Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 17:38

General

  • Target

    NightLight Desktop.exe

  • Size

    12.1MB

  • MD5

    7cb0c686be62a6a5118d3441b4792609

  • SHA1

    f51fcce8020f5b0cb0d6d3e8ce7aad259f2365a1

  • SHA256

    8254514e476344d58f9f2aad6b6ba5b5f7853e82efdde08124910b4fc139e356

  • SHA512

    2af1228786b90fc5287c1bbd56f05a7a8ce72d5162d75718e429c3a90e1812459ba4a7e9e24a903137428ec51ce82eb7946d96fd6de98a1611cced8bcad9818f

  • SSDEEP

    98304:Gs37s+saQ5zLeSTdYfOU7baBzjYz0ILiVUEp2rbvfMWXtEN:qfaQ5zLiflatpknAN

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks system information in the registry 2 TTPs 14 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 29 IoCs
  • Loads dropped DLL 56 IoCs
  • Registers COM server for autorun 1 TTPs 33 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe
    "C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3100
    • C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe
      "C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe"
      2⤵
      • Checks whether UAC is enabled
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
        C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1888
        • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
          4⤵
          • Sets file execution options in registry
          • Checks computer location settings
          • Checks system information in the registry
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4064
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:840
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:2356
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:5020
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:844
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:3316
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEFGQTYzNEItMDM0Ri00NThGLTg2Q0MtNjVCREQ4RDRFN0E4fSIgdXNlcmlkPSJ7QjY5N0VGNTktMENDRS00MEFDLTg2MzMtRjA1QjQ1RDQ5MjcyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezJDMTJGMTZDLTkwMkYtNEU5My05QzE4LTFGQTQ1Q0JEOUU4RH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDYyNTc2OTk4MyIgaW5zdGFsbF90aW1lX21zPSI2MDkiLz48L2FwcD48L3JlcXVlc3Q-
            5⤵
            • Checks system information in the registry
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1164
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{8AFA634B-034F-458F-86CC-65BDD8D4E7A8}"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4044
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.2.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2560.3080.13387885751221876640
        3⤵
        • Checks computer location settings
        • Checks system information in the registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates system info in registry
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:4248
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.85 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffa21e54ef8,0x7ffa21e54f04,0x7ffa21e54f10
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2492
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,13439752485269174419,2087992685212442910,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1820 /prefetch:2
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:392
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1824,i,13439752485269174419,2087992685212442910,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1924 /prefetch:3
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4344
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2308,i,13439752485269174419,2087992685212442910,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:8
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3652
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.2.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3572,i,13439752485269174419,2087992685212442910,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3264
      • C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe
        C:\Users\Admin\AppData\Local\Temp -wait=true
        3⤵
        • Executes dropped EXE
        PID:3344
        • C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe
          "C:\Users\Admin\AppData\Local\Temp\NightLight Desktop.exe" -wait=true
          4⤵
          • Checks whether UAC is enabled
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          PID:4044
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.3.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4044.4496.731123165214313233
            5⤵
            • Checks computer location settings
            • Checks system information in the registry
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • System policy modification
            PID:3148
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.85 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7ffa21e54ef8,0x7ffa21e54f04,0x7ffa21e54f10
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2308
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,10242680044777913073,9263027539044313560,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:2
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2688
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1936,i,10242680044777913073,9263027539044313560,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:3
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:380
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2228,i,10242680044777913073,9263027539044313560,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:8
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4868
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView" --webview-exe-name="NightLight Desktop.exe" --webview-exe-version=1.3.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3472,i,10242680044777913073,9263027539044313560,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4188
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
    1⤵
    • Checks system information in the registry
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEFGQTYzNEItMDM0Ri00NThGLTg2Q0MtNjVCREQ4RDRFN0E4fSIgdXNlcmlkPSJ7QjY5N0VGNTktMENDRS00MEFDLTg2MzMtRjA1QjQ1RDQ5MjcyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjU5NkMwQUEtNDJEOS00ODNBLUE0RTMtRjVFN0Y4QjhBMzI0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0Q2anhQZVVtS2ZoOHl0eTZGMDdZeE0xZVpESC9UVjZGUVQyZmZEaVp5d3c9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0MCIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTM1OTIxIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTg2MDg1ODAwMDAwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDYyOTk4ODc2NSIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2088
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\MicrosoftEdge_X64_125.0.2535.85.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\MicrosoftEdge_X64_125.0.2535.85.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5020
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\EDGEMITMP_9D2D0.tmp\setup.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\EDGEMITMP_9D2D0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\MicrosoftEdge_X64_125.0.2535.85.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3536
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\EDGEMITMP_9D2D0.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\EDGEMITMP_9D2D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9527BF5C-BCEF-4F5D-B58B-3F5F43412B7C}\EDGEMITMP_9D2D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.85 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff7d7264b18,0x7ff7d7264b24,0x7ff7d7264b30
          4⤵
          • Executes dropped EXE
          PID:2668
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEFGQTYzNEItMDM0Ri00NThGLTg2Q0MtNjVCREQ4RDRFN0E4fSIgdXNlcmlkPSJ7QjY5N0VGNTktMENDRS00MEFDLTg2MzMtRjA1QjQ1RDQ5MjcyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezM0QTcxMDQ4LUU0MTctNDc0OC04QTdFLTdGRjg1NjdGMjBDNX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1Ljg1IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NjQxNTUxMzMwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDY0MTU1MTMzMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0MzUxNjAxMDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzNjNzc1ZTc1LWFmZjgtNGFmMS1hZWRlLTdhNWMwMzQ5YWEwYj9QMT0xNzE4MjEzOTM1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUlYSGw2QzRuSU52dzlZRGFrTVlQdW1wc1hOJTJiSFNkUVF2MkZxM00xdThxeENHWE9YYVpDNlBKYnBRQW55VTJ6MGslMmZncTlLVmhBSUZrZHVzUFJXJTJiUHRnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczNjc1NTc2IiB0b3RhbD0iMTczNjc1NTc2IiBkb3dubG9hZF90aW1lX21zPSI3MjI5OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0MzUxNjAxMDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDQ4OTEwNDMwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODgzMTY3MzMxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzE5IiBkb3dubG9hZF90aW1lX21zPSI3OTMyOSIgZG93bmxvYWRlZD0iMTczNjc1NTc2IiB0b3RhbD0iMTczNjc1NTc2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzQyNiIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      PID:688
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x404 0x4a0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.85\Installer\setup.exe

