fe4f6adeb25337cf07aa3de20543a6505923f721d7ccdab5c83369115a3bc734

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/MicrosoftEdgeWebview2Setup.exe
Size

1.6MB
MD5

431a51d6443439e7c3063c36e18e87d6
SHA1

5d704eb554c78f13b7a07c90e14d65f74b590e3a
SHA256

726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6
SHA512

495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd
SSDEEP

49152:9iEf3nHwPrSzBVf0mtw+gGTU3YRzA1izx18nMlb:9iOG2zBJ0c9RE102nYb

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exeMicrosoftEdgeWebview2Setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\mip_protection_sdk.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\bs.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\is.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\sr-Cyrl-BA.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\AdSelectionAttestationsPreloaded\ad-selection-attestations.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source984_161664849\msedge_7z.data	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\wdag.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\pa.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_quz.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\identity_proxy\win11\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\mr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Edge.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\notification_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\vi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Sigma\Entities	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\cy.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedge_200_percent.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\en-US.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\BHO\ie_to_edge_bho.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Trust Protection Lists\Sigma\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msvcp140_codecvt_ids.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\sk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\pa.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msedge_elf.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\VisualElements\LogoBeta.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedge_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\d3dcompiler_47.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\wns_push_client.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\libGLESv2.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msedge.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msedgewebview2.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\km.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\tt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Trust Protection Lists\Sigma\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msvcp140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\VisualElements\SmallLogoCanary.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\id.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\gl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\msedge_200_percent.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\MEIPreload\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\ar.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\elevation_service.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\km.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\eu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\ko.pak	setup.exe

Drops file in Windows directory 10 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\1cbeea5c-d7f1-41cd-97de-2c0b861d0675.tmp	setup.exe

Executes dropped EXE 14 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_131.0.2903.51.exesetup.exesetup.exeMicrosoftEdgeUpdate.exe

pid	process
4336	MicrosoftEdgeUpdate.exe
4396	MicrosoftEdgeUpdate.exe
3920	MicrosoftEdgeUpdate.exe
3012	MicrosoftEdgeUpdateComRegisterShell64.exe
252	MicrosoftEdgeUpdateComRegisterShell64.exe
5040	MicrosoftEdgeUpdateComRegisterShell64.exe
2844	MicrosoftEdgeUpdate.exe
3704	MicrosoftEdgeUpdate.exe
1996	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdate.exe
3428	MicrosoftEdge_X64_131.0.2903.51.exe
984	setup.exe
3396	setup.exe
1188	MicrosoftEdgeUpdate.exe

Loads dropped DLL 16 IoCs

Processes:

pid	process
4336	MicrosoftEdgeUpdate.exe
4396	MicrosoftEdgeUpdate.exe
3920	MicrosoftEdgeUpdate.exe
3012	MicrosoftEdgeUpdateComRegisterShell64.exe
3920	MicrosoftEdgeUpdate.exe
252	MicrosoftEdgeUpdateComRegisterShell64.exe
3920	MicrosoftEdgeUpdate.exe
5040	MicrosoftEdgeUpdateComRegisterShell64.exe
3920	MicrosoftEdgeUpdate.exe
2844	MicrosoftEdgeUpdate.exe
3704	MicrosoftEdgeUpdate.exe
1996	MicrosoftEdgeUpdate.exe
1996	MicrosoftEdgeUpdate.exe
3704	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdate.exe
1188	MicrosoftEdgeUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid process

2844 MicrosoftEdgeUpdate.exe
1744 MicrosoftEdgeUpdate.exe
1188 MicrosoftEdgeUpdate.exe

pid	process
2844	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdate.exe
1188	MicrosoftEdgeUpdate.exe

Modifies data under HKEY_USERS 41 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}"	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

MicrosoftEdgeUpdate.exe

pid	process
4336	MicrosoftEdgeUpdate.exe
4336	MicrosoftEdgeUpdate.exe
4336	MicrosoftEdgeUpdate.exe
4336	MicrosoftEdgeUpdate.exe
4336	MicrosoftEdgeUpdate.exe
4336	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

