47779802943893d932dc3245c79f7bb9669a41d83d2fc2b194d5dd6331b8fdd7

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/02/2025, 17:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/MicrosoftEdgeWebview2Setup.exe
Size

1.6MB
MD5

b49d269a231bcf719d6de10f6dcf0692
SHA1

5de6eb9c7091df08529692650224d89cae8695c3
SHA256

bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e
SHA512

8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f
SSDEEP

49152:2iEx3ZsKgbBPetIhztPqpP0NxVjRLhlcoRZ:2issKgbBOIhzV3RhlcoRZ

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
28	708	MicrosoftEdgeUpdate.exe
30	844	Process not Found

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 8 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ja.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\Social	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\identity_proxy\dev.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Notifications\SoftLandingAssetLight.gif	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\bs.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Locales\lt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Notifications\SoftLandingAssetDark.gif	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\edge_feedback\camera_mf_trace.wprp	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ms.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\msedge_elf.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ar.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\vi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\msedge_7z.data	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Locales\sr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\am.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\bn-IN.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ka.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\icudtl.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\microsoft_shell_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\nn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\VisualElements\SmallLogoBeta.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\identity_proxy\canary.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\identity_proxy\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\VisualElements\LogoDev.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Locales\lo.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Locales\mr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\libEGL.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\learning_tools.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\et.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\kk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ko.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Locales\ka.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\msvcp140_codecvt_ids.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\oneauth.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_en-GB.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\it.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\sr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\uk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\VisualElements\SmallLogoBeta.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\th.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msvcp140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\vk_swiftshader.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\wns_push_client.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Mu\CompatExceptions	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\nl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\VisualElements\Logo.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge_wer.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\wdag.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\tt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\EdgeWebView.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Mu\Social	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe

Executes dropped EXE 12 IoCs

pid	Process
2360	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2192	MicrosoftEdgeUpdateComRegisterShell64.exe
2152	MicrosoftEdgeUpdateComRegisterShell64.exe
2520	MicrosoftEdgeUpdateComRegisterShell64.exe
300	MicrosoftEdgeUpdate.exe
1052	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
1692	MicrosoftEdge_X64_109.0.1518.140.exe
1936	setup.exe
1596	MicrosoftEdgeUpdate.exe

Loads dropped DLL 28 IoCs

pid	Process
1416	MicrosoftEdgeWebview2Setup.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2192	MicrosoftEdgeUpdateComRegisterShell64.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2152	MicrosoftEdgeUpdateComRegisterShell64.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
2520	MicrosoftEdgeUpdateComRegisterShell64.exe
2288	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
1052	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
1692	MicrosoftEdge_X64_109.0.1518.140.exe
1936	setup.exe
708	MicrosoftEdgeUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
300	MicrosoftEdgeUpdate.exe
1596	MicrosoftEdgeUpdate.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{B260CDAC-1389-4A35-BAA5-74ED5E039B30}\WpadNetworkName = "Network 3"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{B260CDAC-1389-4A35-BAA5-74ED5E039B30}\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-4c-77-55-dd-a0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-4c-77-55-dd-a0\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-4c-77-55-dd-a0\WpadDecisionTime = a00059b36376db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-4c-77-55-dd-a0\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{B260CDAC-1389-4A35-BAA5-74ED5E039B30}\9e-4c-77-55-dd-a0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2360	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2360	MicrosoftEdgeUpdate.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 1416 wrote to memory of 2360	1416	MicrosoftEdgeWebview2Setup.exe	31
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 1744	2360	MicrosoftEdgeUpdate.exe	32
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2360 wrote to memory of 2288	2360	MicrosoftEdgeUpdate.exe	33
PID 2288 wrote to memory of 2192	2288	MicrosoftEdgeUpdate.exe	34
PID 2288 wrote to memory of 2192	2288	MicrosoftEdgeUpdate.exe	34
PID 2288 wrote to memory of 2192	2288	MicrosoftEdgeUpdate.exe	34
PID 2288 wrote to memory of 2192	2288	MicrosoftEdgeUpdate.exe	34
PID 2288 wrote to memory of 2152	2288	MicrosoftEdgeUpdate.exe	35
PID 2288 wrote to memory of 2152	2288	MicrosoftEdgeUpdate.exe	35
PID 2288 wrote to memory of 2152	2288	MicrosoftEdgeUpdate.exe	35
PID 2288 wrote to memory of 2152	2288	MicrosoftEdgeUpdate.exe	35
PID 2288 wrote to memory of 2520	2288	MicrosoftEdgeUpdate.exe	36
PID 2288 wrote to memory of 2520	2288	MicrosoftEdgeUpdate.exe	36
PID 2288 wrote to memory of 2520	2288	MicrosoftEdgeUpdate.exe	36
PID 2288 wrote to memory of 2520	2288	MicrosoftEdgeUpdate.exe	36
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 300	2360	MicrosoftEdgeUpdate.exe	37
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 2360 wrote to memory of 1052	2360	MicrosoftEdgeUpdate.exe	38
PID 708 wrote to memory of 1692	708	MicrosoftEdgeUpdate.exe	42
PID 708 wrote to memory of 1692	708	MicrosoftEdgeUpdate.exe	42
PID 708 wrote to memory of 1692	708	MicrosoftEdgeUpdate.exe	42
PID 708 wrote to memory of 1692	708	MicrosoftEdgeUpdate.exe	42
PID 1692 wrote to memory of 1936	1692	MicrosoftEdge_X64_109.0.1518.140.exe	43
PID 1692 wrote to memory of 1936	1692	MicrosoftEdge_X64_109.0.1518.140.exe	43
PID 1692 wrote to memory of 1936	1692	MicrosoftEdge_X64_109.0.1518.140.exe	43
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44
PID 708 wrote to memory of 1596	708	MicrosoftEdgeUpdate.exe	44

C:\Users\Admin\AppData\Local\Temp\$TEMP\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\MicrosoftEdgeWebview2Setup.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:1744
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2192
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2152
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2520
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzRCMTVCQ0QtQ0Q2QS00NDBDLTk1MEUtMjdFRjNFOUVFRjkxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0YxNkM5OUU3LTM4MzgtNEU1Mi1BREI3LTk2ODdGQkRGOTI0Qn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDY1NzMwMDAwIiBpbnN0YWxsX3RpbWVfbXM9IjY4NiIvPjwvYXBwPjwvcmVxdWVzdD4
    3⤵
    - Checks system information in the registry
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:300
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{C4B15BCD-CD6A-440C-950E-27EF3E9EEF91}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1052