    Filesize

    6.9MB

    MD5

    776d096934ab49e06d98f228f2f09578

    SHA1

    85843747c6b28fbfa094ffd37306260a0b80665c

    SHA256

    4454ee06716329235c9395b1bc3c5498565074bd43fffd70123935ed68096796

    SHA512

    cada5800ea29613e4cebc370a77b0fa589656ed27cf52eb3f6ae0321d951a98afaa192ae1e06c3a4662726b64a9f84903cc3ec633f7170d1bf25cc66c8ad4354

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\EdgeUpdate.dat

    Filesize

    12KB

    MD5

    369bbc37cff290adb8963dc5e518b9b8

    SHA1

    de0ef569f7ef55032e4b18d3a03542cc2bbac191

    SHA256

    3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

    SHA512

    4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\MicrosoftEdgeComRegisterShellARM64.exe

    Filesize

    179KB

    MD5

    80779f870e88307143083fcf97f251b4

    SHA1

    e299c63a8745ab0a46cae731514f936f9714d622

    SHA256

    8a75eaf5677dc11b1c37fbf57ca354b0e3d25c8aa867269c2deb0e7fb7fa0693

    SHA512

    a1f56f0706cf7cbd35d74840ed58c685f3bf86e35efcbd73ae2d73ca6ce9a8ad1f7ced8528b3d81785e3bb9297023bf42f8e60bc4631232d9947cdbeb56afb47

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\MicrosoftEdgeUpdate.exe

    Filesize

    201KB

    MD5

    d80d6c8774203980beb027e2192f7df0

    SHA1

    cadf926c78a87b65289979388c34191925b57167

    SHA256

    41587c47ed8b365599332d5e321437a6dfca746edfc782a231f5d0d4174b5cb8

    SHA512

    c7f67d6c11ab42619b10f341bff9e433fbd36c40fadd283485d60cadbffee8f7448144b221416445aab92593a08c42a6639a225f0baa064cb9cf090d9169cbde

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

    Filesize

    212KB

    MD5

    f87a4644fd6dc581ef7b67062fdb55ba

    SHA1

    38feeaf764e787bd68c06fe243c6064f130b8eab

    SHA256

    1c2fd257dfc2c3967f7afc0ee726319cb6eaa0f1db86c34f97d703ce7bdcb5eb

    SHA512

    1f054a7111c9d7576ca80b3102670786f8d44276d36446c96f1c8f6aa7f51aa4d81edd4cc36a33cbffeba6d5b6b313f5de0e4209f6edbfe291958b2022677125

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\MicrosoftEdgeUpdateCore.exe

    Filesize

    257KB

    MD5

    08e9b96eb44be746d65eae418abeb20b

    SHA1

    eb86e91462752a1187d73cf678671bbe34d16dad

    SHA256

    39f7c35da1df0dca19b5bc426f0687ff0f8ae8de3ae997857a4672f1176de161

    SHA512

    70e08d09ef398eefbace3bce84e6b6c3e55b6caad8886002fd89466e455e6ffecbfca8d233f47de5cd99a5f6805952726676c8545c7d4884209355a48a34d396

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\NOTICE.TXT

    Filesize

    4KB

    MD5

    6dd5bf0743f2366a0bdd37e302783bcd

    SHA1

    e5ff6e044c40c02b1fc78304804fe1f993fed2e6

    SHA256

    91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

    SHA512

    f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdate.dll

    Filesize

    2.1MB

    MD5

    bfc0ece0ce72654a772f425a2f6a7f89

    SHA1

    a464076f5d87582dce2adeeaf3b522c688d5a14a

    SHA256

    bd57792535d7f2c75136fe09241fce48b225b7d451b5e6241cd40e6374db388e

    SHA512

    b027339fe0d73fccbad23ecb34dc8e40f6e0c64584ee0367a2c565802fcd6870fd28563f19789207d2e6a4e13d1ffff515fc10a22193a7765115be927106255c

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_af.dll

    Filesize

    28KB

    MD5

    91295713d791ad6378b117d020c63444

    SHA1

    0055846b91740c4631026affb5c044b1261e53a8

    SHA256

    41d0565075327e4a0d1364eb556a238981659f063054404458c0b7b37ec64574

    SHA512

    55fbbe74bf45ff9700d5a3b940aac9992625a994bc64f842560a0c15e9a8f85a9cb51db993fc43b412608089d3ed6078a8a81afcba33e7e0b0d9b72a4a5b0358

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_am.dll

    Filesize

    24KB

    MD5

    f18d85b1e1c45b935e0003f1dbb912f0

    SHA1

    ba3da8ed55807f6dbb8641620e2594b245e80ced

    SHA256

    2fa5350047962335602e7a450d1e29951609487e997bf183ce0eb5d01b28f066

    SHA512

    7a0a22a7efe14f8f8541dd5d59a355d6b601ab3aed2d7ab3895e31d4a1c6531b199243223a3b001dad06186c1f4eca882966c197f2c05256c9f73d8ba96e50bc

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ar.dll

    Filesize

    26KB

    MD5

    b09436f36b5a4a81a153984bbf3fddfc

    SHA1

    6939928c6c5cfa89525e728b541568869de2804b

    SHA256

    b4e66f907dde78b4d4f85c5c44656667b7b0fa0659eb56f7f96d974cb66d4dd0

    SHA512

    472798b8419b2e6614c72eac27bd3c3a2ac0d93b3a15c992d26d44f1ee3f628406a405df36145bdeeee45b2e96b2def9058869dd2dc857030ae7972e0b0bcf52

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_as.dll

    Filesize

    28KB

    MD5

    7b0f190cfa90f9cfcac3f22644b03559

    SHA1

    de5aa579ead3696433d5509d922fab6fc4954746

    SHA256

    68a495ee65652ebb55f856b7a82dde20fdda0b38880019170fa5cbafb336c123

    SHA512

    62572ed3b1cef8d8aac514c9224c4b44546b4c935ab141eeaa696a69caa88b3525199d75fd2f5edaf15fae07b354a7c5e7df86d50dbc50cc093448640b95fdae