MicrosoftEdgeUpdate.exe

description pid process

Token: SeDebugPrivilege 4336 MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege 4336 MicrosoftEdgeUpdate.exe

description	pid	process
Token: SeDebugPrivilege	4336	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4336	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_131.0.2903.51.exesetup.exe

description	pid	process	target process
PID 1700 wrote to memory of 4336	1700	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 1700 wrote to memory of 4336	1700	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 1700 wrote to memory of 4336	1700	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 4396	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 4396	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 4396	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 3920	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 3920	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 3920	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 3920 wrote to memory of 3012	3920	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3920 wrote to memory of 3012	3920	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3920 wrote to memory of 252	3920	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3920 wrote to memory of 252	3920	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3920 wrote to memory of 5040	3920	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3920 wrote to memory of 5040	3920	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4336 wrote to memory of 2844	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 2844	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 2844	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 3704	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 3704	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4336 wrote to memory of 3704	4336	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1996 wrote to memory of 1744	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1996 wrote to memory of 1744	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1996 wrote to memory of 1744	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1996 wrote to memory of 3428	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_131.0.2903.51.exe
PID 1996 wrote to memory of 3428	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_131.0.2903.51.exe
PID 3428 wrote to memory of 984	3428	MicrosoftEdge_X64_131.0.2903.51.exe	setup.exe
PID 3428 wrote to memory of 984	3428	MicrosoftEdge_X64_131.0.2903.51.exe	setup.exe
PID 984 wrote to memory of 3396	984	setup.exe	setup.exe
PID 984 wrote to memory of 3396	984	setup.exe	setup.exe
PID 1996 wrote to memory of 1188	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1996 wrote to memory of 1188	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1996 wrote to memory of 1188	1996	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\MicrosoftEdgeWebview2Setup.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4396
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3920
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:3012
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:252
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:5040
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjMzNUEzOUMtNkYzRS00NTU0LUJCODctMEE0RjY0NjQ2OTgyfSIgdXNlcmlkPSJ7RkJFQUM2NUItQTdCMC00RkRDLTg2NzgtOTRGMzQxQjQ5M0U3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezlBNDQyQzMyLTA0N0MtNDEzNC1CQTI3LTZENEZBMTFDMjdDOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQzLjU3IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDc2MDc1OTU3OCIgaW5zdGFsbF90aW1lX21zPSI1NzgiLz48L2FwcD48L3JlcXVlc3Q-
    3⤵
    - Checks system information in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2844
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{2335A39C-6F3E-4554-BB87-0A4F64646982}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3704

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjMzNUEzOUMtNkYzRS00NTU0LUJCODctMEE0RjY0NjQ2OTgyfSIgdXNlcmlkPSJ7RkJFQUM2NUItQTdCMC00RkRDLTg2NzgtOTRGMzQxQjQ5M0U3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QUNFN0FGNDItODdBQi00NzM3LThBQzAtODg3N0I5QTg4RjQ2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0NSIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MzAzNjM3IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NzY0Mjk3MDEwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDc2NTkxNTQwMiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1744
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\MicrosoftEdge_X64_131.0.2903.51.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\EDGEMITMP_B9B01.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\EDGEMITMP_B9B01.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:984
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\EDGEMITMP_B9B01.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\EDGEMITMP_B9B01.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{314F84C3-D81B-499A-98F1-80946FCB555B}\EDGEMITMP_B9B01.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x234,0x238,0x23c,0x214,0x240,0x7ff749922918,0x7ff749922924,0x7ff749922930
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      PID:3396
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjMzNUEzOUMtNkYzRS00NTU0LUJCODctMEE0RjY0NjQ2OTgyfSIgdXNlcmlkPSJ7RkJFQUM2NUItQTdCMC00RkRDLTg2NzgtOTRGMzQxQjQ5M0U3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezRDQ0EwNUVDLUVCQjYtNDQ0RC04NkJFLTU1NkRGMzBCQTg1OX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuNTEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3ODA5MTYyMjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NzgxMDcxOTU2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAxODU3MTkxMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMjZkMzlmOWItMDJlMS00ZTI3LTg0ZTItYjU0YjI0ZGM2ODNlP1AxPTE3MzI4MjM5MzcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TXMlMmZlQ0Ywa01iZFFLbyUyZmM5aFQ2VWcwTXg5clNLOERmRmR2dlpjNktNNm52VVVKdkk5Uk1DVmRlS3BtdXh1NURWbTFsVFlIT0d5V1FjZFJXYyUyZmpFQXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY2MDc4MjQiIHRvdGFsPSIxNzY2MDc4MjQiIGRvd25sb2FkX3RpbWVfbXM9IjE2OTM4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAxODcyODE5OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwMzMxMDMxODEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2NDk2NjU5MjUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5ODQiIGRvd25sb2FkX3RpbWVfbXM9IjIzNzUwIiBkb3dubG9hZGVkPSIxNzY2MDc4MjQiIHRvdGFsPSIxNzY2MDc4MjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYxNjU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Installer\setup.exe