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Downloads MZ/PE file
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:708
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B4B09FB8-CFD6-4A90-8D1F-6D3E1194934B}\MicrosoftEdge_X64_109.0.1518.140.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B4B09FB8-CFD6-4A90-8D1F-6D3E1194934B}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B4B09FB8-CFD6-4A90-8D1F-6D3E1194934B}\EDGEMITMP_71853.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B4B09FB8-CFD6-4A90-8D1F-6D3E1194934B}\EDGEMITMP_71853.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B4B09FB8-CFD6-4A90-8D1F-6D3E1194934B}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1936
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzRCMTVCQ0QtQ0Q2QS00NDBDLTk1MEUtMjdFRjNFOUVFRjkxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezBBNDg0RkYzLTc3REMtNDg3QS05MDA5LTNBMUQyNzJEMDk3M30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSIyIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMC4xNTE4LjE0MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjYxNDM5ODAwMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI2MTQzOTgwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjc0NCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzc3NjQ0MjAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MzkyMDk1MjImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SURTeVZQWGlyNWhpbkJURiUyYmFlWEolMmZkTFJ3OHVSNUdWTlhLZDlYUDFhTUZqa3NyVTZrcmR0YmJsUnFWTjRBeGFoZllXWmpaaXhHRnZtV1V3WmNZJTJid3clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iLTEiIGRvd25sb2FkX3RpbWVfbXM9IjMyOTc4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMTI4OTQiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjM3NzY0NDIwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzBjNDA4NGYzLTFiZWQtNDI0Ni1iOGVkLTIwNmNjYmU2MGUzYz9QMT0xNzM5MjA5NTIyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUlEU3lWUFhpcjVoaW5CVEYlMmJhZVhKJTJmZExSdzh1UjVHVk5YS2Q5WFAxYU1GamtzclU2a3JkdGJibFJxVk40QXhhaGZZV1pqWml4R0Z2bVdVd1pjWSUyYnd3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iOTEuODAuNDkuMjIiIGNkbl9jaWQ9IjkiIGNkbl9jY2M9Iml0IiBjZG5fbXNlZGdlX3JlZj0iUmVmIEE6IDAyMjNCMzdGMzVCOTQ5N0Y5OUVGMDhERTE1NEJCRjhGIFJlZiBCOiBNSUwzMEVER0UxMzE4IFJlZiBDOiAyMDI0LTAzLTE2VDAwOjQ5OjQ1WiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSJSZWYgQTogODU1NDMzRUNGOEMzNDNGMTg4RjcyODc0QUJFRjQzMzUgUmVmIEI6IEFNUzIzMTAyMjAxMTA1MSBSZWYgQzogMjAyNC0wMy0xNlQwMDo0OTo0NVoiIGNkbl9jYWNoZT0iVENQX1JFTU9URV9ISVQiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iNjAzMTk1MTUiIHRvdGFsPSIxNDA2OTYwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjYyMzM3Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzc3NjQ0MjAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MzkyMDk1MjImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SURTeVZQWGlyNWhpbkJURiUyYmFlWEolMmZkTFJ3OHVSNUdWTlhLZDlYUDFhTUZqa3NyVTZrcmR0YmJsUnFWTjRBeGFoZllXWmpaaXhHRnZtV1V3WmNZJTJid3clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjE4OTg2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzc3NjU5ODAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjM3ODgxNDIwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjM4NzkyNDYwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNDU4NiIgZG93bmxvYWRfdGltZV9tcz0iMTE2MjIwIiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjkwOTUiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Drops file in System32 directory
  - Checks system information in the registry
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:1596

Network

DNS

msedge.api.cdp.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A

Response

msedge.api.cdp.microsoft.com

IN CNAME

api.cdp.microsoft.com

api.cdp.microsoft.com

IN CNAME

glb.api.prod.dcat.dsp.trafficmanager.net

glb.api.prod.dcat.dsp.trafficmanager.net

IN A

4.245.161.190
DNS

msedge.api.cdp.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A
DNS

msedge.api.cdp.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A
POST

https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

MicrosoftEdgeUpdate.exe

Remote address:

4.245.161.190:443

Request

POST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/json
User-Agent: Microsoft Edge Update/1.3.195.43;winhttp
X-Old-UID: cnt=0
MS-CorrelationId: {C4B15BCD-CD6A-440C-950E-27EF3E9EEF91}
MS-RequestId: {601D8A61-06A7-4597-9A43-E01228FBA98D}
MS-CV: zVuxxGrNDESVDifvPp7vkQ.0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 779
Host: msedge.api.cdp.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 109
Content-Type: text/plain; charset=utf-8
Content-Type: application/json; charset=utf-8
Date: Mon, 03 Feb 2025 17:45:18 GMT
MS-CorrelationId: c4b15bcd-cd6a-440c-950e-27ef3e9eef91
MS-RequestId: 601d8a61-06a7-4597-9a43-e01228fba98d
MS-CV: {C4B15BCD-CD6A-440C-950E-27EF3E9EEF91}.0
POST

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win7and8-x64/versions/109.0.1518.140/files?action=GenerateDownloadInfo&foregroundPriority=true

MicrosoftEdgeUpdate.exe

Remote address:

4.245.161.190:443

Request

POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win7and8-x64/versions/109.0.1518.140/files?action=GenerateDownloadInfo&foregroundPriority=true HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/json
User-Agent: Microsoft Edge Update/1.3.195.43;winhttp
X-Old-UID: cnt=0
MS-CorrelationId: {C4B15BCD-CD6A-440C-950E-27EF3E9EEF91}
MS-RequestId: {2F220181-A7B4-42A2-A6EB-6608A35E8676}
MS-CV: zVuxxGrNDESVDifvPp7vkQ.1
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 2
Host: msedge.api.cdp.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 5349
Content-Type: text/plain; charset=utf-8
Content-Type: application/json; charset=utf-8
Date: Mon, 03 Feb 2025 17:45:21 GMT
MS-CorrelationId: c4b15bcd-cd6a-440c-950e-27ef3e9eef91
MS-RequestId: 2f220181-a7b4-42a2-a6eb-6608a35e8676
MS-CV: {C4B15BCD-CD6A-440C-950E-27EF3E9EEF91}.0
DNS

msedge.f.tlu.dl.delivery.mp.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

msedge.f.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.f.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.f.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.f.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.130.134

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.80.49.21

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.80.49.20

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.80.49.85

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.129.180
HEAD

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

Remote address:

91.81.130.134:80

Request

HEAD /filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: msedge.f.tlu.dl.delivery.mp.microsoft.com
DNS

msedge.f.tlu.dl.delivery.mp.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

msedge.f.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.f.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.f.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.f.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.80.49.22

