Malware Analysis Report

2024-09-23 06:59

Sample ID 230710-hnytsshh7s
Target 11135191670.zip
SHA256 4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b

Threat Level: Known bad

The file 11135191670.zip was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (8204) files with added filename extension

Renames multiple (9361) files with added filename extension

Modifies extensions of user files

Reads user/profile data of web browsers

Executes dropped EXE

Drops startup file

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Opens file in notepad (likely ransom note)

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-07-10 06:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-10 06:53

Reported

2023-07-10 06:56

Platform

win7-20230703-en

Max time kernel

139s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8204) files with added filename extension

ransomware

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\SelectConvert.crw => C:\Users\Admin\Pictures\SelectConvert.crw.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Users\Admin\Pictures\StepGrant.tiff C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File renamed C:\Users\Admin\Pictures\StepGrant.tiff => C:\Users\Admin\Pictures\StepGrant.tiff.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Users\Admin\Pictures\DismountSave.tiff C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File renamed C:\Users\Admin\Pictures\DismountSave.tiff => C:\Users\Admin\Pictures\DismountSave.tiff.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File renamed C:\Users\Admin\Pictures\OutExpand.raw => C:\Users\Admin\Pictures\OutExpand.raw.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ACTIP10.HLP C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jni.h C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\bdcmetadata.xsd C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02369_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\QUAD.INF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\OrielReport.Dotx C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL078.XML C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\SETLANG_K_COL.HXK C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287644.JPG C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Essential.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45F.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jawt.h C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\WSSFilesToolHomePageBackground.jpg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107302.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00272_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.rll C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\SKY.INF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\RESP98.POC C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\INCOMING.ICO C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\NAVBRPH1.POC C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\SIGNHM.POC C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Mexico_City C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN027.XML C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGPUNCT.DPV C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0xc8,0xcc,0xd0,0xc4,0xd4,0x13f3db840,0x13f3db850,0x13f3db860

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "3060" "320"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RESTORE_FILES.txt

Network

N/A

Files

memory/3060-54-0x0000000000310000-0x0000000000314000-memory.dmp

memory/3060-59-0x0000000000310000-0x0000000000314000-memory.dmp

memory/3060-62-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/3060-63-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/3060-60-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2928-73-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2928-78-0x00000000000E0000-0x00000000000E5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a62946e9a2d69db4792df619bf8df2b
SHA1 0c3a18b9c26b0bd54e3e031c4bdb8d3362801375
SHA256 130bc2afb608d9ae7c61a6838769a877cc81effc1ce161ce9e7ce7421c1f71c7
SHA512 42ed0bfce21b4e19250c64e81eafbb3e05d0a89274d547bdb17316831dbcb69109930b6bf1a2195f1e7df931edcdda60e70bfdb7c1b7f0363a4f9c9ff1ac45ab

memory/2928-82-0x00000000000E0000-0x00000000000E5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OutofProcReport7160156.txt

MD5 dc3f08963fe2c940613330d340ce2a87
SHA1 12b159705edff208e7e0194dbce7d23dcb79cecf
SHA256 1e6931e61f39a331559e77a8a40cbda30dc5890d87bd5f737d28df7a7c7f50df
SHA512 b1058ab03c6797da02d7d60e8e46d706201033529a49360763d36d8cd9e90971d2fe86ef42a9d01cd8b53f040e59a4045902f0aa8c4b0587455b1294aa0fe695

memory/2928-189-0x0000000000320000-0x0000000000324000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 cf84cb7303300cd7c7ee18edcccadf8b
SHA1 44a775f357932bd49dc013a3cf3118862a206020
SHA256 6e5a6b0b9bd4ce40bd4d741262ae27c3f09bf342fdca018c8a209a9896ecfcee
SHA512 6afdff38233db60463efcca62f8edb4ddb84b11e6a782ef6675f846aaa92f12ade770809576706473792bb7ccb6fdcafe4f83a1ae97a7345b70119a5c5092727

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 490f339a717241710b016d5e934bc6f6
SHA1 c9ee7e90c29206bb1cbdf0b62481cdf2c8efa84f
SHA256 8604515c009fe92857ff97794aa70c8cdc06d68dab782a698d9dcb50f6e7b4ec
SHA512 a92224395535da1395728335dc9101289bc5320570d15aac5090fc343f7f406f3adbd4b3960175beb204644cc8f15ba8e98b83d767c410765bae6e3d996ba7b0

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 ac06c44bece9eeeb64c59365a50ae751
SHA1 aafd413c82029d7e5bf37043de5b9bdcc1c814aa
SHA256 64c6a5305da033775925236fe7a6f143a3f18d33cde74d828ca4497b1a07096d
SHA512 8a5cd469833b58477746a0870b25736165481f4f563e1f0bcf30ac3111f0db075b28c98201474beb67c5aad390e757789c64010a3388e6f03d733c2db1461b30

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 942f1c99ff0f38b9768df7667806e7cd
SHA1 a7406f495850f917fa979fa66014eb877c378e86
SHA256 85718487bd412edf208c7afae64e5ea88f679610709bbad4ecec9aa92f72440a
SHA512 58cbb2cbeea533205848111228c7fd0e8fec732227c0f9a7b2d44cf4e971f4013058639e0a31a94e54a746ecec931f31711c5644e842f671d256b8bd3b46e912

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 da293441d3ce577a4ce018bae94ebacb
SHA1 49ee255c9a4f24c13c2c61b11c4225a532f86615
SHA256 85967137ae5098d53cb4d41a5346860282ca8995979eb50c47f3d58f6aba4f53
SHA512 d7719ef129ae76930c5705a40f1a60da7b445db2b52c3060ceddf9f39285166eacd52b2fdef91e84d1119a1db04f178010ac09a87431bd908e4549566942e006

C:\Program Files\7-Zip\7zFM.exe

MD5 81d2bd9ea5b2db5beac4429ac13f23d3
SHA1 2a4b37e05c3ea965c51d4bea758daab1e9d373d3
SHA256 5f634e82e93c5b67a7191799780e70c6fc6252b5275bb971d08361fa6be08706
SHA512 942d072727740df5ef7b70de6297c59d6d5d21949b491c0a5dd4df6c9cf74ec7049afbd2adc9039f7e93b999e356e39499d01f6deb21fc3a4ae0f3b33ff5f019

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 3f4e08b3e4c5e5599c074e98896125fc
SHA1 f3c01373a5d1b105c1ec52e6717e78f163446a5f
SHA256 7e71316c806c2aaa11a66b8ecdad878ffa290d2df09d7d5c406b416ac82a6370
SHA512 d2d63be7dab3f3665ac6080a0826e4a1b9f70289bbfb7a5d2611a027a2fc5a65c8417f8777c666244218ed908ad0649cb3c6f2ad6fb050e7dc414bf4fea09e51

C:\Program Files\7-Zip\7zG.exe

MD5 3a32cca7940f9667bcb77b440a9caad2
SHA1 67b5a4e1893954bffa712c055fb6b2c9f62c4c35
SHA256 3bfd087910638889d4e7f3a451274a134af755e6fa3036441b2bc25967606435
SHA512 482b8daec3ceb4729ed57bf164dcaaa615f4a0af8d2642a80934135cfefa6754d601a45e92bf9857dc6a095f0ad859eb434c67b44a66ee5c9b9a06bf32fc2773

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 4433aa83b71e8f3052a51d422d02ce9a
SHA1 b99ef6b04c6756e391204a5c0138e0d37f6a206a
SHA256 7cd19fbbf694815ba8c487b51990650e161a08a4938f67d3da6779fb48bc2c0c
SHA512 22de528e3068205c45804a684b4053a2e151d58694740c37b2b5ddbc2a8975141013be9cdb28db6df101d7427d18c753fb164063e3c5012b6fbde79bd0e3935a

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 a05af2bfdca392740c553c54c1ef2d76
SHA1 5dec1e161da24055cccbcba4162727bfacd1ea43
SHA256 f0ba40bd42a56557a21bba21e71bce34c676e667f35145d8b11c26641945b3a3
SHA512 810ebb8d865ae6e9b8e37fa306034f9b50d80e3c22a3d1315218154e01310c09806b2325d4d0960ad66f4ed77e9ece0df259fd010b4bf6a3dd6f1350e1a81558

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 b9f470510ed66791e3a4e75171193240
SHA1 4e28b286cd69e89938153b223d9b093ac97f6a9f
SHA256 679555e652fdce710e223a1657aae410dd4c1028672b213be86de51f1ff3bd1f
SHA512 0e5e99297dc554d8c96f8235c5e83b273d824f4a9b52c8573b043b3b206476103e24b4055d4b638c5e57d8afb12d89679ab56a5a03a05de54470e3b20604c97f

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 1dc947f5cf0142f8dee3deb2cd2a7d12
SHA1 53d1ca95f903fb9f9026729dfabf4b25d683a2e2
SHA256 1292d273da14387fc346b988b55aa241f0b687c81007e73ae093eba7cad0fdbd
SHA512 21dc5d6e3b0f70baf6fe0f18e9859db18209a6dd7b6ac44365d21b93f68d8cc648df02f9287daa738ea324b29e567e64e005c0dca27cca33337255d81049eaee

C:\Program Files\7-Zip\7z.sfx.azov

MD5 55af9641d63d3f839ee858ee061fcaae
SHA1 5e9bf9ef2a36962095a4424f8eb06f58046c3ee5
SHA256 2671bf97cfaca80bf12529343e6f45eccf750c94875048ef17b9ea4aad640766
SHA512 c8849ded0bc3bf116fd44a7e7f623f92b8d710afd017b5a69877afa2d72a7e9de82f8644ebd1bca1f5cc3b6c22c25827bda27b67223206dabb5e5fb610112886

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 5dc17aee44f8b1ed7146acad89679a79
SHA1 0e5d42df0d0f44499d11a58fd872ff9bf3351ac7
SHA256 229b23816b4ba61ffef4d612535db0c4ea9c85e22a4c01d7ec0ccaa310c81477
SHA512 2ec61e56363158c0512f8b5ad2c4d5a27866b4d428c2ff4eb5fa37daf7ccefb4ef4a5044ea137e96124e0bff1640a14c029ca658c189385bc7a2b4efb3bf1ce2

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 795b2f767d23e692d46b94e61560bdfb
SHA1 deeb5ec234359647b7aaff833aa2ca2d45d106de
SHA256 b22c0913f711ae45b7cf32a682f51456a8b0c69988b1418494a5e3a9c6858c48
SHA512 25b9d2cff003c2b8406ce375e1fb24e604e907c7b27438fc65a175c06dc635fff8b7fa81d3c2a3cac914950e86457b84a165804efc00db4eb27beccd43b4a306

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 6e07e12a39fc4e54862be9f13cfd83a8
SHA1 7e90980ea2e45205c42751f5f16ffecfa56290ea
SHA256 37c4beab087c3f134aa4f3bfb44e6667b58ea9aa0ba840ca1d29750a887f746d
SHA512 75bb30fdd5daf6ec7bed4f254144dae58365094e0c998e4a6a7c44a83e8b1c6f962fbad0fff2b08165ef0166741b5677133975f041ee5672e0a0fd279eca3dd6

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 2c19e9f28b81c738df17a1eb80a44276
SHA1 3b970db533dc7c86351286383013bfd17a95f3ab
SHA256 567b246b026af0747f786eb65c0d287940f3c3c7f1e4788ad56aec13b73ce009
SHA512 94f485bf26cc8670bfaa2cbbf632e2951f563942ab88dcead4bd6529f5ac26025fb2a4eba26d4e1cce98a4be20d48edd0e824a3b7b59276c23181496c3e6c551

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 e130a5dc6509c5f99df94011055e7c83
SHA1 a74ce93e283995c7315f94ddfcf694ea2428c05e
SHA256 5ccf5e63542861a26c501300cc65f8af7006ef9b0d48e4d5db9706dfc86b247c
SHA512 9fc89db0d7ba8814911f2f0923980ac74117c0954c422deea05c123a0e98067bf5f9c340bed8ec919996da1e89b60e1f7600ea584425ae4439a4752260cb82b7

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 a16cb4129091de92d22a856ee68ce020
SHA1 192396034cca110fa89a1a2033f4b3b5f4f3b56d
SHA256 0132ad84ca3aab1de5502306565eb95a61d9492211c4295129da2a03c5abfbb9
SHA512 d348120773b21bc059ba07b273df22f5e10c752576df6dfaed65ff819db94f8eff6ef3cc7deb11a523a83362107cb315fb2ce6824b597ace3f72836421c1cd97

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 2d081ff133267ee5302d9de5c1b60d1e
SHA1 49115a46dadf24e4ce1f015fdcb6961ac8459b82
SHA256 2a277acb5c554d957a0cf2f3303c038f34e8d17a6611b789b9dccb50b14e41c8
SHA512 d3ccd2a7443a10ae40156914c5dfdadfd04828470e6c2580c24e4308aa00b175c111d5316cb5d081132454132d78d72d22a11e3eab32251237180a8203c3697c

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 370fd48321f0d6dd9ebc56be01426618
SHA1 2647407accac79bfb0e6c74c34dee95c7373d99a
SHA256 913a6e7aa677fc97efda2c89eee7d7f536d4c7a319d5c1fa7a316070b5217649
SHA512 b7e6926a14acb0c31fa8359c98f8dbc5902ef9e52a1923e818d4d7f6a4de7ee3212b2e034f3143a6e7e70ddf7bc8de392687dfd7e0b05fcb43d4481f4a9090c9

