435df1d9bc93ac87870c5d8894de8481456de9

SHA256
a78619b34f4566ff3fa834111d6f02fdeb5e82ceae2167f51a85aa902f4ad2dd

SHA512
cbf2df29701b0dda648f2e208596c691e1caf97d2e3314749b6a3ad899cc057f66cedbbed4d6362b987173a925e73ea266d238c9d985d03b7ffd5c32b0d0b3c8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
0e38b9e9fde2583f8dbb61f2522c1996

SHA1
9e6a952387380bcf54dcc9d040a2d9051a63a1f1

SHA256
ea9786491db2b6548e3c935cc4f8382fb1534b3b67dde1ed6b9aa003c9a7152f

SHA512
f17d95eff5b23d2d11f161a66ef67c61c34c0190ca7d11d8e30f4504f5ecfec87a02fd474a08061433e8a431d78ed92fa9cc087863f3f4caeb2b5616949bc11a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ea96f65e817ac6899d6732cd880f744e

SHA1
0fde259d82e3c300ef2461e660208fdccc339e64

SHA256
06bfc34d181852321498c49fad36701a5f854ad6e5588af9e141a5cef838165f

SHA512
f79099fae7d98b9208aa5be96f28d9855c5e81cd9dcc5874ed2e41c8b720f32e54fcfdedd44e075892967768f42833f9fd99657096ee10af38d3b663d48bd603

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
4328bf6228c408cae033fb4acca65640

SHA1
011fd7ddb7c4551abe683cb005920d85cf3eb10b

SHA256
73a10a15a4be54f85e4103a994c8a628c34034d085c40627fb4f18b499379de8

SHA512
a50a74fd675ed3b791bfa5a93ca9f910c5a9052e9990de0132606779a333007d305f4fae1ac9f193335cd8207a17b00e2848a87aaa09e7900df189103fa0cd92

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
c4457c581afbf9e1903fb309d8d08bf7

SHA1
fc52fd6cc2de7405ac69674f74cbef43c92c5295

SHA256
f409b1cce73799d3ed0fbaab72c3331cc597787680e2fc9dcd9e2803f62e006e

SHA512
b8bc722dc801a9c50a972dc9ef5ebb31b43bcbc7d12cb84d0b3e64749781818963573f0bafe646160ed9edac5db5b72d7968d3e5ff908da256079e8dff4ec2d0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
4ab2b866301da9ffd1a2d9e1d2828698

SHA1
bf49d684e192f14f96ab03dd0f8d9e5817a0f1b8

SHA256
cfffd594b203016e13fa74c5382c1c6b46f7d3f0817eb4d649feaf3350a401f0

SHA512
60874a1c999e646a11217b3d0c68af03b7b2e1210f65e8e922a2cd8741bcf1e687bf74b97ffa0082962df2f534fc4c2ca9c28c4822a7e2c50474810e42de9d24

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
139d647896af07432b0c810977139fdb

SHA1
27b2f2915acfb3a740c958282deb2f418df83d49

SHA256
0f3d5ea311f13f94b8c0f9bd6c8fe8351ca85a9e92d96b3ac3a54e87a2167833

SHA512
cda3135620409f12fc7ee77c53233af4e64ea4a7e3a7b2af3534b015b410221e500a1820cd5852236236ca8820521072eba4128efd6316e1bc7863360c07baf7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
5801a2b7df808227d967d2e0d147fa4b

SHA1
dbe2844fa8bcbebc227b9817bc0ea8dcd1634b13

SHA256
cc02b8e56ebe97d640eb3241d6dfdd76c36d8ad9dc6fd70c11ed6a165f87dbf0

SHA512
b6f77f1284a05aa4d9e69b2f459691f8bb79466242c13d1bf011d4edd6a43e742b4541ecfdd4d7aaf7b6e72b3540d41ebfd6074086ed1a4b56ef6b852d91ba0e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
9cd4f750ad9c689151ca0a278c3774bf

