Malware Analysis Report

2024-09-23 06:54

Sample ID 231018-pa1jssfe48
Target 11135191670.zip
SHA256 4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b

Threat Level: Known bad

The file 11135191670.zip was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (396) files with added filename extension

Renames multiple (2861) files with added filename extension

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-10-18 12:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 12:08

Reported

2023-10-18 12:14

Platform

win7-20230831-en

Max time kernel

178s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (2861) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\London C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Defender\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7 C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Defender\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\ConfirmGroup.odp C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Internet Explorer\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0xb8,0xbc,0xc0,0xb4,0xc4,0x13feeb840,0x13feeb850,0x13feeb860

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "2140" "336"

Network

N/A

Files

memory/2140-1-0x0000000000210000-0x0000000000214000-memory.dmp

memory/2140-0-0x0000000000020000-0x0000000000027000-memory.dmp

memory/2140-2-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2140-4-0x0000000000210000-0x0000000000214000-memory.dmp

memory/2140-10-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2140-12-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2664-17-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2664-28-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2664-25-0x0000000000110000-0x0000000000114000-memory.dmp

memory/2664-31-0x00000000000E0000-0x00000000000E5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e8e127658c045b4e3bf46a0a4f994c2e
SHA1 870b0b6f7c98d5e1433d5759ddaf0c2dd66e5df8
SHA256 06285e2b435bd7e6462e31a4d2e71e3c25587ee2ff0444fa35e6ce7fddef36c7
SHA512 748ade9621121929b670e285116a9b7d3c918a550b64117d833566f94aedced4a33b7a3d2af48f59aabd649cd44f18a4f40c4defffe8f40ce60ff296587fa36c

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Users\Admin\AppData\Local\Temp\OutofProcReport259444095.txt

MD5 35b7a4c142b2e00519084c7d26af3484
SHA1 1c3b8bf161eacf3f256e0aa75cff516edb41233e
SHA256 f2e2c2b0d08b3a1b89b93aa5aed759d78084360e8f59f7d69b8e52fcd1e76077
SHA512 122280e98cff8e8966c8c49657f242f2f61d26f2efc133723cde50355eb4a8234e3d56bbcfa8b72c22fff2105e7781271405a2747e1c731dee1f313068c7f502

C:\Program Files\7-Zip\7z.sfx.azov

MD5 97ee8ef53d56e42c6398a232e06e35bf
SHA1 b054f5f27a7ef2f30fda6f9db176140842532eb6
SHA256 b0cb9dc05d96ed552398ec3f99d79af9ff126220d3e5478129e1ef2d70094cef
SHA512 32134abad770516e54dadd2d345b4d77efe34edc0473245d38c030423c0c1f42770988916b0d035a19e0b5b41a257912e06547be6e6e7d35cb558f07b0329c70

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 45024c0ad3cc2469dfabacfbd7909887
SHA1 bae7008ace6abc8d851ed5cf7dae50e67ca7f053
SHA256 112a6fa703ccf6f0e39b7018e25a9955ec1e744551cfa221296141cabf422b60
SHA512 730f325017a6814fe4a607976482bbac3f7780ac0b0cc2cfbb681c5e7b31faf18b9299d510e6547728f37394590cadab578229f342f35d605d3c2d8dff6e6bd3

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 eefe423f5a1dbd44bf88ce23a9bab153
SHA1 3c076b2f275b0b8c94b2a807eb8984e6373889ad
SHA256 8f2f897de1a13cf051ab1154bc3432704c579017f0c23f3400005f5d166859e9
SHA512 1ea4a85e722319aa04549a3d2db8caa4c382880c39d005d40ee58f1389457104dde8a281cf7866aa3726f35bfccb9109d65c23fed584fb0c8db730fed971b9ee

C:\Program Files\7-Zip\7zG.exe

MD5 2ca799c4f9d77271858fd65956fdfde5
SHA1 3c20519910e23f389f72bbe7f5c4842f60f67123
SHA256 e469b68e42b1c82be8a1cb571e3fa3c92dc11367f4003ba3a42c4cc752030250
SHA512 81711c4451b81a6199f8f6f4163fa8c6c3d4d000748343b9dd6ac62094bc4bdb4d53c7be70e152a780496d600c296a4bbb64db05cf34f0d0af2e958e0aa3baa6

C:\Program Files\7-Zip\7zFM.exe

MD5 bc4513d09a7a283ee106ef77db7b5a61
SHA1 2b026218afcb03238bc7d31f9187b92793a4950b
SHA256 8436fda32993273a53ae7f33c30e5ace66243c591fc789b579e686e3169a8301
SHA512 af4dbbb5bf66b4cc26a13a04478a8b2dfbf486a075fb0e525c651e96b552d2bac70c9195e74ace02747cf73fa6d0e5e847ef67ef3f797149753d58664b50d543

C:\Program Files\7-Zip\7z.exe

MD5 c0ddb44ac169d54df6ff03973752710f
SHA1 3667433cdb2717aa17d0c569f8f40b89c922737b
SHA256 ab2b69dead60148f3e30647f6be88f0db581d5d37e2e0223357828e19dbd270e
SHA512 95cf1337d34fa4c762c2cd3de08163d3720eae7b1f64cc5f229ff79e91750a28f20c95a1132793ea5220071456dce54580a3d08a62a8448b5d16dd52537aff71

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 a5b075e1f055e44db720b7eeb3fbde63
SHA1 d0817a28ff7843b97ff18c3e48065da912b3cad7
SHA256 9fc0cbd4e72c30c1a5fdd0ee8ee69c0d354eecea3eff36822b91ef28affc95f9
SHA512 a7b3a7eb7a4b25648e2d9a73ba029ac0a63ec91b0cb92828c6e0ddd501de07435ce01e16d6c05f34743b7dd37bba22d5b65b98c4a60b55813a794fff62dc9508

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 3b72db5df1b4376dc5cc58e85bcd32b2
SHA1 d853a679562c021e1014354e3a626b452ce01ba2
SHA256 0c1b87ae611b5d0c9ad7ec19deaef156462849daad251420135eb75285ff9b93
SHA512 0c8544c6ea0b22a61e630bbe2b12d38f44dafcb876a4dc717ad2c1b1e9d038bf55331476eea2a665ddd4fc1863bdff7fe837df9aec4b811b4f483f7476e1228d

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 37214d111b2984170515aa1fa8611e8f
SHA1 c0d192d0a8ed1acd5e647006c47c7458c8870c84
SHA256 869fa64f3609a2e61a4672a69bb3f19f2dc92ca845ce4586fd534b884abf422d
SHA512 9a0de0742a75c528ed9b5645795ddbe06905012a5d7cd8bbe4571668e1cf911508c9acf3a099f3bbe479c2cac4b13f31a5412c516dc34df2d9833350a044c16f