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.129.181

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.130.134

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.129.182

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.80.49.85
DNS

msedge.f.tlu.dl.delivery.mp.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

msedge.f.tlu.dl.delivery.mp.microsoft.com

IN A
GET

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

MicrosoftEdgeUpdate.exe

Remote address:

91.80.49.22:80

Request

GET /filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Microsoft Edge Update/1.3.195.43;winhttp
X-Old-UID: cnt=0
X-Last-HR: 0x80072f78
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.f.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Date: Mon, 03 Feb 2025 17:45:59 GMT
Content-Type: application/octet-stream
Content-Length: 140696008
Connection: keep-alive
Cache-Control: public, max-age=17280000
Last-Modified: Thu, 14 Sep 2023 23:06:11 GMT
ETag: "ZAErwtGciZxGa0c/GYSACHDsL9o="
X-Cache: TCP_REMOTE_HIT
X-AspNetMvc-Version: 5.3
MS-CorrelationId: e47f79f6-646a-48af-9e64-c47654e02a9a
MS-RequestId: cccde1aa-4dcc-460a-88b8-247ada7f7b46
MS-CV: pEK7E+xjPkGdWTRA.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
X-CID: 9
X-CCC: it
X-Azure-Ref-OriginShield: Ref A: 855433ECF8C343F188F72874ABEF4335 Ref B: AMS231022011051 Ref C: 2024-03-16T00:49:45Z
X-MSEdge-Ref: Ref A: 0223B37F35B9497F99EF08DE154BBF8F Ref B: MIL30EDGE1318 Ref C: 2024-03-16T00:49:45Z
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000004eef805af-2481485754-1
Ocn-Served-By: QLT
Accept-Ranges: bytes
Server: Qwilt
X-OC-Service-Type: lo
HEAD

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

Remote address:

91.81.130.134:80

Request

HEAD /filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x80072ee2
X-Last-HTTP-Status-Code: 200
X-Retry-Count: 0
X-HTTP-Attempts: 3
Host: msedge.f.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Date: Mon, 03 Feb 2025 17:46:58 GMT
Content-Type: application/octet-stream
Content-Length: 140696008
Connection: keep-alive
Cache-Control: public, max-age=17280000
Last-Modified: Thu, 14 Sep 2023 23:06:11 GMT
ETag: "ZAErwtGciZxGa0c/GYSACHDsL9o="
X-Cache: TCP_REMOTE_HIT
X-AspNetMvc-Version: 5.3
MS-CorrelationId: e47f79f6-646a-48af-9e64-c47654e02a9a
MS-RequestId: cccde1aa-4dcc-460a-88b8-247ada7f7b46
MS-CV: pEK7E+xjPkGdWTRA.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
X-CID: 9
X-CCC: it
X-Azure-Ref-OriginShield: Ref A: CAA7559AA0D94A52ABE80C3163C044CC Ref B: AMS231022011037 Ref C: 2024-03-15T16:38:14Z
X-MSEdge-Ref: Ref A: B2AA8E7B37B3402C97E0C6A9C67BA486 Ref B: FRAEDGE1317 Ref C: 2024-03-15T16:38:14Z
Ocn-Cache-Status: HIT
Ocn-Served-By: QLT
Ocn-Requestid: 10000004c789db16-2593810969-1
Accept-Ranges: bytes
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

Remote address:

91.81.130.134:80

Request

GET /filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 14 Sep 2023 23:06:11 GMT
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x80072ee2
X-Last-HTTP-Status-Code: 200
X-Retry-Count: 0
X-HTTP-Attempts: 3
Host: msedge.f.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Date: Mon, 03 Feb 2025 17:46:58 GMT
Content-Type: application/octet-stream
Content-Length: 140696008
Connection: keep-alive
Cache-Control: public, max-age=17280000
Last-Modified: Thu, 14 Sep 2023 23:06:11 GMT
ETag: "ZAErwtGciZxGa0c/GYSACHDsL9o="
X-Cache: TCP_REMOTE_HIT
X-AspNetMvc-Version: 5.3
MS-CorrelationId: e47f79f6-646a-48af-9e64-c47654e02a9a
MS-RequestId: cccde1aa-4dcc-460a-88b8-247ada7f7b46
MS-CV: pEK7E+xjPkGdWTRA.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
X-CID: 9
X-CCC: it
X-Azure-Ref-OriginShield: Ref A: CAA7559AA0D94A52ABE80C3163C044CC Ref B: AMS231022011037 Ref C: 2024-03-15T16:38:14Z
X-MSEdge-Ref: Ref A: B2AA8E7B37B3402C97E0C6A9C67BA486 Ref B: FRAEDGE1317 Ref C: 2024-03-15T16:38:14Z
Ocn-Cache-Status: HIT
Ocn-Served-By: QLT
Ocn-Requestid: 10000004c789ddaf-2593810969-2
Accept-Ranges: bytes
Server: Qwilt
X-OC-Service-Type: lo
DNS

www.microsoft.com

MicrosoftEdgeUpdate.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144

4.245.161.190:443

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win7and8-x64/versions/109.0.1518.140/files?action=GenerateDownloadInfo&foregroundPriority=true

tls, http

MicrosoftEdgeUpdate.exe

3.9kB
16.9kB
24
19

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

HTTP Response

200

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win7and8-x64/versions/109.0.1518.140/files?action=GenerateDownloadInfo&foregroundPriority=true

HTTP Response

200
91.81.130.134:80

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

http

2.3kB
256 B
11
6

HTTP Request

HEAD http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d
91.80.49.22:80

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

http

MicrosoftEdgeUpdate.exe

3.1MB
68.2MB
45848
48848

HTTP Request

GET http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

HTTP Response

200
91.81.130.134:80

http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

http

5.0MB
151.3MB
82186
108318

HTTP Request

HEAD http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

HTTP Response

200

HTTP Request

GET http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c4084f3-1bed-4246-b8ed-206ccbe60e3c?P1=1739209522&P2=404&P3=2&P4=IDSyVPXir5hinBTF%2baeXJ%2fdLRw8uR5GVNXKd9XP1aMFjksrU6krdtbblRqVN4AxahfYWZjZixGFvmWUwZcY%2bww%3d%3d