SHA1
cbe0a7601db4ce0aded6e18c9647750a4e03a8c5

SHA256
3569e7eafe649d9b4e0fbea1db33d4a7e6c350e4031f9ac40506df4828892b0b

SHA512
38e723fbcc1ae59e50d8f8ffd53cf77fd32a64686f24a0670287c25dad7fbe4852ba968f223cc5936b2a1af453e5d2d5f3cc190e07ee0a78c55f88a0c3ecb940

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
14fcd6216e82727e0a757f0f6a04701a

SHA1
ceb886836ad9dc04b2758271d55cab0f6c6146aa

SHA256
777b0583744a3ee8e32586262d34a3d231482504f37d1b0679e1dbd1e10bb854

SHA512
e963ba587017d3e579f3839a0fa0fe5be659cb749629a5b98e7b02184e811a943ac18d66c927ab45c54869650289ec6e3a9661ec40532fc2ae578a5fb15606f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
d082255c15ca45655f999c60c7e44653

SHA1
337bb7b65c8db5305814fa8046da0d790c5cab59

SHA256
31c054f8b4c974d6ac436ee21828121f600a1dde0eb5bb8c7fb41c47ffa9563e

SHA512
662db73cfe28995149aa4a3d2f877fd7b9a027a4f322be9ee6ffb19b8aa4d97ce3ea1fcc13c85c28a9ab815aecca1b0baa69109f20cfa73a46cf8c1be586dfb1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
8355353da56dd6ba036eeedbb10ffa68

SHA1
3e20c8f35cabebd04e7162b9567fd3905174127d

SHA256
678888dd82f5cb04b5727c56699c70d442b35ac65338bbe9ac45ed8d2a32acb9

SHA512
000d0a8648ca4e8433568efc422f3caeed7c53e764878aca11f8b7405850863f8a7bea4a97fbb0076db961d3f09646a00bb3eaa0e4e3b81d949ac2aa033b0827

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
9e0645c2970492f18a9c16d053ae47cb

SHA1
c91f0ee7dc0dc0213776728b152a5c3597b8e1c0

SHA256
7bef8830bdf0fbc8d84d85946a28cafe05fc47528741bc11998805982a3b421d

SHA512
c4277b7e7652bd342dbda6d2d22acbaeeb9ec1321cd91ad236575d0c8f504220736218711e91f0984e3d2f06652101f52aee123163d7bf3cd173c7ec2d1325cc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
8b692911c2eef0d2e2fbc8ee84c39e03

SHA1
b5f558a2cbfee2dcf1cf5f7e5dd229309f5bca1e

SHA256
68ff5bb5a44f019c7c8a50cbf9ee0af264b4782e6516917b4760c0b05d247161

SHA512
6a4118eb9d1bdcb4031db82682ee919f62d575dc765ca0a65028bd31c8bdc061155bc2139318916b3be3572b6a3656d194e3a925b5711241f436267a9af1109f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
8ff46334ccb442dbdce0b04e84cc6364

SHA1
52a7dfd39529c0669d8fe72416876bb2b241741e

SHA256
47c08c6be842b50d119c4921ff860bfc1739efdb017de42c1247bf0fb5c1e254

SHA512
b23b74b2c7f76abb613630c888eff8ec2fe6c28138522ebed478f6d55e21917e658f269ef0d6014e8778225b81e2839cb965a1ff243b5639766bdbcd52c28f47

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
5d365ca4dcb28432aae57e60dfae29f7

SHA1
76150d3ae3070e10f378df87e433b1324f5f008e

SHA256
990051016c4d565d20167c62be48e92ecd840231bd0ff21838d105cbea750ed3

SHA512
f46fb26ef0ce04eb0655cd4ed769b5af055ccec0a15cacc25c9bdd6e3c3a4ca501164e5093eb7381d00ea28a3be59e69762ade995a421c7ce8b1944fd2446465

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
22b0343d2498e2a0b9d4168d480bd6b8