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 4a4d7a801ac531a286585a1ccdb34409
SHA1 0e5af841217568b868de893cbe01c555c95c4a5b
SHA256 159a1d4f307b630d05ae5da4b998f1ecd516fab07acf92f331866c5bb45738ba
SHA512 da3207732c1cdc90b81942b4502754c3014b98f46ab0a9ab6f2afebcfcf179aa366cda3ef0906fc74855a520d2906d6a134d71c1b8c41c3eb93ebab4d3bd06a9

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 58ba0e73c27c72f2e3c9f3a5ccbe2c71
SHA1 48f384de0fb3ea07046cac563248df3a6bbbe8c0
SHA256 f09e36aa318db47fc4331c2dac352d796d2d3278950d58d73d19debc39916286
SHA512 74841e751a0a8a20e0bccdfb12d6d40b7a03d44bf3ad123df2a9a7b0131eea3c1694ef9de53b7b92a84bd2b500838a6b0e4ffc3683e6cdff7bce14deef92a172

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 e811a58d253d87e65a25f6b25b92e83a
SHA1 c1e865e3aa24d48d4a38cb347091203b3d503364
SHA256 3e446e4a6fc6dff8b38efbd3e108b9be00cb75e992b492b30c0775ac2c6c0f11
SHA512 d2cc8956a58d691f7490a86b10c3a252b4cca92c140572633803f88d05dfb6485c36d34d71f97c85634620da8ac74f905396169dc39c2b65250863a291998453

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 ecae7c516e4589364fbd2c08e84f0dc5
SHA1 f358ceb0fbf40e3c0db769e690c9bd5802843722
SHA256 577227ed1d92cddfceb58325c99ae2bbec6968925f2496aa3f8bddfcbcbe052a
SHA512 ae70050bb98e0073573bc50019ca9d43268ae5de5c40182d8065c0d295f9c62f61a223bb761a233ded864c7ed207813bac02dcf2706e99db342cfeb7d5242a5a

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 4b7d2d0b8e88cb6fd3d662c1bd84ff2e
SHA1 d0f8f021121c6c610e9f9947d815461c2a90b5c9
SHA256 35b102ccc9c28065a481eda36d628e5902ca6fdc253365d916e168d9232b3c87
SHA512 69a9a4f0247becfd906d66d4e1630de980206aee82d8848cc45bef1a9fb51d508fc17385d9919cb0caeae4ce2183a7eed29f7245732a4778ab91a62cf70cdbf9

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 0d79b58e3817161259527ab0520d166c
SHA1 06ecf61f4ff6018cc95db797819796ce405aed87
SHA256 390659bb1a1b36e108eb09102f1dc4550e283d4a9283a113d9aef2b38b794832
SHA512 d7f49bce8544b8e660c8f5aedafbf8ab33b4db6169fd494569630febe9070c3df3d100a701c051d02057abd223da649d426054276d787d292275c2cd5a607b8c

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 8cf893aec9bc21d6cdca737ec0e6641b
SHA1 39ca7024b8659478af7fd0abf85cab108518379b
SHA256 76d1128b72c404ae67e828584a22ba8a30b4bf1ab6658a86e8c11ec052b97564
SHA512 1d48a3427d62d6546a24f1d207bd4bd16b8c248a4c6dd2890dd54220a60edaa6763b929c6bb1f0e12bb1a52196ec394991d36d5098897772aae58702cf68df35

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 dd6c648a03cc46da651065da73d3831f
SHA1 3cf03f5f188c4a0978933a0308faf1c5ea4ea206
SHA256 cc7b3ea7ed327b94eea02bd00975bf01371a5d65e5250491a5aeedfea2b883c7
SHA512 d47056d305f6171fe47cc96b81e39f289fa70a7a074893124c173768e0bf54980895a4ba41619a66c660228568ffaa7ab0a156c53bef0574967dc087fb139772

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 adf1daa111c62e0b72ff6bdcbf91ebf4
SHA1 fb3893b7259724280be5bd5c562ad5f4718d60dd
SHA256 3340c2200a61bbe29e3c6f1d7161bcf4bbc6aabfc5fee277599f1f28229e035e
SHA512 5a8afcc8e92737aadf5893a0cd62cba7c0356b114ae9ada749ae83c5cbb4166b4ec7dc147a378a38a05bcf138ec3e4d9eac017baedfc9c2b2c343b703dcc9e9a

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 1f99668e05bb4f4edefb3ddb50b6ddb5
SHA1 21940ac438d0ece30206e5a3d48635098af9cffb
SHA256 6e619d80c39761ddd2a8ff6cc8274d50335c93f83c4e7c8f1b61bcdf8cf0addd
SHA512 241a3f8fe030b320be8d8dcafc09c875d398d02cf599836f88b82de69a1e3577d41b59bf583287632cc0f99f3e64639dd8d93faffb9689e734827048a3fe9d51

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 d62b700077f795acccf2d2ae141f56c1
SHA1 966bf5fd5696a907fcebf6885614b034c47f2224
SHA256 d0f2ead2c6089c65a461c4941743339dae033e2581589910d8cd6f83ec1e1d15
SHA512 897745009f2e256934da2a6e7cbbc98b8e913eb6e2e127d9a080cb4420b2b59926f037530ea05b558592591feb249731abe46b9b3e8d45c4ef338a74db76de1d

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 96936fbe0f07da9be060e5aee5341c34
SHA1 085b9bf411535248c86c76b5a31f11141b3f832d
SHA256 0589561b7ae9975875d95e27057c2c319cc9f4e37cc08ceedeba2b79654bbbe2
SHA512 46068dbbbf3fae089fc6c9f64415a228180006828da470d47a9e9d8ada84dc28764fe9abcfbc76e2a35fb14f1e70b4841feee90d8c7547fe9b849bce2073337e

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 366b02a7a4303caa4129d2830239bd08
SHA1 ad6533138a6165db843a36533fbcc8b8b403a160
SHA256 aeace94b344b261d400b957ba1c4656c2a16c591a009ed89ed7b5c57409cc448
SHA512 320987262bfb313ce09ed7029834a0153177cd9fbed7248a08a635b73218197fc8a5ae6d8c4855a19b0f236e447e16d1dfb6c7052ce3c2d36e611d4e0fb5ab43

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 8ccaffc3939d518b6bd67a6194f58796
SHA1 5e98b95f2b30913b94752731d5edef49a106db42
SHA256 62a7d5b926afa49ab6459c45443e6cd65aa3ea851d7b04c53fc340f2451319f7
SHA512 b845a428b79f4f1678845536c5389864ba881f9f15ef991c9b4738ab515a8e694ede0108a1e20baee274a4a80dbe7a06ba0a8f0af59818db14acc14a3c3fc531