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 101d0d9069d03adecff95743026a1dcd
SHA1 c51c4497157179de692c1358a1edea632408864d
SHA256 28fe8d8c8ba75ee491be4c75916bd289c137a4f1908dfe06539ce5e17e9d0192
SHA512 0732c47cebb08e46c14adac7a7af900223d7857d68ca2d94299118a34deb856d588fd1a7566a54ed9b4be99e6a1ccac3b1208d39ae689d3f727051790dadc55f

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 8c6566e8d56c68f1f98197b0ea188876
SHA1 0d5cd477c024591b819f76a9cb7402a47fdedd03
SHA256 e0eaaa1069d8ee165de302f91d34c7f38aac18396154e31c59746ddb6e2a310c
SHA512 cf6974774c5cc56cc00e7ad73f5834709e7bd789969509d1302a9f75de98aedd5dbf06d739210bfc2e2bf2deb1af11e05e8807137515f8913c1b3de4cd95dd41

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 3a43d2a93036529d7d6892be564c2de9
SHA1 975cd3876824814f7c6b16a3f3af977ca9128a05
SHA256 6eaa2afbb01b062d2675876a975353cfcdac80a18b88cda779ea197a74313804
SHA512 193e248469a6be98b24046d6203671abc7f564206b92b9b795dc0794070b1388da82025e6eff9a4a41e1c2a9195ab7cb79c1f8a320c59180b922c23308b6cad9

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 5d0afdb96a3cf40d202194431fbf49a8
SHA1 fd398e02588775ac1e349153380412f9efb52a9d
SHA256 0e9225c1ded72d1d5fa86c3263c737dfeb30f83903af3eb4566530d628a9c95b
SHA512 e164d43d842116c354789573517a593361a414197db6edd891922404ff46eed0c6f62f356e0a5dcc39b8acaadc8de959fd5254aaa5e73b0ff3739ae4a3976828

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 b4e59438340ee8463e4229599819cbb7
SHA1 aacef2bfb59f87dd5bc6481a50e9de3dad0218e3
SHA256 f1ad86fada165991f92f2cd00c7fc3de026ff7802322db84ad95570319dad08a
SHA512 f5675d8b92725289270138defe42697e30f899d73db3c62a4bbe790f7c2a9b88c954e68bb1b8a2042fa8ca1539a43becf754009c932aff3386e53de2fecec98a

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 326bc30a5503319a80bfc904bba76c29
SHA1 3daaeacddc8538014567b6a2ac0d732f0fecc6eb
SHA256 b713610e68c8faa5a0b8b008318f5f9778b335a428e9547b2b57c882fb039955
SHA512 0e13c14d025380082659e318cdcd827659ba9a1ec3baf2fb55573420ad55cab181b673d92b73322b6c81af8edfcb4cb829a7b9e9ae88d49b60f96f0487a41bda

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 c51934c14fad62afafcbdf9dc11e4c3e
SHA1 ae6502d76a77642850577404a9715b6f363d139d
SHA256 d5574775405d765c197a017adba96dc0b980110b660fc1302687fcc7a349b856
SHA512 6b5a6d65c4c532b926c87a876a554353c385e8c4310974567d147aae29d76832da9ee085be5e86b4fe1476fa693ef9c2dfa05e8b2c2044745855f77f7eac939c

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 ce34a42f82f8fc85416476560e52d94d
SHA1 4099b1cc8f4de96b66b760e7c6397c0a24bd00bb
SHA256 a0e96a559255d61e907269315f74114638c469c6a169cd4eff2f54aa77d80962
SHA512 487e0ccf7f6b0d1b93766e00efa5ce6a43995a520656eeaad4b6691b2de8d0d8fbf1712b2bce3f7ab4dba4a3c590e9518e8e5ba951b41ddcec9706aac0584931

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 c1156c4ae5d1a401cea2230f97664448
SHA1 25d1323966f6504cd9ac2a5b8a8ee71509bdc3e5
SHA256 54282c9ac874ae758c2ff1fab8a5bc83a788232335f428c2f3eba4950e6e9a82
SHA512 404b2be0ba0063faf1327168a4b5a6067da3006b9563cd53d6e4b7ef30ae26e696e4e1a031a7b3624079f52edd332e8b0812f40d2517d39f0456eda2dc5fb763

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 7c1f0047bcfaf750d2f6491b9135d529
SHA1 86e42bd78cc9264d62c41f03a9c9be9bada193a7
SHA256 c24ec2dc57598c245eb37209422d91b1a83a5d4dfed64499a1e1e81fab2e0f19
SHA512 30c3d694b9a133e99f538bf0e80b5c07defe934f6ecf270229a865c6c862bd39c59b9990d29fa826551c299379a1281a1ea288166e939238d28b87363ace7223

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 710b50fa4f5aee516a5e4e57bce7171f
SHA1 dc6f452f5a72144dbd98c5dd85d59cd74555338e
SHA256 eacbcfef586bd4eac4c553a275c0cf43df64e45206a237db006b44e1178ac40b
SHA512 41ac77fee6c0609fd17538b1e137e005d477b11ac2a95864aa06cc794c10e05410f03143203a5c39b25a1e7a36063f5c6c677649a8e09b3e8fc111c4996b250b

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 74020bd3f525f4d3dc733f7bd98a557f
SHA1 3d76ee42ef86e56fae6d74e7a5a331878004ca41
SHA256 171bb54287a139a1eee576ab7bf03d442627eb41fb24f7c92d160a083efff46a
SHA512 5886fd51a4556123efddb657f45999b062b860f2274d91fd81ba69f6a78ef91938552354686e34adff95998ca3bfb0b2979dc1f9e90940919f504ded062c77e4

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 0bd84ee1befbb031a31cf5ba9f63484a
SHA1 e9e1fc37a542f21f086669d003b7d303c657a4c2
SHA256 b84d8a134a9d786633faa7902e824edd47f04c899d9e42d8300f166cda5ee89b
SHA512 83cef596832dbc228c5d0e60603876749fcbf4f2cc80e0468fc2648d168a2655a6f66dddd6495b2571381aaae643e9271053a741187a6d97e07739444a9f92c9

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 719e7bdad0e737a3f9576e8b677cb45b
SHA1 a3d930ad0e40debc7c3ae5eadda2728e9961a97d
SHA256 e1139faa811fabbce42b22306e14103f5cea5022ed9e09f572e791a4033a39f1
SHA512 1ec418aeffb63abdff7d78d844eabb37f66c4535c34eaf6eeabb37dd25b1564e4f847b8fec5bcbfd76884432bddd22241e703e5ac8141674188cb1cf57050db0

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 84c00b8c123372a9ae64f59fab2ba50a
SHA1 3dac4b4a5b1d6e99b55e814eec1694ed0fc8b20b
SHA256 bbf1d4e8ecdfacf0b5bfcbd1377e6d6cfd6ed80296e31fc307706a0458ec11e4
SHA512 3ebde53e2e806d8ebfe442e000ef974c0c92b9d4be6e232d225e12b2838ad7111f26b723312e06559823dc242b5ffe054d686c8a55965b4a8e65c7513031a790

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 25748498ba57b7844228e8a81ba4f81b
SHA1 d6870602401b43b24a3260aa0248c63d718ab800
SHA256 b2b1d65b202d518bd836797a127988869ffb3b7f60aca1ffeb5644b0d63110c0
SHA512 1455e3fa4f771bc6c108fd8fdc7d842c0016f2cf0a06fae5ba7b70c91e369b8fb7d0034c43f466b3e56d09f017727ad035fb8744d99c2afc16a0c4776503d852

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 096654c582c49c01b0c4168838471453
SHA1 32094bd59a198cc916f8687c9c9485cafce4b270
SHA256 d3ed21adb03dfb9230ccfd7a0a1b0770f5b5c6020a22a79683bedd1827b757df
SHA512 1e35adfe925df78450e5fade0e9429c6609c1e6278f8c9aff0fc6786bd5776249a7c84ebb0269664119f1eaffdc4c62ebedcce086a52aeff0d69cc9437edacc7

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 4446c9a68a114424a999398ef53731fb
SHA1 211d166dfe7a018445c55812975a7c02972e7cdf
SHA256 e5d97cb58a31143a289067248e322b8b1103cbfe890377c7b78e8e34ac4eaa95
SHA512 7c4af8bec39bc94882c2deab0141437c540cebd66ada1f4b8c720538f43b4d95471cb9b18d19fa6a4456ec9f3d0d39b42bee9febc94a97fcee7a3995ab43fe12

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 a6571ffb6e55e3b06feb2edcdba91a2b
SHA1 ede27b1f9ce4b0e177c1cccff1d7d8ada7fdf798
SHA256 0c60be820bb2c978b8a61f50e00c616704eef0667710b2162974802feb60e6f1
SHA512 9e7cf713f9d796b3f0a34c63a7a7e8101501dd695fdfd0b0cbdb576a616a9151bbe109c65dd2b236ec4241f901cc3e665b64a8a2fe38248a80222e4339f69136

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 2489e3a56e372bfc9c6fe34e162a4a10
SHA1 2b453ed8a466abb8f6447dabda980e5f4b6bccab
SHA256 354d42084875e4240e7be53943f90d108f4cb9978d7d0bb0d4980cfa09902875
SHA512 280bec5ba680c34d982b9973190611bc04ad789dac5e2497ea634096c33b2bac7bd4f7eb0550e21119d81d2d989d566faae354f4b6c6bf3d43fe8a46a42c8d9c

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 9b0dcfc7a377e8b30fc27cb815b288d2
SHA1 ffa366cd191c2f6d0a70e011bdd2ee22d69b9e0c
SHA256 fda66eb528f15e996674638965034584dbe6de5b36fe78c94a3f078db5521f15
SHA512 bab66d1f99bb166600f70c8f3caf0c012f6b490e4fd93b338bcf9e8047353df367eba013a0509e340c05a157eca5ebc2dd9f7618820441ca735aa65a698d5464

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 37c64f1ec5fff29381fb5833f803b325
SHA1 f980106842ee698669b0022761ab82f0cae8aced
SHA256 7f40819fbb98a7090c8a66d2eca40681134059fb008a84107255a5ff29d8304e
SHA512 d6f77eecb60c728be86281425e828b9c8a76e0c6b0c400df3dcfc9315d0ac5d8d8cfab6b2cea1bcba84e88091f45f5f69eb9c6e3df0ac170bf0a7e86a2dd2410

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 5f43f97f58f06d3909fe573306007000
SHA1 89a95866cbc583ebfb6b4fbe98a244f344eb2be6
SHA256 118803f2118bef519193bb93ca54d384f92f769624fa0ae3584362197ea85372
SHA512 428d8cb07bb63c98456352657d61e0c98738f3a7758ef0b7c869c0985d778b8960613c65d5fba7f1e123b44651ab1a99f6d20de22eed401f56d4ec1dade6a912

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 63617851b25bf61338817c159e5d6140
SHA1 9108648fb615927ea9ee6e720c757b2830eb79d5
SHA256 f2ee1bd93433c1103fff701245226b94353a1d81e256c02ddcf91f7ffd7993ab
SHA512 1103540f3826866a5d689b925a3bf22c82a232b44833782a3adc3300e32ea239eb88a13463da98969dc28b82c94d84d83712c5f193319fb43006efed2d3fc50c

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 f8d293eca6f12d1a95972cb80b9b0fd3
SHA1 0a84cce4563b8e6924d559a1d28e973e7d88755d
SHA256 4a3d3d64d63dd92900e0dca2574043c07660eca9f94380dacc909ca6f69d5bbe
SHA512 7da3c8071bca96af034a99441d5cbec21911c9441fa3e2cd031b893b1cada746a604fab95e21383847df3fef5f18aebb6a2a23e712796d2be48cb70544a82e10

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 ba79cd2506efa4889da2305140aac96e
SHA1 e63a6ca39dc7ad1216469efa8aa52c19a9e0c2e2
SHA256 7eba93da410134e51934f696992218ef9889e7355f5287f50dce8aa663bb0e04
SHA512 13a55e229f769479042ca6d2c157da2edabdcd35f22989be21a5979a3e17e468781b3699df39b75790016150a6b276901409cfe9432bbe95fd0fffde33133bbe

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 05b42f318e23d9e6179279d98661222c
SHA1 e22bb9995b38ba3dbfc70237643508112c490962
SHA256 b40169b3a983a2feeaa2b1d925b0c166baf477fd98bb142533243d8d6e89941a
SHA512 1aca516a03b01305b8fc559dbafed77d69cb382505949691478c7c26b11c1d0f513c3081b61b0e72a16140007eb7c117cf9b9c282237b7a54667b2d4e85a322c

C:\Program Files\7-Zip\History.txt.azov

MD5 166aeaf1376a3dc5f6632676cb6e1a06
SHA1 8f0eea7746ba3421b43861fca7040c04427ec647
SHA256 a9ee2692815fbfbd6a6b9a25ba03d3dd8431841f7b206d15e1d829d08e7a6e3b
SHA512 20c6f065f82ac3a1d7e8e8668fe596535758b9a19c3139f8d3c89bf774ef6f3979dbce7d42535cc12265c2d675d2569e8f0cc0c0210833577194b406f6731646

