Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 9, 2023, 10:44 a.m.	Feb. 9, 2023, 10:45 a.m.

Size	1.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8868eb2d40741375ce60fc710b00d3bd`
SHA256	`a22ed99c820ab11865ac3598f6a82be6d5f24b2f492f2150162d44ae6f745d92`
CRC32	`87CB8AE7`
ssdeep	`24576:Xwyf3Su4a/KnwYtDXl42hxt3q7lR3hVtTcKaBQ7SdBZpeUZ:gyf3L4aGweXl1h/C3Jc9BQ7SdPMo`
PDB Path	mi_exe_stub.pdb
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

f6ad5fe2-5c5e-4386-bdad-f48d7d797960.exe "C:\Users\test22\AppData\Local\Temp\f6ad5fe2-5c5e-4386-bdad-f48d7d797960.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

mi_exe_stub.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 9, 2023, 10:44 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	B
resource name	GOOGLEUPDATE

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 9, 2023, 10:45 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75aad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75aa964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75a94d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75a96f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75a9e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75a96002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75a95fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75a949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75a95a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x76f49a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x76f68f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x76f68e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x755c7a25 f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0xb39c @ 0x10cb39c f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0xb35a @ 0x10cb35a f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0xb4ad @ 0x10cb4ad f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0x7d15 @ 0x10c7d15 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x75ac3ef4 registers.esp: 2881596 registers.edi: 0 registers.eax: 10783376 registers.ebp: 2881624 registers.edx: 1 registers.ebx: 0 registers.esi: 7416584 registers.ecx: 1933325788	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Feb. 9, 2023, 10:45 a.m.

stacktrace:

CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75aad08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75aa964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75a94d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75a96f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75a9e825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75a96002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75a95fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75a949e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75a95a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x76f49a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x76f68f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x76f68e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x755c7a25
f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0xb39c @ 0x10cb39c
f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0xb35a @ 0x10cb35a
f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0xb4ad @ 0x10cb4ad
f6ad5fe2-5c5e-4386-bdad-f48d7d797960+0x7d15 @ 0x10c7d15
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x75ac3ef4
registers.esp: 2881596
registers.edi: 0
registers.eax: 10783376
registers.ebp: 2881624
registers.edx: 1
registers.ebx: 0
registers.esi: 7416584
registers.ecx: 1933325788

Foreign language identified in PE resource (50 out of 172 events)

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_SYRIA

offset

0x00183838

size

0x0000017a

Creates executable files on the filesystem (50 out of 99 events)

file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_mr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_pt-PT.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ro.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ar.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ca.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sr-Cyrl-RS.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_lt.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_quz.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdate.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_cs.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sk.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ta.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_mi.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_fr-CA.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sq.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_as.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_gd.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_km.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_kn.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_pl.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ko.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\psuser_64.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdate.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_fr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_nb.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_cy.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ur.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ug.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdateOnDemand.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_hr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_de.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_am.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_gu.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_en.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_id.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_nl.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\psuser_arm64.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ru.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_lb.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_bn-IN.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_uk.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_af.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_lv.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdateBroker.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_it.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_pa.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_tr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_zh-CN.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_tt.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0015c400', u'virtual_address': u'0x00028000', u'entropy': 7.983751722010894, u'name': u'.rsrc', u'virtual_size': u'0x0015c284'}

entropy

7.98375172201

description

A section with a high entropy has been found

entropy

0.903079416532

description

Overall entropy of this PE file is high

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 103 events)

file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_mr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_pt-PT.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_zh-TW.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ar.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ca.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sr-Cyrl-RS.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_lt.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_quz.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdate.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_cs.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sk.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ta.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_mi.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_fr-CA.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sq.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_as.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_gd.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_km.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_kn.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_cy.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ko.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdateSetup.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\psuser_64.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdate.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_sr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_fr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_nb.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_pl.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ur.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ug.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\NOTICE.TXT
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdateOnDemand.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ro.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_hr.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_de.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_am.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_gu.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_en.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_id.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_nl.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\psuser_arm64.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_ru.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_lb.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_bn-IN.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_uk.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_af.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_lv.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\MicrosoftEdgeUpdateBroker.exe
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_it.dll
file	C:\Program Files (x86)\Microsoft\Temp\EUEEB5.tmp\msedgeupdateres_pa.dll

f6ad5fe2-5c5e-4386-bdad-f48d7d797960

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All