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 a6b3faeeefdce78134d2a217ac793f8c
SHA1 2eb9c879677305fb89b3f795670c1b2580a8dc2a
SHA256 ecc36d09e435808bda24f253b2bf891c23327bfc50f20562a8e91ed302093195
SHA512 1763797c660099d4f1f98099888e82275cdb556070906fac8a143b374b64c45b11ae5e509558bb7b77361e4a6e7a7d15279b8f9a78e9930c88fa934466413cb6

C:\Program Files\7-Zip\History.txt.azov

MD5 6c67709f8813ee4d668984acd354bb5e
SHA1 a70c8291fbb8cde3ddada4d052f1d48b7fe4d9b2
SHA256 b521027256bf2cdf05f643ecf9d4359200a8800760e40c44f0be4f5b7d049628
SHA512 4f8b446464a3d0d7442d594918b47a911496c72424baa1ac97fee3a557340da3b9ebc23fe89ef4297d3c455853ef376d8bfd7e3e733d7f5ac51a6dbe8d42350a

C:\Program Files\7-Zip\descript.ion.azov

MD5 ccaf71d5168cd68e84e9ba969c82b0e2
SHA1 3f24a4db93aee00b39454b7edb1caa2d513fcc0c
SHA256 5ccb9b49de844996f34e80c0e6c16f5b9db73e160066b8484717c1fe5095113b
SHA512 8cc79f143cb9dd6887e4bf9e2d4fb28aa909f1d750e889087ed5f55700b169b1d4694c0467f38937d0d44235f15bb01adafd66a3b83b977b2f2376e0b6d73ece

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 d1a6e754d8dc42f4bd836f93191750e4
SHA1 a45561c14047445fcabe90a0824fed09ebd856a0
SHA256 3c858894513773a89754d54760af638994de988d00a911065a5607516f52c7c8
SHA512 e85880c5b437fee2ef0f453ff8fe8a69ab6fa40a7f44c0dd17a52a849da777f2d4ba48f42c72da8507f473b8407a7a848b2fae73252b26f1df02a66214f76588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 aadf2493421fdd20beaa9a4e638dbb8d
SHA1 d4bef9f8b0347ff4ffba6a1a5398c15e3f9f47b6
SHA256 c08029717dfdc3361f03147cb1f577eed6b199a37448e01764696c8c5d1559ee
SHA512 d9eb8a2e3308ee8771c801abb18ac50422a26f66fc7a0a79860f3c280f0c50699456a119d3509c7b79a9368044b37eec7c3b6c1e3f8a347231912b178315a722

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 4dff66384229a4b34147d1e24e1b6f62
SHA1 b4e6e777e7b7d32b09b4fbf27228306fff574795
SHA256 b446e95df7a37edd9be2d691daa29549d45b8785f3ecd3ac8113f1f35715c9ee
SHA512 633de8a4788e398eee90f709f5c0438c1b42267e58cd9da5cb9482eccdef93820fb8d9df74d1d7968fd435bc6082c19ee43286ebd6c74913bf59981b9629f38f

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 2ff6bb760bcd124740e6576ca952d7a6
SHA1 93332be7ad838c195fdfbbd956d54d32d1d4b28a
SHA256 81b328451daf19e2625d0f3fc46859c3847ebc2f69ff42dcdc4e649e0a20ffde
SHA512 0f2debdb364a992a6875b101b745c88b89c26764992e012684dade4ec4715fb89bc8f1d188e88136eaeadc8147ba3d4c2f41528ba767b89e95d3dc875761d74c

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 537cd433e079f44db86f9707f6331802
SHA1 7199fe502e8010e31e1baeb36c53661d4c3bbeb8
SHA256 f33ba0de90956490392d5f0608132eb1a3c1103fe61b12f0f457f891672fbdb9
SHA512 fa47bce1d525ced46663480b33098790a913d0049184065473df06e13850a3b9b28034734017c4d45375db91598369318b988a99b39f59d63c87d8dab1cdf536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 6b1e63375696d9e0055f1b9273eb3edb
SHA1 f0534def3f695ae9bed1b36ab44b8c9d4575d20a
SHA256 fe9f21e2e4342489473913a29c4ada8c4ded96853807fb6dd4a8ad036c26c977
SHA512 2394534ad0892e8b4b21c811f3a8e3542340396062a9c8ab64f5bf2714fe72ddf7a2d09d4112fb798d74f2cfe3701b7736508bec3610f22ddbbdc1a828a8c7ce

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

MD5 6de64f2c0c4983c6c933dd5df3f5f661
SHA1 662709ef564ad2e5c02c6aec396068d0f32edc5a
SHA256 122eefe781ab6a001d5d4a8151956904df2825f8d82cac8c4df412cd6895f992
SHA512 54e1d4f37b77fcdb27bb21e8971b0ea5bdac93d78b8bfaad32b474cb3d89ddcf983b73e591c44a1671f506feef361e4c97d56c96bbd19df4265e94be7b58f54b

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 6b82562e1e2b0a35965139fcd1484797
SHA1 1e91cf91b6fccdd5926ce4a47b69bf65b334091d
SHA256 4f2e8113a612eb61846e0bd4acc4184004261e4e545c40049c44be91d13b96e1
SHA512 fe3f7878d3604825ff778096aba1e09b5349eb1064dd40ce10714a4d9a655a170fdc8109f37dbb0788e89ce6425f08a18c86476b37055be7e94ea6de4de1a37e

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 689c8e6addd9226270a0f6e8180fe502
SHA1 f8f51791e7a71a6a7e3351e3dce4858db9cbad5b
SHA256 43d163576b808e43e186a3584c51d3e57fde17dddf433208c72c27b54e49e87c
SHA512 41ff83e0e6332236e9633ca704152b893cf95e3194fd7d807d5d121e21f42d62f86bd72b7529f5a55b4c936124305637c79eb9b27bb69d1dc91ebd83adf0e69a

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 f806e453184ae6912c909742459c9ab7
SHA1 61454dea140458c90ffe7a1b263dccfaa96b4255
SHA256 f4c2edd643873325ae3e313a36cb8a875b26d3eba261a9adb3343e987266630f
SHA512 9e88556a7167a0b64148b14a7724734308564da47f5ba325674459facd56a81ddaedc649a3fec8486cd1504c2da7fd17ab41c25993841a189f0b9038d30a29dc

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 63db0be056acc020d69a2cf7f626664f
SHA1 3ab43b13d7c4204a7d7f6d01112f06bd57a6446b
SHA256 34faef890db0798a305d8670f8bdafc91026d6eca47d37e7a224be49a7a0fb6c
SHA512 e05cfb901c820ff07123ee49278bf597038e1d9e4eef9c2b88143793ccfe3d045fd8aa315a0efaacc7bf75743cbf43f8feac1b71eac61b81731b3c80f4189da0