C:\Program Files\7-Zip\descript.ion.azov

MD5 d0cea9188a9e316c5735ce4f448a5d06
SHA1 317ee83abb4809688bcdabe0e6e97b64a38354e9
SHA256 04c177e2019a521d1b5dd5d3afea01ebebfccf3d665fe1a2719d122a8bc41f7b
SHA512 07041c502af89b69bf95eaabd0e5d34b68a95605bae7b762ad25aa7d0cba250c1ade07fd77a6abf3b866acf1491fa67febd9a4aac7e7403f41568fb65297500f

memory/3060-194-0x0000000000020000-0x0000000000027000-memory.dmp

C:\Program Files\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 4f09769165ce73049478dcc12acbeb61
SHA1 8f735bbb68a3358e54d27c0abecaef2828aa7f22
SHA256 3dedc642ae94beb859526701dfeb7089b04463ae2d72ffa5a45f8967ee4cdf9f
SHA512 670508a7b180f662ff83cad956ef24d5385a9fe455b737a5653f6d3f62273364430d61e8a061fe465450036c5d66538bcf4c33a24b3a951b0777a112b1f93172

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 8370fcdf99819dad015a9428e0920268
SHA1 9c3f0ccc3351bcda452b7fcbf6c73ee6c6af454c
SHA256 e5d575d4eae71efddfe8a84cda3ab89e412970317f89af3f72b9633a08d88ae7
SHA512 b851711b3ae0ec5dd88e2a4ad573b787c2567849f9a7ce55d10e581d006761b293308df267f80654c9e76fa71cea4f38fb5dbe7fa9c7826381a9d2d6732990c0

C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe

MD5 258f073fc33c2fb8ba305a12e8c9f6e3
SHA1 27ea73bb2457ae613c3433b2680fee1cf646b23e
SHA256 310cc08f6ee9fb1640177ce95c5bd949a0057b3ea131dc6aa89079c90457b6fc
SHA512 fe4981612d1c98db1b0f6e35f0434b6f2a87764037a9079c7b5499068949287623fadfdc8d009107ede8eefd97b9e712b381f2fbdc60ef5e2c8501962569f5e2

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe

MD5 22790308fe07e63c560c20c9b846938e
SHA1 b8c7d2202497166d958838d8b05a42e64583edf3
SHA256 c494fc28308f800226b7fd437c2334fddf18a5b59dd3b64597e2e6df19a626db
SHA512 680155c5ddf075e4654baabe5d110f36064db2e667df058c8c75ff0a9717a2fbe6fbe19aafd65b9add4bd9ad0a6f615fca7c2b928dc6b593b1aeae423adfda1f

C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe

MD5 aea7e8c8f8eb1ae49962b3f95158e63a
SHA1 d58b33fd2e1a0572e9f3fb1cf410b858f420f672
SHA256 aab9ce70bcef11b9f8ed0585f8701a2edd9af485a9a6915f23942eb989664984
SHA512 f754612f3f79ddd49f47fefaf7132382e722cb0a497347cc97a127605f041d0652840fbad5f3d34f4ec8656c8ea414ca0ce365a383813d66a4a148dbff83460c

C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe

MD5 7527618fe9a43ca4fe67dc1752963926
SHA1 acb7b1fe3868d9927fc4ee1a3493775e5b60b974
SHA256 98141f1cf1de06c8520a06c2d34bf0cd8e3ab3eecde758739819119a0807f96d
SHA512 18fe534544b4e22e6ee712336fd774e15573a8128b999e5c8aefd77af7351e5fd8661e1d9649d054f6e929f3a6619fb29843cc8645a8474d52859ee032e3cd96

C:\Program Files\Java\jre7\bin\javaw.exe

MD5 874d69f2e95752a7897b9034aaeec002
SHA1 61d908b6e2ab11cbcd6b75097ca609199cf73172
SHA256 c74d0c71bef10d8783d1fb3f4f914d41e99e3920e56374a10a128dfcac886df9
SHA512 0d2d05c4a227573cd1e23ef7cbc021195a5decccd1690d358600f9fa214db31550235bd22a7ebefb546d417f6d12d3a158dba7a0b5090b1742f683f1ef6f458d

C:\Program Files\Java\jre7\bin\jp2launcher.exe

MD5 d28e059c93a79170adf51d15e2a9be8e
SHA1 95d8ee25a477942ede0ca5c94e0fef6c07156058
SHA256 e0e0ee8afd02f1eed1c69fb4a23a16133a7d6d39a7cb45c55267148e7b4f15d2
SHA512 428fdf66e41db4743fa8412065b995c39e5e1edfb1356d6e2edb095c678639d84157aa04da8611f60379fa0b3af8670cca2d541307ad6e36e4fcee6eef244385

C:\Program Files\Java\jre7\bin\ssvagent.exe

MD5 decc1c449bdfeee3ade81643da85cbd0
SHA1 c3d8596988ae240e402714487f36781e4784868b
SHA256 4656d6959c55d32d5cb375c4bfc43213cc74a81475fc42a83d4ba464dd4cc7ea
SHA512 09a52bc1bcaaf9473dc8bed573fcaf9db04812660905f93803da9d7c0d5d2fac28347c97f68ced7563863cadb798b39206f8d5832adecbeece984145c4000814

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 efc23778611191c3250e47f8832f1b40
SHA1 12deb7332a3676b0fa724f05d2bfe01634fea4f6
SHA256 8961e9c33db0f21db438ba9a916e09b0fa58a4013be52eb959339e7fd0492b50
SHA512 0329f838e55f23be5eae5e5e337adf63b5f57b31833167f78c43a22090c014f129ce0239729d8ece4b9ecd042292f9589fc3c318e6739972cd4f7e0d50acc155

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 ff8c8ce715381fba041661bbd0cc7d91
SHA1 539e30b2ffb5a7570966cb74ff92fe865428b516
SHA256 1ae267a17e773d99a699728ccbbb23c3e1ad783e0501746b2b46c9a44eee03d6
SHA512 50827f7abb649058dcdcf1cd521e3a770a4f1ccefe95c9dbec9eb054b4bf208cb4d1bee17d99d128418413ae7e4fff23b9f279955f70854604603c140426eecf

C:\Program Files\Java\jre7\bin\javaws.exe

MD5 a992c8ac82ccf77b4b28552058837161
SHA1 a541c591a1a7a8574594959fa8a5f48551c6d1c0
SHA256 ca1dd2bf09f7a7cee4b88b86361f0963092245ab060daf34abca86a32a1d90f7
SHA512 b369bfac68bb61b04120b8eee64f6acd8d4b3a84e92e0a45190c86d8e8b4aa340657fb25f00cd1a9dd19918dad15c770e0cb51d1cd92304067bada097540700d

C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

MD5 a648b2669f7c3a193ccca14bf2360410
SHA1 9604ed33884320accb44e867c528222c7fd6f366
SHA256 2288eb52290c041cd8a39a826acc9f9db01debdaa9adaa73616680848a71f436
SHA512 c9cd0461e16424a0dab52d4a44c8a71f96a384b37acfe7b755ad00e6c0a8709476a7f4a72438421a5b4b7c6ed7ec16f1c50f28565a8a92c0aeeeb75dae42c66b

C:\Program Files\Microsoft Games\Hearts\Hearts.exe

MD5 40ff8f587dfd0fcd1812a339db95dd65
SHA1 2aab745f9f314fb2b8a8d7748dbfc0a75bd56e91
SHA256 199f7e96c4204dde7fbd8daad36ab7a780a165e788ca64bd4d0817bc83332120
SHA512 4b80c4c4bbca743397a3f7b9aaba38c38bb05776247540c421d0a9bf108c16a8080bd124d9e71d26078d856ca955f09ba32cc15f81e1c5adc629e9b4646be178

C:\Program Files\Java\jre7\bin\java.exe

MD5 744b594390032d7476e6d7c4453d20f7
SHA1 edd170e721a81907a8cea55c869662629633b6c2
SHA256 d5cc96722802c3315ab25d9684660ff69bde2ec47e2dfba56680852b51e2e5c9
SHA512 5f3ce203f9ef1d073b694aeaa61cbc6e99cf8ed0a57a52b792389cf764e7ab749ba9ab0f43f9e2500659aa045b0597d0ed57b5ffcf86d600e039d78204100204

C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe

MD5 6cf3e18c0094959a6594c1b8d9c45085
SHA1 ae36d3e7142145df4a4ee0dda7463245639b14b7
SHA256 df65261bf21fe4b295b3ab1d268091abda0c9f32b6cffac17129b3ce6c44dd58
SHA512 d912944d400d08d920488c46608b399324455b071ec7072581af30e46c551a600a568db3010a57e9469e6ecbe542869d2b4c6d5062c452f0dd109442cf66665d

C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

MD5 24531b04eb78a1df7fb1167b4f4aeba3
SHA1 879f7d2bf77754ee2592f72aa487639ae87aa49b
SHA256 fb2d3f8d88f663714ae5f0182a242c829d415f44f1515ea08aef00d4cd55d9e6
SHA512 52a3b90977cf84d34f34838fecc1123e331172d9e60ebf710b3f7f5a6b47d4ef9af22d27a836558b46c48f51ef3f399ea84e4e8d186bd0b939e4c83a9a5bc1dd

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe

MD5 6c5b618facfe150f3241b590e01f2323
SHA1 6902c61d0f579b11cdd984fd679d3db95887d9d2
SHA256 76f6839f4bc121080c016adf2eb8e238ece3e0b204864a037e59866571a47690
SHA512 a3d9a99bd90ced9ed4b457ad4627ae7a03f08d910044c03f8bcd475e85b651d6187647cf8ac568b81359ca4d960dde811196a3140a701bb436cccdfbc52a8640

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

MD5 944c39cf510b4c438c8798aea6477e91
SHA1 20e8bc3817d5045a2f78c0b442df6a421e9514ed
SHA256 d0e37e58a3944020d655432ace45cafdcf53399c59540e9421de1ca432ca8950
SHA512 00df5b417cfd7176bc2000265dae0e411202fb049b6a9651ae3f5fdb956ee3fbbb1cd442a5611867b403d89b676bd585ed34fcfc7f3f1576fbc78feaa0885174

C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe

MD5 bbc03640f497e5389fd55691075bd57b
SHA1 dbabe8db5746f229798dd630259c820bc58eda15
SHA256 fabd28269ea82f825571a682fd1ce76344056326dfd9531a9f68c6b328703a7a
SHA512 ca28078465cdccfa18ba3ae672cdd3a6769caaa9b0d50b9d18d9f7843d26cd05226ac9b7b98ecd6fc84818d284124a7d59098d4bf1fbfed3b1f0c070d58e7961

C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe

MD5 51975df394f0ea1e08ea0358d8cc0339
SHA1 c0a4350898938886d97727e49a9944655c4533ea
SHA256 c9c3ee9743fa19327034130ee60357a7da07b1d2f610b1ee7fc97a6fee6ae524
SHA512 86e5dcb0264ea5a71fb24d338cd805ff1ad793805f8f060030ed78def63d5913b227ac55bbd94e22439ed4865d694e0c3030d3d7804eb2d7756dbc821a219fc1

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

MD5 ec9dbdfb809a3bd54a8da0413805e1aa
SHA1 be5397cd6e418bb7f08e030296ff3c8c5c129b80
SHA256 25f999e9413f7ac0523a9f6e10f4de8547a135dcd69efea50273857eb338880b
SHA512 3a5b59488963e418dbc76c4466c540c4394c8d58a645cefb8fb41211f85aa7124a689e509e22a1bf013c34db722df27ee53fd7aa35a3e8101ed715a28193f3e5

C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe

MD5 bed724d32d4696f67a2cd8a693743a2d
SHA1 9f6e844615fb69a4bd5091626a21f17980fca28b
SHA256 15090da4235818ef6619f25630fc9fcd69fc73d4850cf135c34f6c284fd0f8c2
SHA512 11a469435026e9771abe239974edd7a849fad08bc7ac799a2c906f8cfd6b470ebf75916878b3af2ecc9c7f4b096b7cd0ca78869e0c9d1f04e20f099e192650e7

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 75aab215fc115e261e61e25b35c3db9d
SHA1 7cb8b1a1a3ec34dac1dc77e7b277677962750527
SHA256 7784ae9f0a6096fedd5c76134d089e128e55ecc47040826dbfb2e11c298698d2
SHA512 0b367c05f8d03fbaa2987966b37edd3d9d32a7ada8e7480b8caa069a54c04f5ea0c87d8b31aedda67fe227b8b7bcd371a5e1ef97b012f1d62ffad2f32396341a

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 6f59e4d46cac836580b200ef1d5de719
SHA1 8dcc1d29933463f1c59179e351f2181235cf6335
SHA256 16f5a898550d7e1f876c82b537a0911988fabdd720e9bf05292c4792443494b8
SHA512 f6c72638d7b8215a31ba2a700eb0a3d8b79ad4ce671a9b1da97564ee3cd838d6a9d6ce7009db20297c30cb5cfc6f252a6dbddb88045ca28430d896af68acc26b

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 eafb20325febb8e8c8906330360fdfb9
SHA1 2b93b905981466ce7d9d6143abeba0b49ad8e603
SHA256 3eafb66d32276e3d6dbef6919ccb346b3c1aebe410113531934bab6d39eb9c08
SHA512 365790383458f72ec903ece199502d1ceea72c63b55fa8ddc7efc65aa3a37414dc3ab11dcc98ffb5ffbe0b95588a17324dfef4c158bdbfeb15aa68570f3236e4