Filesize
6.6MB

MD5
e8ecc691b6b345c25ea749591911d934

SHA1
b54f8b8ece5c4221c4180edfdef39df38a36ba21

SHA256
e226aafcb47b85afe8962b885921dd982bbeb356ddd1c66e5a6f42be80dd052a

SHA512
9364268b3e7333a6d52e3ab1eedb15c9cee98d5139be0708790275ef05abba12f32c2a39546b4c81f799d7ee662d5f705af9de28b0fca12a64c72ebcccd4f066

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
1723c5e707061e59d769c492a95d5083

SHA1
3b535b7a0df2f7a4ab5e531956dad9892adfb5e9

SHA256
e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab

SHA512
a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
35a79bd6de650d2c0988674344bf698b

SHA1
a0635c38472f8cc0641ceb39c148383619d221dd

SHA256
a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1

SHA512
afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
c55b37823a672c86bc19099633640eab

SHA1
da5e15d773c794f8b21195e7ad012e0ed1bceb72

SHA256
3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0

SHA512
1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
dd30f3ff486b830211df62d20348f86f

SHA1
08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf

SHA256
9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7

SHA512
af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
39ac5a029f87748e964491b97936d890

SHA1
24777aad794a13d0e7381fc6f32f0e1bcdb1ba80

SHA256
ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc

SHA512
2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
2a9524cf8afae49394379d9d9be69206

SHA1
e43d4146f8abebbb30831fbd39a39846bfb7eeef

SHA256
e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0

SHA512
a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
1903bc250fc269e79c9f7aada2979aff

SHA1
efbf76b1259217c02c138078c56f36b2cb8543ab

SHA256
228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04

SHA512
9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
b4c28669b9d4e56b094af6062f4db065

SHA1
4c492c03138c8a796cf0673866892b9e0c2073ec

SHA256
7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb

SHA512
35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
16b0c8a664626da016a95fb46fdc9c0e

SHA1
c674b635cd8927511825847f3d86a5562b4155d7

SHA256
b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255

SHA512
ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
bf510bb9b7639af7da969f77620b480f

SHA1
17a6693a5d6aea1f3fa6f34abc46daf558cac645

SHA256
2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3

SHA512
6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
4b23c7229eb43740744cfbf48c4242ca

SHA1
4938dcf6239e14db53c8f085d3c477905a9986af

SHA256
a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2

SHA512
4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
1e038b27661b303e15a39a55305e86bb

SHA1
35b48fe72d50406063f9145fea64c57f205f0084

SHA256
385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364

SHA512
13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
9afe531b6472cf9eb66028e9638584bb

SHA1
6212292867bd59fe376e79988c07f4db8ad26cdc

SHA256
383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812

SHA512
352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
5e06d311c2e24b94f378c4d3b3deb260