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 71286d4e9847d1b0f9df708e5b35e62d
SHA1 cedcedd8908f9c23df56ca29ae40a858049a42f9
SHA256 eb79402f6a1e268a27cc7725687a3b95b836ad713b97f6e5107c73f42eb21c91
SHA512 01774e72694f7570ec07cf1a9fbb2d1e7c703eac6251d46431ef69e39785d40c2eef77b2200eb910f2aef96a33dc4291a2b636061f6315958b093408c61727a9

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 2ba6754bd25981cec7e5c7b86fc5b31d
SHA1 b95b89b73a5fa71c6ba60723a1e80807ac41881e
SHA256 7fdcc54de666f9c74a7ec495f170a71d6c20d1aa577f1f9657b51835c56e0d27
SHA512 a5733439b6bd58f6761ad3edceda448c4d82b39f53f7f510c1674568750ab4ec9bfd577acb8c8eaae28dacae00dd650c9afd4653b9834d5815263291d31c66ca

C:\Program Files\Mozilla Firefox\updater.exe

MD5 e1306125d4d58f3cfd31d425b8de3ebf
SHA1 fc13c099e439555bba5a4f23bfbfc8441b76a5b0
SHA256 7fc0823f79adf61332e09162bebc8d379b6d7984f2a5ce2c1d4619314e75ba88
SHA512 a6f368832c19d5771de0d23e0ffbc4f0ec2068a72dee0e1d8ba3c959014f372e7c45d4633282348db5cd5a56ba32598c5acc2bed3a0d59f9f416532f09ae43f5

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 e19623145fd2f4454a301ffb056e035d
SHA1 80114d0adb3c05df508a76aff75905dfb7e8cf51
SHA256 f2beb0c596487f5368c3c60fc026db73b561108096842419dab3f806f2a6e0a0
SHA512 0aa4fccfaf80042f651e36288666ca0cb16fcf593f5b834510393aa22adeb12c21d467d80ac7aed3e448b9deab42a2f419bfa977b818c8f0f10a0ffa1ecfdf1a

C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

MD5 a312d00bfaf0826525ec05c4f1e6a792
SHA1 0f90e5835d977d554680b93f5c9300709b1b9282
SHA256 1bc64c1973195e3a617369bd189c4441518b1f0a66d90e8b89a972a01c23a6ed
SHA512 3a1cf7996e454cdfcdc4e551459a0cd97bf27a32683690cc2410413f725f54b7b81d799da58db7e29c3337e68b55f1666a5cc73363a059fabf760efcaf2ee35b

C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

MD5 811465c93fdd8c38de52b1b08baad44a
SHA1 13d596884e9a957178ebda0baafe909cdd9951e2
SHA256 25c55a742cf7ce26ce855e6c8d22faac79cadbf363e87f334c46ec305a7a8200
SHA512 3f7dc7cf6f430b00eee264fc674491111f9c63b92c2473d1fb3b152f35c725a9cc06568d2c097b9344927dd6dcb33f24d643303b359ce1a009be1a04f3f2661e

C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe

MD5 7ca053288a27a6397dce2d7af1807b9b
SHA1 91525b2452b4490e59fc9465fccf23c067f80ca7
SHA256 e7310bd49de5dbf7edb4598965709cfe67d1555e64efcbba37a229306c8d150e
SHA512 9c7dcda3f27585324c06cafba4d711f158d064fc344946df301bbb0519f05d85702805aba98888f770adf36654918570116af67851aa540275e997ef7c88bca2

C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe

MD5 f944bab361433c33b826eaf4ccd3aac9
SHA1 989091cb3e440ebbca9c1cdc3b3c74f70e22c217
SHA256 d0fb3d5797186e4415be380ca2c7f710811a951f8bdf705e234597dcfd636695
SHA512 b714871c2f5ed335b9415c6fc8c81ba9613f7744c77cec1eca2b42d577c4a3ab30d6d3e70bbd78dfee02c3f8e024f1a48feadc4e83978bb0b78503a88da3d733

C:\Program Files\Java\jre7\bin\java.exe

MD5 61ba016105b9de1adc3ef0594ad2c083
SHA1 53134a2ba3e6394d3ad3b504d897ff32be07fe57
SHA256 650482515a13d76f23c5523228aecf8f750eacf39303c3a2c7452d9c38e83c0f
SHA512 9130effa97f9470f19fcbe61126e01379cf1b577d3313f1fad2723b1293da4dbeaf95294dc0087914039bc1fe8254748bb555542e374d213c7e6354cb6569659

C:\Program Files\Java\jre7\bin\jp2launcher.exe

MD5 ffe27927bf6b9b6dffff509dca139e45
SHA1 6ba110feddcad0c3d23dc3bd940ff7b3a39f6803
SHA256 444ba7084a823cc321315087414b56e867083477c70441c51083d0ce383217d6
SHA512 0d95b1d5e4f904ee34acfb893189d9e9c9c3413192868ddc3f109b774b235bbd1a1afe81f62934c63a484b6ac4d12cf35e48849e998c59273e6198a7de925da9

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 8f15c4e7ceafa72b09d45537a6d500aa
SHA1 d762d032d1c2859f4a1699ee81e57f181dead8b8
SHA256 8764dd7d95918e73e9a4e920d60ed033689a8affe5bc39da22b777c18f6a3f82
SHA512 2bf9be2c367885e31a7c45d08e6d348d763fb998fdfc5942b4b41e98338b3c28f457e65a05b1b1b7dc39a5d9acf7fd0f53a4c80d30dc0142f85a00418b068a64

C:\Program Files\Java\jre7\bin\ssvagent.exe

MD5 41d09e140cc986c056ac21919aeb21e6
SHA1 80d84903ee027e4e7a072d5a5f9777023fe9b066
SHA256 5bd15c9d23335e80365cb833b1340865f948320daebc196a5bae99fcfb81b402
SHA512 ed54a491c915062c10c6304f604916cb35af4fa62d88262615b26923ce6d19bb6016dd98f0144344cf9371298dae1fd31f406716302349381a00e328a0fb5926

C:\Program Files\Java\jre7\bin\javaws.exe

MD5 897b60d27fa65eb4cb306af92e0d8807
SHA1 9dcb7c5de10d6a2b06736aa690f43b342e018793
SHA256 0820f8177a28b1717c07a027d75d272fadab8e2fff77d4922e5b31ebbfdf360b
SHA512 1382f806e40d73fe76c10331b48384c8236382abacd63851ed485fc7432caae636fb42290a983a149e799b1086bddca5fa6472b462d29d08b3a1bb3d50be5fd0

C:\Program Files\Microsoft Games\Hearts\Hearts.exe

MD5 539657a0b3a5298521d389a4e47c27b4
SHA1 be094941a49c335d99f348a64c1a0fef8d8c2662
SHA256 df88a9b1603d075c1caaabcd9a03e6b45f171a80a96ba15a0f39fa98fea4b29a
SHA512 e9d20a374c715541d733505f9beada889b4814807f6ce711dca77e1db3be41fd3ab1f88207307c1c19759cf238a9a4505634cb79c8588f8843a93dc8f3752170

