a9aebe0c85244e0bb616646dd9abf0e459dbbaf9e2b8b11cf1fd900c61630f9f

Analysis

max time kernel
112s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fextify_1.1.5_x64-setup.exe
Size

3.1MB
MD5

557dff39355db5d3faa85b2953d17aff
SHA1

241e1466cc2dac4c87170b3df610fff6279a9f21
SHA256

a9aebe0c85244e0bb616646dd9abf0e459dbbaf9e2b8b11cf1fd900c61630f9f
SHA512

128cb53c767654d0a8c39ae241f5c6dab99674f8c112612c33f53bbb865a0dcaea0f9b299338d99f628b35cf67c34abb2c7166e42108cb8a315cc97b9c927b52
SSDEEP

98304:h9J5gL5ex27CMW4AV+g+JHQTI0E6V3NO4c4Q:hkUhx+10Tu4Q

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
2188	MicrosoftEdgeWebview2Setup.exe
2492	MicrosoftEdgeUpdate.exe
1016	MicrosoftEdgeUpdate.exe
2900	MicrosoftEdgeUpdate.exe
284	MicrosoftEdgeUpdateComRegisterShell64.exe
1328	MicrosoftEdgeUpdateComRegisterShell64.exe
2392	MicrosoftEdgeUpdateComRegisterShell64.exe
1228	MicrosoftEdgeUpdate.exe
1784	MicrosoftEdgeUpdate.exe
2000	MicrosoftEdgeUpdate.exe
3004	MicrosoftEdgeUpdate.exe

Loads dropped DLL 28 IoCs

pid	Process
2108	fextify_1.1.5_x64-setup.exe
2108	fextify_1.1.5_x64-setup.exe
2108	fextify_1.1.5_x64-setup.exe
2108	fextify_1.1.5_x64-setup.exe
2108	fextify_1.1.5_x64-setup.exe
2188	MicrosoftEdgeWebview2Setup.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2900	MicrosoftEdgeUpdate.exe
2900	MicrosoftEdgeUpdate.exe
284	MicrosoftEdgeUpdateComRegisterShell64.exe
2900	MicrosoftEdgeUpdate.exe
2900	MicrosoftEdgeUpdate.exe
1328	MicrosoftEdgeUpdateComRegisterShell64.exe
2900	MicrosoftEdgeUpdate.exe
2900	MicrosoftEdgeUpdate.exe
2392	MicrosoftEdgeUpdateComRegisterShell64.exe
2900	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe
2000	MicrosoftEdgeUpdate.exe
1784	MicrosoftEdgeUpdate.exe
2000	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 8 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_iw.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_hi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeComRegisterShellARM64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_kk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_is.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_lv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_te.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\psmachine_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_de.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_or.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\psmachine.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_sr-Latn-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\psuser.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_el.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fil.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_th.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fextify_1.1.5_x64-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1228	MicrosoftEdgeUpdate.exe
3004	MicrosoftEdgeUpdate.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-20-9c-63-3d-01\WpadDecisionTime = a062ad800515db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-20-9c-63-3d-01	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\WpadDecisionTime = a062ad800515db01	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\WpadNetworkName = "Network 3"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\0e-20-9c-63-3d-01	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-20-9c-63-3d-01\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-20-9c-63-3d-01\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\WpadDecisionTime = 8042108b0515db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F42A61C8-A496-4AF7-BCF6-D6BFB10B7EF4}\WpadDecisionTime = a09b41860515db01	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-20-9c-63-3d-01\WpadDecisionTime = a09b41860515db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-20-9c-63-3d-01\WpadDetectedUrl	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0B4C1840-3931-4AA5-A64F-95339D05E614}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31FB561A-CD57-4AF0-AE52-5652A86256B1}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31FB561A-CD57-4AF0-AE52-5652A86256B1}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2492	MicrosoftEdgeUpdate.exe
2492	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2492	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2108	fextify_1.1.5_x64-setup.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2108 wrote to memory of 2188	2108	fextify_1.1.5_x64-setup.exe	31
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2188 wrote to memory of 2492	2188	MicrosoftEdgeWebview2Setup.exe	32
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 1016	2492	MicrosoftEdgeUpdate.exe	33
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2492 wrote to memory of 2900	2492	MicrosoftEdgeUpdate.exe	34
PID 2900 wrote to memory of 284	2900	MicrosoftEdgeUpdate.exe	35
PID 2900 wrote to memory of 284	2900	MicrosoftEdgeUpdate.exe	35
PID 2900 wrote to memory of 284	2900	MicrosoftEdgeUpdate.exe	35
PID 2900 wrote to memory of 284	2900	MicrosoftEdgeUpdate.exe	35
PID 2900 wrote to memory of 1328	2900	MicrosoftEdgeUpdate.exe	36
PID 2900 wrote to memory of 1328	2900	MicrosoftEdgeUpdate.exe	36
PID 2900 wrote to memory of 1328	2900	MicrosoftEdgeUpdate.exe	36
PID 2900 wrote to memory of 1328	2900	MicrosoftEdgeUpdate.exe	36
PID 2900 wrote to memory of 2392	2900	MicrosoftEdgeUpdate.exe	37
PID 2900 wrote to memory of 2392	2900	MicrosoftEdgeUpdate.exe	37
PID 2900 wrote to memory of 2392	2900	MicrosoftEdgeUpdate.exe	37
PID 2900 wrote to memory of 2392	2900	MicrosoftEdgeUpdate.exe	37
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1228	2492	MicrosoftEdgeUpdate.exe	38
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2492 wrote to memory of 1784	2492	MicrosoftEdgeUpdate.exe	39
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41
PID 2000 wrote to memory of 3004	2000	MicrosoftEdgeUpdate.exe	41