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 5307ee75541ab187380ea23003b7abf4
SHA1 37d7dc78e8b762e42627668ed503b481bb6bf712
SHA256 f9fa32805fe611b126de62851983bfb5a954499653d5f1b59289d5f38da7ec78
SHA512 4c6792956edfe9b74393fd6e6a01c8164fab955257854125bb3e4144e62e8891450a067014979801cd6d7425eaf9d2dcc8bd00b7b28a293fcfc7a0cda55acfd2

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 95593d512688d1269d64606e75ab0b85
SHA1 4cb086cf4bffe8f3a8da53880dfa6363b1352312
SHA256 37eeb9a7a099a74b5dd359a3d348ceb64a3f7a43c039cb6f7ee0acb938b699d5
SHA512 550aa6b544d51247ae3d9fc94262d95fa7f9d12588b113b8994f0d05524ad41e00034677bb10a5fa5b0b1521ae3f11697681acd6f7c17d3f66d2144f1a462653

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 f7dc956d0cf986ba6978b1760996dc9b
SHA1 2655c0774c495b21ff592b8a2ed6bc3c8fde7ae6
SHA256 ddbc021a5e8a2264967f709f971bee56d37d201aa2e6496c46a4476da6a81e5e
SHA512 65cfe523b43e7f90986fe215cdb0f9e4d9d75e55ed53f51c31a5a5eff15a81a8349890c387a1f2a52677ca10982507a9e5dd738d38a70e12664161216e4195e4

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 c6d353ae0f834772f1186de72184e8be
SHA1 b054bab09cff3370d92bb0df9805cd28c6dc1e78
SHA256 c03d040941ea3906605a76603c0f15d9183b4048b800c77a8c57cb8d2c834805
SHA512 206a293fdf1490a8a8bb941639ed521d52fac95a8dac596f4345f4ed29e69124974cca3cea114aff5a2f941401858f6b016bc8e0c9d7e8cfd7139a02854eb91e

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 3a6b72e5cb8d64981d1b47f0344e012e
SHA1 9d230cc4372c23c7fde2acdb375a623f61af76e9
SHA256 a5eb66b6b1ca483b8ef2cf271f835eb8aa31ea30df7e59ee5bfd1d852b9e975e
SHA512 91962340900a86c0d2b865bd5169a739f6a03ee1090ba711c91c2adccf6c725796e3db2529d258fa8de4dbad06beeb020f7c8aff37cf8c39df5291b33890dd76

C:\Program Files\Mozilla Firefox\updater.exe

MD5 b3452d35f7b546a81ead02060d08d08c
SHA1 9c8716f686fbff1114808937e20337bbba77412d
SHA256 a26d59c3df3a7c646cc4e96c8ac45c7aa020fc58c4ab727b6dcaae554ec83970
SHA512 48011a41155ea6080c4f8380c7c41919d30203286f6d1597a0dda2462b97e8937962e9ad25fc166277ae3e066107b117b4a24a8b70b72a23429632ebfd0f89ec

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 d6f23f53a7ebd2788b10f97ea3a26d68
SHA1 4b7e9daccf060be5e26cdfc4904e71924f1bcbba
SHA256 ad3b88ca9dc8b6ad464428017e8ab06a9924f75ebe5355dfa57f5aa5ff5d2884
SHA512 aa5ee0f606780d697b266653c266c323e746816aeb8d688309dd2503b37ab68c24ee7ccac98ac3bfb8978cdb651d1b9f78f55c9521a512d0c14ab30cb434f25d

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 5b8a6942f8112225c71d3a912f1c39c4
SHA1 0294eab71616353f39ead49c7c3941d0bae0a2df
SHA256 6a9fbbe6391231ffcaf93e7e2405d75a75b4ef1946ebe3e02665f59590707940
SHA512 5b6dbe05aa67a751d2074260faf2189959f48a2263cb62d45e2b32645d728a8d9f18390e01c363d5a08e401b53caf3444f245961f3bc391a78e3126174591372

C:\Program Files\Java\jdk1.7.0_80\bin\java.exe

MD5 b6df4bc1a86e6219ba495342bf9e2ac9
SHA1 569a59d8d68f6c94970bdc8f3997babe7bbd2dfa
SHA256 6af30516287114c9f80e52ea1145f4ba01fdfcca2a7b2a74ddcf1fcd9a39fc2d
SHA512 ee064b81a4946f8b47087f8aaada185bb6b409cc084f6ed40bd7ad40ef8ece4e0aaa67cf2b434a89cf289378b401b6339580923bcfb42df6c1e60e792c757824

C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

MD5 8a8f39434b1e9596b66cd754bf1c6a77
SHA1 54233d4dcb43cb61ee814db37c8d4d8db424930e
SHA256 d8481ab5583a30881cf1393305980624886b5d390931561969f8987577138ac0
SHA512 af75ea11660a72e341ebe234dd195d28072fa2b31b1b2d48c960b18a376624edfb7a8eea5d2d8cca0184cbd524dbbcfe6f51f5e120df1bfc9fd946049adc0e93

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 773b41b406d778233bd0e07cacc08c65
SHA1 3a6341d910b766579b4bd96d1c12ecb8bfa5e179
SHA256 3e529908223f72cbb80614d601f74cd534e8abf0aaa760d64731d6e6646ceb93
SHA512 9a00205f3fa043c39b1e7e8448c068c73a06b7cd5f405a97565b68eec5ba086bdd13119f00e017ecd9a1f357b07a089bf74d98a68068205b5bd46ced39f6d216

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 08ceca47e5060ab9e439bb3451edc9d0
SHA1 8bf0298799b2943a44e9b3a5223d3d7a8c042590
SHA256 72dfaade29ecd9d2b72350a0bacc2d2f920888a6c6b3d3d611bc40472ba6f61d
SHA512 7b6ddae3649c96d8113d8041f33cdc126699f94a1137bfc4beb232e808187fc7527effd94075a371adfc6b99bf1bddd082c8a0eff8a80a9af133d4d9a61680ed

C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

MD5 9f274137c9e894d9fed23ede861f8431
SHA1 8033eb4c10766e544d77e848b9ce6a506eee341f
SHA256 cc6e550318d197790adeae310088b9b627f46ecc4c37cc4c95c121e0e938fb86
SHA512 0b3454e5621638b9579ee7612da5ae7e79e3aa75008b546bcda96ef38b8108be836bee12c392a925b765e904f4a2d97e3e9b827a04b34104ca04fa9cd755c54c

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 ed8f1806583176544107341e5c812544
SHA1 28791b5eef9bcf1973b50d0540e085a93ea544c4
SHA256 c64adc9dcc6c173fbb90fb5acefe7a5601a304745d18766584b4f41b152194fb
SHA512 10d803be6a30b04b16f391565493f1dc2e2d7a000dddb5a8b0141f97b57e31a75dca9e1fe412efc0172c4b3fddd72d760e51f18d32ffbb392b2f9ffc5e4275b5

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF

MD5 72c4cb994d2f4a64051f68a157e08252
SHA1 1822b95c1ef6572f35d105466c84e7ff40638283
SHA256 8d423226773050ef48de25ea501cef1c787e8e0354ed0f7c194b8c053aa19b22
SHA512 a398eae987c6ff248cb70781a7356cc945c961049d852431ec3fd240c118f727da0d2d53b857fa6c51f16954036306ab54cd9694dbaab77c16c7e7c66a979e54

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF

MD5 31e67dd594aa4ba0457d4f180799c784
SHA1 da69477cb6723c19e1df835f0acadf9d409d4882
SHA256 89b4d8dae5f2cdba9fcaa149c8578a677b0eaeba21715d173dab2fae2329f753
SHA512 9f39cd48ac44189e2fe17b2ed77f5742cc450fd7fc65b5dae30dd14f8b29b5247e69ee0d1e4e126999801c50546fbf06e7b651f061f94477ea5191fda2a168f4

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF

MD5 abb07959e04d12c2a43d027c0404707c
SHA1 9860da52389b9af75efc8aa4a6d98a5b57c2dc31
SHA256 efde4934cf428c868ac23e41940daa139886f8ee18fe01ffc0856f3748e04ec0
SHA512 de086fc24afc5ff7227c18467899b22cd20ed0367a98e111604d1dd454523ccb2be7c3319ba2b5f5ff7616dd3e2ca73cc5c061627165f6372e014f1e4c284fb2

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF

MD5 33620a431903ac4071a9a2981ea69bd6
SHA1 fb40581fc57160e7f57e315b24d966f4438cf245
SHA256 acd8fb775d33b4e2c8e4aafa0330b6ce7179118f1ddc438043801c6b80deab22
SHA512 cd71dd05d4d0b44c8515105b2d1f2ad96ba3915ba93c389f8fd90108360e7cc2f6275755b835ea3b75124253363075db61a97bae2da3c8870aed9222b5a1b3e0

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF

MD5 faf5efd46d39c6bca6558daaf080943b
SHA1 304bd594cf68de970a6780c8e30f4f6209a17363
SHA256 59f7126d1c013374d7ebdf2f478d795ad1c083bf055ce907a68b9c3907473324
SHA512 931d15af9c49c558dd3e04f65e70cd1a39f3fde1efc939968d153a1fdc89829fe4137e512edbe887e30f2d2949acc28d8f69e3ea0287f2f16e11179a1259de59

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF

MD5 0169b4da0314bdff5ce60c30ff84139f
SHA1 6a77c0f5027859853c4cf66e81b2ca81388001bd
SHA256 eb8f5961478679ae242e27737849e52f5917b6c933d18abbdb1ecc12f09eb480
SHA512 a6756dbd1e8544dff447657430a5f100695b70d48748fd09b3cab13a20ab70fa73ec07f3214c299924d8dce6523981b7a312ff8b77fc3f8dc74e03f81866decb

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF

MD5 9b88f2451dfe0e91467b07a49077dbb2
SHA1 6b6f2d5b2544ce41cb9b5c863702dc5893acf6ce
SHA256 32958bc2b5082f27c72f3ef7515608582aabffff927efb1f06e7aa8d1388e4fa
SHA512 ded9c285a3611a9e1dd4d82dde8810ee7b744d27b71abf5793c3e1ecda9e09596a7ef38d2c5c142f4ddc98b7cf1d782e3126c4667f9bc03bad092c4db8e0189d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF

MD5 c4ea5b30df4a13a137631f444d5e58db
SHA1 5d6e30aa24b7ac77a13bbb5277641ce3a88b60d3
SHA256 f19e13e2acae71d52d3c3b3f4b5705e42d3eaa720e6745f1dbe1052d10800585
SHA512 4ff50da3ba6d6c37b8265b73d7de4d14ce1cec59daf6512036a40fe139360c1d0e62eb89698420fd7b504865dcad39f3a0ece03f29894410f48defd65e29463b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF

MD5 091a01245fa6543995eb1b60cb0e17a4
SHA1 924aafe9e0a793613c574357a244ecdc2f935a58
SHA256 b2e3cb7ccf1dac735c3fd9496c1de4dc5af94b8c9b364a0c780c53eac7aa9510
SHA512 3f1ae8b925400ddc50610d0c129bcc3e8e9071860980f74ab4b55d64e647a184409693737e891384c6d01087d6d2ed16c347a2bb5f2a52dab6116ad6864f551b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF

MD5 6ab34c58e8e7318c3f8b4d651467c12e
SHA1 595b981f6c01835ffebcbc26f511dca131147f44
SHA256 f969947d450a4d01ac24e439b41b2a32ced6d9d12e055e73396ae5bc8a8262e5
SHA512 fd774c60dc2b4094b152e4a03daa2b69921f4b456b1b4f6a972d24d4649781c6aa3fcef8c157a574e0b89641a6b0d75754c9a326259e5e83508bd6fd381b5844

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF

MD5 cdbf297c65efa6201915715f519d8562
SHA1 c59d132cd10b1ec0ac1056abf9e1b2932290ece0
SHA256 1c9dfaefd0211c201b36fd65b692e178bd1de60a8421340ca3b4970c3ab14782
SHA512 914fefe7fe05fab2bad90ee48cfe8653968bd352cf8ee390c6030f0e684914aab82f21b2ec93518ccad3bf9cd3346bb0b7a8ddc9c85a390d20dfe6f757117256

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF

MD5 addb7b768a9c46897a47b0c5ac9d0dc6
SHA1 1e9eb0da312ae8f69ef932403874224c1233b0be
SHA256 0788ae2815a414aebca9799c1481776c9b2f3997bb888d6aed91d05cda233556
SHA512 320b5b576ce94f70ea23c0a109324eacbddabfc261f9df53182ce456a54860694b8466674af83307a6bf09c21b0e84cfb839ecf2a2468e384605f061fc0f56d9

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF

MD5 bd34ea8acc9208374458a47bb3b67666
SHA1 64b1bad965ac229d278fe64748ef93c59b685a85
SHA256 db89907df5e0a080c1e836c7bd0d99954ea0c048f032ad95750e1e24349c93ed
SHA512 02bbfab395de22eae4e6e58741019a2805ff6f4a7087e4a155315bc810eb1b2ad9063474006d5d3624b97407dce8afe453012b0b4bd54e47b7bb50ac5d8f98e2

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF

MD5 8cf84e7088ba648b26912df4fb9bd9f7
SHA1 bcce7eae06156e1a974dcd236c1e6ec85e2a0a06
SHA256 71f6617595dbef0d4da62064ebd5dc8cdcde4d266e5ebbe0cbfe74fa0d54541e
SHA512 cda8103c824e53b315a269cff98d5adc4f6e0cba349dd9f6cc240d1544394af735674000d96628590d3d8433637c14472660d502ae2010814cc7d25abab574cc