C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

MD5 06eec8a4bbd28cbe0fb9160849fa2a37
SHA1 6cb1dbfb408183e58a3c23b9ed9d80e0e7439982
SHA256 a2bc4e5718c337af1404ace659a20ac6d834c60e79e89794032a608a012e6663
SHA512 2abd6517c444386730734012f3ea464a2efa30c2111f06ada1cf4af6edb0f6087c9fddfb243dff0545d20f3895b5905ff21d33c0e3c13d535c76f0bf11aed3bd

C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe

MD5 bf3c31db102c7bda18dc29d355dcb726
SHA1 b07f4c993e46bdda82509f76c7655cc3af15ecee
SHA256 5c9b2daf1de95deb6e3da2b7037af6376bfb2dc6b346e4f08fd672b40123fdc4
SHA512 d03be1f698ae1f878ac9a9a5b40d4284e587188dd9dfdd71f0fe287f17c213841e95fd23774e0c858fc365f00326734da42c37c90940dff4fd1073d9118e2a17

C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

MD5 618d217842bb534c72d203ddf95261ca
SHA1 3cc0661356f92762343e2397e95c6648e423045b
SHA256 573a8a382438daa75fe2b7cbe7cd3699a37b991d5b50e686952ce9072d1b6999
SHA512 89c4e35c26285ddf1d01a854f69f23f227dc9c987091d446da5db63a883b3106e6215a4825df23e0fc66107022fda362682cb3f887a0cf880e9b851ba47e1874

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

MD5 07e7eac6272d8d11169d332d0a21475f
SHA1 9b7090d0233ce180829257c38d2ae7a00d7c380f
SHA256 c3d6aae77f7a6ae8608d0219b8bc2326c1af1581402179818461a9f97cdeae45
SHA512 3ac6d248708217393765e61ab594a46ec2ff9a1d4bb5069883b9043e25ed0d244bf5c79cb42f15592d4043038d009efcf8bea3dd1ed78e03370fc9ca6b5a8d70

C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe

MD5 4a5f53e0926eaeffbf163e1bc2135f4d
SHA1 dae68de912eaab0aff8af22373b43438adee82cc
SHA256 84dddbc1bf368e7217110be519b6239b3e2920d0bbb13d7de7b77347299c0e1e
SHA512 4d48bf7856d01dcea184f4ce789eed4ab1bf493850b9f0a6868cd285b7cb654e9e345013e3f5a06de445ea677ba146ad5f7b0a585f46189317801408130d80b0

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 5b5c0ba40e1747685aa9dd95d4ae9dbd
SHA1 33b666118a7a4982b0c5b6f7ed416014c2547bc5
SHA256 83bf86f1e43966f1f25b5520a471907103082f7bb433500467a552b2ff541c37
SHA512 b2893d2b58ea4e8e994f3617561215deac51690e55caffcab2e22d74c4ba35c468ca29f4b5af07066fc7e918545d6d63893bf747d85bb0b1aec17b5704998025

C:\Program Files\Java\jre7\bin\javaw.exe

MD5 95c3f10c35381aa3362d095ebfe27970
SHA1 f1a7a7de2fd289557b0a760839efdd22d30aacb7
SHA256 0aca4b973c4b79a8d6dfd917343715b9d5ce1c25cd4351193f1f8833a7e1cc26
SHA512 87fb964ac93be2ea3e6085ab3c8ea983d8ec4f801c14ad740cc1b436ce3e271603ae2fed014880fda8eca1c271670e9b68838935f63182e47503ff6f7847de7a

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 5ec43166da179228e0879e70d9f5b5d5
SHA1 5377ed31778ae4707355e2690aedcb37c2f8a6da
SHA256 1c6c74d2b2b611a6d34d918c66fa5dcca64bba214d7373e3085f8861b9590471
SHA512 1854b7bb99aa498101904269d359960faad3d4f047e9e244be945e944abdbaf7b48c421708a8e08964ee11b5ff7d8c6f3d502d54609883ab27e6e8790c2a7cf2

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 9edc59ffa1358b09a0060a9d43c85266
SHA1 3070dde1e2a6dd96e16b2201354bc5b1958d7113
SHA256 f78bd100e3dc0fd7721f1deb7aa8a2444547d6cff4dee5f56abd617c70330c26
SHA512 9d4c4996c73afff9e3f4408554cbc00d59be9c3e14e903dbc4df88ac5f7f8669a96a2e783b77a0bd85370d1e06909faa1f2d1beb4523cf4d8879f48f3a7b83e2

C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe

MD5 60d872df862c2d5d48caa88a6c540fc1
SHA1 856d2c40441d7c6b63c8793e38c8f15f758de5e2
SHA256 3eafaa3c3f9b241d8a1d10ce9d09b5146ff64d88226648b1a01bc4e43d1f2785
SHA512 83b081c173eb8a67eac4092faf4b9b6ba55b9b503692141362d73b500834b15e1df68babc6b943fa0c763a3395bad818af99d1e716b131bc406b79d844824655

C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe

MD5 a3fdda103f59291e27a3b6f0a408cd9b
SHA1 5240688d9b87c6460b1a8eb12976b65233d711b8
SHA256 0377cc64dc1a9fabbdb1097feea7a1e2b62e0a992d2355d1bf2f4b3254c7cc05
SHA512 c74bfcd85df9a44cfb593fd04ac85a9b64020c8d5b95cff9505fd665446dca3519d83d94bbbc9eddbe0e8ef5b724b3e62638e6494217f3236a40ea2f315b222a

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe

MD5 ed972b7ada1e9f8f2b1f58d669297ae5
SHA1 f5f6765f7334a6fe265aea2932ffe9d24e4ba85d
SHA256 9838a6a3ad07b820e317c3dc71985c334f3a5a6e15f8d5e4f8e1c484eed25d25
SHA512 eb836917f029587accc3598cb745374d7545c2f1e46fdb6e89c2406c2c4e89675ee41050d1a3109429b917f9c74acdbb94eb5ab3ee134b6b150e8e94804f5855

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe

MD5 7fe3a4da1cbad2a44d5ed41bfe183fb4
SHA1 1b53458514e7d4041d265a07d6eaa494f489ddf1
SHA256 245c0c455aa48a260dff635b8e14fecaa150df0b85c79bf6e1d0ca3b51d86d02
SHA512 170167682477bad00fffc2143759faa742c041b743a870a79ac523bda1c550e179148ba363b2fecb0b2d6dbb082edc695fccb6a89a850cf4a7b5d34be3fad817