C:\Users\Admin\AppData\Local\Temp\fextify_1.1.5_x64-setup.exe
"C:\Users\Admin\AppData\Local\Temp\fextify_1.1.5_x64-setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
  C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1016
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:284
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1328
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2392
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNFQjFGRDktN0IwNy00MUJDLTkyREMtMkNGRjRGNkIwMTlGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCQTBFN0IxRC1GNkNFLTREOTEtODE3My01Mjk2OUI5QkE1MUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjYzMjI5MjAwMCIgaW5zdGFsbF90aW1lX21zPSIyNTQzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1228
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{13EB1FD9-7B07-41BC-92DC-2CFF4F6B019F}" /silent
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1784

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNFQjFGRDktN0IwNy00MUJDLTkyREMtMkNGRjRGNkIwMTlGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjYwQzRDNEUtOEFFRS00RTI2LUExOEMtNTIwRUUzMkVFNDEzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyOSIgaW5zdGFsbGRhdGV0aW1lPSIxNzI1MzQxNjM4IiBvb2JlX2luc3RhbGxfdGltZT0iMTI4OTIwMjEyOTQ2Njk2NzY4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTcxNzMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI2MzYxOTIwMDAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
3a6b04122205ec351f8fbef3e20f65c4

SHA1
ba2e989a1f1963652405b632f5020e972da76a8c

SHA256
7ba65317643fbc0d03195bdeeba318732823a91ef27f62483d5fc0ed3fea4912

SHA512
2a0dbc91e79c42bf934ce7ab41ff6ed900322706bb71ffa1f3ade4ad85e0e1de2fa31540e1f1e0e979ad749c84343563ebe341585965f2f3a62debd6b4ab0cb0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
b0d94ffd264b31a419e84a9b027d926b

SHA1
4c36217abe4aebe9844256bf6b0354bb2c1ba739

SHA256
f471d9ff608fe58da68a49af83a7fd9a3d6bf5a5757d340f7b8224b6cd8bddf6

SHA512
d68737f1d87b9aa410d13b494c1817d5391e8f098d1cdf7b672f57713b289268a2d1e532f2fc7fec44339444205affb996e32b23c3162e2a539984be05bb20c4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
1d35f02c24d817cd9ae2b9bd75a4c135

SHA1
8e9a8fe8ca927f2b40f751f2f2b1e206f1d0905f

SHA256
0abf4f0fe0033a56ebdaff875b63cc083fd9c8628d2fb2ab5826d3c0c687b262

SHA512
17d8582c96b22372a6e1a925ccc75531f9bab75ebe651a513774a02021801d38e8f49b4e9679a9dfc53ccc29193fed18ab2e2935b9b7423605e63501028240e9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
e468fe744cbaebc00b08578f6c71fbc0

SHA1
2ae65aadb9ab82d190bdcb080e00ff9414e3c933

SHA256
7c75c35f4222e83088de98ba25595eb76013450fc959d7feefcab592d1c9839f

SHA512
184a6f2378463c3ccc0f491f4a12d6cac38b10a916c8525a27acd91f681eb8fb0be956fc4bdb99e5a6c7b76f871069f939c996e93a68ff0a6c305195a6049276

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
c54dfe1257b6b4e1c6b65dabf464c9fa

SHA1
aef273340160af0470321e36e9c89e1a858e9d39

SHA256
0c426d4d48efff328a0da5497af24e83892a2ed1d6397a6dc42f9548a24dbff5

SHA512
58ae24dfc6045ce1f8ed782a03cb3d02c10b99a2992b9326711fb8700c8e7d05cfbca21e9b47cb4b1f4f806a9bb7667672026c715aad2f175febb6ba2b5f95db

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
ccdf8ae84e25f2df4df2c9dd61b94461