SHA1
ef7df63f63746eb197c21694ebb21cfb86c0b2b8

SHA256
d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65

SHA512
8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
afdafc9f56401b662f42cef830d92b38

SHA1
b56966370ec07cd676e35d93fad001e0f6b3fb8a

SHA256
03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72

SHA512
884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
15ee7526536790bf77317975896542f9

SHA1
365bc54203b490daa0e24a1c9813d5d99c9de720

SHA256
5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e

SHA512
475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
8eff4531519a4b768005b9411d4a5f9c

SHA1
59b354e3f32f0a0da8755c27b903803994f4aa31

SHA256
2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0

SHA512
4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
11b92ae8fe94c784480d465a37935766

SHA1
f4ead29d4b20c57bb0e4d16a7488784f61a25972

SHA256
571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161

SHA512
b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
19a7aee0daf68fdc1a24e3228a8bf439

SHA1
1fc6ce227a11245787c80f3932e2c311de2d44bb

SHA256
409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99

SHA512
0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
ce66ef1a806c21949b75055f81cac760

SHA1
3719e4af114a3c0baceb133d152a02bc6a1fb9f8

SHA256
23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f

SHA512
04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
09cf47260852ff7b2c91c65d127b9314

SHA1
b3d362f3d08f81bd1b719a1c94b54f5f9c9610da

SHA256
eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920

SHA512
114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
39dc20ae50a0e2ba9c55dda91256b3cc

SHA1
464139f11db3fd6ae77502b183c4b59f581d6c7a

SHA256
e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14

SHA512
08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
894b6ea4b49fa390bd70167a75f3ff7b

SHA1
4f834ef6567d02f28390d63c8ca9fd3c735b2140

SHA256
a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a

SHA512
9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
bcafbabbfc8f810220b2ebdbb8a76d19

SHA1
58703c8355f996f2ce8ae5fd1ce4dc29318fd414

SHA256
7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7

SHA512
b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
3ccb8eab53a0b4c93507bf2adff6ced5

SHA1
25fa2435e97bd0e1cf986a882ce33e68f961c139

SHA256
8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0

SHA512
4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
6b03eb5b302e72727977f2431ea7f30d

SHA1
ac5cab93d3c28e46f92d2719638c739c680cc452

SHA256
b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137

SHA512
362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
ed883bbd9e4b3de4db68e356707f3e67

SHA1
e03dde660c15a614442552f8c4d2cc5dd8425fc1

SHA256
168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7

SHA512
ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
ba417f44f7564f1aca70cca9166f3f44

SHA1
d8f064e25038e0076bffcd1a694b58063b7268d7

SHA256
56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703

SHA512
c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
7f47c9b9bc9488754579935209291c55

SHA1
470e590c6f5263a44b95abbd6d0c158fae326d21

SHA256
f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75

SHA512
6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
20134024ed75deda002dc0839b352f84

SHA1
e67bbd13a320d2b4413b283e165385c44a65ea0d

SHA256
425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76

SHA512
7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
08b6c8f26644370c6dcbee63e4abf884

SHA1
e4981733831c4d31715cad1749545d21dc29acf2

SHA256
916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8

SHA512
31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
cf3ff14718b5e6125b956d6d9e897196

SHA1
041de2587e03f6c52dba60e9d2459ce33b263eb9

SHA256
d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa

SHA512
551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
3ca8dfe9af49bdde95188002ebd5f227

SHA1
d18d7af889c4d03ea417c09bc56069f3f697c547

SHA256
6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5

SHA512
a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
d64f47e1971f1e9faba211ca984e550c

SHA1
6f4de57c6f174dd778788b138a9b25cf4725258b

SHA256
75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00

SHA512
722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
31276d0895baff6976c94c549efbb47d

SHA1
4f0fe790cecc28823e6359fb3b78dde13cc17681

SHA256
d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88

SHA512
413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
bb4a1f9374f1c3e0cbc4788a3ce1d4c5