C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe

MD5 403c73c1f5f7a0e8429c5719796846f7
SHA1 750000139947be65258a312c9b16f5e995e9ca70
SHA256 19cde1c2612b9bf119fa7378735b44f8ad57c793d024d53970e300308cb85d68
SHA512 8fee205c21e0593eacee0822404eb862b0cb0524416e66543649e365e8c2ee0dc5be6db47347f8b6df61b1dbb0d12abce0f772c2847620f111a0f9ad0421d17c

C:\Program Files\Java\jdk1.7.0_80\bin\java.exe

MD5 1c5be9fc69cd523391bb4e80d8c1f56a
SHA1 968fecf31aa29cf82b095f2d3b8d7d2aa93c50b4
SHA256 da41a5c560745a7a783a478ac58efbed461b94dcbd6a3b6979b274bdd3b77846
SHA512 cb15d9c1fd35a6ef0aed4d0a3172d64d6b9bbae5ffe1600e695e3505fe3df9c13acb03213e60ace9fb2d7e676b22b20d37fc21e4af91fb37fc3a90b730573b67

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 20c8c5ba26bd92b0210050edf11d23dc
SHA1 9fe5d1881be9e09780280ad43799b0ed439e6270
SHA256 ba142f2ebc41cc2c78435840df68ccf923d996c4e060b66e48327c455926d016
SHA512 65b78bbc3678ce33aa4402f517bd79ae53a790dfbd7c2733477e9b8678c008ef05e4f80dd759519e667ff7ede2990f47c74db9123a9604855cbb93f21f24fc28

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-18 12:08

Reported

2023-10-18 12:14

Platform

win10v2004-20230915-en

Max time kernel

147s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (396) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado25.tlb C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook.bat C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado25.tlb C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\ConvertDebug.ppsm C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\Services\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4344 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 4344 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 4344 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0x1f4,0x1f8,0x1fc,0x1ec,0x200,0x7ff7b37cb840,0x7ff7b37cb850,0x7ff7b37cb860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdaeaa46f8,0x7ffdaeaa4708,0x7ffdaeaa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff766fd5460,0x7ff766fd5470,0x7ff766fd5480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14359689070380744136,5825889212397450295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3288 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp

Files

memory/4344-0-0x0000019E8ECA0000-0x0000019E8ECA7000-memory.dmp

memory/4344-2-0x0000019E8F000000-0x0000019E8F005000-memory.dmp

memory/4344-1-0x0000019E90810000-0x0000019E90814000-memory.dmp

memory/4344-5-0x0000019E8F000000-0x0000019E8F005000-memory.dmp

memory/4344-6-0x0000019E90810000-0x0000019E90814000-memory.dmp

memory/4344-10-0x0000019E8F000000-0x0000019E8F005000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-1926387074-3400613176-3566796709-1000\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/4344-12-0x0000019E8F000000-0x0000019E8F005000-memory.dmp

memory/4276-369-0x000001ABA6FB0000-0x000001ABA6FB5000-memory.dmp

memory/4276-374-0x000001ABA8A90000-0x000001ABA8A94000-memory.dmp

memory/4276-388-0x000001ABA6FB0000-0x000001ABA6FB5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dfe10809a1a3bce1a75f1348fe8f9655
SHA1 93fc4ea370f02224fa4fe9dede06428736a57c1f
SHA256 4d86687035c277dcc6204b8d7368c3efccbc82dc49ee7d3df37f99b991d04fca
SHA512 22b05284bbcd608e2ee280ee8f590f0aa6ea81a92806fe45e48a529627cfc433c25a874d0911d8278194a611f84dd977ebc2dcdb11df3802e95b064d5d834aab

memory/4276-375-0x000001ABA6FB0000-0x000001ABA6FB5000-memory.dmp

C:\Program Files\7-Zip\7zFM.exe

MD5 9df11add9209a9d6216a02f435ee2730
SHA1 a9b85ce1c6b49c6fe66bdf2386cd172291bbfd12
SHA256 fc17636f4f6223aeb2a74ffb83c494dd78f48db4ad9334ac4758aa6cc3eb02d7
SHA512 e63d4ba607a9bae60bc3d455aadc4e5b7de695e5b20c89479b775fc44e43dbd0e296b658de45011bbddb68a76198954e58d3dfa38373919fdc4187e90241e782

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 89b12ad4adf3e0a3f6333e59e4067630
SHA1 c83a7cfdd280c1436e74f3d4c4497877f93de030
SHA256 3f7e3b62e3593744a9523cd73c7b7db7d165cbbeedd622962ac9329f147e0070
SHA512 8e54423919e6b84e456e76ab8b67976b412c11adac87de1852f51c78bafcd9d1fdd026eefe1bd628653785c60f1db7ebd60d1ac53bd315916c87fa616e6d1ede

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 31383fb75927cfad4e76054b1398784e
SHA1 35476b1e71f9d45f05e9ee062a656c42c2a4994b
SHA256 8b090cea21dc0587ff97f701c6f3a9897e21c0fc185fbef671d61fb9c35809da
SHA512 7d7a20feb7ffee26ffe4eaa9a0245f0e3560b90aabe98c926f03f142ca5c3fb6c5be4256381cfef60ee1f569c075e0b377ec63917da3bfe6ced6b204a49af907

C:\DumpStack.log.tmp.azov

MD5 8c942f9494c03db5ae085742f4d19d16
SHA1 2742aa9f460617562ea3abae928fd41221161442
SHA256 a2507f9bdefcfa47fa9f19748e3c110b80d92d59f003880711ed0ba9e1913762
SHA512 719ea89546bf02ce7b90f22a0e3944e10943f7837146b4a04ad3066f49d38388e5b58fc7902a3ea8fe2dbea0eefa3cc2199dd6fa1be2334290b1fe37b5fc94a7

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 92db826f2f878c2638deab35c97e985a
SHA1 365efc33ed2048d63b04df09efbdc7c79768a119
SHA256 c169282c6da1f5586b492575997cc8d213b4d9f50d45a28c25543f784c380ad4
SHA512 8b239ce104a5711579ce75cfb777d5d285fe37f2432bcf3dfc6f7fbc83e0f7947c8b6860531c9846b94928742a69565fc0e1a4016a821ca9462c227ce3bd16da

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 ab9074800ae3d066910c5b30573e142a
SHA1 3c857b09da58b684de99b36fe752e1578b6a394c
SHA256 3013935521d4146d7a89d74d349c6f925901136ba6f0b0672d575e30a6250bfa
SHA512 95b378d218a3c96105e61a02cf13bac04967be513a976c4262777d52379ea39745e3dda924eee7bf574984aa549a35355649a22928e0ee502aaadc19a67c8e78

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 658c9c203aae6b2cac86cfb629f0a0e5
SHA1 67649eb651ec3499df26ec1572ab604c393e9da2
SHA256 45cffad9ab65995f1a849a308168cf3631b4e3d14c705728e4d52852243403c1
SHA512 53087a589c2f6e24507e6732a3d82168c6def6cd118e9400c661219bae53ec8391e4635ce751e7887508b8e618c22a125196226bd462948df7162dfde2fae865