SHA1
64cd90b95a17d9ecf2a44afc0d83730b263ba5fe

SHA256
816c64b37e4c42cd418d05bc34a64e9c4acb4ce08b2a18ac5484374ca7b76e76

SHA512
242a8a93326d3a5ea1fd367ef6cc2b343f08f4ff68d88d91044d0ad7fce490f47524a6e57940991ff0893a590459e96c588944f2b115cee703413ca594046f7f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
3374d9bc4467dbdeaf50bbd5a26edcfa

SHA1
6d7bd73ad27148bad7488959d7ebea22b6805436

SHA256
5c8a8755cc0b1213fb0d5b57e10a53702f2091479d3c058d0c756134e548c685

SHA512
c0c02e54d7e0060b6ffa5bedf8d79cf4b40f77711680d2161b5186c5a8a10e521169dfa7ab6b8e4816c98e4aefd136f209a40c78104cb618c21105e095537719

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
87e596d8f0ac9fbe2d3176665eeb68f3

SHA1
1c9364d55b4844cd250504abe30dcff9792ee576

SHA256
c39669e004facfb0c500788747a4427fe26dcdb50ae695562e6e417f4eb190cd

SHA512
ef3708632e19332ddf460e081f8444ff8b4ec483c6b3e57f386df66d5f62d222b1d3f9f3728928701a6e48720133133c43619858853585a7d70b7bd5d8cf847e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ace0925ded0a4507d82e6d32a77c50df

SHA1
c760ff52c71de3080631120c6992dcd0ac4e37bd

SHA256
8e3c517bfc5986310c35f30b9681d9c919a7d62e299014410132ddc2b41f00b3

SHA512
8adec80e179f205d0571625c1a63a0188e6533adefd48691f2fc287a546c12249c2126e6958d1732fa8847492a8287723a0196fbc0f2b9af3c54e1ab418cc3e6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
aeb3a05ce4eecdef3d23dbc0094fe21f

SHA1
e2a5c49b4d0fddcad28649bd09d0cc7af4c0b2c8

SHA256
6c874a312ae57b8b0deac8457a200fcfc90aceaaa252628701c92aa8b9a823e8

SHA512
4a7fe6cf8300b394d7471d9a2d759ebed59690ce925270d6ceaa4e14ee06f01b67f8219559e9ec917477f4c5aae03329ae2c6e231f3fd41c645d02d26b29f367

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
afa21b2feee2831c5478e113ed814b76

SHA1
9e883c990a31b8cd0ed2f80f732f404386cc55d9

SHA256
183bcae9e143b78d04c2ed83ab6cac8cbd82f1d2bcf7bbb2506886a3925ac556

SHA512
294838c67f6d87fc3b4975c73d24e1c38173c8ad4a14c215945e9910ddc306e9deb0168f38661c85b5c77929fcbf56093f632a35c1b39181203fbd662d71f7f8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
8e0ff856270ca13f8c07825e39ae3613

SHA1
b351f8ae0cc13d97d201a268990b75fc9e6cd422

SHA256
18cd8ed69df17e1bcb517285caa88c8a73e093984fecbea2587e7144a8812a73

SHA512
25f3821c20aa222a28143951c9f370d3feceaf41e449f718640dce9af0e88e518bc40d2d02f5e64148d8909feedcfa6a8caf65a87ad12637a8bc13c848b1f178

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
9f4c9469ef1930ec3ca02ea3b305e963

SHA1
e588ffdf150b55bb4ba38e2aaf175aaf6e1826d0

SHA256
fef14de38a4501cf538c89ca2d1ec389031124f69df9090df94fb4461e54ad58

SHA512
c166189ad76cb395a2aeea724f2088f42dd4d361518856166fb92b3335b8fc670e99eb7b1c4c9ac2c872c8283826cc2c88009bd975e690efbcc3d99289557e96

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
2e9132ee071ca5653baf90b9b1ea382e

SHA1
8a0c1e5a0df6432c50539d68caf697b8adaf1556

SHA256
adf6e6542f1422c431ef92a209886224fbb53b5c67e68ac070d5c8a4c6ee569a

SHA512
0b021758117109e4414c7ef37356106a96b68536ade8d3f1d1fb3dfce7c1132ab6fe02f7292ed225c09814a9c57124f731fd35069d220760678eab565f320976

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
917c18cfa84c8b8e83d8321f03be093b

SHA1
c0a4a743f4059183724fc8c26e84b5a80bb2f7f0

SHA256
6c56355b232c3bd35f397f99648c020733ea2d57db1cd4beafffcd962b896ae4

SHA512
03359c6104e9f0cb2d66b6f1bf5598b2bb00d9e7a62fbd0c5475ca67b5194e96c2e6053a2a1c22323ba0002c614caab0477597fd34b57dd1f5acdb19f70c0854

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
8b49a989a56d4a5aabd0a03f179ed92e