HTTP Response

200

8.8.8.8:53

msedge.api.cdp.microsoft.com

dns

MicrosoftEdgeUpdate.exe

222 B
158 B
3
1

DNS Request

msedge.api.cdp.microsoft.com

DNS Request

msedge.api.cdp.microsoft.com

DNS Request

msedge.api.cdp.microsoft.com

DNS Response

4.245.161.190
8.8.8.8:53

msedge.f.tlu.dl.delivery.mp.microsoft.com

dns

MicrosoftEdgeUpdate.exe

87 B
344 B
1
1

DNS Request

msedge.f.tlu.dl.delivery.mp.microsoft.com

DNS Response

91.81.130.134

91.80.49.21

91.80.49.20

91.80.49.85

91.81.129.180
8.8.8.8:53

msedge.f.tlu.dl.delivery.mp.microsoft.com

dns

MicrosoftEdgeUpdate.exe

174 B
344 B
2
1

DNS Request

msedge.f.tlu.dl.delivery.mp.microsoft.com

DNS Request

msedge.f.tlu.dl.delivery.mp.microsoft.com

DNS Response

91.80.49.22

91.81.129.181

91.81.130.134

91.81.129.182

91.80.49.85
8.8.8.8:53

www.microsoft.com

dns

MicrosoftEdgeUpdate.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Installer\msedge_7z.data

Filesize
3KB

MD5
bd70ed26e6e6f3193043ac09c58c6a1c

SHA1
d733a65e17f2851d5116598dd80533efc1656468

SHA256
7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448

SHA512
3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1936_34527492\109.0.1518.140\Installer\setup.exe

Filesize
3.8MB

MD5
3a92a61a6e01c80ecc7d9499abb901b7

SHA1
d89d05802d937f9c71ced14282b8a19623fca7c8

SHA256
b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e

SHA512
3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
8f7c44e937ecc243d05eab5bb218440b

SHA1
57cd89be48efe4cad975044315916cf5060bc096

SHA256
bc3cdd57a892ce1841787061e23e526ad46575460cd66c1dc6dcf0f811563d59

SHA512
9f0020b81d1945fea12efe1a0a5e59caae4a01432429e065e35c73b15db873253094b2ff1f8903a348446dfc9c9fb658f8bfed8c25bc56e8b546c16304a385a3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
714c34fe6098b45a3303c611c4323eae

SHA1
9dc52906814314cad35d3408427c28801b816203

SHA256
fbf495968c4a385ff0790e6b65d26610ef917a2b36a5387eff7ae79d7a980ac5

SHA512
68a65496275a1511b2d3bd98ac5592cb1c1eb9df0448471a8985cb2f458c66163e6d55545940de72dea80118ff8ec7ba0ad3276f51095f55c1243fb9f3311345

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
c8b26176e536e1bce918ae8b1af951a2

SHA1
7d31be0c3398d3bad91d2b7c9bc410f4e45f37be

SHA256
be6ab7dd506e44a0a9eb0dd531929bd8aa0796d85a0353e6944bc6bf1630b717

SHA512
5a362cbabebbffbb0797646576b65e2934a3b0a30306d74078ef2448fea3940df14f0b8f149691a100cc170bd548c9b420dcc8aa41eb1ea0700c9f155626c565

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
40cd707dd3011a9845ff9c42256ea7e3

SHA1
4045ae709979f75b1cf32142c1137b4be2ab9908

SHA256
9f4c7072716e0be1be08207a7024a5e41162e288e677d805be8e5469a8bd4909

SHA512
bf1ada8a0d9c3d9f39fb739d05fc4a61f0a7e0e1bb5eb44e6f0f5f58381ee6d80aad89dbc3211b70a6294fc69d5820c70fa8488ef2f793a3710ecff5ee90422e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
e91e279752e741b25cf473338d5aac88

SHA1
2b8ea61868a26408cd1dd351cca5139a046bbb7b

SHA256
5635ecedd84330f070a9d6f4cea8b8b81e9dad8592d336ebfd236b7d67e58acc

SHA512
7404cdb82309351a21415b045fc7165137492aa262d00fd0f74bad4262ce10e86c3bde1718c38757b7133e41d044035e731c52cccea285d659c4a570776ae535

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
bd175cb3dfc1d43944223bd5d7177539

SHA1
193623dc372937f31a545344d340360665b8d69a

SHA256
bf0d65cebe0c29f15a616a0dda2f1a414e3f96fe7a28ff7876e811855be6621b

SHA512
f5742352852837ce16f3cf1655e4d41e301f0351b68c7346457978aa310b95b69b1070741fc2ab8be5ff449f6fd44660df3b15811630efc1420ced1455fcaf5f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
42015aafd53012b9c8afa009ee501fa0

SHA1
c1fc049feab4fb4b87faf96c31b3d1160f1c1d39

SHA256
86858a1807e6cf0b91565ed7a5a15db24720b0a7f60ae41e67dbf9faeb6ef2fa

SHA512
9ce323da000b51480ee35973872fc7d181e1f69e820ac737c62c36eaa81eb99965bae39fdd394459adfaf8f746f5dc3b768015e01d8724e2d0718f5286c29389

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
8a54873d54a41442b62f9fea9492d3a6

SHA1
fb19af151b15f4bdb7a555924f1835b0337ff1d7

SHA256
af9bdd050b27b8883f72e3596179fe244a6a2e3545950c82889aac7198cf3c32

SHA512
7cc0a578586853afd027264c3898cb1460b23a47eab9c79e064b9f327fbdee6e3f9bc7043a5a76a710ada05edae4ac0b47529be3ae67ca9b5afaaa16151797c7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
e47db9afb646fb31cc8650837f487134

SHA1
f304204c908ea1fe2bcaf76040d5d1f13f1e99e0

SHA256
4e03ed7a538793fdcd4c646c62ddd278c46911099e6485bb2644a17ad3a8ecf6

SHA512
b2b01c86c78ec3450635c0fdef9666ce302600956e8def3bb02d205ba2a11b3d422520a64361c6f666998bd82b5557ec96cbcaba9e1b712c756e75128c8f9bc0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
5887cd452245dc7bd0389a0ad5db98e0

SHA1
6486d0ae59ba338e8bce87b438f86691e955840d

SHA256
922a102cae4e74bfc0b402bbb136116eddc71a8adcf7f1268d48006c858d1d60

SHA512
0720aaebca04e84d8af2d7b153b0fc51e5651cf664051b8c4b44159ed4c6328eb237ba4f4c97bebedbb1a45ca5c1d0f249cdccac76c6d5619e0e761d12aaaba1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
6aab6d42c7b7a90523a3272ad3916096

SHA1
cc638bd6ec6478734b243de2daa4a80f03f37564

SHA256
67180722f255985e849ec3ab313dcdc0bf2834bad7b6163a0b14587fdf4b4c66

SHA512
ebc17e0ef86b8e5bb938040ad78b299e33d1228c730666526aab27e464626b71ea900cb6dbe074bda5e42e77cd569b083637e233d757b8b0bdee2df2e0c509f2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
abc20df0545611a835dcd895d2832cca