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF

MD5 024ed18580f566f5d6dd48218da56a03
SHA1 ebdc676b49e6951df6d646ae839f66fc3de12e2b
SHA256 8ad90b5eaf2b6d8a4bc7bd07e331f75faf1756a705b36a50cfbdf36c74580967
SHA512 72d46930c584a8ee98c348d6dd7cbccc41bfa601a1d6033cfe23ddbe59c79ba64ea54a4051839fd0c906ff7158aa6f10b5314d0b5fe78ac2678fb15a9522f9f4

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF

MD5 b270218ced76134fffdd7a5ce5761574
SHA1 037f7daa74d623a2f617f3deda8d27d206a88c65
SHA256 cea1e740958cad2bb4cf48a1da257b3587e1216c9ea587cccde45bb885e4f7ad
SHA512 82431af137ca52ea7abf622195ffe6b96402f298ea418b2b1331778c67f956b03a95939a707e62c216733ae534b92942d9f0f878b31c24b2945848f876488ca3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF

MD5 a660a55bbdb03208ff7dcda1b1aaf0e0
SHA1 ee30db58fb32b06a352db1f594a07ee409b8a1b8
SHA256 09afacfcbd1b34befa0dc989361fd1f7bd90f641414bdb8ef36dfb4ddd54473e
SHA512 7247aed9b79a20dfc612b9636c80977033caa3f1590bef8a05e544aa65fc64b214fa357a206e43de93d52d25afa8208f82d53dd71161a9261e7966bb01d978d0

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF

MD5 14eb8ab9710c6116136d34a15555e02d
SHA1 14b1033590a91edd504fb2477f5d4dbbdc7a1136
SHA256 840cc32f2b2dcc0c32a2f850f0f166caed76d2a30be117c8b8159285ba1d0fc4
SHA512 1f7f7f21c32a4fa83cc3f6a1cc34346d2679a80f9acae1b20230892671d69624cd94aeb866c8fece1b589330d5258738a052e72f7d9798fdaae1b926173c99a3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF

MD5 e9709228d95b3c5e9e49d115d3d1e47c
SHA1 652805d34e3294690d26823699f6fdaa91d0c80b
SHA256 9b6ad8252adbf04b93eb486ab7e0242177547e4a9bb64ce6ecb386fba80269a2
SHA512 e8ac632786e965751f46321f2e25d9a8eeba917d181045c360895c8a45547ecf214e832c6a80440866a2a0432632b2a3cf1d0e96dac238c2526f9b73ab018a93

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF

MD5 a6970350f0bf7f65f3727d2e3a338ed4
SHA1 cb043e32447604ff8ee6a3f74d6a286d44ca3766
SHA256 468e17b088e96fdf41535e8244572922d535e1ec39c346c163fa4ec0bde1d6dd
SHA512 c32f59254a53d66329207ecda2eac0263ab944762b57af6dc69deb0f59b76d0b4315d12016bf81bdaa0c38350a8695672d3560786b98cdcdff8f3bfb2c6b213a

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF

MD5 d6a0f8f5c3e41aea0f0d68293bb789f5
SHA1 a3b6449a850d784ca9977ec11e2d8f13a41c7a4b
SHA256 fdc00c1614248a9bc0480a39fc9f1a448336080d0a41ff71bbb2f740975ae164
SHA512 cfc48a8fb92736593c0c09bea0290d1faee2062a55aa0557a615a9f0277496bdb4ff85325bc00276249afa237c7ed2ed033bc4dac388cd94ed4d7c4e6bd0168c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF

MD5 8efe6fda139b984d7e975c7e70d9086e
SHA1 7d714f5dde8e4725a6db5260d77bbfa07ea885ce
SHA256 32b6c8a97e6ccee2b7d7e8c6bd9a0b5f988c2783410b646bb385b405fd3f7374
SHA512 0ef8b7133c6e2d0fd3d6b2aa682a640d805502f1d6aeb1675b7962869c99b9d36803b99f9e700b24fe86c4509cf574d3b6cfbad98bfd8c85ad8e525fa358fd0e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF

MD5 9e143bffb469c824c560bea34d1b0d0e
SHA1 1958f0902e1216e7381bd779896a53bd3e597fe7
SHA256 e1381da00a6063d983dff2aef0c8127d370fe97d36e687ee4a8775c8a6d8213a
SHA512 f9ec79c20582040c5562dd43da10c35a9149c5652226f592d626b98039ef9d6d8f197b7fdae3c433780d02b1e4e3e8647dd34931d39095c818a5334551182067

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF

MD5 47e131e2a997cf16b0b497be2d116ae5
SHA1 c97d85138b6053b5f6f11533f1387a6e3cf839e5
SHA256 0c5aa5625d23370bbd7aa75ccd76efa5b1fcc3d4fc18b8967c22f8985c635461
SHA512 16692cf561ab01160163a1bd117e3bb0b553c8f1345cf1bd5fa8eec9518b19ef8269a6df6b3b7ac465181792a552bdef9ea2eb787f432e4f3ac1e161f5d74589

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF

MD5 ddd283446671bbdf7abcf44049c79305
SHA1 ae901fe206c830a2fdecf00f2de4f7c2c725c7be
SHA256 cc08b913be2cbb8deada2ecb8455617b21c2f6ddfe5d9bd391e343877571a21d
SHA512 29184eeecd3a7906f7de0104dc0e8688a450977b8420d4b8da9799d635f217fbf8b894aa6ecc7a535784ce84f6c6537f12c4c4718dcea6e235cc66d4dd0a2b79

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF

MD5 6dfea403c9319a4c288d5c6d1a39d1af
SHA1 6630e3b976a7caa4127985b233ee81d872d80517
SHA256 e237283373fe98ae23f3982ac9db5a1287ab9c8a953d4d96bcb99a5069ef3f96
SHA512 25ece3c17a626b8b01006d439d4c2148b577cb28c404d429f17414342fb19da75c7cbbcf0060f1696f905643cdb320393bffefe9e001493a4267d2d24a91012b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF

MD5 1b0e334e38cb3ff5fbfb7e3052240d03
SHA1 bb7b25ba9dc66c6b0ee4a650fce3dd1c875618a3
SHA256 07ee8fb0ad450ac83f23f4bf72c4f261c37a7ffdd8daf33f08e62ed2a78fe045
SHA512 ab56dfa363c8b4e9f752cbacb2ceaa5bc7885865635e90a13b5e934846bf725fc9fc76b29807dad5d3f7ae71fd306c3dc7d4162267fe4f786384081676df6332

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF

MD5 e96b7d59fde5f9cbf2071253dbfed4b2
SHA1 c1e8cfe56b40fd9a7d068337b814ef29d5295372
SHA256 25eabab4223d04c67f4eb83ae2f4be298d2978abe6342ae5d419843983e9a98f
SHA512 8c8e51c9d52519694910c231d10d4ab449227e026c4a566ce734c63987fedd76a8737dbdc8d736c2ef1e9eb6f14084ac1d68a13bf1c3780c610c4ba52ba7d470

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF

MD5 d1f7ded70063d55dacc405cfe05e490b
SHA1 19f4217b26f175aa2121dc52bdb9e8193272c20d
SHA256 357e7c8dc2ce952f38de9547b9d3c9ebee3fc836694394a8e4ea7f39aa4619b1
SHA512 ec0c3f94b036a9239f89c40a9f53e42697dd27dcac077fc6538e4d744cdee3011d20b44328cd0d92104dab2352568f9aa9533880b9a07cb4eeff8066347114c7

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF

MD5 8f198f0ebe1bcc0a1c670fe49a0c49c4
SHA1 9efb3a62bcf4171de7859157498ab37a281d0afb
SHA256 b84dd4438d6f6cc91e76f207dd0eb68be4c134178dffdc00a1027fe4276c78da
SHA512 f55ab0dc3f77ca35c9929ed3bd66e1086e165ea5e4d6aa444f30ee325b7502f05b0f31df2e07d84176779816c4bf8d7a160ef95ab6347acddadb371536d9f4be

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF

MD5 1236df09ee34b6bf6d33bd037ac28a8b
SHA1 ded79fab7a64ae2f00e26512126b53cb37339af2
SHA256 96f1552b19e5095d1931c09d67caf416844041ff98fb16628a795e9a53907790
SHA512 705f38a3248f7fc677abdb79df2f16ccb5d53cfdd9d894d4bb5f7b88ad0ae5596b507ed2d6d27e947d661dac6128a7f42abdbcf74063586f914008c9e2885188

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF

MD5 6a56ccdb9e0ffffc011f4edf7ced041f
SHA1 b71ce5d4d1c7ac9dab0c2bc1d12c0ea6df5bcdc7
SHA256 d3f5c2af1fb55374fd176e034dd2f5b36bfef9905ff34bade7107c0d60321b83
SHA512 e66303113febff7a0c212022365c04ae89f113dadec34a52918b64229c50ab90aa24223069291db74cbf6e390cc9f3330ee360961d8799728930aa7048a8fe1c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF

MD5 3db68663328d5448025f7df57e225ec4
SHA1 0e43e376eb9806177e9a9cae8fb002f89cbe7631
SHA256 82765e2e7858d06b52e55a8ef6a481c37ecd5f9af6b66c47364e0dd868200b4b
SHA512 f52c45071443e0e7cc4e3ea873da3a54cdbf00d1bbf27acffdb3e1691d8a8a0e7fed0d62eb31e817ebdc1712a04d0d2b954a05de5315b5fcd46d12b534bb3333

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF

MD5 2f1c0633ad4763b54d4b594026d5e72b
SHA1 607af0d58c00da3aadc185476d5d81233a6f9ef5
SHA256 60e15166907257bb6b4551253ceabdbb92aed3ce2b61f4fc29670183312e0439
SHA512 9d127973e182d994dd565f71e19e9d3eb8d8507ab26b03440c7859a12a3ecbc9bce718ce5bf5508e70b3066b0481865b7772fbedc0154f859e5492a01e7a0cd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 789f51934138d16f887ffd566337949c
SHA1 c72e2da1ee00f74fc87256a92847b61804449ce6
SHA256 8ed6b0304c3590045741565f7577b29df457cfd22aac291e7a644717dd0db0f8
SHA512 de0c67e6fd82d287c28c07396e3fa3c88f97aa842e0ce4c24c7253623c8a0821411c72e430239fb3008e4e92afa03e99d8468cee8d0e07348d7da814785ecf1b

C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

MD5 1a04d5ebfaf7a6fa44a8c1adfde213cd
SHA1 f1b3d9086669dbdff2b0f7ff424faefcd62380bb
SHA256 cc22f350efba24d117b81f82b356914cb79dfc9e1d8c124ff2a12b767e77e16c
SHA512 4687c2432dd708cbfd2e5cdfbfabe180a8d808632aa3189bc58b2fc4ef5c94a7b83a675513efb0f745da4b16ef2ecd9f1dd7e4c558aa2c4a3cf4b27d9d508dcf

C:\Users\Admin\Desktop\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-10 06:53

Reported

2023-07-10 06:56

Platform

win10v2004-20230703-en

Max time kernel

139s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (9361) files with added filename extension

ransomware

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\MeasureConvertFrom.tiff => C:\Users\Admin\Pictures\MeasureConvertFrom.tiff.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Users\Admin\Pictures\MeasureConvertFrom.tiff C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\ui-strings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\10.jpg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\TagAlbumDefinitions\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUAUTH.CAB C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us_2x.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\8080_36x36x32.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ca-Es-VALENCIA.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-gb\ui-strings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-Bold.otf C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\CamMDL2.ttf C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\fr-CA.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\MSFT_PackageManagementSource.schema.mfl C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\ui-strings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\6.rsrc C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ja.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\close_x.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\ui-strings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\main-selector.css C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\rename.svg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\file_icons.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3860 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 3860 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 3860 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3860 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2880 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 408 -p 3860 -ip 3860

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3860 -s 116

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 432 -p 3860 -ip 3860

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3860 -s 364

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0x1f4,0x1f8,0x1fc,0x1e8,0x200,0x7ff6616cb840,0x7ff6616cb850,0x7ff6616cb860

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 516 -p 4548 -ip 4548

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4548 -s 116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6d8946f8,0x7ffc6d894708,0x7ffc6d894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 448 -p 2588 -ip 2588

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2588 -s 392

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 524 -p 2588 -ip 2588

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2588 -s 432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 472 -p 1168 -ip 1168

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1168 -s 148

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 520 -p 1168 -ip 1168

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1168 -s 376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff683105460,0x7ff683105470,0x7ff683105480

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 432 -p 3424 -ip 3424

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3424 -s 144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,2435552669075876018,15728687064959194133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3192 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.22.249.211:443 assets.msn.com tcp
US 8.8.8.8:53 211.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 59.189.79.40.in-addr.arpa udp