SHA1
30667d6dbaa689db9a08b42acacdf68435dac46e

SHA256
bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655

SHA512
d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
274c267b7ee544d36698b2db119a6929

SHA1
27377267ddc09060254033c4aa9916a60a254956

SHA256
ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f

SHA512
f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
ca9abf92edc001d3c0cea4c926bd004c

SHA1
740513a325a5c15376f4b1aea402e9c54155ab33

SHA256
d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346

SHA512
7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
df2764d7bf9bbc6d4e96301c928566b5

SHA1
1f9adfed63fff6cd144515e8a7fbf8c4131d2f65

SHA256
3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514

SHA512
8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
c80c6530280315158443cd04f89e9169

SHA1
fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d

SHA256
52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de

SHA512
bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
28064f47523b575c20fc85733cddf487

SHA1
0c5583888be256c8e09a396e333ad158b5f87553

SHA256
0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a

SHA512
d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
0da1fde56fc0bf63e17a891e99f559f1

SHA1
131d18d7329be3ff21c78a3921b88e910a3d5a68

SHA256
ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec

SHA512
67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
d92167a825c73bd6246483bfa1787c8c

SHA1
0a96d89226f1e694275922e5e2640bca3d7e7020

SHA256
d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019

SHA512
12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
0ff69dde83bf61a768bc63870d687747

SHA1
622714cb8eac68b79021800f28f5874aa23176b5

SHA256
3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7

SHA512
e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
67eb1378381ad4d1a450bd26fe51f5e3

SHA1
ae0655d07a4d0b049ed258de646199f9004963ce

SHA256
b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9

SHA512
1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
d9b956ec540d8b1e528d88d8c5e5fdaa

SHA1
bb967aeba493d9ac0b3889f7bbf9136614080331

SHA256
cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901

SHA512
d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
5ef433fe15a877e530ba0a044486f200

SHA1
db1deb37392e001353f5a098d8686a17fc156b40

SHA256
896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502

SHA512
97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
1ee9fe48904cb43a9147bf16823b16f1

SHA1
19fd9c0a2a1d919340eefca7956bd84df467b737

SHA256
a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d

SHA512
b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
6c3abddca78cb3ba9f724bad9fed6165

SHA1
3114daf9295215bbeed0f4bb4e282b46ec1c74ae

SHA256
d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548

SHA512
b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
f97d285a3ba35b1395d9868e15bce4f1

SHA1
154dfcb8646bdb02b618dddf8a0dc1cbdab2269a

SHA256
33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4

SHA512
bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
9c7c3dec8769f8b33aab63a15f642d81

SHA1
41ab17373c388d005b6d39c3ffc9fd5aac1a75cb

SHA256
c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7

SHA512
86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
b0973b4e4407ea116a723bd7c39c1d45

SHA1
011e9126cf2fd3db3f0f810dc1d8e60891ef0695

SHA256
36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a

SHA512
574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_lt.dll

Filesize
28KB

MD5
883f3e1c963322852aa6ce7177ba11fd

SHA1
3da37835cb54a847e3fa2edec45c4589e2c31561

SHA256
c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5

SHA512
52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_lv.dll

Filesize
29KB

MD5
0edaf7aa97694524c60369256b17c9f8

SHA1
48a81d2c180b9dbb970dfc381b204c3e0bf11532

SHA256
74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe

SHA512
de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
6e072740c5627ebe87c145120bae017a

SHA1
471d9a05568b542484f8cc06ccdaa307d3a9aa34

SHA256
eb8d66977d14c532d42a8e6a25bb9fedd749b3fd4470301fb2ac750b3b030b2d

SHA512
3daeb9857230571fb7a7069c4b3e1f7c15bf3a3214f974de0be74eda8ae0ca33a72d53ad2fb34d35c7f39e12e0cd91f183a7638cadf66fadf8c869741a2f31bc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
fc7f6cab60b5f7162f0caaf42bc33a6a