SHA1
39e90363156c461e5aef64a714ba43cc61617ee5

SHA256
75d8c2e259b4d113c0967615af61e8f54eafb49c498767291627faae9fcf504b

SHA512
732f31d175f08c5c69b9cf540e2b0e72b8986b44d1ebfdf0e56eb56b68bea64e6446932a546f1fc30dbbbad4ccaf6bc935177a6348c5280ef786d6d8dfa7b325

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
327e92c7a55ec996ce09dfcf8c89e753

SHA1
2a51c99519257ddebf0d8280d46e0c0fd416e7a5

SHA256
2b61608a7aca43b7ea4374b79acc6e15deb382eef0fa8751c8e57e03e061cab0

SHA512
ac3ca0f66b899759f0d23ba64ff291486edb1e1d3bb626ad3efe3e3a6fd2aa4081411546e4849ff1645dcd26161f35defbd8442278e6d6f66311780c60474296

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
e0d2675c6de1b8d4e5e463246529a304

SHA1
132dace535b9cdc7a4e5f6137407d5becb23c4c6

SHA256
4af082aa0193b9b15622eba1f6165d0b6032b4dab17ba16a8a9affb267ebec34

SHA512
afafc1ca5abc636066ee98a6c68356d68f506fe3734a4b3e68073eed1f2ddc51840464e91d3cd3b28648fcc26b9457ef6484100f9543739220ad75a9eecb1e90

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
bfac1c3869df5375aedb24458cf321b7

SHA1
848232c155c7dca65f6cb22d27a72f2c78e964d8

SHA256
a9f5cf25b9512e1d30ecb769a5eeb694888b72b7f05b78c417814802c5aedbd7

SHA512
732270e8e8036f8ec59c214ca3804c6c67420bcf5fd633347c764f90b06b25fd73a0c7aa75ec42461ae3d3570fbfec5c5a7eee10e8d494b805b7c7e0d4aa227e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
c5681c3b4a8145d3b6cbf51e3f0b12fb

SHA1
908a0546ce091906aa5e7728660b838bf1e619e4

SHA256
2b47a6c19ec492149eca6afb03ca82ac1418a727f35cb641bce9f22136dd3459

SHA512
06c850119b5199bfcec41abe2b5e6929e0a960b69337c6048e0dbdd37ca56401885785de96cec235093a4d6536d9de55178a4c739a6ebd5e34514e12635b6d31

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
3206ad1fbe5c53d278607da7767b1996

SHA1
6964da8787c299e71f8428b22ed8ff6909912034

SHA256
9ea2727ca92f74c7c35ea22287f13ef262241a905567b908e2860f19e044a848

SHA512
38281ab3590a2e6210d1d9c0d1f5a4a3ef19772065f87d94570bb448fb83ea0579aa8bac9e94b05ba2b6bb2bb882f1be6d45c921c52ca2f0608056512fb3338c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
7f0ce1bf90bc88d5fb4d32d359063868

SHA1
59d8ba8397c325ed7b2dcd6a262906795549af6c

SHA256
1147a2cac674209b9087f7c81c09000a2177bb7d42d0d518e3c93d8a9ee2d7fb

SHA512
5cd723cad43388c7e2db4452caa20c07e73a676c82bfaca27a293ab70acdbb115fd82c7a65dee3e6c6d8969c4b99e90ce832760b6f7ab47e9a4f631ce53813d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
d9eb30f1811161a6903901f1ff316ebd

SHA1
7ce5e34af30e821a0bbb7074da57636c1be15d6f

SHA256
73b4fab09f7f224b2527dffdb617b7f852c78eca8989d493ba2fa2201b1becf3

SHA512
9d2e2a44fd027c30836254de1ec99fdff4bad2d3488f25d88a9f80f5f994dd5c660903dd3586dca85fa9e1a269ac8c51b5a060156fa65dc1df0d8137bf878c82

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
85dadb4cac0d76fd821346c411d5c3d0

SHA1
999dc0bd7250f71465f5098dde263a7a82ba7b3c

SHA256
1392f864c486e4b4b6859d900b12182f5ad5ec90e183808ab7ed0049aedd807d

SHA512
649833bf473139db879c2c7218567c49ad6436e3af1efdc7d9e9d48b8d3347e2bfacd6140a59d7973fa9df9cc9cab0e042bdaa7dbf32846bdf6b812b7ecaef07

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
5d4f7ab307f71d761a7f0e193f4b2ca1

SHA1
a3580268a98ad5242c7c56fa759f39276b6149de

SHA256
e2f0a11b5269b08261397e2ba8e2a5e44d5bf2e042a1cb91ad395d7c274b44d8

SHA512
307c489db833e4f2c74ab5201909ad2c53c691e0409f5abc29540a84d1c5ae146a072fecaa0ac886c83e4521fecc58ae5b0ff4331f3b37f39114d1fdea731021

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
cfb71031c56d9e8b9490d01fbe86302c

SHA1
9e11ecf5efc88e0beee1db46620bebc73f86dd21

SHA256
b18e14d0e24546193822b83996c5b311500ca213beb4d497cbd1dda9dac9db2f

SHA512
9cf993ea53673e416eead78d45a6d700b74001b69b1b987d479e77348ea8dc151f4ba6d6b1220db21ce792f9da51b9c83f33663621f9350b848a766ceae92370

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
b25a10d8b739ac2eac10b7b7fc7a61d5

SHA1
ec993d8113e4c0a4a1b36920a8991521e4f7eb57

SHA256
cad0cef66ad1097dc11e6396d0a0fb11ec1734acfde15e9eae402ba0d068615f

SHA512
315971e819d2c3dc5fc30ffe2275c3608125f1e4f14dbeb39aa0fd014291dec0c5efb3e02628bf345c92ea0faaa38e30d4ed5c3793995afff9cb9c933f234513

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
6c3d219e2169f5566a8bed031b21bdc4

SHA1
073a61c02b87e37e87fd3c8e609a56828ec49a47

SHA256
3a841555813f21928fdd45003a3f694a87074869b001b3e063eb97ad35d8fe17

SHA512
2b57d8325ada86a1ea01df0c7d0122875450f913bc8c21d8a7dd44ac7037a170e2f4fc92c13c58980aa9371a7bdfdfee34b9e188e16ad0b89181f7f901467152

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
27d45a84e2b94a60d5a821597fdad6dc