SHA1
d4dd3b497b262905788c7abdc791af1cdd80c6a8

SHA256
094dd4e1d9cf8114145c254372b0ac20f6593f16f7b53e02953bd21bbe26a4f0

SHA512
970fd6cb5fa68e2e12a6288b00250a3c400939963298bfe7610edced53036990c51edef7f5054c371b12eb992ce8e05b1eb7af4d9ba61e0af41096a9ed64957a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
17006114f71cb462041e1ec50a952047

SHA1
3062f6d33dfa215b18492a3e0a2d0fdf41a08429

SHA256
bd195bbeb179e478cd1dc4bab518568edd65603e3d33b11b3298ccd1995b183f

SHA512
5d7fe67bc1d6e22c9e7c13df5a5b9dd039eb77d94b991908a6e23ae703295d2c857b38799c30b40cdb2f3bf503f951de54e11fd65e6f482bc184ffab54ff443f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
e4a76fbf2d73c51f37bb96ef5b76ceaa

SHA1
5bc9a30d11fae80286f0a73db5900e9b2a94fc30

SHA256
a1c067279ba80bacdd975117ae5e6aad9923b3138340d25d08742163107d7313

SHA512
0b4751d5a7914daecc8f0f620dff0228bfe1853af901c6ec277656f3c568d916bc1e1d22bc737ee3f54107fca6ded731c73e80147e34ce3b81c276f8b6d2b2e0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
a5824f125e7c5a363618e10eb166cfa2

SHA1
b9265cee687f031f52eb6cfd6ffacd728f7c9c71

SHA256
3fe2d705da261a98a8cb375d59ff98b0552b61e7c57132d46126fe4646b2cdd7

SHA512
4b2c4fc806097320a56c2547d2962f21e99e6e17a211cfd9aab1a7845dce78d958ab6a03481cb2a827ab233afb2cbcd059bc6e211f8951c1a2e3b7ac51825b8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
96e70c3aced49e26c5938bf5ec7e7a7f

SHA1
5fe35ee220c39cf8cad8d434b49ec31fa3f729ba

SHA256
5f8d8a9d207108426a3f4776786c4a7b5d70db237ded870b9a7ab191602fd83e

SHA512
af6f420164c2504a6c0fb3b62c89790dc3e08ae0b847e0a888c2c793aa6198134a8c18914fa0a5f3153dcad51698cb7125d2c90ae68de221042cbb97b7f8b78a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
5ce5cf921d0e522b8a05efa79031cfde

SHA1
a081d73ab637ad63831b0e05d0122e8e9036a41b

SHA256
6d049ab238bffbfaa0408460f3d76bc23bfd62ccf57659beaa81346e2dd69e98

SHA512
6ef468f6f6b6186fee208b3101c089a168bfc286fd7a84c220a72be085744c70b30a299cbce1bb0c25689da1f348552322a6451277be604f211017ce6d16f989

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
4bfe23c9930f814f7c9d977525cf2046

SHA1
3a6147006bd805a33d7caa647e8088a257061781

SHA256
a9a40611ddccf179b8cd342c07d947af951f85072b598b5332ca772a5ce7729a

SHA512
a235eef64580b8922e5f507f9bb2080800dcb4ea6b156150d2266748ebf38c2eb1e39342b01856ebd9e63b6e89c2104b434e444277dfe03e549293c928cb89bd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
e22edad44e45a6e1da46e0afbb318052

SHA1
d35c28b112fc386c6f4c52e4faa2ed8a56a4f6eb

SHA256
a7a163fbcbeffbfd4655e41d162817a56b8da8b679b139a04961e830ea5ad05a

SHA512
e750271aa41b402a5682f6863e95756c91afcbd5a994453280c7dac3973da3ecaf0fa0689b962cadab492ce90d510a436bd773c995b93ff6b40007371cdd2713

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
86e02140bd5ea5090460ab7ac5c5cf08