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 1daae24f832571c50c6496ccfc938430
SHA1 d0e28f14a00cbb4d3996710dbf609d3514a4f05c
SHA256 73980e35c0060157daa97c9138b89886384fb1e34beaff0090fb7e6f4d694d1f
SHA512 bcae8dd9370f100fe8f18dde592f21b354071c3c85f489a0514fa364cb732f1eb684b95cd3aa65ef498957061d0ac5d4e8e9f31e6971cd901b38811176ac74e7

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 2d436bca4516fd9926426496a6800e77
SHA1 1b1834d8b00791db64a5425396b862eaf900dedb
SHA256 bd19b47553c16ba5b1d0186ba884fe61dd16c909340fb89b2ff46530b36e9f78
SHA512 44edeaa7bd4d48924aba23cf342851b56e1c36a9cf78377502ab450d04c2453980e87994ba0e1f561552f5a1018e22739b8d7e951a17f5f74d90631f77033409

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 0fef1cfb28dd37f257255cb24e6d891d
SHA1 79690a5d6decec205e011c9cfefe4b8d9f51e2dd
SHA256 ec9e608700e964e47e483c49e14bbce10ef3015e27c5c57e49fb83448a8d4f5d
SHA512 c396d8bf4033c0bf545ac8b8b4d9b382af4f6b125e540189d189cde9c1848084a7876df6e30ee0a72828d2bdf9713c4012d7a7e999647a04be66f9d7c8860fed

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 93bab33eb2781091703c99503d12ce18
SHA1 cccb49ff6ebbd0e7b0ace3c01eb72f46bcd1be20
SHA256 3ef3ad788bb8d5cda20392d6588c7851643bb57c21c93586601f50c5bda05d1d
SHA512 416aa5d42a89ab971f6cbdc07e72d8c8ce46a494f44ab07adf4f3cbbe33c990cc1cb61fe77e8cdc9f07fc643624c981fa6fb7a48ecfda385c60f0e50b6c91483

C:\Program Files\7-Zip\7zG.exe

MD5 03c8578c7f459e31572bf2106ec6e20e
SHA1 27034d4277f8e41cb1b4d607563819766b284d94
SHA256 41736743c4938c8b282299cfa151a748c01271737ac03d9bb5c76b84bb5df494
SHA512 d788a35df9b1f5fabcdc14a4133110923d6459f5016dabe820f0cb55e6438684da4ad649cef650bf29b37a53ced153d264ca2c2d22a85f6ff4356ae61b2ec268

C:\Program Files\7-Zip\7z.exe

MD5 8ab7f2167418214366753018df610d64
SHA1 e059c1f32ea541880b979757ea801cc087880d50
SHA256 925fc7a279b3c9daaa9897c14958ca78775e8ab6a439204bb3e717a0950a655d
SHA512 8cc2c6662b7b0d2f479776b6ee77760853a622c63bc90b5ef1b793157de2b11d9bcecb9cbb75adaca2009bf5d6114b53bf0c5000bc55a6e0ea6fbd633ef707bc

C:\odt\config.xml.azov

MD5 15d21ead22149a1f5238f4e26f8f890a
SHA1 4f9a5712116f73e5897972e2cd8aedeac66f6d96
SHA256 03c19d56d6577014c2c0e996c9260be40740811b99ce4dd0e3dc8e45ec7ea266
SHA512 12b498d4479e8c0ee7ca3d9f09defad2fd56dcc2db66c0648c123249c6c6cebbb3ea442570f2ad84ab8b60ae2395d820b46b5c7d94c55c8b9df2539146fb9bf4

C:\Program Files\7-Zip\7z.sfx.azov

MD5 466d9f76ff974fc56018fe5535cd7d58
SHA1 0afbc293f9966eff58b2825c9dc3c6396d233d41
SHA256 886bc62ec393f1a7aed06fa471fb969e7f452120dcedd1754d20e2001810bdb9
SHA512 806400d9ff1e7e1299774bab56435b8742964dd72680239687372cb6c63a5f7ebe7d12735bf460f595e94d725778339b4303f024a22f0bccfc0eb1116c450415

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 28868c213e42c7f6d96c9c1d1c8e5aec
SHA1 4c3ac363d7119f01811493e154aef22af649e228
SHA256 666742b4bb4dbfde4394bc815a6a29aff30fc94f79b67da591b6978869750cf7
SHA512 7e81cfa4d381afe0b0b1fa6f4a35dcde637e4c83a082e63d72a62088c46879bf29b69941934b2eaa9b32db8e4d36a0063d67305073dce72d56e6e389a15cc25f

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 7e8377e4af31780b1349b1083aad711f
SHA1 449b2231a9d78aeda1881a26a562bd2718a209a8
SHA256 5b01d7910c9fbfdc433e13b77338bc8ff7fa9afdb5d78afff5938f3a767c1bcd
SHA512 5283b9684b235a4883bd86d32d423f4c4b38bf5deee8a8a86cca1ef1812f74dfeff82318c57e9243439cd849203448f254e98f675b80221b6126f3db4bffa0d6

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 8c0f7b4ed8f230d2743a009476fc945a
SHA1 c02201d68ded755f7702b82be3bbe6050bf8c2aa
SHA256 7a6d1ef41485262fd4202c565eb83ce618d73d89347bf7f69f61ef8c2f615672
SHA512 8d651a155c6760ddf9fd0f0dbbdb7f44f1ec17638e0fa94b1f29f042dcd0085a38431d82d793d8a26e2dabdc0f2ad9169115305d3b130b9338ba5524abb1fd25

C:\Program Files\7-Zip\History.txt.azov

MD5 9d82aa0c64ff8ce5252ccae17198993e
SHA1 5c708f8e99fa33dc12c279b35ee11c9dcdb327ce
SHA256 747ef3dd9375516a3305346ba130384a01d9c7f8f9e679d371ddb313c468eafa
SHA512 ac8972ec1dfd5cf9fbc4378f42e575863c27b670657b1ee6f5c80834ed013682848f2051d33727d6b82f417ce9993d96a8c4e6a565fe11df4e4fec9fabe6ec78

C:\Program Files\7-Zip\descript.ion.azov

MD5 c04004778c41aa3909376ede50610598
SHA1 484be09d258a8a100fa41497c0ebcbaebde242bf
SHA256 00b4e00ac87a878c7c41b02cee1511567fe06050970a54f35fb6a4a77a11b81b
SHA512 6b1ad38685328de4e944985303399be63987b07a87bbc6e95192790b3fbda9e3947168584d5e2bde354999f32001756dd492bfcfd87fc5a669447e00d32806f4