SHA1
2125fe5fbaa2db280a859ef3a7d27ba21efec036

SHA256
65f3cd75a7121dc3d417a9c3180bb52b485b5e7d0ac3b483fa355d13515f970a

SHA512
eddccfeee69b7a53adf32e72724ec8ba1668d1927322ce61429a4c663cf3d17e3f6f59fe1930b96f78faa70d30edfd7845ba53cc161f06a4e67ad43d11cd576e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
d8323f3db20d104441f548decfd022ba

SHA1
de7f58b9ee7cbcad73433a17ff55385fd7e91035

SHA256
d07d8eb066e953af02a6e3a160232a73c1b66bb54d93d6b2ebc1557d1d322358

SHA512
7de3a803131086c3368d4acada0b6a29ef4ed4102a151eb000056c233da4853c97e394c98d6fd856714758ee17a0cc4c3df061a1b5d2b2b3e3bf95447bb729a5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
6ba182cbb744541288629a2464ba99e6

SHA1
366751e425128654514dc82112238a7d6f4c9908

SHA256
cca362dd297b8d8e20893cf4da8cf9efc9848f97a04a9d69cabff67ae947607d

SHA512
ab3da91d7ab7150100b580d7b25a5fe9cea67affb1c4ac9e479b70e2d17ebb14a0745bf62ffb3792b8ce4cbea130cbd0012053a5dba7930252e2c09b763ea658

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
e7a774a7b404ab800efbdf7ea52e7ead

SHA1
3f0476821281614b9ee32faa5c534de5f6dc21f9

SHA256
1e1f09beed91a6a84535a1cf2b4df5e416cbbf785546f798d736009e31f95691

SHA512
85091f8bf809e88e248f4a899682f15586a083d1bb94cb5674da0e463716fa927ebef578519b653ac4ced381f98c4cf7a409c1ed52927dcf7fce4813008ce900

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
1223e486deb013055cb0b7729681b9ed

SHA1
b5b43fa89f066a9b6ceb47389c05b69ea6a784ba

SHA256
fae283a78757cdc548c728a38cb041db4ffe538c5ee7d2aa2f55e3469f95fa25

SHA512
8862d2f4778bfd0659dcf9dfb992072767af30dea46b34d626580ab8183a765d0c0f95a7070f0aa36e694d9e559f843672000aeaa4d8abdca60ff83da5a2b857

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
9fea64a22d045d8edc38a9b8480a9c12

SHA1
e3342e26166a43a21729b8aadeca653c03dc0528

SHA256
2f324851f0ccd101884b78fe1eb07c2da2932a68015eb8cfb4c801e288c8771b

SHA512
a3601640cf961c88efa476125a71786a109d23355922eda45b5be8824ccce650d703546c5c8c281308dce208edabbeea5cbc3b44ed678d9d36970c4e5f236c0f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
498dddf273f0f2973b1c4581e820f10c

SHA1
aa048015a3ed6ebf9b4848a9cc54beb5e39eedd7

SHA256
9ec8cec72404794a2b2a738502c7f531d976d8c99a57d2b5d2f0f2e818e35e04

SHA512
3596b20469daece28496a13b02ae0c1cd9265fc0046e1fffc384b8a16a4869402831386679c3e9cdfe03903df0b191d2fdc04cc531104c9c0d84bef24eb4d60e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
81d35302b31bef2a99e154eb64abbaa0

SHA1
ea72f2aa526ea299d5515921fa0ac8f502ce3cde

SHA256
0133af05b669f957174a22b0b568a17a9bef1e387f52ae157766fae42d4e647d

SHA512
4d1df9684e7247ec0d8fbfdcfdb6ac5b2811de649c5b7ee4a20e5733307cdf5855ff767ebcb12ba15b33be58d82bacf9a02522126d927304e11f8e64261b46bc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
2e88f4aec46a293b3ec9bca2d7d2fe73

SHA1
ba34b9635832b2704942d7cd8578c8d70f0ffd2e

SHA256
f7278ba46204bfa387eff0e72fb2a8dd32ccea154fb268a8c39b03ad5334cf38

SHA512
b7f655cdaa3a34a8e0e00186cc49986cf283785a133af87ae47c3a3614f0d15d5b51b4091ff33bd0fc445815665edd37d378a9665d3831d2281b0bf6cc933c87

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
2dcb17e8da6ed1a62a53029940592cbc

SHA1
b12941091cd1a554cd23d38dffbf75ec8ff57848

SHA256
a6770040c2f93ffc5c542dcdb1e7ea529d6036920957a9709153d80d360b178d

SHA512
0c82b39c7128d81739f64346948784c60d2cc409b637d5ca79825ef12766c10861ac3c119a5f232b12f52e50d3ba6818532968c75fbf455e75bd3be83c931f10

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
571b69e1a8f9cac5eca53ba624aae924

SHA1
89798cdf858a4ee42ab4ffc01055c0463b6c4c0a

SHA256
37e67d7511d261ba1e022c9019d1b223d6d092260f97b471fbe2259ac5af6d3b

SHA512
961834f77c2683332b7a650360c09fb08e7efedf4249e48662b9a4fb9534bdba687eb9320da1a3aafe6a9c30d624c4bb94b55e1bf086a970354df61f2065e181

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
4e8b170283c3f3d182eca7ce97e71a08

SHA1
93d86d961014b12c1a376effb3c568318db1ecc6

SHA256
0eb7739ad2863ccc13fa5cdb805189634728a7613918cd54bfe53a06d9c26cf9

SHA512
76a384ede88986c03e659c61e5409446bb472fa50c2e2e6f6e907f74e675ef0c5e932d950733ee6dc0c167881bc948d7ba9771bb77f31db3fb540277afb829fc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
54df61c0431c61851d8b61427f2cd68e

SHA1
84c99b724a2a5f321fd161d3beceb894e377a121

SHA256
6e96de38195de0095c6ab16696ccde2577a65e8c23d07f31e9f3c9f52d76c7ab

SHA512
46bea4f17fb327bce8bc6cb5329b7086a772a6eae07a8f2f34309a42acbb9f3dadd675d9c8d9f9e72c85149b48419fb5807acebbcee5bee150c754f94e98d7c4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
6b201af2eae546c9b638e38cabd9676d

SHA1
626b2029d573f371dbeb7b7878779383adc6253d

SHA256
c849d765c73a969ac10acff6195edd9339054b93a15152e5d1eb1fd1b5017b06

SHA512
1c35c169cf16a37a5537d0911af7da64ce9a0f999e76464f3410ebb224b9e65bc71deaa253e549b196c52409127b55cbb2e4a39bf9731b3ee76dae560b74fc2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
17162657113e9d8d7c1763bfc0ec991d