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_az.dll

    Filesize

    29KB

    MD5

    f4c8a5f7bc960a03ddf8b74dfae1b060

    SHA1

    74ee2f8420d86652cb4be3b72dadd52c31ee6689

    SHA256

    3ccf9900953a871a129280260909acfc20aa23644181e354847fbe6b2e005110

    SHA512

    c9c1b64a5da33130be847f0f2e5acee2af78ec84df14c873d1413a495c40a84c318435c43b5e17ccb0fe2929cc97350bef882b68632f1a80551c0e79ff2bcdcd

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_bg.dll

    Filesize

    29KB

    MD5

    e53485ec77800ab9ea0283aac2d0aa89

    SHA1

    7b4bd4a142a78a95273a91396fbed85432789f34

    SHA256

    6b380706e9273948be9995da09e3aebb71e7275ba6852086cf5bd1594c7d1232

    SHA512

    514617c4142cb5f1eb2f72be50d81158136d427d83a8d4f93e6c0c08c30fa012379453a2046ab068cb51853e8c8b12b81df4c18ee80cfb279d80ce4ba5d65b04

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_bn-IN.dll

    Filesize

    29KB

    MD5

    c00dd2c1ada230d747f4914e569a4766

    SHA1

    3c71082db0a88876fd0c929cbf2e25969669c395

    SHA256

    19fecbe5aa1f007f5f4ed719ad474b3270603c1535f187067c30ceddd4444091

    SHA512

    5a33f9b756ed41251f4e85a2b85489c679c350e2838e07b1df00b17f655f73d4b16783cbd4031863fb9c9851815ebbd5bb1f58c465e7d88a41d642d0118530c0

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_bn.dll

    Filesize

    29KB

    MD5

    f010d0ef5fa1c42df991e6a0dd63ea85

    SHA1

    ebb19b0804b99f55c41754bfc43d654b87f86b14

    SHA256

    97e41d2acb8b638ac2a039da4f9750a0e9387ac10433cb68e0415c0093695ce0

    SHA512

    31fcca5c46be1967696fc9b3e9d23a4d81700fea64a826245b674dd1a0c4571a4515ceec6e9fc7d3c9d6bb2a7b7139082bded78847d614917e605b806597ce84

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_bs.dll

    Filesize

    28KB

    MD5

    cfdfa919f3f9b33b9e75f9e22a023063

    SHA1

    2bcfdf9abfe7c13b8883da19cb973da2156a93c2

    SHA256

    4d2ad964da1441bb08800618db62f9e8117751a4a78bdfa3ae1c2dcf903d6d43

    SHA512

    42481f9700d2afa9d28d7d4d1d1937e1acd569b3039230fb6d7c52de12d473e708324d1cd285985186e2531831004d5ec2b801f48a0ce3dbf53549fb88ac7793

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

    Filesize

    29KB

    MD5

    acfd43f9fb09dc5e05842bb8dfa5b3c5

    SHA1

    e673afb66da1f0065bee5da6d52ea9af75e7ecec

    SHA256

    e703d0fe2e49eef7b8a072830e76143281039527d9c2873c8162f18217b0ed5a

    SHA512

    df2416d672f059451607a6aa5752bdfce1989fc461f3781033ae8b000941ecc2a29920e7c2c61f7f879cc2a9a63aceb390b627aa602506833ae41f8e574c66aa

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ca.dll

    Filesize

    30KB

    MD5

    a1f2eb33a406b65da04306f52686d6df

    SHA1

    1a5314c97f23df4ced0466c46aca61286f87d9d2

    SHA256

    d75877f6cc1b4be175872e8d33778721e3e5acfe1a1154772a68c799f2e3ee1a

    SHA512

    4d0bfaf9fa80cf308c629eddee7a850dd485d36753fa5c0825b05dd680998aba96eaad7835de1ddea357a124bf5107d3f10b1b71c0ba4fecdc4fc362b6f326f2

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_cs.dll

    Filesize

    28KB

    MD5

    ea83abf1891a11ff03172d0473a64923

    SHA1

    a19f2e3a26467d8dba5eb73194be1becd0f5563b

    SHA256

    8a981d1abbd9c6454d2798c7df5708e4af44f54991ac06e988e4e66022c15489

    SHA512

    f717431b7fca156a476059525307c7f82c74570b1b9c41d6596af14a340d8b3c26493f962c4f4cbfef0d6971d47822e91111ce2f1204c7127a6f6503942bb39c

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_cy.dll

    Filesize

    28KB

    MD5

    eafbe4b540d5717792cf9e1107aaba90

    SHA1

    99daa2697b99139c966e58d8e89a64667a9015b3

    SHA256

    a12771439505f2d419b246d6a974fe8937e0aa5d3b1f9863dbae9f4b7e6197c8

    SHA512

    d89ca2292190b5914b92f11087970910d18b5e60bbc853466d2439b84612f74248f57b8347c48ee3b1f11232771f99ddb07229cec4beb206bcb1bcee68e6183b

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_da.dll

    Filesize

    28KB

    MD5

    887777535ec4dafc37e04009dc33d46e

    SHA1

    87755165910c80b6451e6e49c6a5dea346f949f2

    SHA256

    8123fc78e3217a67de7051574abc16d33043ac9a1d67fbe1220a51ef92c8d80e

    SHA512

    a67f21474ffdad53ffbdaa8cf8142b399eba399daedaa7c82b62b4d4629b1d60bcb6f04e87ca030299c14dac9f6c291c5d4069181bdc14c83def63c0ac0c68e3

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_de.dll

    Filesize

    30KB

    MD5

    88580c499f109cef95f3020b64266097

    SHA1

    da6cd858d8e9715a82a792da35a4c97b76e341a4

    SHA256

    444f87c7ab5a89e3d423b497abf05fe22ae4605569abd83f3925d3a50a74cd08

    SHA512

    1838d59b0e414b68b785646b01c8c5f6ebf0466e59c946ebf845782edeca76a396609ef2742341b4d89fad58468d9f0e0e24492be78255ac71a3e0e963e1c999

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_el.dll

    Filesize

    30KB

    MD5

    f9bbe44306e396b4f5828033d4a8e129

    SHA1

    2db819ba55ceaa502f7158159d1d6c3de8844ccc

    SHA256

    3723b0bb625284d49824ab7689721e180238e0c693fb41d9948920210fb171ce

    SHA512

    608e1122641ff864627d144925d853bfedb7704cda6bef9257d6ae2a6c5d6eb4e2ef773f717cfab1f9c463b17997acf8762b08ac24412ea898e4cd690809d1fb