Files

memory/3860-133-0x0000029F90F60000-0x0000029F90F64000-memory.dmp

memory/3860-136-0x0000029F90F00000-0x0000029F90F05000-memory.dmp

memory/3860-141-0x0000029F90F00000-0x0000029F90F05000-memory.dmp

memory/3860-140-0x0000029F90F60000-0x0000029F90F64000-memory.dmp

memory/3860-137-0x0000029F90F00000-0x0000029F90F05000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-1043950675-1972537973-2972532878-1000\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/3860-145-0x0000029F90DB0000-0x0000029F90DB7000-memory.dmp

memory/4548-505-0x000001CE4F360000-0x000001CE4F365000-memory.dmp

memory/4548-509-0x000001CE4F360000-0x000001CE4F365000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7194d44db8579f108de6e6c238ff7f1e
SHA1 7b908754b1e35191ff3e83caed82ba9e9c0c6a5e
SHA256 43a910625654e8d95115676cc062727ae85ba4a94526a6427ac8ad269f639094
SHA512 004b3ab984fc043b6b06ca54b01cc38619f333e8b5adecf3de8e2a64011568c8832ff392456557c7e9a462ffdbd0075d24edbd7721ea194524022f6c96d509a1

memory/4548-513-0x000001CE4F360000-0x000001CE4F365000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 0bfccd49335a0b370b14a60a5b54ab59
SHA1 c89e87a9721e5eb3fd0ef4c3e42ce35f53c28e7e
SHA256 d0dae114c7eb87f431ea84be067219a04ee59f8ab65c26358453553485113e81
SHA512 475078a78203c091737282eb4d04c6351807d5ee4fce65666170c5e614a651c7c1487fc090b62180087dee18e5c041ae38b28bb579ca7ead87f64392c8b89c99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 556874dac1f0697c65e503196468ddf0
SHA1 710299827dc079c2eb793a035833a22bb2ab8c26
SHA256 b9813ac57dcd174b8790ddadd50cd3049a043ee7771b218a0b883febfaff967a
SHA512 73ea668c3518559f3f65f67af9ad2128cef507a711c08ca1098c0b3b52ec936d6d61e887a44387c0acd97faebd18f0546b1ccaf54d9cc8090c69c8d8eaef94f7

memory/4548-540-0x000001CE4F3C0000-0x000001CE4F3C4000-memory.dmp

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 7f393ac9271af8f6dca512f8ecf95968
SHA1 3c347aedf7622f2f66d109c76271e3ac401f538d
SHA256 ef65d834876ac7d0667cb7f92445f76b406121ba4f12c2afc23b140f5dfae270
SHA512 550314e7c236b54ab9f04ad78c41dc5d8328f2a80cb8adfeb6678cf4c019d3b0df3c7181492f728a135ae303e78ab5d784833ef69dca969cf22b5cc1cb5edec6

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 7d41018b15d5a3871127055da9c7afe4
SHA1 ab36bd0724c209bcd2f76a23d719cf6e57a7e971
SHA256 fa71258679ffe3f17b4893fff58455e580c6f4b55aa46106e176a7410c3f61f3
SHA512 bf07ecd5b2743b6c7eaea81c6a415d7961f6b18cc074aa0a24ef68323c1930ec4a179bc5d7aaa75eda5972b0df7c7d8659e8cc2d4d7a072a5f72fe784f5822ef

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 83d10b494bbf17d8fc827fa7d6ccd343
SHA1 a00b9cbe1e769b30066348ce8cdf0ded27045542
SHA256 06854349f7cd3738acf172a842fd86c1d2a396115c67c546ec3144fb59b3cbbb
SHA512 b693d5cf1a37501a794122ea0ac5b6c4b556d6e0d27b3b456a57edf5c2755348ed4f548dec024939852d726841c3611bdf1ceb1fb011cfe6adcf8b1d2903ab12

C:\Program Files\7-Zip\7zFM.exe

MD5 02e4eb9b81851efee9ffa8eaf8eac012
SHA1 55592278addf800c7c7ca1c1afea6c7ae24c4541
SHA256 cba73c681700a7adf3be6911f62d7f74a683b17a15b94054ffd30886aab6885c
SHA512 cf93948a9b416bbd71edadb30433910efd17b8a23b0c484865b60d5b4df56893512d9c331418f24cea644ebbc44ac668b208354004d9c7b4bd2dd4e43d24c605

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 e58edb60445cc898de4efe0a82782b16
SHA1 a894ec6f2752034dfbbde6f53f8a87da007fdfb7
SHA256 36e01d3ef481a9ed05a099b3256f72a03b63c728698930eb323c640081da015d
SHA512 010eebca683b756b1ad8296b83efa79e41763ef194d57cd8602003df6ed191972f5e57a44609e757da804d0be3d80afd0df995852836fe4da0a6e5cc6671c04e

C:\Program Files\7-Zip\7zG.exe

MD5 ca22d43de594e8e505d63d74ba84a0f6
SHA1 2cbe40dece1b1b3c853a3652613a99bfd87988d0
SHA256 46ccf197585b27a1cdbbc9da00651a35f865528be37f9d5ce713c0f85ae414d5
SHA512 96212ec88ff34fa00808c7e64ffe5a9eebd90aa7855eb3823004e7f244a13d999ca9deb41a7046bff06ee26ffe44c43ba1f645debf9b45776da8149b0e5f19ba

C:\Program Files\7-Zip\7z.exe

MD5 b41ff7cfbcaf07652c6564c2a837faa1
SHA1 aaaa5b95fd771798cbbf46ccd6678225befc9836
SHA256 9813219b0717d4160f4816df35fe450ca0d4412c234b790caebcf845c994695d
SHA512 01c15ea57ff5953a04563a077fe37c1ad4f6cec21d1d7b11c26e2fe8f1a09bf4260361b291f6c02e4ec3c1eb60918832d0e49d2e610f7174958753285d076afb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 556874dac1f0697c65e503196468ddf0
SHA1 710299827dc079c2eb793a035833a22bb2ab8c26
SHA256 b9813ac57dcd174b8790ddadd50cd3049a043ee7771b218a0b883febfaff967a
SHA512 73ea668c3518559f3f65f67af9ad2128cef507a711c08ca1098c0b3b52ec936d6d61e887a44387c0acd97faebd18f0546b1ccaf54d9cc8090c69c8d8eaef94f7

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 bc5e212ab1040fa8e03f8f820bf4c68b
SHA1 b58cf6c34f92e2f514a586b2fa4217841ec2dab9
SHA256 f91b523f05494a8db6ee4ba0641efacc826cc6e7a5fccbbe58e026086f91b54f
SHA512 fa10b744d1eb0a61f3cdf0d8774f67ca05352bcb8310ff7f2a019f23a7cf591a44b323b8569d03f30ddd041d07876a940c51c580ab8fe40f145f505b1a7ff24c

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 fc66f92008738ed706387cfba50d0bc5
SHA1 c2246b73ee9fadb98281bdbea9b078599d98b852
SHA256 60e236ca0d064205a39e5027fef28ffdbecd01a05b4ef72f19246e8b799fd6e0
SHA512 82a14829cb8b23a7321b7c588d7c4d058ca4b7ca0d14ac3dbd0114742272f063e37fcfd247f9c5567833bc9c02f282a817979d74db6d50d24b3225e878b1c1fd

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 fee4ac06662b87d9513d2e17b882e39e
SHA1 501924ae3ce1c37202f4903f4e1b387b303807bd
SHA256 b348c36262c4417326471cf474ef323fd08752ffa75702a0502f571429aa2b25
SHA512 c0d59201d913d7c89e03964da099a23c99fd582c1f9f1b2133bdd33aacfad5ab088bdb7eb8569f5a2d5df44f6d567d2be8915fd1c94516b6fc1c4b14185c2ee1

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 50f767e29f152e6887001fb21f0eae92
SHA1 98e52e4c89b8245efc325c39047194ba8d82e093
SHA256 61ef48d0cb6327e02c1cec453842db20e66adb24a3f97b8a1a24288d1ad75b12
SHA512 06ae6955f003e865728d09e33488b826c97425dcddc7f22ec946adf4c7c51763bb40c8b04d51be1c99bec93d70b9bb2b543ea025f0824dd66c8856cfd0ac6d69

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 88b932945f036941fe84a851c7984710
SHA1 d1faac13b8b170f8206aa9ccb7af154f822bb853
SHA256 1028337212e80722cd821f5ad744ba104af69da09bee0a6e4dba64d55674e85e
SHA512 57cb53085ee35296aa410c7d6d092de61a224331d436b2ae3026f87ca0cd6a9d2c8ed256be9ee5370848743b9b12386e2b33259d31185d54ebe8fbf46f79176f

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 d6e622b097912efd61079b54d8ddeb23
SHA1 eb3df7f502917e022cdd599f6d399c8f40a3b3f6
SHA256 8990843f3f30c1e2b8b3ab80da8d8cf6e6577f83f481f8524420e49a72325438
SHA512 6471cfcfb22a4e65f6b938840b518967ce0a759793b2f08bfd4a0e3cd30f418002f56130e452edf958101378a7869da67c4596f16eb68afcbae675eb95f7a218

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 32e328b1533482702f320cc652549291
SHA1 983ae84df17995e9c31775592cf8a42c3fa877f7
SHA256 ebca94319160e9dcee2c23e24a9624d388ba87762a0207b21f2d38d4ca244aa5
SHA512 bdaf5b06a4ab5d5871cbd1a9294b77c9f0c4bb1484a44742cca7e9d05d1e330138074ac81673063eb84f579e18c17e0a3ccf328bbda7d1b34b05f65099bca47c

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 b3113445888d031780086b3630ce227b
SHA1 28089366321d3975ac51c9d4042a870f1fc4b9d9
SHA256 d566ef776c9421a31f0cc2e770fa183b926765315c1c025d94ec179b9f0e73da
SHA512 295a3bbe294433564df16b89ef85d61685b98f2c0bc79ef76eb406f6cead2bbe6d99985ae64aaeec67c5ceba316cd27c9bc9afdccc2147829ba7ca609532c9f7

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 cec1d98761ba0bd295829227cf6d4e54
SHA1 974d505f171d6eb54ccb3592cedfed598f8ec888
SHA256 da879354e9867d32f92230c8fa6d5572b0f44f22ee6b5cb12eaa369c01d8a4b5
SHA512 16d94f917634261c97642d869d2b25af47373e16b5d6a5e5cf6fcb185028a00b66b9d5efd5521c37b03066a70692b4dec6b9709db339e6d3a8c75907ed2f7fa4

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 ed2226938dcc4b975a18eecd57107d51
SHA1 ffde8b17361f359df34eb4431508e372805f5686
SHA256 4fedf54395aa01a442a35c48dd7dfccf6810f1ba32e31661bc6aa78586acae5d
SHA512 531ea5f09be57016bffb35b56d05118b81ea7e0b48c8673027f98a15aceb55ac6d9a5845df17868d83a49187bf687a54ca7531fba07742095b45642ccdeb7536

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 ae454405f2ec34f5dd5bda1920e004be
SHA1 0ec72de92108963ef64b31a0e5a67ec75dee165e
SHA256 52c86c31cd3c472b344087cc2bd435fe1ef0edd00dea7ece59296a04dbf7416d
SHA512 68be230ff73e11bf765a8ab0bedda3f0a8b3028be4dc375c2111624c93509af8c09fd69aef88998e1f4d7c7ef5a22895d1632c7b516ff5561a145018e1e22699

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 a124213a45d17166f23595b197a04878
SHA1 966543530e05723fdade86bae24a5f510c78ab3d
SHA256 af7379068a024a7274a284f79eb2132609ae0cf3d247e73ec2cb8e2c4a166311
SHA512 64742665a8ac411cc010fdeac068b997f15c5308df67ca9ce604fc66113843656a51accdac2b447cfb2fda786f7b3234cf581bdaafd987abd0b9852fb569a978

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c4ada9a123928deabea8bf7d8759f65a
SHA1 eb5da2a663b28201a544b3ab8140ad7d83a26c26
SHA256 6284c9d44b7c5a02a3d1030b9c1300239609a076630ccfce53b213bcc0c0002a
SHA512 9de1d64d1a3b4ee15ec7f50535e103a9811f86ffbf59834afea65ce2cb6adcdf0f12abf51277146e3e7f8f3b9b361ea5ec8edc1a64183697c00ffb8e3e293213

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 383f54f54fb81172b693f6a63ed3c842
SHA1 967f5fe7db1bc793c60f12959dc90cc3fc8fec5a
SHA256 6420ab316d2856846bb093f5c6f6816d6cfd0de1b120efc170058e92973b9df2
SHA512 abd8c43df57196d17aec9fd3f54438851efb65b12d5c4e067edbcdb236836d4a866aea4b4646a23f62080db8b8610a002eda3f3dfd02b3bbd17911b8e15f2137

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 e3774e09e5d4190506c265eeaed4d289
SHA1 25d8025c28a775c23613395178593a0c3edd3262
SHA256 8b72e303403480d9956aa39d0ed54f1a450f5fcc3f2da6ff6353405f1b30ccef
SHA512 94e9b9890eabf5b9d285d7fad9fa063b0637b872c7bb24ab82f814628fba200f0d4e5ebb862a3b048881a363dca0e2d37e0ee405d98d54c9be8b897fcd6a4963

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 e408d56330eca724ef5d9f445d6e6e96
SHA1 3601dc43b2c845fe0f00e5892ab52bf50e9edb69
SHA256 edb860bce372eff4a9b97c0b1f59f89354c09852a73aa7c17abb28334218733b
SHA512 a042ca61b5655f96ad5a78511d7c148bf91a7206217312534d55e402d8200314f4261a5e9c02dac4337cb67744480d09a321b8662d28d0f140468b0518b205b1

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 8ab5fd193aa6f0fb73119ff147a1136e
SHA1 8d182eb45fe5bd88138db8f299c0791fef4eb2b8
SHA256 0f9153d1618c1baf6bbc78d4d4e123f63e8f5256e22c48a6649c1904877f1a56
SHA512 91a6086162f304ecca9d2586a5067f2ac4ceab927101f55e6809a9dbb76f45e126caf61ec27bb3355b019bd48051e579d89178ac8cbbb5f0abc28ed15488c01a