SHA1
ca2f84217c867eb853830e95c7717ce35bd997f9

SHA256
849e23c2f53d06462bd0f38e9d7c98e9389486f526a90c461c04c0aa1db7b7be

SHA512
f4861ab9200db234550cd2e355ce200b7746c614e9c326287c0509d152f29d41d7a056e4fd27e3150cb433cd0234c4ae1cbc0c3a8b5892ecb3e8d4632a985aa7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
1146f59b139b9d810996a1bae978f214

SHA1
cc9d54e6e3ce1efc4ef851eba35222547b996937

SHA256
7b5ce6c7fa03e69a93694fa59c61be88b3eb8cd8951790f3bdd7cba2d99e6b83

SHA512
0c94943646b0a08662eda2d236b7c88ecec0745faff5b9c6097f68e73a20059f8d2de47a9c00e58c6d2083331a34a0fa19b0964f3c62a6b8cfa02bc1e283e75a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
08fb61cf492ccd1236907af7a6b1bd4b

SHA1
9f6e0f7610d42f8a402d3adb7b66374f4d0f3cb5

SHA256
d6261d4bd9ce4011caee1e0efefb5685a5bb5e29130ad8639e4578fc90027631

SHA512
747982680ebc9e3c0993a69923c94382df6bfc113ebb76d31f65f9d824abef1a051a4e351f0f42296fd84e7663fc3bcc784da51dbce0554c3a880ac2258aa16c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
970e46bfaca8f697e490e8c98a6f4174

SHA1
2bc396e8f49324dee9eb8cc49cdb61f5313130d9

SHA256
eeff2c2487c6456e6a3ed43fe5fbb9d3b72e301d3e23867b5d64f5941eb36dcb

SHA512
789f29ee2c34d86da5c69225bb8b2fd96273c20146126c28d3d36a880bbda5b16ace479ce59aafdf645328255105133f489278023e63e04e9fa1fb34cc1f3ae1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
3d22a75afd81e507e133fe2d97388f2e

SHA1
f7f68cb6867d8c6386438d5a6e26539be493505b

SHA256
823fe6edc1fb0ebdfb8ebbaa2d36f6dc0424c8f26b6594a390ae0eaafd319ab0

SHA512
34a62ebe8d057a6f6e6f6b2672ebb95d4d7c49e739f4beee4bbfb5e917b7176aba4d70b0e84bd727c967d0885c08264dfb42371fe0d3fe4f8f12dbb1e26ca69a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
fe685e8edec8a3b3c16e7954b787e118

SHA1
ac71544158bf86d357d78d003f5ff2b4b5fd4ef3

SHA256
4b60ce6e3c8f725ad8e88cd0d0a3f0155a7145915670a532fe1143fb2dfbf49e

SHA512
e30d12a607d1c6fd2060ab38f443af680f8c8655900b0a21f3f0b488033f9300915667bdfa59ff4fd3488f58ac52c7f5598ff5078bf849bd177d1d8c10533f04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
be845ba29484bdc95909f5253192c774

SHA1
70e17729024ab1e13328ac9821d495de1ac7d752

SHA256
28414cd85efe921a07537f8c84c0a98a2a85fdbd5dfa3141e722ed7b433d0a96

SHA512
2800ec29ece429151c4cd463c5042492ac24e82b4999a323607d142a6e1a08cb69258190a6722afbbcfb3c9cdc6eebdedf89ee6549e0f420f6fbae3aa0501fd4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
dc8fcfbcd75867bae9dc28246afc9597

SHA1
8fd9361636303543044b2918811dbdab8c55866c

SHA256
3deb382ffdfbd2d96ff344ec4339f13703074f533241f98f0ccd8d3f8c98f4bd

SHA512
ac8fbf033677a6862f3d02cf93bf1838c24f006b40fd44336ae13ecc2287ae4c733cc3d601e39556586131e8a9e2d930814399ac68165a26458a6cbf51b11d32

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
9c0ef804e605832ba0728540b73558a7

SHA1
a305f6b43a3226120d3010ca8c77441f6a769131

SHA256
626835e07c1fc4ab670127682f3e5225881a2d4ddea873c5271e9032668fa641

SHA512
c27a4b24600bdd33a4f9430e8d4d8f7f3718efcaf2d1ec36023e34b996817af79b5a9baeea1506f97d2716c9b2b5509bbc1bf4d7cab779554eebadaa8c942dfe

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
111118683f6e8ed7ceb11166378aebb0

SHA1
fd3e1cf198885ab5d9082d540d58f983d8a0f5ff

SHA256
5cc4930c50716138e25987baacb9a9aed7d30ff5c0ac927e35f7fc006f5179c4

SHA512
cc3480f05d8d59d3d705204e15ff6453a6d9c77bdb1011d069bb1f83b3d4e14204f19caa7e7ecbb6e3ed92d429ac46940791903440fbfeca2f7e7e12b9a47f6c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
c0da1ad8854f64b7988d70c9db199d5f