SHA1
3cc00afb1b108b2247cc38211b64bb360c1419b4

SHA256
4edd7b2ec1438f6a5d56eb0b7fcd7a42f2110eaf57439283afe85f527f9c1574

SHA512
a0e6177a3791e59aebcc960cdc2861e10b6a20e0169940f219c92cccbd4827afc47bbd94a5629d25a9f2d547e8e2094a3c96aa55a1bc3fe9b744c07436359e95

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
912713dbc1bf81366497d2c10ba3783b

SHA1
cd42a85838ef70f72c2faa5a149bc6a904f81585

SHA256
f4b3c90ab375d5f465e2abc2bdff37fc41e4a1ed44ebf8370cd9eba7408fb586

SHA512
11b2b1b726b314a725d24fa3c8b85f9c05a1643ae768adcad4b7006870b728db8688cf708f355ed8ffe2cbc24fb874dce2dbad86231c045b454dbcddfde35225

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
03cf202f9262f42dff2b35987eed7c95

SHA1
2ccf4e4b8f55d61032048101c18a4b6cc7b6a087

SHA256
6f033953fdb5ad272ddf29299577a4bb8d9a53bda4b3d8ffffd8d56c542c2c56

SHA512
c1d65b8457fa2b0998aa6500b585c14e177154ae5cbf08cbb0ff0fd7a1d82e31520f4bee4ad20badeb91784501057b1a968c7d7d8415a2f7683f1a434bbca30d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
e2bc2cb179b0758f9deda1fde5f60ae2

SHA1
71367f007ab0daf92d954b7e86eae037ec2fa8f4

SHA256
6a2342b270f775433bc77f9d48ab8f71b221c3cd60d84e893314bebff19c4801

SHA512
ff3a3afdf1780d6351306c0e00fedb59c020de68499005726e57487e9c5045636e59baffa487ffbcecc95f9bace000f66d1c3bf3b107e309e3cb522d45dc7b7d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
34b01daded37b4003b71c63712ff2577

SHA1
7cf99924ab19d94dca8a51d00f95ffc29b9f8e98

SHA256
11ffdf625eb3de49818a1a6288e9d7a60f4f3c8951b163eea84095ffd4ff871d

SHA512
6a865be6b2c5103db06dd14777833bd4835f10c2a282c5edd43325fb0c1669fac875367f4a4f3d98c26c55449682ee406e7c882c16d9f48b41f3be533d82f161

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
1b10182ad3f07c112f26fbd9f7a43848

SHA1
b9b9b4bc37a9dc1f9a9cb11df44583594d72f6e1

SHA256
381cbc579d5200ed6725a0dc149dd04703d157ae793d39be130d68eff7109c02

SHA512
1575d4f0f756aa5bee99c0b1f60ebca946abfcba08b180b13eb9fd966b05c44cff94ee2db6b5fa7025b5f0247f06d5bcec3c790a20c1086a59933aa7e5cf7097

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
e03b903ae9e8a21ab7e24230c05ff0f4

SHA1
6c9b3354c0b5a96b7f062d94bf874c67ebbe4c72

SHA256
9fbff63d4b7dc5e94958bf657321ff8f93de76394f78ed679863072d4ed3062a

SHA512
31b7322288802c58e7b287605bae0899bd4bff0b3b1c1daa2898ed32453b5e8d0d4d5b508c79c6236e924a23d61321981d80a80929dfe875bcbe6fd0b4400b04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
c4404953c519113d70e8fb19ce4b23dd

SHA1
c01ab7651ab1e3ae24f146ec72bf53d64001e14f

SHA256
e903ef5c4ba6872159e21dc6f4afa9a20113868cd99ddb8857369637053c3b05

SHA512
a575ba69f83408b219a6b3b63e031fe37d691de67e9b069daa43091b6eee3089100c1f15d34c36f0a40e086d97568866386d52cf60f0160296ea2db745b8c567

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
cad5e407dc341f661f3675c821807c84