SHA1
c120491f69b87858ac055de4ba79cb5450073697

SHA256
6925acdaea43d471b1e9c481dbdb7e5922df03bb451f8190d781520c585747bc

SHA512
c08ff3683fc6b909de93377688ff4b226e75c2eba1ccc10c94f2258aeed30f2ecb57889c9fd50e7a88c300a0b8ead56dddbe484cc7fab80e1bfbd70516b35dab

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ml.dll

Filesize
31KB

MD5
cc9eb10aa9d38ea5d2d62a3fc9a21cde

SHA1
3522a988506ad5b5cc609ea02a18b5f75a06debb

SHA256
9f8112edd3397d50b8b835cba4bb2eafc4e5511cc91bd74d9ff585debc8879f8

SHA512
66bb6a341cb95f07ae875586d631fa09c68a920e54242fa5e36996f0c6fb2870e89fe1c959b785bf783884c967dfdd46b0e709a564b6bc911cdb73a66d193f63

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_mr.dll

Filesize
28KB

MD5
98557801fbb00d5db905372d82d24a56

SHA1
afb1d071a351f405846e7e3a8e7d2aff4330231b

SHA256
4ad659437305bd4fbbad9fc5a91ba8f70065bd79dd2d74aed154a343ea2d5033

SHA512
6d23fb21071f1ad9c86bfeceece4638b3014e8c0c2200697782524ff9e8170a7c1654edf1447d416536283ae3aa3dcaf3ff7a2fe89d51fca0ef89ccad352e7f3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_ms.dll

Filesize
28KB

MD5
ee13eb4c7beab0558eeb86efdd526e91

SHA1
abf4b64085e504e9ae78c973c1db6f045b2cef40

SHA256
989f4e0e96de503a04e32265509c85331abe0887a3480f68f497f71ef9b53dd2

SHA512
08fce45e57598641f6bac45a51330ddcea38e7fa508df1ba488d636750264a59d3d32fda866ee0503c40beb3652bb8cd56449529eb4231c71f8d1f85e98bc5e0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUC7C4.tmp\msedgeupdateres_mt.dll

Filesize
29KB

MD5
42c0d474b29703d20f0c992c494d0963

SHA1
441b3ddf8bae7e76e7a2cf7641af891f7110416a

SHA256
f35b475ee72722d6a128cbc90dd441486a4c0db6c6f4d65b7383ff71d458ce7a

SHA512
7a723059c52c3297c1bf0fd3ebf5e40129e7e3f85b38da590114a2a313f7da30b94a6f04b101033b61ac011487e56a0fa0a4c57d3f4bd51d688046b330754f46

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
edfced795cb83a775c0489a3c8cb9280

SHA1
b3428d7b88d9aaca022002fce28e073ac5daa094

SHA256
7f5a58ffb87355230a55947f2b1bf2f3441f806e64c6c8cb359f16a76ba5aab8

SHA512
1209f4cd8fc2feb472bd9a62370d1fd337172eb3727f316cdc0eac32d34420c915b6b7de7480e22e60ed68154be8fabec9609de5bba25658edada2c71f6664a5

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
223d77321f92dd9703861fb96e05135d

SHA1
97ab4b350a76a5e9882a347384ae99ac1f7e8de4

SHA256
cb9da7e4bc0fb2dee07e18fd2a94ef99ef0d5f169e888aa388e3fe8b4d0dfc02

SHA512
acaba5f7d2842e79a625169ad4c01d6d591914eef8584aa0bafeac0ab9cd34214ecb735abd3ba150144621fd260b88aea9ef73e5be33057f1e8a70a6752379c1

Download Submit
memory/4336-249-0x00000000007E0000-0x0000000000815000-memory.dmp

Filesize
212KB

Download
memory/4336-218-0x00000000745A0000-0x00000000747C6000-memory.dmp

Filesize
2.1MB

Download
memory/4336-193-0x00000000745A0000-0x00000000747C6000-memory.dmp

Filesize
2.1MB

Download
memory/4336-192-0x00000000007E0000-0x0000000000815000-memory.dmp

Filesize
212KB

Download