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_en-GB.dll

    Filesize

    27KB

    MD5

    f80b43c11b35344c4601f91d61ba01aa

    SHA1

    9cdbe9b73dc803e642cdf8fa7c9be3ed13928009

    SHA256

    18cc6c1c2cb593f1f0450745e5ad4d5d0be3b7d6d3f904b907ffb863391badba

    SHA512

    be390c82be4956090d55f96ef78387d3fe4abb149ddeb66fa6e61c52d2c480f0cd7cce580554ad2743c118697a2d761e1f0ff37f7f50ac437e6f154143fc1ff9

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_en.dll

    Filesize

    27KB

    MD5

    7f82701452b6dfdf75c83df9b865a168

    SHA1

    cbc560711f74a63781c5de971421a7c3d87452de

    SHA256

    fb69f9c72a5026b21ebe7717e58f7382ac8a960849c4676b5733948aedf186a0

    SHA512

    be6ef129d66a0413edb0c67b82bd4fa3d58e63f61ba5969781c19fee11b37fc6665dad3f99331e5b813e40f9b5a0ecf80412712885b8cd920ded6b7d43d2c82b

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_es-419.dll

    Filesize

    29KB

    MD5

    3c2f0bf38763071676a0e2d3428d3ce2

    SHA1

    d7f550ad1b00df2ef3dc962ace455958e0c715c3

    SHA256

    0ae0b861bc4079593e4fe9a2721b187245a80afec33742f80fa7bab4c63928bc

    SHA512

    9317ae64848b626b95c7f129c4ca30ec64e6ae6f686b4a71a9a31d2cbc1adde352001463421a5581324a85d4492b9d06f58698fb89c4c80775fdb1ee91eaf87f

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_es.dll

    Filesize

    28KB

    MD5

    19d6139c5aa6162e8a2a8ba17ec81822

    SHA1

    d81f95f5e4021c4ef9b9781d32a729782eeccbbe

    SHA256

    f9ba82d35d780cf5b4819570e81933b06da524eacb5d0eebeef4276aafb9c96e

    SHA512

    7b287470db50e78bebe8c0906d5f0ccf3aa2c20f70948f7074a8dad29eef40d850c996a790eccdef6ec3d5271a22a5100cb96720966cf0fc032c139e42e10e37

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_et.dll

    Filesize

    28KB

    MD5

    bd8f9362d99be154cdd697b8120e096d

    SHA1

    c15f2533bd74320a85cafe96b37947bdc3d7cdb3

    SHA256

    49424f739809b3d7fe874852420cd91752cfa605005bf6186c9f89b1b704f40e

    SHA512

    69341c9521488c26b16740e9a5501ee6f0a95689d14aa3806df06bf1a21e9b902743e24d3d169a66b5a19c28a6c9217538162ce4fa6b2b3f658e276327de34d9

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_eu.dll

    Filesize

    28KB

    MD5

    e3db9c5ec70ac6c8bf69272f3596c7bb

    SHA1

    815d877bfe2dcf83a5387da48c3e7534c97f0bb8

    SHA256

    0aaa5b02f2541fdbea4357155e3ff28c4d715994646364fb9cff591c27c8150a

    SHA512

    b6d283923b7ad531014f9113dc95c8484deb76cfffd738f223057839de0b163053b5fbb2447fda238369275637870b3e5e911b8f4ab04e4115b6ce7a7f84cd5a

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_fa.dll

    Filesize

    27KB

    MD5

    3aa4579d9819617c80568f1f2cb1e287

    SHA1

    271fa4f97b32d76fa890c4cb9c30ddb2e0298152

    SHA256

    77b558ba96080390a79ec321af1579b1d17b7179e8a893e10462c7b22c8e8a5e

    SHA512

    aecf49ff9385947cd7b5c9c0626015c36b106ef6482ecc47c8c189e5d9e4d670ef119e47302accab93214e6b70e9641aebac552d0b2cde4ef4ac252d3ee8d465

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_fi.dll

    Filesize

    28KB

    MD5

    8f5be4d7e225f2cbf66f3960b56502d0

    SHA1

    f43fe1f55007dda26ebf78711ebbfb512390b7ed

    SHA256

    a121a308be48878337fe8c68a45aa10ca898e39c2d195ef244bb657755327366

    SHA512

    f92088d7babe2d0f4eee14e16f6d67fab8225dff0d3798b1c47f5a291cc9b820c2a7a0c2eecaa97850fa6998e260932941364b100eb8047e5e4bc9e1432a3c06

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_fil.dll

    Filesize

    29KB

    MD5

    49c11b98ab805533476c335f62502a73

    SHA1

    74bf2b11f0a695f5581ede4f2e4215decd5e0409

    SHA256

    6b982a78ff95831477342ed6935dbd3abd1f730dd9bf364afc2556ce6a3afd50

    SHA512

    3e64b2f1b15bf4436368732757f2a92f8983da5a996dd179824e82205041c41b2235a00c3bd0d765d5630d20902dc978018436657114f569aa89e09b3bde69c4

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_fr-CA.dll

    Filesize

    30KB

    MD5

    f5c88d98f81d525185f5ad8ce5572e86

    SHA1

    5cd1375cc42a430aec940e4d73b90748890abc79

    SHA256

    6f6eef8c4afb0deee2497a55854f10407a69dd76e2211c83dc33546f6917a7ad

    SHA512

    ce41a2dcaa35145e4a638af9e70d3efb9ae5ba8357d0ad3762ab2dd5ed7a1bf141efa83ad9922e0aa11d73521d498226e83515b0166611e7ce1c81f0be9d4ba2

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_fr.dll

    Filesize

    30KB

    MD5

    24d190e6f80c7a09dd0ea52db8dc3495

    SHA1

    02997fc50123612e7100aeca728153b62de8ca52

    SHA256

    f3cfc3eecf03e256dd6df7d95fae127a4e2c86f3dce58545ae16c422fa8f562b

    SHA512

    0b5f2c59c3e740c70308174757015f25412f64643abd6fc7965dbc4cc1fd8540a06550b983b62d70dc77cbfdcffc4475143436eef76a07ecb23485bbab054f03