SHA1
8581e431be8308b4a0746719898f66a2e4efbfd4

SHA256
df5d8fc7010fff00081f71f3fa2f8a384f45f077caa9afb066d45a070308581e

SHA512
6fcaf91c27feef117430a185d6189bdeb4c438186e4307a6c91c43cf9584c236b93ac04fa549eeb7f63e13494e30d58fd295068d7572cbe8beb438666a4fcf4f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
fcf71fc0b6f12c6d3ccb03418228a538

SHA1
90afa2cabc9eda94a7d01689f605e59601481cf3

SHA256
a3b8c23468dec69532ad374b9a3475e552b941d965ffcbdc6de0f23d58baeab4

SHA512
ca804da85ac67fecd46a5820328f5f209ba08e3f2ef587ce1021754928de36f14f47fe08ddffd729d1d0ff64d5c7dcb0d508818248ceedc5c83fe0a6017aa031

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
8986d1d9e5fc10d99a45d00f2858ef5c

SHA1
49102f4cfe2dc62ef633fee73678a16f8c06c136

SHA256
64576a5588c0facf99197d055c9a6a9b0db9a25c5601087b94407dd79fe44ce4

SHA512
30a094bf7d0db33d54581da8708f5f19cbaabca041e7e559b849f9581e22b8d3415093461e33fe7091acf643e02847c6edbd71a107f462f0057a4e9018266f95

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
785d4681543392b616bcd95e52da7998

SHA1
d538f78f7323f50d01f2765432705ff30ce47930

SHA256
b05c9c1312c869cd6ec5682372bfb01b3e52a60a01ab2fe68afcd6fa20a8cef7

SHA512
8031fa240100e6fd6721affa3ca37e6d88b6341b51d299f03736c31c67fcb2e3c105ecd8f27a6570e69a60616008c9868da424615f035e3d25a89cf95e63e622

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
ad20644a4ef8b16c043d4c1b68a0e771

SHA1
d1bd42edd650c3141a58c6ff0aa858709b7e0258

SHA256
7f2eacecbcda9339249b386ce8e23611e94d2fbec3d90121569d6f1cfdf6f9c0

SHA512
8cf2e34a23f99bf8c37bd5727c8ff6b7666f7752427df8b05d8d82e5e7d97786b4ecded4031bde32d91e46627b169e8d31b2bdd2119c6b755731a787364c0e1f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
29bb41863ca31837876d4acac58f8a47

SHA1
04add82abba27c6ce6922709ea864ae4b40fa8c7

SHA256
20fcb7142b72803b1f74e52d434cb28eb09fa8ff2d178e5edfa7fa5885552e5c

SHA512
00d3a9c33ba5b7b995cdcea97e708fe4b9e14883e0b14f0547cbce5b1ba54c338cce7ae81b18e53ab3072152e748528710ff0bb49197970d4f1d1fc700a1ae52

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
f53a96193b592c3b5fb18292d59c9bcb

SHA1
5a218c70180f408d393397b9a9c2c34d7deb8992

SHA256
e6244f73585ae3c74a0df8e077a58da3dd7b7d914b991747686edadd6de7f87a

SHA512
4f1cf04a8f50f3c9cab562d3df52dc10cc98232a50fd99a61d4e7557a3c1cecf5cf89d7db1bccb42467f1e3ace2057f2359007ddedf9f831e4e9b16ad2c046e3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
8cb769dafb0dd354d2b567160bf82a63

SHA1
beba881af68b4081ece5c3baa70864225c0c7472

SHA256
926c2fc5f0dbe67a1da03125ca00fe6fad055e9fe65bedfb75aa23fbea289e8e

SHA512
3905e30b1c47e4bac91ec09bd08f9c23bf1a5015f58ac843369632d58315c53372a2b87e9d0560b95803941be26b066b4b2413c9b66f2ab9288bda1d6a99b804

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
790d15a76ad2a23841dc9fac85ddac88