SHA1
b184335283bf0026615f2a4a120fda87961c774b

SHA256
73190820d59e5bfe769b82ada48b0c9ed353524bd5cab303f5175d7d9bbb74ee

SHA512
424ef2d0ceaba76b64c3349ec1ff5088cb8aff9103fb38da238c80e6452a967f3dca09860b2b8fe9c01e20bebadc539960a5bc241a91bab98bfedf29c2f777ea

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
c4cb44ee190c5aa8dd7749659437e5cc

SHA1
667f4aa01a4262fff2e01838f94330c0ebc285a2

SHA256
dc184d54d00d51d2f8de623c0c4b07e9408f7b02e1f1085107edaf14dcbee136

SHA512
0330d733e89811c4a89deb202ec517de3128ad266483f37bd8d91eb6e45336febf7297da4f3465c683ed1b6e08114d6a3f52ff74484276509b9816ae7dccbb10

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
a9b037f7bc8f5b382bf6c69b993dbeb1

SHA1
7beb733f3561ac3083a3dfca3b7644c5154e1330

SHA256
b498d1b38a81199b62a98a0e36aa9e955e1c0143436908538314089c0e59d128

SHA512
a63c1e1a4d8d2e5043e0cdc420d1c545b0adbcdaa1a65f09454d47cc9642c1ffcb16e76454e90c75fd88f29917024b11418a606acbd560a98b79cd8631186332

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
6b2319c3634103272f39fc71d7f95426

SHA1
a1d692a68c5cbb70d29a197ec32c9529c15a0473

SHA256
28c610ba7f8332be050c30e296acaee423bc0a7a9cacc7b3d60618e284ff9cfa

SHA512
51738dd14b410c689ed56530ac555824c773bcb163f4dbaddc86e684e04c1f06271001f0b2bef7d6231f17231b2e3e35f9aba2974c48eff6d1a8ab877e5a6031

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
8e1793233c6e05eeaf4fe3b0f0a4f67c

SHA1
97697fe9ba6b3cb5cfe87bb94587c724ed879c3b

SHA256
b9caaa668b71964316ee15e6e49f8ae81e5ed167fdb69fc31bc6df834ab4e7a5

SHA512
3d2fbf5e05e7b9e21c85ad7f59db9556046e4c1755f0b138d6de38eeadd3480e772e35798f9339aa7daffbf92afbc385f9c0bb4e4f5c65292dff3b280f52bd6f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
5e63ac4b5abe6c84f305898a0f9ba0bb

SHA1
e70baf6f175c297a9b491272ce8f131ba781553c

SHA256
711b5968d2116d7e97aa5852ec864db35d3c186f341fb024cd1ef4525256131a

SHA512
c383e4df4337bf9a66f684dabd2faa95cb49abb424c76d0603f91af7b7260be5b2877246da293d5df83fdb59d291d63a7d73303c34682a50ea84a8fcd7d6e874

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
f7b123f6dd6c8d8832a8bb8b7831e42c

SHA1
7e9524b79036568b2b4446ee00c76460fb791c6d

SHA256
119b9e288832f2a4d47d63b693bb195a72f27e9c0aa014b2c3ccd5d185f7afc7

SHA512
6bd457d1e3f943a4ca5a1d36907fe526a4f2965a8411280a2988ef1d264203af0797365c1306e7ce103cabec2ead17d194f20848b4c665e986705c3ed6e291c9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
6de337fa9f131077042f7ce421a9fa42

SHA1
25e21b64cdf60a1da2f940b3c873eefd680a5fc9

SHA256
263e07308785bd7e510eda95499ab3d3d66942f0bfd0a5722258e2a87b5d0a90

SHA512
e747fc105c4ede0d4f73492e3757975a9410499caf867bc149cd43bdbf1be03d3df82fe04c7cf99e3ad6ee06fb5011fc5b069bd502c2f3b3e578f587d0362e3d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
be03945025cc2f68f8edd4e1ca3c32b7

SHA1
d4b1c83f6b72796377bfd3b42c55733eed8fc5e4

SHA256
aa95c108db3582a4be98fe83519aab3fed09c8cc9b326469edb89871d6562373

SHA512
a03656acfc123f06a071f0e326ce15bf17e2efe080fa276acd50cb40e35000d74a3d0762da327c59a7564bb3f03532bf04c733ae850852f62ce71fd513e9080a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
951dfd4709b3fdbe79a6e43828387592

SHA1
0c7bbf1852135456692970639869618fb616ba5e

SHA256
21c72dc48cd33291520e3f432d8d59ec103496ab6508f41fa1b081b3bdf98bb8

SHA512
b338c345db00135ceb3577a67bcbc36b37be742e39aa6a333bac93ba20ab1463df55a381be95c9e9effaed4daa0ce93203ff2994459f9a23813dc0afdff03e8d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
6b97796e1746317567ed7cffe9441d3b