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ga.dll

    Filesize

    28KB

    MD5

    d6ef74d45d1dd95d9c3c07abc6ec2b85

    SHA1

    8a161184979d02361688f4214a415ee909c58401

    SHA256

    f595794586d38fd55bee18c9dbd21c87d33dfc0d03dfe87ade8b0bef5e97252e

    SHA512

    3f74f4c47757b3a0c6969dc1e9ccccc6c03161014184232430cadac4c85a8fb0748d6f894e99b169d4fcc8190d5cd20ff03157e0d155c3c6e40d4a212e981cdb

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_gd.dll

    Filesize

    30KB

    MD5

    0be6761d833c240b79c092afa2f4d4a0

    SHA1

    3f13b2fb19489bba686cd681b00d6178a2ce9923

    SHA256

    248bb8fba661f7b7d4045331d1e4ad808ffe8f446f732c14d2f3a6857f0ebd4e

    SHA512

    1ec9596ce5ada65ba5739ed11c7554133217d9352913e109012f07d810883080d613e057ea75df6c4cd6a4150e669e55c5100b07026073e9bab68af44974e56c

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_gl.dll

    Filesize

    28KB

    MD5

    4ce45acdc229b38aac0b4849c1f18d94

    SHA1

    d43eec8a4f689be874541a0c0e6859d3acd78a95

    SHA256

    cb37f5288928cf0a89f7711366b70c943f7e6ade43e73b8bfee5e1660cc54032

    SHA512

    43a0c7eaf20b3827d8a33b1fb696cf9d3eb596b975b24175cbbd28090fcfb090d6bedd59d2d63514c9ff334d1bb0ceaeb77b61c632f9bb8666346abc1b384945

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_gu.dll

    Filesize

    29KB

    MD5

    5ad48f292a34d8a600f3ee5b02664536

    SHA1

    bdd7bb9e1b730cd63de7e8a50f9c3d76963db4a5

    SHA256

    faf2d0d88df753be0de3fa0218b78c3582947ead0be012c0af30f863cb3dda2d

    SHA512

    527c425b5ec64554154bd226bc6488fd4c1af47db67020d865cd1f52400e55c01797a0fd38422278bfc2d481a293902b1cd51a4e5882e3cc6b4ebc223384c38f

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_hi.dll

    Filesize

    28KB

    MD5

    00661e0428373734fa46030533215a12

    SHA1

    5af1f8606a60dbc8126431d568acc0ab9e48e164

    SHA256

    4e2b724f581f3eeb2a3bb7c561d635741f515bc01be84c9d6ae245e5c7ddd37b

    SHA512

    7c7b30ff996d29efacb5877edc6840cf88a7148c7f9f42bae1fc2f142169867fa2a66863a5b01a0096b01ad18d9eb9fe6eeb2653879cc8f7519634bb3c49a133

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_hr.dll

    Filesize

    29KB

    MD5

    846b9b5f9f5ce6d8e1e18b053ccc96e3

    SHA1

    be17600fb7f1f305158eb735206e1c2a6eddb410

    SHA256

    10e40940f8dc323c6e1fea3f625de0cf2efaceb266b64e81cfa66a2eb51d1f0d

    SHA512

    148a48489b2787051074ded3a0f38f03b0b034a8b2b1b991ec833848fdcb307e3c6570d829439dc2205455115aaf166f845866cf7d89a07e011aa8d822e9bcdd

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_hu.dll

    Filesize

    29KB

    MD5

    cdff9cdd17e3950f3d274e1be976b2d4

    SHA1

    41590b06ca7e74db8d286e5952f32f5be47d7abf

    SHA256

    7cf8997e700cbb81931bc9becf7d0887db7477d97c9f88718c0c2d7849310048

    SHA512

    e0386fd5e0dbdd4e65fb04a554dc0e3d5ef4f862c685614abbf66e8a14cfaa3d2243e77c3d6d14d56aaf1ae38465aa0762a5c3d32a0ed81605b1c7b3274562e7

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_id.dll

    Filesize

    27KB

    MD5

    65fb1c07237d63bc38d11a2416c34ba8

    SHA1

    8eabd2b245511809e00b78b06b1985152dd2578f

    SHA256

    57b01bc5a7b4e8c656b08c89213278f81ce264cc399999e76733ddd90c580f26

    SHA512

    e66cba2a1951706186ab1b13b85679d0aef21dbe56bd3c15e0f2e76ba25df15dce0826ea050b40c8e1c05cdbe257f629fe018096bf488c6845b0a9f5cf565e8d

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_is.dll

    Filesize

    28KB

    MD5

    1c49739edd71f83f2adbb770616bfb41

    SHA1

    83b0ee79f63f6ec24360197e20cbac24ae02b688

    SHA256

    0ace9ef559a167d3f36266c036306473a5cc2161ad12294217e2d2061c5a4e0f

    SHA512

    f3316a96e84a5bcbcb176387540bfc0397855dcf049975d0b1dff44d6bf75a0dcefd34d4e914cd760772ff295d979dd7959b64e0eaaf0e10f7e6039b23b7478e

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_it.dll

    Filesize

    30KB

    MD5

    b73574b5bdfa3126045dcf4b489df505

    SHA1

    7cd73a13d1f0af197637b14977427f9df761e29f

    SHA256

    2fb9bcb4826b747701d41ed53f1dc7d4c0e2f0b2c8d0b1b7a6dbf43fa5349197

    SHA512

    13e6dc225cfcb2292d72a161270d6ecb0a0c1b6b48ee1708e49ac64000e512f7f6a3984bfb680add36a34d44bdd7ba619da873eca4aa63f53215074f420f576e

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_iw.dll

    Filesize

    25KB

    MD5

    87c3c118e280e39eabb8d545617592e7

    SHA1

    b952980c0436df129e10571fbc79ae6dd78aa5a1

    SHA256

    f14b2b780c72815e2e398816867b6dee5afcec9eb5e72efe733b6926f08c9d14

    SHA512

    37469d8fc4cb037f057ea96fe49edbb02515df2584018b04dd7665c6544c1fc140430cf5be70fa99e6392227f92e7383291570c32f79b271f0f771a8dfe93b53

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ja.dll

    Filesize

    24KB

    MD5

    0a4f6041656b7441e2aa9184163f4b44

    SHA1

    3f4f700e5b9b82a661681d37a4c321fcf98e1bf7

    SHA256

    53e4719733ae1819d642815bc27e576dae5cfba1e592714e2c9976bc2f1246b6

    SHA512

    f63d1873f4b364d7eadb26bf0a2fca2146e7c4e4ec17350f1adfba82b76cf127c5f1983bcd12895713ec3299624b6f0fe9c09ac4b58add475e4b633938ade235