SHA1
cb30bb84d28d97cf96c767833ef6d2357a15b437

SHA256
927c9d8800e490b0f6affd0fd93dc4ddc27348ec7bcbf594b0866b7ece46e33e

SHA512
011806c6059c1a25fe451d04339641e52e94f8b582d1a60a80260584e8aeb012df30d01496de7e7cce942c631922d12271718806ac3656e207775e98b2cf8166

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
23a9415f5fa8793237b1a6500d683189

SHA1
e8e628e9237402051f331d01e1c3bef4ac407a9f

SHA256
d56e63986eb323739599da79b3a8b1db4fc616668dec44dc878195f2b86bca1b

SHA512
615a50c7e062e7d75e13bad2c23867fb6b543bb2969e5b32bcae0b1874f1cb15179021599507c9b1bf16d7dae0bc22c1e246411c9cd643772314a7561a5d7140

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
c912101b5b967c289e9a74d5bac4b21b

SHA1
16885dd84c387e8d15da2820a0d46d5e890b3fa0

SHA256
b5d71221182a4444c673670dd1b3714fcb56bb800700382b71f0ccde2c2f7fb3

SHA512
c0662ad808f6859034b7081e19c1991a2033a1d5674069cf1891018daa0b2381df1a250f4c54e374fe363eb2090bcf10a7b7f3beaa05a2dba6d36af20cc54b9b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
cf789b5c418cc53b1706dfa2d8ff0332

SHA1
5b17e020b2a83e182f8137777e926a9c84545660

SHA256
9ca3c9fc60d6947046e2a3526eb24fcc45ca152bd9bb2983a6d5105d3649d579

SHA512
52e5b1df2b3167308b9b6e5552311db906acff0e9abfd03db307be6977344592977cafb04c0dec0abc60fdd3e41a8724fedeabc9d2256d171b991e8aa0ab835e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
8d673b29833feaa76ee739c62d827ade

SHA1
d74d90db9d88fda7de2ae1573ca74ceeb93f1c06

SHA256
53fb9df7b1baa733c170c72a194958349f740396a7ba01a88c8f83bf24b78718

SHA512
44599a57b12b7b8cdd79113f5059b5ac85c28927787929505e511e19adf304d3f26c03113a56ad250f2828dcb163233d4eb4baea21c4c856d6cb17d98ff9a165

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_lt.dll

Filesize
28KB

MD5
7c6e8c05a8f9924836d3a351f8351edf

SHA1
f284487780f2da4317a5dbed28be5dfec35e5717

SHA256
71ad0e4e5e12d815cf1c3ea68e6031019993bad8a87b80ac2784f25986be0453

SHA512
92f31e19ec3f0afeeca2f7de0d058066b489b4a67aee983df32f32a4c96186af9d2236e33217aab050a39f90845fb6b15adeacc9bacc0392fbab023d81a9f5a3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_lv.dll

Filesize
29KB

MD5
62febccb48955668ba8c86328cdfc1dd

SHA1
995c1a5b919bc66da3eae5de21268547276348ad

SHA256
895dda8bb6b6b6778ba7fdb4f7c4267262ed4c3b584c5f7955fb40723e802d79

SHA512
0e5d0c0e4a57b3c6bec70f5bdfd5c95dfc83bf6552dca81faa0e6a7d0276ea30598f26028caed4960d5ea2ec527504386a9cc601c3c03680be33188eede1378b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
a331bc8f6139ea072a0680ffd3bc86ce

SHA1
d6a313dd2fc8ad5be07bb3fcd772cf25ba2fd5d3

SHA256
290ac7ab8d4fe81cca87fe0deb254261f165247f2156b1f3ffcaf2b90f97519a

SHA512
866d09542104a8dc88dea6c86129958bd327eb910b657a73e7b4b54eea78c6a2a2933cc43f3ed7710e80dd1c9f2ec078ca12eb066c03353133c80ae4e885dde6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
98e4d89118ff88ee418b432895ec99dd