SHA1
dd269b22021eb37fe854ff181a09bf7f9568f7ac

SHA256
a4ce75f6b1de6a2500bfd6b0ebc1c268cb3d7080dc9e7661bedd9361f7215d42

SHA512
f1856ac881de7acb7f61f2d7c1d064458855c3621fcfa951f1d1207f3d85fd6f64b26547ea1391c4145bdeee23e6611acb2fe80b8c1258dd108085e371d34d73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
8bbd58f9644187747407b0a18c60aa0a

SHA1
82888f3f2ce1dd7b9b3f5ac26bed0a6da5601dff

SHA256
35008c4ea7f22ac78d28e72311d4b3fa28d6af24072fa94558a9b3771a4b545e

SHA512
1fa7d62692062c1d22e3fe0e5c15bfbb2def115be2991001a998fcc6bbb5983d9343b06172e8f38b245587b15762b655ef58ec508160b576779963e5889efca8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
e56f98d6b32f82f391d5b087a135a7ec

SHA1
c8de62b4b22a8153cb788e03f7e04c55a5ae5396

SHA256
236252a34d2efdb4e801bd827a791935aadfe6c0a471f1b252d9bf2d291a6bae

SHA512
45b9933478505759e7217a65e3a054885841c5ae9bc58983c6cb216ea2a15c53f45ecfb6b40fee07d54c289819ddc2161a651e5183e244e0f43946176f224c8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
5b5366c7779dc9ce9f3a15b6f22289ac

SHA1
d9995fee337b9696be970a2a48a845ed71bd7d2b

SHA256
da6d5c982387286396f54c043bacf106f78fc76db4a33984c8b2cb88882fc9b3

SHA512
35362a3719833449bd9e757194f9b0b28c3d68a0c62f52d224b1cd5eca5a2343e1db868668e2b30d927a1966b5db5cd0b2230d7f4576627e486eb3a86913b195

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
b675cc1f6f5f174c265c0887d9591915

SHA1
abb182cfbe1d5723ecc380c5fa08b24c1f421af1

SHA256
c012110ad65f8244494ef2aa70696128a949fbc5797e5139afa7d4195457df1f

SHA512
be1b23a563a2b4f6b658df3f8075d48bf3921c5951a6fbe77c24a0949997e068403f5bcaa3f93030b01d7a69b1aa74ce06f37038c30145e03a9822f4854f7c0d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
b8b03be1e73e1ccc0df159c48e875038

SHA1
37d1b2216f1e90a69b1be65b2c4f0f5f35e78aef

SHA256
4ee8f48af5136fb80f5d031395f92abb2b3571fdf7c4c98ae833c2ee74c49160

SHA512
ef47c8c0f8aed7a4d912986e2a3fbc34b54fdea25b006bcb63d502a6cefc42bca717a93e16ff1c137892a91b894ea15d95a53dd3b52b850bf1a75ec9bd7b3013

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
dede65e2268976ded6f598ecea661025

SHA1
45c6fd614dac74eecf83709081b4f289c05271dd

SHA256
9379736bb1b621367e42736d311288d33742a9e0ca3e056b4638491fc434a880

SHA512
92a46ca5e3c40bf55fede64aecd7fd05f6419c645d38325546c46632775fe72cff4152e473ffbc15d478da62c76a088ebfb4db91b9a0691a9ce1c763ad3f9285

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
ffc1ff9f4cb8fcb529f8580d3b92a80c

SHA1
d0ef21a7407c5eebe1fc21b6549c92c6222bf0cd

SHA256
d508f613bbec62a237a5616959dbc292fe4a79adc8783fb91725f3f2c32658d2

SHA512
6345362f03f3bc4409c1e5875b2e7cb58b5df9737c9c5502a19314046281e682a3ea7ac5adbbb933a130f52efad4da4eb9ad99ebfdd41bdba23d1fbea4180475

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
e802f3589731c88d166a8b0e3bae1dc7

SHA1
b94e21b646c26053c19a0e6238f0e4fbde0a2fa6

SHA256
173f78b786cd1a58a47ec9f7c662e403b191fa42cb7308aa7eb6b0f744bfae0b

SHA512
ecf9eb33afb00c6839d6778e36685b904267e6f384a7d307230000a506e6ac6e95132c2f50a4cbe523d834dd6c7ecd1277d47b73188130e097a0b64c0ec64a51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
1c6f35c21ff0afb2f4aa9d4352fc86f2