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 2678597688928461453208a282b27799
SHA1 4a820766aed119928a136d4b45f9e6301cdfa46b
SHA256 364454a3b100c9c524530a69f5f2ceee1a31d5caa5e03cdf88641b2cc9d8f292
SHA512 916fb8c0fe90fd15ba7fbcf889bb2c3c5065c8318b77fb4590e825dbaa2df3e21c155159cee201ca1487abd1a25364db9655b95164c15ee3333da830953acac7

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 4cc7f72577bcf301c8bfd47b7c2685ad
SHA1 abdf949cd2867dce790f3deda7e087c796a4a022
SHA256 72306bfd9fc717012f71970bcd31b9b5fbcefb39c7eab3cd3fce59b59e9ca820
SHA512 570ba2dc55a1a709444902e4af7451ec48022f067eb7dd1596679fc9d0609d76b956a1cdcbb92bbbfd74a8f1bbe5d1b79a435a818de77cbe18b7e40feb41c08e

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 ce8e4fb0a6a78840a51953e9a338f506
SHA1 02b2da2ddf33eff569a89280b999643c7270f4bb
SHA256 032270fc377054ad0abc03bb8aa4a32106ec2b06c6d4cf5b552541cd8279c2d8
SHA512 adc872738f7188ed175ea01fa26f5db21759d963ff19ee6f6994b87d013cf80307301b02a0124329d70ce7eb28d9cfaf1ed40a265714fb8e74b101291f02611a

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 3f70811694dec411f5841373a2ae93ae
SHA1 72f97fc8d6f8ea93eaac096b0835254f46fb1352
SHA256 dae49293a174c42560400cc4970c26e5714d84afd18e822099dc9e2bb9afd0f6
SHA512 1008c0671034ad696b1e8cea6b840f6dbca8dc5c108926a3558581e6784ee25e5610f2e5553ada6af89b9b09f9851fd55e84fe6e934c388b752716647e25d00b

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 688be23a79ecc514afd173df4f6a9bcd
SHA1 f94d4829ce8efedb78a48b3ad7137e8b4414f64c
SHA256 37e740984f4ad89160ad957f9d385f07442e4f56f720395cbe49f85023799a28
SHA512 10caa2a5e6e4c089f4d4089f598effc76e710953dcd223f5d86a687cb42abdb87f1506e1dc8d0ab1d4913b011e246649afd8c8730f86ffe0c6b2f0602db9c5db

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 bf276e185b5569785f677f0e6e289b5b
SHA1 acb5ff0bae0d3cc3effd7408436fcbf9a5ea1d5f
SHA256 cbc23fb582801c7a982d57beb34bd30743cda611ab170e06fb05ec8c67bce6a9
SHA512 aabce0b2ab20261d4f0395dfc130bd076a0179ec99661abdc8d5e364a670714ebd3bbe1ad7f0b3dcc8a2449091eabb2cf6bf299cd208127abfd7b3e60cdb38b7

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 18cc95db06452f8095be4ea4d8f72704
SHA1 90cda1ca9a5a5d3dcab05738cac9c72f2dbee7bd
SHA256 e490a730d64faefa277cb2167b4ab999d88c75c0e86357ac7087d34a2ee81976
SHA512 7d4557771660b83f9dd50aa36477f69f57f7505131c497e7e2ead77ce9a166c4dc397e3ddef4d16436c22f0c2c62a2258197d1d3e23777d323b90b4ede8c728a

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 3430353e842b2501719db477074cc5b1
SHA1 596fe58ca9067ad5835fc13dc3b188b2702c7cc4
SHA256 6b844487eebba71c4b51c9fdcbc9b45bd7ee2396ffbcfaecfcb85451595b7289
SHA512 3c7de31430149f85b8792b14598c65a985935f7bb7c8090df6497dc5f3406cc04cecd0e50e0cf4a2d7000b84d4c0e7c3436a63140fd92efb7322274396ad1ae5

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 558bd198f20cbce6f4e02dbb79c45aac
SHA1 f71c5478fd6ad3759dccb2beaaddc19aa36a7a24
SHA256 f960a6ddd5ef8444070646e1d58fdabd97e675a84ed8ec5d04bc903a365b3b80
SHA512 1f1bf6b903664b5a59bbbacd43f32e64c3b8539ff679ba3dfa29169adb4ab13dfcdf794657b71297167dfbb6229edf92de98e60e99aaf51d204bcbe92d49891c

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 b6cb95e27cc3d5745640567c8bcbd6c3
SHA1 0d9b599626d9affa5cfb6207404e8f64c7c82b22
SHA256 c6db5bb5bc5d1e36acc2517118b57f6fcfd7af67a495e3033604a7daea6663e8
SHA512 2fdcb2b4c30641b5ea8fcfa25cd6a42fe39c6d419c5e10d92fe0645cad4ca763b6d236248cba120b66f0db13dd4baecbd329a4ff04ba2207d2320f5bac05cae2

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 69fa95198091e2d5622c9577b2f8b12e
SHA1 f131b95c57b929b2b4a79c1ff5378b8a35e88205
SHA256 86f01cc4ac76dee810f4e8d63b40128291fff983f8f61d68cc251b98548e0fd6
SHA512 afac8735d2f17fbe81d4da4d4910c6ce2dff21b91993140bd404972929fbcf98caab0e11c6f40618fc3d72440811d4401fdf6ef6e2cfc76ee3e848acbc4cff62

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 1c4b429b11bfc6adca75ba4bc05eb2ee
SHA1 36d3ab94523bcc1457ee494caf203139199988fa
SHA256 8718c257dd4324ea8e380e7af871989a831b7f4974a516c18b08cb2df0be7f97
SHA512 6e0a37330bf3e82876bccb06b3c6310222e54b4e79180750926dacced265a693b7f0a32d94bae400e6b2bc27298b12b517f08c3215b8a994ee147351207386f1

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 c20b1a9b2837d5a4bbd13da1d987a78d
SHA1 c0295efa96945d8c43dda07df2ce031e845d521e
SHA256 e3f46f17c9d68e8b2e412f7611d3d311e9978168dceb3d20f52e5306311ce6e5
SHA512 9eac3e7905c6f7e636311a2babfcc2e09b14ef703ff4c071c6760847e954717699a6557e8d3084b5c4627b910901621611513523852d915845f071a659c5cda3

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 6ec0b12eb40b247ebe283b498c25c5d9
SHA1 a47928deda899201d6958f543d40a316a4cf9eef
SHA256 b8866e26aa9ea0f11e58ca370e3892dd1efce52e7ed4c26bb10c3ac688a74855
SHA512 6acd3f61580a11483df26dd83aa6c7e24a6a68b68e81a007b5e3c0c2af1a13021ea1dd80a6e906a371182d6de52074b8ece95e31a8946353be7b51aeca91b815

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 67ded2ec82668c317284a1e10587d02a
SHA1 5c5b5c5f78b8aea99b526632b9649a8018a2ab1c
SHA256 bb2eed7319990573138b6f3f028fd79aab45fd7fb55eba13c700f34447c4371a
SHA512 a22d1a870ba22413051b07e78964820ab52a576ebb8120b639f9a5e686129bce86d278ccd166e75d8432a313defa98a07afdaa77a21be488a7b4a14fb327e400

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 9c6a51bed8448225051e18a8cca19cea
SHA1 ea9ad149b977fb6da94848daea62286fb1f6cebe
SHA256 e2de6c01debe2eb3425216ed2906b2adfdb6be2f1b35a0c9757edab8e663f86a
SHA512 804c0952693adc8722ae37b056e18c5eeebf656cb95d054d06cac8f01d062cb6f5e177ec925f1ce992dfe925b3cab7d0b7c8de554bec7eab68b8c2c314b37fca

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 98ea0b35b4233a5405550d8a626d1e90
SHA1 41f6409e46215e18aa525b018675cb595afb3cd9
SHA256 abe76f5fbb33986a9ef6d3630ae230472b832cb1af0682ae57d3ef880abc78c3
SHA512 1b472ffd7ce4c0da62eed5a468eb2bf7f1658a486144978e41a436055259e5e619b0cd42429d451197f393c36198632d760add254f8d26c28170ecb5524c7c9e

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 94deaeb47926acdeec49f350efa2cfe3
SHA1 f00bec5ce14b55468a8ce80f17786a915e41da09
SHA256 a03cbff3ecf9cbe97dbbc12dfb1ce1305cfb7d324ba118a1d3cbde6654ef3ba8
SHA512 13b5d226bb259d4bfb3b09b3c93c713bfe21cc8047cc20d550beb5776daafc8fda3491851f9d0e1306513ed6dd55521dcd6c5eb61ef9ce0fe1e9d06c9229f60e

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 480e6c0b060dc7e1a1454d2ad2f57291
SHA1 5acb08aed16cb41a7094501266c5731c9e55d4e9
SHA256 ffb05909a73fe3ee7338c8c5b18cc7377275d5adee6ba688cf7ae41a639d72a2
SHA512 035968a553aec7c070147a953aa5411e00b5693d251403e85bfe78e77a6f85720470c2d6a38421d97da9dabc87e277586c0a6c66440bc3d1c84e415a7bc1f1a4

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 6de46e7851e791ce22aa32d4873e0c1c
SHA1 214f3ca69124edaf078aee275d57580630e52eff
SHA256 6a8584ab2a7bb14cb2c80b41308aaf6f932adb8a6534c6ff14df194062d95029
SHA512 2841bafb593543e5aec2a13358e5cdfeac487a449baf29dbaf9345fe6c4701b72708a18f43abc4d56d2387aad763b0a7cb879f3992433e05ee5686fc44e37c47

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 f37ab8ed619578cfedea465902c21833
SHA1 c055fd9a2e272454db34846182f0d06b6d6ffcd2
SHA256 82eae736a010c4d40cb818ed8b2fe57536355a86aba0893cd18868b0b15021cd
SHA512 a3115f66ddb99082bb5a66f21e13c233b88fbe360f1fa8064012b7a0d28397e11419a0eed7ad6d880e6f9a4506e0eb9ac6ddabdc7698d65890f9dc513a4d98f7

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 ad516a2218a18c84ccf40aa10cc2693a
SHA1 b3b4a0a4bb1e7d81dc27051f457703ebd47c67d3
SHA256 83e4d6193b520c14c403c935932776dffb4658368d7e2e4068b9a132d86031a3
SHA512 83b9a4b74f426a5890fc4c593937d58ce3029b6eea636c6cf2318e1d0ab4fdc4547564687a84c1dd9b4a289a6deaf571306dda56719485f4eac20c67300e0069

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 80e34ff22ab1f9b8d58e2b3da0b6ca04
SHA1 69a665cd8c0b4e5fd670ca6aef1c2767ae5fba5a
SHA256 ab9fa5d976ad905063ebe081fdd0137eb6c49ee73162cdd624795680d7071889
SHA512 6f16bd93ced16f3d1ea1edffde9cdcc3fe8ed0821852510b50f79f703e28505f4eaec6f67f5f705dd2908996af61ba4c63bc9e540592829c07e30fe6eb794c66

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 5045aa940471853cb996a0c6cd2ed189
SHA1 1bc97613fd9751e7be88a5b8e6999ac1fd0b35e4
SHA256 cea734769871fbb6bccaef166a0d4c4bb682d7f9affad95bb65ac69dd6d66ce5
SHA512 f29e40596fdcae37190d791b7c5c9acbffa5670b30098d8a853eeda74e3590d38d5c465082db23fb909bec683ba2ade1def446ebcb9c58b60aae389d58113421

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 5d92fd8e670cb1a302e0951fe46a086d
SHA1 6bfd899dbd21e3471ac19dd1e94db62c9d978ef9
SHA256 093de99b3fc1ddb1fe9ce76769898b743ef0ebf406f480183b631ea84fa7b9d6
SHA512 e0ff2960fac49dcb53b01d49ecff7b5659d24250565a4d0ec814e8cb3b42c89f27c2047ab21b48a4cd4181c10b87a3239c52cbf1f67a3cf97a516f5aa6081713

C:\Program Files\7-Zip\History.txt.azov

MD5 2e1dc7cc5d1c07bb96f607e6d19e1baa
SHA1 41f9afe6b22d7f98f3e7072296dcdeb2e05028a2
SHA256 0ef4ca6282e0027d77db4be4e33782fcaf6e42bc7a694637bc38617a28261ed3
SHA512 323e606b47d574bb2a38438d43c0557b25450bdc1afa22ccc1ec8bdb4c583a8c072c3260f2f25b93c6350c568cae26cbeeb701bf091e2a397314fac62ab86917

C:\Program Files\7-Zip\descript.ion.azov

MD5 cc2429defdda64c68475bf6b96561c09
SHA1 fb1e192435c1a9ec1c418a101ca27d7e893d38b2
SHA256 7d4ded28664db0dc4456be5b8847b31da3f2b19134a00b461e25c47d0ce5ec74
SHA512 de7c01131a46e98fca4645752e200ae9bf50851bc9b0cbe07732c7627724c2582cf452082ebc428fb485b30c1a6a0e2aa70901696e75c9f7c7cf6ab37446d726

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 1231908d63434e429100e977bbe9f597
SHA1 1e83e21cc47aea6641c474951533e52f861d754c
SHA256 0e24ecd30639486e71ae00a1b64a4ad4df5689fa677e1d4481c126a576f2935d
SHA512 95510a32e6e6730dc1f97413102e331bab2b7e152fddbe462520a19f63c8f0b3f86618968cb6ff76192ef870b761cabb9f3ed2efa45cd16753dc70b5ebc89ef9