SHA1
8bd81c94c086147182f9c3ab5ca2b5445b016a19

SHA256
b3188679b1b8ec1af27994b57609f5c1821c000b866920aa752ec9931c4541e2

SHA512
30b025c14f4e8cb3fdc99db8389a00d61af5c9e07ddedf973b1d78d17fb9d0fdbc6b6aa750015379211359339b86c7f4cc3286e591d11e7a1d14fb1fa1776af4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ml.dll

Filesize
31KB

MD5
1c33a09e597bfae959e69afa1a88afc8

SHA1
54e5bc4aac2ad55ddfa7d6edc7d14feaed0d4e88

SHA256
a9baed70d3413ac151009bae094c2be8dd0bb8aa370ba7930300d42d50212422

SHA512
4757ddc122b133a8d816b56bb4fb6404d46b18a73602c8d6a74c27113a1d50a781e9bbca2396338b4c3fa84af872981da3d426d749a0511e32dd7aab6ced6330

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_mr.dll

Filesize
28KB

MD5
d50f0739da8a4eb0176d1d0faec39d74

SHA1
09249cf93fc03e4a75977bf0a900e3463f8acd2d

SHA256
cccc12a7b5bf56ec3a55d63e2dfe1ab5deada025e453eda1082904b9e37550e4

SHA512
506654c4c2dfff872096b2dbbc74e5b0d2b58a81722f5b1cb966d748f8b918a7f6758a026fdcb28130b5fb2b5ef81327bc1fec2834139ca439cabab38127b975

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_ms.dll

Filesize
28KB

MD5
512c55feccd4cf19777277752712afe0

SHA1
1fdbfdce82511a908db039a6103778aa21a39a81

SHA256
0ba977b299c5f6d8273740924e8c1654ebdd906784d48c8723d89f3e78bfa5da

SHA512
e5de908765df6ef0034f2391625e1789838e127f89957989b3db8aca5f64ac02c5fb930a4e6a879efb2783427474074ed2de21a7b726d9e37027b6e9fef99e58

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU878F.tmp\msedgeupdateres_mt.dll

Filesize
29KB

MD5
2df34f482eb3056e0373593b2d66b8fc

SHA1
4b27215f56466e31d16cf127c7d09f43987d2f76

SHA256
be9c5937d1c4a5a750a7243287aacec107d947f3b4fdac43b08a4602c8e03744

SHA512
d5bbc3bc0b0e83b4abd35aa46697d16d2ec7e541c2523441f5e200ad7dd7498a44845779569378fcc855ccf55f84d4b873466cef19efa1e1ad48b6ae64c44800

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
fed49bfb7dfe1145d35d91e977a566bc

SHA1
512b4cd6c73da8743029830f7217ba44e4daa364

SHA256
1192f80b2ed3719d2529bd7684a209890c33ac144443292e647705d7c3eb2a87

SHA512
e0f11f88a78c7ec247d0e43b4ea68a59e7c9376b991040aa24ca51f9efc3ebcfe4cdb63bcfa96e980b24f6d9e7de1053e35452b38d1bf78a8733441b3f9bf2be

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
61KB

MD5
33f3e066bd456e9437eadd1479ff2dab

SHA1
53c64e3a99eca9d53a7d90196cf3835744dd6f4f

SHA256
a987de4a879bb9ed2e2c7fd2ed504b763f93246f7c30912ad79f5ca4e7c2af49

SHA512
cfaaca1e2460eee177b4ee24b3109cfbbb49735cfa202a8caca39035917504fbeb8b81e18363c45ae1f712ce79ee2ee05af3222a6a3a3a5423ed734269f6803e

Download Submit
memory/704-247-0x0000000000020000-0x0000000000054000-memory.dmp

Filesize
208KB

Download
memory/704-233-0x00000000743E0000-0x00000000745F8000-memory.dmp

Filesize
2.1MB

Download
memory/704-193-0x00000000743E0000-0x00000000745F8000-memory.dmp

Filesize
2.1MB

Download
memory/704-192-0x0000000000020000-0x0000000000054000-memory.dmp

Filesize
208KB

Download