SHA1
d4bf67c14304add3e7d8218ff66a520a7b1e0a6e

SHA256
779900e90b23d0443e0b93b4ac7c8fa24dd6a0ebddb36cd22bcd7a1a6fce2ecc

SHA512
caf80f4adab14a81bb14e36683772539a6789448ddfcaba2a09e5c6c3e2dae105ce436ca7dd7b412c6c73dcc0768141822b13064d452a48a37721e1e9dd357f2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
9dc0ee4f6b7e239018d6962b5097669c

SHA1
3b091cd8dc4f46ec7603c56d2ebf73385576031e

SHA256
4d31ba95fb2adf05ea6fb9b1896f09c872c228187bd3d2f979b162097ea18979

SHA512
aca659bcb9dfe59bd23dabcf2051b8529b0a1b9f2c1a0748ff29ffb02307222dc3a5d8b7aa42f6469200992e6cca14886908eb624f9f1959095133b09f3752d6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
b6d73bbacd24928bfe692e2c48522e03

SHA1
8ae460214f623db552fe09944dde5f83e1f3e3ff

SHA256
9be3c751e0f89866599d8d4a6d2bc10db749fabcd6de88922e4b7c4bb1f03ddf

SHA512
762974a13e623435adda030e9f496220ba65e8ebcfbc3aefd896491a4816bd8496cba79dc56f321e4eb98a9fcf71b36160c27f701c5e690c071270065d1f3f14

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
c89e6395725b3ba0b18d314d54589b92

SHA1
c57c5a8c4841206da919335bc29ab65ce7aca76c

SHA256
771009b26b95c3c6e0391fb78038c632a2475af36b3b48d13882645ab5e91d3b

SHA512
33ebe44cacccd475c958053614f3c179f2d0d3bde8a99e740faee0b87bca0eb2ea27a01501c70ae90367fe158a694edde005920d9ba18d647d0328d0a5f8c27a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
c4740361d46b87eb618e395552f20b6f

SHA1
62654bb1ef4f6959bc421b1d5c0d4ef7c6651b17

SHA256
869461c0b655d697c5089ef9b5eb842670b5c3e9696aa109ed3ec9c217e31f89

SHA512
0dd00ce5cd4a13a00faa7925e0f3965d059e9b935601408e0b687b764680780d855d9fe13f653c3458bb672b67d039496c7fdf605b2c31613f79a2f7ae24ef4f

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
a6904662fe03e61eb15fe314f218d08a

SHA1
b18576e20689a80364330b8b07198ba919540b0c

SHA256
26b256bd6df540b626cc83ab43d441c9e014ebb086c3bbdf0281bce0c01cc64d

SHA512
bbf0dac855ce3ec3f536d857a2169b518ea74d3bc9c059153ec53ed956093b45f76294c3e09b1f06ce94fa07fc4c0d8505e8b95555d6e104749802ac37795beb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11817adea0d5ca24ed50ff2d40d3958a

SHA1
9dec7befceb555602bf90d60e84cf5822bed3c5a

SHA256
e4f4b5d45689721ac4e84a09f1f0e168d351496d1d419dfaf164a9414eb2c512

SHA512
bce40cd218c3cae70fe46ce8008275822bdde227c8920d1b24581a3641dac74a1f6257472337732fdb778ef6236377d4c2dac252878923039cfda4fb48c30a87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e36d2fdfca58f0316a3982954f476b3f

SHA1
99c28d9619b31ac54822b86de179cf5b8ce65758

SHA256
d9b90887d9bf858a8612db8976c8a7c24b4d7f1559b171c2dcba9719e4058ca9

SHA512
b6b9aa331165245af8ac95aa3378e0defbbfb6a6e2eaf6df01e583488ac8cc8e8247a7f624381dd4eb719293f122e36dd90f3ebaea0fba78c729862b3f52e224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4bae74b52a01c01702fbb0b0b1718c6

SHA1
1eb21adb61871d7fb1c1b0995774b9896e9096dc

SHA256
a3a1de243d5077ad874340ea133395e8311c71525b156123a8f4043fa7882874

SHA512
f73d99d22bf745c232248be6f5e13961f60372861719115704576e1e68aedd45321b1dad2fa1b80e7f69f05bb61236d4c6a2176895533a5da4e25d00cacb067c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1be4956a52c10161240b296d94ca012b

SHA1
daf07f7fc96665f29791c666967b680caf105383

SHA256
2c8d750288666de9c327f40043e0edad55f36caf8f3ddce6b02716598bf132f2

SHA512
a84b38aaf1a368d739de6280d9139f1d25848888f0abfaecfb4da374786ee929e18da35d21f68c628bad531a78869e2cccea45f3cdb28a9dcff1aa79d02df8d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2686.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26E7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
fe6ac35be3a5c711add1747870c8a20e