C:\Program Files\7-Zip\7z.sfx.azov

MD5 2412a75d6a112e3a69373557a46e1572
SHA1 f4e4af19a79c901843d3924ff8b51a3770601c2c
SHA256 f89834e2ae36693cb622b9f4985440af8c048703736f5fb1c4daae28a3ba602d
SHA512 61943de1a75b642a356e8f355a75c606b9823423c9117fb5cccdd73de618f7cdcbe4e5187a71ec0840c94d80dbb6cf1eb3b2a6895046f5dd8e3194459fd16a4a

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 56a9506156b5c49d1684e42dde01b367
SHA1 14cfe393b1e6447101beef9140323fcfe94a06df
SHA256 c158438ced77e748f8976351f2ef08b2d54bd5cefce86c59f89f6aa3aa2b5499
SHA512 2f1b2a2c70074ce10d0d0f16cb3ea2a0dc99db21eff43bbd7bfe75c4391cd017ece9ef51914bb7a937b888322475894115079c93e6337d2af24da137acf28e56

C:\odt\config.xml.azov

MD5 493d8a6d9732444090ec160727f57908
SHA1 3977f3d01762674c4b284f47e77791c304d8de99
SHA256 b9981740923035ef301c2c9295eb0a30e52f4389ad5971744314e1ae54ec45be
SHA512 29c0a1b00ea9e2da31e40b72af66cc8f2df9e4d9b26715d6f935fd563c34d641e372e627a469cf930de7de3ebd0aad9bd31389ff147c717e207df71e8022a970

C:\DumpStack.log.tmp.azov

MD5 a9ca48c9614e828c2ab51a3596bbdef7
SHA1 669ee7d95b3fd3a291dbb7e737f8b80bee7edc3a
SHA256 3c4805d164e2bf2a3551a3aaf4b50ee84a24f9279d72d81a7f3346f86bb51e76
SHA512 aa87fa3d4796fc9b2d09c1be5f42919b9f5957f68f6ea447d5fd635523e0c5d6dcd72794af8729a1fb1c18f992014c4cd1a98b660d0fea45289733e4cc67b244

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 1ab5c6ddde608fcde42543ccfd1f96a4
SHA1 ae3aa5b38d2b95a8904bee615a9f52796998638b
SHA256 773af545250cb3ef5ae55653871a74ced90f1ab3c2e10a478f775b902589f83a
SHA512 c3ef4121fc256536ec40cc73d21289bbafe92a467f077f13ead4a159605ff74f78fbbbb9900053e2ea3ceb257c65a4f7019d75bf12eaee9b1548f2fdb0d7355f

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 68167b8eb9a8d10200c5b3741d85e0ee
SHA1 04f9db14177380a21b5d082cc5ac7806e63ce959
SHA256 4b50778549a37b0ddc9b1b657f47e7fdaec345e8b3bdbbd5abe69257cbfc62c6
SHA512 ac3726138f8a89e4e7097276104ffbbad37718d471d174303198df64509f4d0de351b785a39550fc2f1a62cbf794244f7d606e90c2365b7bb58acedda6745fa2

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 bcc0438de73beac47304de54dac43ab1
SHA1 72ed2404d31cfc8ed43b313587e0f27fcb7eee74
SHA256 3c516c784ef7c56fb6b9eee10528d9e5f4ee0a6ba54080830502446cc2988bec
SHA512 cc3488121d78abbe8ddf5902b2044f12685bc5033da3117140ff7d0b58d50d03eeab04ea78b28158bb7950e2ea7254a29c12a3a8522a558f329d8dfae9bd206a

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 38f3b901a550c1aa37da9aef1af2840f
SHA1 26be94be974a5aa0499136e18dd21f5d68c1c469
SHA256 6bf7280f2ccc108925b8af03f7c9f77255db8a9a6db10e5d5b562cc6585e5d4d
SHA512 ef6a374ac1fc55471e48e811a96348ac4bbcf2cc6b5f0b4c88822744fdc2789941f56a10827c329a32827f404e07b3a8d4b38869c3ddf0c2b3b3b22ff2339578

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 f2343a23cd54304c044571c540d7484e
SHA1 bb50a83943e349b851fc8732a544c19d811cffe0
SHA256 aab67b1a598d7b169e119071ee53e857e43ea98856fb0532c7d0798ac6670fbe
SHA512 42f09bfe3a8eceb24e0db7465070e7e5f1dae339a7f93c44e1d83902e43c470dd6f9f689347ff6b3d89808ef666a11819f60c6e63f17ab37f8267108803301f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fd13910a7958f62504298d09c6fb4e2e
SHA1 113734a604bcf29a02586502513c281259cedd5e
SHA256 1968ad5383394cf2cc9cf631cde54597043c6e45f33b4f7ea840aa9920a16396
SHA512 749b5e5fbc97038b5759f6bc890ce46a2a2642dd1efbe531c3bbd8aac0a4cbd204fc21fdd991a77b17f72088b640af000e9bf090955aa29646a52c4534422097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca644485-4585-4930-88a6-9b9a0c4a045e.tmp

MD5 2f21399f15e8483f0f555dde1e055507
SHA1 665b9c09ea9f66ca2e9d5878954abd25f22ef088
SHA256 7653d65f1eb08a8934c78ca88c02681f71f6ecd93f11c09e78f07812a592c392
SHA512 bbd23f6fac5954401c22f7f8ebbac59ff7967eb4528c6f84478a5ee8c6dcf7fcf2620162578efede587032069337c6eb05139422790669a573f44db70c7d393c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/2588-964-0x00007FF6420C0000-0x00007FF6421D9000-memory.dmp

memory/2588-965-0x000001E4DABD0000-0x000001E4DABD5000-memory.dmp

memory/2588-997-0x000001E4DABD0000-0x000001E4DABD5000-memory.dmp

memory/2588-1001-0x000001E4DABD0000-0x000001E4DABD5000-memory.dmp

memory/2588-1010-0x000001E4DABB0000-0x000001E4DABB7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49eddac2ddf10f4c83448315710cda9a
SHA1 f124c5e577842d8b5876c313d2231bd90322fbec
SHA256 e0255ec809fe0519e34254b7bc188918a392ef4f340d5c010620ca10d2edb18f
SHA512 67bd8e76078bb5bf8269747d4647b74fc2ad2770e88749c37a0c601140049a5cafd67a82b861fcb0c46aae2c1590d3f77fb4c5bb24ed4b4dc45eb75222a8cef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\856c37ef-81b8-4cfd-b724-303ea5fe1aae.tmp

MD5 818c1a02d6b289d60ebd5fd35e485ccb
SHA1 c5d4b39db6a1fcf717ab4c09e0fbbc4808a48415
SHA256 14f22d4b266ef352a58aa9509489195601c3b4cb46dcec07e82cccb63626e4b8
SHA512 209e65d34759b69e187c5df43ee70cbb5fd271e3f3762503a27f634e794ab71ef46a513594a0766840a94e0cd697e6b40da51f2470617b8ebd7ad3a25bf6f1e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e62cc4051e1f8eaa0abda5d730a2496b
SHA1 d15346e40b196bc313cbfe5ac96b3c90b83345be
SHA256 ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb
SHA512 3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

memory/1168-1168-0x00000186FABD0000-0x00000186FABD5000-memory.dmp

memory/1168-1183-0x00000186FABB0000-0x00000186FABB7000-memory.dmp

memory/1168-1187-0x00000186FABD0000-0x00000186FABD5000-memory.dmp

memory/1168-1197-0x00000186FABD0000-0x00000186FABD5000-memory.dmp

memory/3424-1585-0x0000020313020000-0x0000020313025000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7f778c0f9f754c048421a0728edd9e3
SHA1 bae6cf5b7f589ba4d6c505ba7e436050f6ff3992
SHA256 a6cb2933b26e884d287f98034655bf09257515b3e7b03ed234df671542061361
SHA512 c22f6d3c4fbebe0bd87710cf8904e0a73f567884234aac23df14424774e5cee4354634ff3ad5d940c28e70e9a746806ffc9ca1c0c10a6b7a71ecf8550611c209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9e35bbffbf9a04f23bae9a05ec4d8f6a
SHA1 25af7cbb0e455a7e5c96cb714ab55222707f62b8
SHA256 2be793bdf30c3e60e68020524f38238a123f67c55fbc68b4b8187c35db80c441
SHA512 33fcee0247f8881bb4a778d6c2b6f5f06763db9ef1c4899bf4bb8fec16d6b026de41c3d55204abb37112bd97308c763efb8a079e361be0d487e54b140374f72d

C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo

MD5 afe76746ba3a5d2941286baa04bfde5c
SHA1 3745ade7436dc177c2414eefd885e12fa4fb6507
SHA256 0e35fc76bd2296e805f24df08f3306dedd1f7f9f5d4bc9c299efb936bb8e01e1
SHA512 ab18bfe6273fabb1b7a3cdb3cf5e5ec8296cf37c451b146a7b60bac1202e4d0f5c40ee2361076d1bb47c9061f1591458f2a914e19f06bf8cdbafb9235ae59d78

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg

MD5 9ac5756e66a1ced5773a9591132e5bbf
SHA1 cf42c60493eaa0f0741774f6faf816133507bc9d
SHA256 dd560b79f82469cf5beee9e2dd1d487a8682eb75d1051abbf0f3a935faba3048
SHA512 1af315f578956bff15de9c92f457727ba908728d75d6c15fbc7c118ef7a5d5cc73dad94de2d9b9fd9a296200c86290de31c97a860864f9c5d1165862e405f389

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\ui-strings.js

MD5 30e51ab74fbc7948eea44301769ab1e2
SHA1 cb9a381041d3f86f3546894feaf27fd9d4c93f5a
SHA256 ceb5d71f145fe2127936a22f86909a4256cc6c98f522a7393b336b6c7b73d7c0
SHA512 626ce0ed2c9cb6b3adb7f42d8821089745ef4ed0a1bfe5eedd37c2797e4a54e658ce6a305bae9575eda6ec63b793659034055bba341e448a2f7f4d94825fabca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es\messages.json

MD5 02b431ff69854ca4f6c5e833a473fcb7
SHA1 637fcf04f240cee63053719bf17c8ee82cde277c
SHA256 bd5c84126e2ad5f6b2184c9e52265bdf846270b12652b2bc8792e750abee0e77
SHA512 498f80aabc0c69619476489501c9fbc981fcae137bba667944024db04b169e62eb23c68a29808c2ae0c04027be97b307846c0bc6422716db932c58db90256000

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f3779197-70dd-4ab1-8a4f-6ac83849db2c.up_meta_secure

MD5 05ce0ce32d16dc7944845aeefdf0a0d8
SHA1 cf713af97551852db2bf9dc398c6439aef95d7ee
SHA256 d5774741cae314a27ad5058358d1b877e7029c1f5763202fc7fc58baf27e49ee
SHA512 d7ffcb92455127bf3b2bab6bb15022d88ce6f44293dcae7d6b26e687090f09d618358476ca9a8431e023509e273aea1fa4b22dffdf28dc3424d8a74102cb00ac

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e62dc79f-750e-4273-89a3-50e349d07f60.up_meta_secure

MD5 2db2d4e2af1951207d2775250f40f187
SHA1 f3c0743d3aef527813252849d53cea41c9fd24a6
SHA256 f479b337e2c9993230da2f42738cd194ee53d16bc3f9f0557e3b907920686b21
SHA512 18fb5415784ea9851eefe7ea54d13db1dce82519f08823662f247476a1f9e3564d2be11b13b82e5d593a6b067e965406f3df00eb3a52c7d2c6dad5e15f4bba3f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d4831acf-5cf1-4ad4-af09-7b69881956b6.up_meta_secure

MD5 566f9c69cc92d3cc24f3ad8945465f6d
SHA1 d9f3dd40bc0a32a80c2bab84f403d7ebeb9b8d14
SHA256 3b67c14544f0c60ea764054313a3ac339a3b3543cd1ee81127973122a9065291
SHA512 a6134ddb8f5031537c5d56eea891a9810805ef18a37714b77c066462c52c5cfee94fb51155f0795f748b5e0ccf88cac5890e015d5dea523d9d42274b8065befb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d191fa33-99ed-4d40-9a95-45b634ce3cef.up_meta_secure

MD5 629269f97ca3a2521a35bde3d422e2fe
SHA1 e8cfde0f7f45c79315775d739232c57bb80a3650
SHA256 5162bb516a9b44db4706cd0ac90ca636985f6be30e03ad312b0667adb3e44d13
SHA512 c4e2fadc8393befa870cea18d81263176e7fc5850bc7bc0ecf859ae1523c5ce8251e6e82edd2ec73bf6ad3f363019cc378546f0dbebc6b039b25d5e2c019b04b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1810ccbb-cae2-4e2e-b0b2-f4c055698bd3.dmp

MD5 cec2a4bf86b59b5bc5b45058eb821733
SHA1 6027c6766f553600a021471e9985b9ec8ef4b1f3
SHA256 1b21a1b6723339ffb532ef4b7d5cdcd831b6964c0b772e9af61eaa68d630ff38
SHA512 5fb125e52cbf556ad26aca852458bb2188e1c39cc6b0563e834226402822c4ffd1478b35fac7bae22e9fe6ef65ba2df22838e5f71cebfa2a289d8a2fdb8c0b38