SHA1
f2507d9d1516bbcfbe408186894474c592f141a3

SHA256
60d759405a83ec4bb64144ed61b0e9a704bfb3b74e8f956277df71a38b19fc9e

SHA512
450e90b4c8ee384994cd6f56677dcacff258eb12442af3fea3a977d7d00b943a1b1f6b12769d4a02aeadc4f4c3b82a06cf8a667ce6691ace5d479d1261a1a629

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
625060f019c3bb8f1d49a9b128e1e4e6

SHA1
0e22bd7e23fed0e856a09bfaf5ee105a3dd27edd

SHA256
6117fb49f06f4d8e7268de9e41862a940fd36600e23f670f3c77ec0adb27257b

SHA512
962910c5a438b0289eea0402a262b8b7920255a1dabafdcc477cbebcc36a1c31b69784947c794bf720e16c0798cd958616a763e67c42327a94f7e66daa63a07c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
258b52e60a1e353b6117917154c7b24d

SHA1
c109ef8d1382991b02fe953679bf3fed063e9e82

SHA256
2362d8f1e8f2c92e43659d73052f2a43dabf95121f852d6d04471710f2c7109c

SHA512
fdaf605922e728f87d7d916f75a83f78f4549dbb35f9d2e7717d369cd658075655a1b903e705b5cb609880033c080e4b3135902fcaba7a8a96c2904f05d53164

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
973e14a5557248bdc2cd3a5fa3540a77

SHA1
66818135e202fc53711053ceba04ecc8b9b28506

SHA256
0af05d8af74609c9436ed0dcd3df52f7ef3dea8b786c85376c57c0cf128b3045

SHA512
e8c271f52fee4f249c27c4c344b5ecbab796227aabeb36b0b7a7d82d5463bcaa707b1f8ea47b863f2d87b35fe9b361ae2e2b7d1c16a4eed0ce0d530e1e34b26a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
dd5aa26cf2d67f50540da8e552f792a7

SHA1
0b14b06a2beb63fde2c1bc86c49a5117287de2c7

SHA256
b11af70867ab588c412cb5d5cc36ec888e74a50f508eb31a28db559aa00f8a35

SHA512
9bc1d7965a66ddbe7dc3fefbf2eb445a0857f83a28b2b3e120de80b03b51e87e6acd20569f2b002bb7adc41cbfe147572306094d83c8ffceb44f7a8417d89e0b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
3cba4b52b099039d2fbed395a3bc7568

SHA1
1a5204510d2c02d02ce361c7a3295498a60efabe

SHA256
79d4684d4d365b2c89f16fa0522f66031a1037cb4ad2a33050ed97a1df825990

SHA512
6ea41e61e4fa8cbd73e693db860a84bb4c6389b0aa5aace965a9567f6c16ae23fd51c018c6d96a1c08500a3cfe6327cc4c9ca9aa6bf9ad0b2f0d0c71e8922e05

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
6543ba7290488f5e3f68675a598255fb

SHA1
7359895f909776c5f14f6e5ed0fa11cd50853cd5

SHA256
df016969fc3ae57abbe8fa9f811364cd84612af0e819284b4d1acce981f6c21e

SHA512
90f376c59d67d89bcd646895209c0fca92866f9866e1cee7a51745077ad05f730cea2624837baf1e5ba92365ff46955ece98938849b87ed7f89a92897949d0f1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
4d101ce3ce6be285845e8f8bae548097

SHA1
195f314bcbee9cc373136334b5089e855e71286c

SHA256
3f11a2020839f5993e6e3cb9b5e7c5c659753cfa49257d3ebc015da6a8ead94a

SHA512
c31214e9aacfe7056be1f7ca6399270e644acef060d208d805b59bc6635772592ae166b06d038e2eb74218c451ef0fdbb09dc7e2ef6d23b751cbd6ae935cdf6d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
cd6084bee91407a5bb932cad81ca0636

SHA1
c9e56e6d15b413a8061ba38d05ff402b30688684

SHA256
01551c5de82d4d9b262735ecdc39fd6c4ea5a94acb9cb1dc4cea0e3bcfe7ee9f

SHA512
4d1cfa478050c87ff0c7d0b17ab7c23fc6bc400214b121bc86fc217b7b8b764c8109bdb15a3790822295556a7d8706aaeb8ff642b24d2fbd582b2ede61a76a7f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
e73046fc5427ed78ca02c7f50136efdc

SHA1
df58d20768edc25637ad8fa38f71d25a86633725

SHA256
49e0f43057c404a4ff5a2bc306f70c3728412b887e07870cdfd1f6eb3836ee88

SHA512
fce94d5a6b8f99a5af8f30314a0a7a5a3a557fefc630b907e5266c9f397bf6dd1a8211fa9d6535f75a0db7016ae20a3b295c4780383516d7a234225b798be584

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
735d775e6772b5072227a3efc91d6f5d

SHA1
b302aecc725b87d3b0402be8d5b30c35084f2d81

SHA256
11c257e800ef3021c2d6147999f5192b28e48a0ff9d486be5e47c181744c15a1

SHA512
8dcd0e07b90ceb6d6f39af9077bd85eba46506791491eda63b05471a7f984c2d1b67cc1335f788682ade2124b32e8b5b436bf717f6b5e2de8276dddbdab3fd34

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
8fc766f256ccd06f09106c10f9a20edb

SHA1
867c9da84a0e61a8b4787bd3618ed25aea80360b

SHA256
7cec1855457e12c2adcdc3790856f775fcac27bc4911258937f8b08ef0a0d1f8

SHA512
4f545d4914ab62743d2a0c6a461c03597d38b6a8ceff85b154629d2676f41b9cde7efe2e8131d2749321e56e7ac7d90e4f958917a989170bf505840bfba059d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
f59fdfea8b8be13fbf3ee855f0f840fc

SHA1
32743d1ccc6702bdcb8e4e1320c60ce3ae0c3a36

SHA256
ca296d434902c4146ad1828ab96679d937d8edb85adf0184de00732d86e49d08

SHA512
fbf31397247f434d67f1f02751a12ecce46253e43218dff701c86ef3990d8ec8cbe50dc94b32810ec665e42246277ca14846ecc77350d0fb4a706b5d03c1484c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_lt.dll

Filesize
28KB

MD5
f4bb4677d5baafb96c2489db597ef7ef

SHA1
ddb9566fa8f2206df5b2a6e71870b08a4ef3e418

SHA256
2a0e85a66fa811b55b5fda8dbb45b5db4ea01a32cfc927e22809ad5f3c8bebfd

SHA512
4beb5fa5ff8643622bb6c971a84f0af33328a98fc6caebc44f02d243c3aa5fb30f390dc65921fc1aabe7099b94a8c4e748c82543670053ff6d20a3c0a15a513c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_lv.dll