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ka.dll

    Filesize

    29KB

    MD5

    ac87df6bb94463336a09c2cbdd17b23d

    SHA1

    71b45a3e00d593aa0569a4316d9f48dd7ae6540d

    SHA256

    f97d24c55a1563767cb606ab7644ce10c871989a8fe86786e27d17dbede4de7f

    SHA512

    391d352fe0d997db1462e00e19da52c48ae79225afcfb083ff1e10a9f005090b1de0b3e1f5129c8a2cde1d2264dd4a91398d8d1c121c24e7d847eb824028a38f

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_kk.dll

    Filesize

    28KB

    MD5

    1349c9ae143856ff8af98d8969f97964

    SHA1

    b0774042bee34fa2d1fe2bb65ca21a71b6a5e630

    SHA256

    d8ed80b5de016554f15b67c68dbcf495807697f56c3bd2ddd3c587719b870c9b

    SHA512

    912e36fd2e23d4508a89392e713ebe6e8fdbd99576afa1a12a743cfeb3e1cefbbe024d973550015f9dea8bda9309d353871f3ed32d7a51b1e44ac46449b72180

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_km.dll

    Filesize

    27KB

    MD5

    e133ef71c5724664908ef2cd7af775b4

    SHA1

    a30990a3384c62b04259c10d7019ee41fe517c7c

    SHA256

    0425f6ec9cfc4f79a43a2963903922526fcd877225da01f88009c7380a0678b8

    SHA512

    86e7188d9faad6635439c9518b5d038b5f60bec3de16b18ae9c1a6574bbeb76b8ba677bfd77b24329a4b6df00c4571a7a932d9afd025d43747007b73fbb419bf

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_kn.dll

    Filesize

    29KB

    MD5

    055a4f614d8056ae16ff91959a0f3570

    SHA1

    48cbb61f7f6bdf5399cb9aa0f512b78a57ba1e18

    SHA256

    458ede85c40745a5f79201bbc8b0785549e2c13be8ec726d32e4ff2e052db27a

    SHA512

    2e2991582c5d0776880063052d483feae79d7d97a45580465e134c517b080fe7761410de8401722dbfaa3211aa7ac1cbb030d5002e544fd196735bad3706767a

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ko.dll

    Filesize

    23KB

    MD5

    b2d7a95280580a921ece1f65593e79d0

    SHA1

    b611e29593788ab46b3d86f472d08e90a2a3ca88

    SHA256

    2f4221684404a9a0dca802102ef5e1bc263d5ea4435265384cc85d55188dfd3e

    SHA512

    bb6cdbf4f8ea20bf39bd24801d0a8710c714b9d7070776178810325213f8c797978437f9e647510a8ff613ae8245871bdf7daff7e48372eb395604022442aa1d

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_kok.dll

    Filesize

    28KB

    MD5

    cad04507b6038d757a28aee789d16fda

    SHA1

    0bffa7678d129a235becac22662fa807b7b6319e

    SHA256

    72c3acca20e4fc82d12635756977a353f5698249ae87e401012d243cb348746c

    SHA512

    4567b19fb854f3866b627ed13aa6c122b5ee9d0d06379b09f38f3a15f15e81e26ac7f3ef572fb4340313e47c1285ebddf8438c6b19da527f72c3b051d5f954d2

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_lb.dll

    Filesize

    30KB

    MD5

    ff47bde993d34dd79c66acb70db09009

    SHA1

    6a8817b7cab9d2335059c0130f1b95e35431591e

    SHA256

    db43e3263a24600cea81ae634c8f42a41d22a52479c873b28bc260b0400e7220

    SHA512

    3ec1bf2363534f399093780503a4c77b4d878d208ef55613c2e41687eb6dac26c75e541b4f93115de5a06432cb3aef3715d3f282cd06a7d41983db3a1ad28a4c

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_lo.dll

    Filesize

    27KB

    MD5

    cc680df66d6678d2eb8cfbdee2e44a61

    SHA1

    29c5286be2304147f1b9e9ebb0ed1cf7e41ff791

    SHA256

    30ba2826611d043a59314f335e6af343d6bcb738ca6ebf0307268a20cbc03d46

    SHA512

    fca9dcd7deaf2d5870f70df0be8fec8d8df395b71b931819f848c9bbd922a85b8d55eaba4c00106c364f5fc85fd10254659df29be8d87b0296eeb830719effe8

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_lt.dll

    Filesize

    27KB

    MD5

    ad30a4fe50163bfdb3796ed7bd5fa376

    SHA1

    3d307f23e8be36575806a12de3eff54fce9240e3

    SHA256

    cef18c955461bf41a2f0dffbdd4680f5a4d760fd587aa595caadbf6e5ecc173a

    SHA512

    8f318e17fcc89d3a637253bb253851fc65bee1baa2fe4ecb8b93966f05f5a207ad1fd8f9a5899a0b276d0efb61cfc5c3dcaad917d4012d343ffc31a8c315788a

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_lv.dll

    Filesize

    28KB

    MD5

    d6ecc88f4c614c2968a18f2dbbea3a77

    SHA1

    1c466ec539c7af23607d2b8d4ee2bff0936836ae

    SHA256

    2b042ca049760e903fb9918079d20bd17bd724e6c2a0212528d236aa18f5a4a9

    SHA512

    edd1ee4b6a46f7de2378399c20f4740b17a9fb07ee307409dd1bb49397afb3ede4480b744b337b197fd3f96c8e0088d322f64ea0b9b8db92690589fbb520aa2f

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_mi.dll

    Filesize

    28KB

    MD5

    ea85038966f2d1590cf0eec9a1121f66

    SHA1

    5588cbcff8cf45068ed22918792b43d3a84ae13f

    SHA256

    706b7ec4c6703952c75b405f06e09c1a8dcf1ec82cb46f2b7a322a911fa4815c

    SHA512

    73dc7b24b55106b95d5c9a79bf012a93304bed5d6f905e1fba001bb05988fce33a73bfc402bb28b381fc59143c770e6a19c3fbfa5ac0dff5c9ed0f25a7a33eb3