SHA1
1fc8db8033f3224c807065e96e2bd0a71cd293fc

SHA256
80d8290afc866c790f3d45590ddd239abec2a77c7fe4e5436fc8073c9f1cb531

SHA512
17964451b9455382d6f20a8b2e98d7a26ac85a224937de2b564f9e0b86e964d0514f5e1dfbc0d2501121350a3919946c2e02ad68efbebafb39098ee54e5a28ff

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
898e2fce8665cfd938dcc3a956bee4de

SHA1
8dc0a4925142dbf5df42187ea76c34454e7171bf

SHA256
afdd9f918f6487506954f6c650762e4736a7a7059124b6343a7ecab74400e737

SHA512
82b59fd4ba6bc322daf5f274a5b787a7587ee8714411753bcdb3a63c6eba8cd518a89557b1d72958ecb02185ac7d1f55879ec41be3d88a9b775ee0a7ec9c6136

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0789892f2c12437908595370cda882dd

SHA1
62cabf8861e243f9eefa67d1c411030749d9c260

SHA256
25ed7347ab95eb9940212086cb3855b562e1d1906fd45de811f5d1fe7551a1bc

SHA512
433cd76aa4247d6f445e76eede0e346d6010614e74f4d6777136fd8ced91e5950b39b74f31f193f8d4c66e665db856facf036199115611825b70c01c19fbafce

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2776c09a3b4afbe04f0c99164a17a423

SHA1
43ebc93da76310a3fdfa55b7f6791779c6fbb295

SHA256
f169f072b0f9185a1bb1290d7100262b2a6e9a4a979a805aeb79f72ae2227eea

SHA512
7afc21ed328798323dc511e4ceb3b8ca0b01e42cfcba4ee390aa44c96af9c8b762bee9ba25b220e3786bb484924bf7a6eea34191bb689bf1e56528095da8256b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
722660066da727dca324ba971a225220

SHA1
0ef382a0cbb8ec8815d89b8f18629d43353cf3dd

SHA256
e1055dd180f109c822091de506963517e36df70063ee10677788743750e9973e

SHA512
a0e9fa177dca0739e75336cd0dc698cb961abc42eabf02e61b7e6455a401a2fee9d5d951090049f797431957fe91b60f280f619d2494944ce53cb430cf968843

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
708f6f7798f0d2bd75d7fc2a1dd87b62

SHA1
ef9a9573d27033ed9dce0f9fbd3c2613ef464889

SHA256
3f1008d32086cb79509e3c71e6c6125a791fbfaee4f2ac5eba9fb75f5d12960c

SHA512
a5b707d14d0795f07e51f76c24f9631f99521996e81107874c8b708428d147ba21d23cbbd4b63612c1579b7000a94b5a8b412b788dca3af38e30c7aa7f63467b

Download Submit
\Program Files (x86)\Microsoft\Temp\EU9A2.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
b0da0a3975239134c6454035e5c3ed79

SHA1
fbea5c89ef828564f3d3640d38b8a9662c5260e6

SHA256
c590d1af571d75d85cfe6cb3d1aa0808c702bcefd1b74b93ea423676859fb8ba

SHA512
5fbfa431a855d634bcbef4c54e5cc62b6435629305efee11559f66473c427ad0775c09364d37aaa7a4a8a963800886f6547a52ae680a1ff2c4dcc52c87d994bb

Download Submit
\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
d2ebd82a5d3fac11d44d90d8df253bb9

SHA1
ba94b456e111ea9573fe150ad4090a66540c9938

SHA256
04b65aa7b23d0c7ebbd6e022a600fbc43c0ee896ed280e48ac59e17fb0a2311d

SHA512
49e9ef8066200cd6ec079943c1fbcda95cab2d3042f635ed57949e0c0701ecdf34ea8f16324994dc77bc3ec9fc67882ea88b4d543974e90bf4e8cf69b15e073c

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD30A.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD30A.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD30A.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD30A.tmp\nsis_tauri_utils.dll

Filesize
1.1MB

MD5
1e38f56aba852b737f2866c48b823165

SHA1
53a7cfaeb6a4a9653d6d5fbff02a3c3b8720130a

SHA256
0eed48313a7f904d7cc1977b70000ab3f11f18cadc8e6a69b807d288ca71f9db

SHA512
5cbf6ca67aee29f5afbbaf57a72eb58e8f85b692e69aa5acd5817b00dc6948486189a8e74f4fcae302e9c453cc770eef78b3ffa70a914d911246e5b4992fc9a4

Download Submit
memory/1228-583-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/1228-870-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/1784-1238-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/1784-584-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/1784-1245-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1259-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1246-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1267-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-585-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1239-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1263-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1255-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2000-1250-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2492-581-0x00000000003E0000-0x0000000000415000-memory.dmp

Filesize
212KB

Download
memory/2492-1261-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/2492-582-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/3004-586-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/3004-1043-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download
memory/3004-1241-0x0000000074750000-0x0000000074975000-memory.dmp

Filesize
2.1MB

Download