Filesize
29KB

MD5
f4d4b8ca1664b954595d872cd6ccccd7

SHA1
288231017312ede121141f94ba89051fb6f3c3f1

SHA256
ec7072699b9c3954d0eae183312d4041299a1f2cdccde2ed8de3fe96837745ed

SHA512
b1474c0c4e87f499d8f1b3a83b8b001c72a48656781e8c3df87cd0a5eb2a6d9fec5abdf56922eac3fade2df232322e804f315874d983fa256941d4e03ecb93d8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
b112ac05613a1942f009db22c776170b

SHA1
3124e35610322ba8eec2779f4d4904a569e093ef

SHA256
9c1f34a7971ad37522136dfe3e9bb8c6939b69e9adc2ecea44ae495ade165419

SHA512
d47455653a9f1d69b0c63040eac6bbdbb8b3f72060862c1adc2bd589bbe20c04f25272e69324b0249a79eba4f089a3e68e787ee80a4d992df160597186d3ca89

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
3824b848b8d27996e03b77e47d683ad5

SHA1
2112959b86d3699f7748120e9ce704a4b1d3d85d

SHA256
42ddac6cb468b4d938fac198019dfcf36b33bb8b370755425a6a5950d226878b

SHA512
cdfb37d6ffb0f344dbfb95af7cee8f0d7f420a1a98f934ced93ee0c349b1f2661e8331f4ea373a7bd535df89b783ec662935c9dec8f86c31c91bc6383af01028

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\msedgeupdateres_ml.dll

Filesize
31KB

MD5
c48931cb10b1cc296f87e982d00f43bb

SHA1
c9a6574e4e31fdb73699561faac3608df9a846b3

SHA256
170cc518628e509b7121251e08894d2a865ac0ea1e4c96817938d677fb58f7bd

SHA512
05784711f1257fd0397eb324970d31c9807c6c2fadb084a89788dd33e73d7ea55d9cb96d42a2bf077db6720b8b5f330b113f035f82d1830d49de9296541962d8

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
34d1a7c4f7e920cdbe8a914492e1431b

SHA1
96f91804c5068c531fb1cdc04689b201e077f691

SHA256
674a1ae1877adae852a3027d837b8cbf2e18843565027ba116fa37886d60d53c

SHA512
8367f9ff151b81e4fb8a8b780f84e75e801df7a6993f1901bfe974747d844925ca49db8a175234bbbf468f19e17e4140d757c8f4fc6316531bb30d3bb3d06624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77e09f9ed31418fd344a67cfcc8e5147

SHA1
ad08b301deb33358ccf16778c9b3568b6feb499b

SHA256
1223150edf6db9778ad3061097a02d5d5409149714c0b4af718d1abc928a63e5

SHA512
f250b17be4c0d964ce7877726b190b47d6650943596002d6b840331377b50d7d8e6c201def4f8b0af62a37fbb3a497c2e8ad90bde75f97e2b3335ff7d8ecbff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f04776b002af6325763c3adb7537c168

SHA1
650099999df93e8720b09f2542b2712f6fc22a67

SHA256
fe91f83057f4471ec61369a8fd90210d5fbed1b9e13b2ac5451125c78f8de12f

SHA512
9691bf3dc434500fd960ade139f76afe14289199abc493b858e21bbcf592492f960baaae893edbfd2b9c9cbaf5eede212a3f2d6032a5fcda8e69144a96662d89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29467069024e14b3ec64933add7c7f9b

SHA1
18438af3d3e51a9e857de3402b06c54c80ec3974

SHA256
ca60b02d43f7850f97865d6abbd6d852126df91249611581134922931e9afb31

SHA512
fc80e37873876da93cfe2ad583af2fb8f302649fe0544dac9f58ccad55049441310e18d6cfa37322d92b41c5181091604e7620eeedddb23bf06a112a1d8e85d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c2215e8a7f19951c0290a4fb3525a19

SHA1
7bce3f89f1b73f129b8041dbf9ffc300cf09ef3e

SHA256
3070a853bf9564e4f1aa3a84f18c919e136af4a902ad56aa3a474fa14801c570

SHA512
3a3f9162944f756d8ccd40d9db91dbeb49d57a56427ced81ee1311c97f610eeaf4e6601945afa143c01e355c6111e77b21d1a5888febd1bd80f4af532851e4f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55d6cfad4b899896bc2bea2b95e2c19b

SHA1
7eae3de51723e74dd4bf2a892d9b97441fc3a06a

SHA256
3da0a1ff2ac2a975eefbf215466dbf5e0f71600537ecc01d605d1e98f96e0e30

SHA512
c2764719a2cd28abfa4534acd01da1bd3003640f6abd7a80e06a2d4f0b5e784b54344522bd4da707366bd43a4ab7907cef494322fbb9df4aff7554e6f6f28b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF4CC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF4DF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
20ee2a7002b03e696d9d58df5e6e3dfe

SHA1
b9e64895e23fba7d6d78ec030e4497a48f80f006

SHA256
bd32c197877fdc7ca22321a441f2ea8bf08257db5198cd23ef0202005e555fb6

SHA512
02f042f37d3b3d1c479ea3b7d6f34de1af467941465ad620d301bc39206c46a86198daa4de3c2ad8ec253ba676d396240e04e440f553dbe73c440938760074e1

Download Submit
\Program Files (x86)\Microsoft\Temp\EUD2C9.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
70cc35c7fb88d650902e7a5611219931

SHA1
85a28c8f49e36583a2fa9969e616ec85da1345b8

SHA256
7eca199201273f0bcff1e26778cb535e69c74a69064e7759ff8dad86954d42b1

SHA512
3906ddb96b4b1b68b8c2acc940a62c856e8c3415a1b459f17cf2afc09e05751e0086f8e4e5e0ddd8e45cfb61f811bbe4dd96198db68072b45b6379c88d9ea055

Download Submit
memory/300-358-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/300-375-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/300-565-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/300-299-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/300-488-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-377-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-722-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-490-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-301-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-657-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-360-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-567-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-652-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-627-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-648-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/708-635-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/1052-638-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/1052-626-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/1052-359-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/1052-300-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/2360-641-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/2360-629-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/2360-655-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/2360-279-0x0000000074A40000-0x0000000074C66000-memory.dmp

Filesize
2.1MB

Download
memory/2360-280-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2360-1037-0x00000000001A0000-0x00000000001D5000-memory.dmp

Filesize
212KB

Download
memory/2360-278-0x00000000001A0000-0x00000000001D5000-memory.dmp

Filesize
212KB

Download
memory/2360-111-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.