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_mk.dll

    Filesize

    29KB

    MD5

    e3f432ed48166aa5eee026e78670af10

    SHA1

    6763f5f8c924557aee5c7dd7e43ba4c7025e85a5

    SHA256

    8612e8bf3935d24cad3435b569c37d87d2c0a38d067183c7db41a2f13d18e74c

    SHA512

    b351b3425fc488c970a2128b59a1d9526b390eaa4cc2c449227bde63a3d281d06d5d4d559f1562203d4139e24d499fd41761575422dd5ebb2749db80e38296fb

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_ml.dll

    Filesize

    30KB

    MD5

    6a8f4cd03794b550fc7dd37fafc74ecc

    SHA1

    903099d40fa1031292c4266131567b5e29b583a5

    SHA256

    77d9b5ef256a2685bfa2cf06eb7cdb9ae2297d2129fd8e03a00d9c88573b98d7

    SHA512

    83ad9ddba650e5c2af938d4b6c5fda82244cd7066ef7f0108e2508fce715c122f8d6d82a1c6a45c145a1e628a32c2fa93936e26a902c26431aa3970e39feb8b4

  • C:\Program Files (x86)\Microsoft\Temp\EU5A07.tmp\msedgeupdateres_mr.dll

    Filesize

    28KB

    MD5

    23e847dd772151b1acef939f486132cc

    SHA1

    6ab55a40c883de391f63cd423d34e8fb66a0e3db

    SHA256

    e9f5d5690a62e780269b981229185978b04c210a6248e1acccccd3162b59a4ce

    SHA512

    4a2541aab913e95a13d1e07177803eaebfbd4eaa9e309d1b58ad36a8a2c091f6262f776b50190f8c9b75a9670abb5f403f4b14cfd469579121e3f673723772a4

  • C:\Program Files\MsEdgeCrashpad\settings.dat

    Filesize

    280B

    MD5

    e0f6fc0f5b8d3d5ecc6a00fb8c33557f

    SHA1

    085fb41f74446d0a5c2d779b3ce6b23894e13b3b

    SHA256

    49f44b28923b5b7fd5e686ee08b6756a498c6a6955f4d7ff16636259389241f4

    SHA512

    1b92e37491e3b93433098db01a89bdca56f33e5dd89c464fdde22458fa9d3a99051322b28b8f6047737d62ce9f76b387c5d53b8ce0f4e7c1901a63dd56bf141d

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

    Filesize

    100KB

    MD5

    5b1dc737330393a0e744002bc7649641

    SHA1

    6b8b39e101cad1e08414c796dd62aecb26c357e2

    SHA256

    0c628d180fc5b235f25175f46598986b8e478990ab9f3aa543215dd390e8a318

    SHA512

    229d4b66cb5a6137007bc4c548bf458a135ce275768f177848a43c3a6a80bda118fb95d3be0c3f89a53faac5063ca3fc3de53a9b1e56cce483672ffbd8f98556

  • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

    Filesize

    1.5MB

    MD5

    c06e9135c420469715d4310bfb3c1b33

    SHA1

    08b7b18662f19a5193ef92cdcdba63eefb7d80a7

    SHA256

    34efce66f80ccdf56ec4697d323922ca751c783099b9e0d1a38eec054776182f

    SHA512

    56260285eb6c19698daf7cc7b74e8b4d4b11a5f892c7d22c62ccb51353947d81192790957916a52dc4eb579f27cb38ed67c5b4fabd449850c8949581f07e847e

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\218c657c-0f0c-4ff1-bd7b-e7986845fb98.tmp

    Filesize

    3KB

    MD5

    1871c2c6bc19c1fe9ad3c4a62248e5f7

    SHA1

    1d0f403f13ed3f02125d5833a4f756ecb7305c0e

    SHA256

    505669d0d5ab6eeccf68cff248895f8c4d322e2f65aae8947644bdce3bd5613e

    SHA512

    b8ebec35a0f96b3ade85ba9370aac776eacb08a22645684e7c71ae71f317ac0582b2d16b85950f0f5e7931d285be9a3440bde4e181e4d622565f12955939b9c3

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Crashpad\settings.dat

    Filesize

    280B

    MD5

    ef593af12e689442bed1937b3c3c8cee

    SHA1

    c86b1320399d48434057a7960b607e6c0337a964

    SHA256

    283c519a24a57bdc80c53d30fb17c50cc0a8fa6ed8d3c658213e202bbf3c32cd

    SHA512

    48a9ee35facd58dc3c4d70d2ee968496f6df19ae436b542fd8486134ee467502c9f6ae8e2ee727c6ff0b63aefbe5f57a4e9277e5d90c0bc5b1f6b69243fddf5c

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Crashpad\settings.dat

    Filesize

    280B

    MD5

    46f19f8affebb60ea133d057f4d510e8

    SHA1

    b9767606d6d61b43847ec059b89aec57773277f8

    SHA256

    0ce049d8915bf71bb37e1d1e1999d08dc9674761ab89316d1f7f1f617c50e2e6

    SHA512

    3b6faea0c2b271631dd700090fe7aa9f1bf24fd844baed88018288a20522a469ebee556567afa2cb98b84d5d367d9b6e0fb73afc190aa745180e9fa47b4f8a09

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Default\Code Cache\js\index-dir\the-real-index

    Filesize

    48B

    MD5

    4739f70681338a436d403b6312f1dc8d

    SHA1

    de5a580267618062afbf8ee5a3c74fb292377884

    SHA256

    42757bd1be1bf8f8a1d74dfc2fb7c9477a4fe4f2b864e6314f0954446624fd2b

    SHA512

    b1b77b35ae7354b8d0e2e77c4e7d18f462134f80896d359c9ab27faee6ce7a327f529c02ba20d38602618f5b0dd9faac7763f0a71a8bca96f886021d68c7070a

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Default\Code Cache\js\index-dir\the-real-index

    Filesize

    96B

    MD5

    6fa3ae7b48f33bdd75a5d1c1ec08e489

    SHA1

    f7b46d14d3041dd82c4e0f242a900f6407170f62

    SHA256

    7d91b281c949b1b91b4c0db47ed3fe768606c8d61a3c7a656d1313e9ea3cbf6c

    SHA512

    068464830b99f62d1950b7091f0c56b8f101565cdc14441da9ad42130ae398d48342db37dfebf00e6e818ffbc100aa8cd5d157de1cd9a6ee5bf7ef8c4dd3b55e

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Default\Network\SCT Auditing Pending Reports

    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

    Filesize

    16B

    MD5

    46295cac801e5d4857d09837238a6394

    SHA1

    44e0fa1b517dbf802b18faf0785eeea6ac51594b

    SHA256

    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

    SHA512

    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

    Filesize

    41B

    MD5

    5af87dfd673ba2115e2fcf5cfdb727ab

    SHA1

    d5b5bbf396dc291274584ef71f444f420b6056f1

    SHA256

    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

    SHA512

    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\GrShaderCache\data_0

    Filesize

    8KB

    MD5

    cf89d16bb9107c631daabf0c0ee58efb

    SHA1

    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

    SHA256

    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

    SHA512

    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\GrShaderCache\data_1

    Filesize

    264KB

    MD5

    d0d388f3865d0523e451d6ba0be34cc4

    SHA1

    8571c6a52aacc2747c048e3419e5657b74612995

    SHA256

    902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

    SHA512

    376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\GrShaderCache\data_2

    Filesize

    8KB

    MD5

    0962291d6d367570bee5454721c17e11

    SHA1

    59d10a893ef321a706a9255176761366115bedcb

    SHA256

    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

    SHA512

    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\GrShaderCache\data_3

    Filesize

    8KB

    MD5

    41876349cb12d6db992f1309f22df3f0

    SHA1

    5cf26b3420fc0302cd0a71e8d029739b8765be27

    SHA256

    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

    SHA512

    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Local State

    Filesize

    1KB

    MD5

    a8c4427c6e90735ea64f68b9b1d37940

    SHA1

    5c5a99977e373fc064d81023030546a98f4114fd

    SHA256

    6ca3365ff84d35a627aea979433817f830df10716d9914fb4ae8addd0f841788

    SHA512

    2f50f5e235b412feaa3fa8018d596556bd7570cb699886556400c9bc109d1c1bc46b8c597798a2941e966a078fdaf820b6a6bacf1dd83e075bd2163ef632dcb0

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Local State

    Filesize

    2KB

    MD5

    a5f73b6efb5a4a3ba69f4353c6176867

    SHA1

    e8fb243d8a06db8695ba8c616a18a5f5863bf1a4

    SHA256

    00b485f59c4649384fe8b27d10f107c42fc7c20c61fa20b48ab89aefa414b576

    SHA512

    8d03ba3808256009da6b9f480e602fbab1e326860355dbf8087859fdd7d1828fc281f0ef33a825a0f6b4478be8206575f658ba4ec320c160fb98dc5680f8422c

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Local State

    Filesize

    3KB

    MD5

    ff5723d6ab318ae843a9fe3452606341

    SHA1

    e8fd6e6871d473b9b44a6cd93ff573a48077cb7f

    SHA256

    ecd2fcedf58b3cde19c7de96e7134f07374253d440acd1f8015c6884a0617532

    SHA512

    585b798b8d5b2355fb07574b2a0305f4642e71f60b96fbb99b4c4acd6fa74e7cc44fb4ec20448004d61ff3ed31d6859373a7c14e44264d55c2e18696ada5a08a

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Local State

    Filesize

    3KB

    MD5

    bfcbca3c9c934459aa8994f6324f3b50

    SHA1

    403f28d087fc52735675d8a77a583597d497fce6

    SHA256

    e2d8e10a49331b2c478f18063e1296234b3d61a1c9a337b8ea9ce1e6c8459396

    SHA512

    f6abf6798c45bcd5a37e4733119b4fd7d77150a1fbe3235fda8f8bdf855b5ee76105742624e91ee149836ac1d8aef4719523604e35e77fbedc5e56a66f075319

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\Local State~RFe594ef1.TMP

    Filesize

    1KB

    MD5

    a6b08da6a42e22a236fcecaa3a5a4a2e

    SHA1

    273cd4853046d32474cdd2732ed7fc68bcdc51ca

    SHA256

    1960355a24282667456b8122e113a3d569c2eabf2d1147a1e72843942c249cef

    SHA512

    dcf021106b06e4b7f07647ddf63c1a3494834434436ea306d6d0bbe39b51651203606f1133287e3af36075355eeb7f96e972267916ece17f7d8e05bc8f6f38e8

  • C:\Users\Admin\AppData\Roaming\NightLight\NightLight Desktop\EBWebView\a8e653eb-9d1d-42d5-a49d-2e4555010818.tmp

    Filesize

    3KB

    MD5

    88daa269dc01087d14fea341fa2eb60f

    SHA1

    baee6004da963837e539ab4db38ab0ce3c7e5cb0

    SHA256

    a85aae19a84088e55cd5296fd9fa86bbcdd5d3e9d3c9c6b3cd3924cf11bbb574

    SHA512

    883aada293c5b759fc59614aa7ea1d973d0ead54d074f719fa3317413641b7051859b7c0370d99b29efcc52cc4dc64eae9fd030d56558bd7f207c8098b2a63b4

  • memory/392-290-0x00007FFA3F090000-0x00007FFA3F091000-memory.dmp

    Filesize

    4KB

  • memory/2560-466-0x0000000000F00000-0x0000000001B73000-memory.dmp

    Filesize

    12.4MB

  • memory/3100-642-0x0000000000F00000-0x0000000001B73000-memory.dmp

    Filesize

    12.4MB

  • memory/3264-376-0x00007FFA3F090000-0x00007FFA3F091000-memory.dmp

    Filesize

    4KB

  • memory/3652-311-0x00007FFA406D0000-0x00007FFA406D1000-memory.dmp

    Filesize

    4KB

  • memory/3652-304-0x00007FFA3F400000-0x00007FFA3F401000-memory.dmp

    Filesize

    4KB

  • memory/3652-588-0x0000027D8EE50000-0x0000027D8EE80000-memory.dmp

    Filesize

    192KB

  • memory/4064-260-0x00000000006C0000-0x00000000006F5000-memory.dmp

    Filesize

    212KB

  • memory/4064-199-0x00000000744E0000-0x00000000746FF000-memory.dmp

    Filesize

    2.1MB

  • memory/4064-195-0x00000000744E0000-0x00000000746FF000-memory.dmp

    Filesize

    2.1MB

  • memory/4064-194-0x00000000006C0000-0x00000000006F5000-memory.dmp

    Filesize

    212KB