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 7fedcf3d19a0c05bc914130c6da8b60c
SHA1 bc4f9d76681bab347a4036e0d04f105059b82274
SHA256 81e014f41df641ddb5d8f37f089ced63279ef3a50677a88f70118d25f9f56667
SHA512 919279d62610f7572f4136332939dd066165d2eb98b8bf16721159ef1abdd86afdcffb61f1177d3430ddfe18c2307dfffc5bd1303fd694469a8948bc4c43a4de

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 61719b5fae0f843a1e4c51f62a0763a3
SHA1 90e437bf08e9c2f464ccf9b3973f9a4bf7033d03
SHA256 ac8277f22d5fee6507ca57e816bc721ed62c1d0b3806196ae9c827d5ea003295
SHA512 d5433523deb444e3bd5a002b7f83282a1e063e234bc7e0e665f42bdefad00a3223a7631d289c949eb9b9765f97f16ffb0195e88170afaea4080fbfef80ccb4aa

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 54223bddb74c9687cad6ab839880d28c
SHA1 73f551c8584e3a4a2518188a02f80ddba7a7a944
SHA256 6bccafdcdddf44ae57cc76985990513abe89749cbe8135a05c6f882061b68473
SHA512 0926fa87c72f5e523f55df2be6e1c2434963fa0b735aa2f8d8054449508627a6d85888d4383bfd6236e2f759878de331069297db996226c75b97d5f8cdab9eaf

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 b37a031524b9d02e0b6475c566d749a2
SHA1 1cc011ca58a8a81278d099294cf257f23ad2877c
SHA256 59b2b6a00909ce52413b564161bddb627f9a93208bd9bad057fc426d428174b5
SHA512 ac867389cb382e7fd4b50ea6efcf9231b73d91f735d37cbd6c023c7deaebc26ccdb9023769317b6c2200768c0aeee82cec8632a59e23d270ad64bbc53ffe87c6

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 77a48f2bb031fe42f847e63670f7c62f
SHA1 136fffa9d399fcb1e9904c136e4aee8627c3acfe
SHA256 ab176f3142bc2d2dd395b960c162f4d4eb9d254013274274bcbc981721666be5
SHA512 a4f9912f6760e8c869af9708d50f52189bd3c389aac3239ffa5ff63f85d589238fd5170c18c6208b24704352bd75f6a8adba59a8bd08ec9a120425a4600d5212

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 34618fe74c73458e836dc07c1168565a
SHA1 c9802f27feef49cf4826066dd12d1e6e02269265
SHA256 7fe602cda320f8bf099800d722f2b2d8d32f418411dde9d174044fa5837d1b6a
SHA512 4bf4438e27de975415bf3060b8087d8268fdac6dfe677a28d4a5d66640c2000d059d85b034ecbbf94fe1d31316e290c2c4d6125ea23699d762659d578b307a10

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 23fefc02c7287be6e56afbdfa439888b
SHA1 0abf367ad375d62646b14e978faa12429734f041
SHA256 fffb76355972089060a4bf10e4f7b4f30c9ae23485340138c3330f5242523b97
SHA512 47892f815ee6ad152a5f93a80d983923afbb2d33c2f7622c64eea4abb85d115da62d7a0590e927cac403e99de038acf8bb5552d83c9fab97fe319a6268397d12

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 b55a668c2d09ba70f54f181f3273fa98
SHA1 fccd889fa20e6e34889e1da5bed3a89b4046beb2
SHA256 31f1c18d2e55afdc933aa022a6726cf0de7e10c38c075d6557549c6d224e85a0
SHA512 c51730db931abfbd25955986fc6a2c6dba47d069d97ea2d61b9feefb022fc0215cf934de69e260474131bf407c82f141671e7fb0cd367c4c8f6ff738bf053d88

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 c2b2861c60fb2e787f1aedcce58e429a
SHA1 87908e449702b4b39c656f7d9bf6419382d8d0a1
SHA256 6fe517cb1e24aa1dd8672bf5617458b9b3e47ba16d271f9565d15cafc7a5bc4e
SHA512 1aa4487cfb50e7fd0d51cbdc59afcae69b5e6bf81df34cf78a10a644c9175440502dcd611466252b4f674e92bc47d2a679807bd84186ee298295cf2f1dcafb21

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 714f83940d0589fe5ac2efbb0df495db
SHA1 d52d073bde0f61b1394cb8139f58bd8993bf8f91
SHA256 edd06f1ee954ee13f1251d01a13f8b1fe38519dc1aef1c06df9fedee5414fd1f
SHA512 d397dd29774abc698a4392ed7116174637587e01862a4fa633e02d72f9950973a0bb65137fdef9295f9b58cdad921c6b23b3e564b2662a1b69589620c7047d4d

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 7a3964639f63f582afccc44da92944db
SHA1 398bc9d8516f9eec8457af198c195b617b16848a
SHA256 0b49f94252a34243b74ebb30592ac229973a65828534dab410446600d840cade
SHA512 d928a29fd279c77f7c3fb714138b373a4b0824b471fc214bc32cff5b2d987950e16ec0734f37788160f72dd46824e1fef837a6549cf2345bd45cbfab7d62d21a

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 3a9351793447e69d649d47920882e8c7
SHA1 294f528de1459fd0113ae80cb14e5c43a47d59cf
SHA256 dd77a1ce91f4213d4bbc727fd8f6957f1c8529415a7abde73e48bb67a474a3ac
SHA512 177676b7b2659dd2311e1f7d5cf637549f67eb3afbef7416d3407fe981faad2bd52405ce6e917e9a63f2da32e384434ccfb29920c50018d7ec99f4cc4ce51c0c

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 d4c9d578bfbe6e0c6d7b23af540e61fe
SHA1 c8a00187bda9dceec6cbe09397e3ba1d957c548a
SHA256 baf8a941b60340202da381ec308727b1db2a8d707ea389a5340e1474d895e647
SHA512 54ff206d576a5569ac486327dd4fc5a8e2a121909f9d5bdc9c56c9bfa486283a1283860a45d0987859dfa8a5ddcbe72300ac151d972fe83bbd55509494ab0846

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 478a2b6c00dc47f8755debe5abb34479
SHA1 0a8e8fc8e5b88ad8efaf557de0202567dc5a9319
SHA256 146449d10b532485c0dd0448a8e4ae68acaf6c6bcfb75cedc196c38ffeefbf41
SHA512 6cff2ff66d260e7586b9579c239eb7f6d70d29076574c986fc123cb018914d6d7c48e466f530f70a4c7a56424aed4946e4196bf7318b8c3a058b2e2809a9a123

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 ded306bd630d21def64cf6cc0d33d26b
SHA1 8e78207ff617736b8bf47171261a6b20a00ba1b4
SHA256 e03560178f973221222564540d1d2258f00d7aaee9ffd8e39af20ed87bfaf807
SHA512 794e89e9db29750c0469e0c49e6370805c658fda34c23085a3b0331a6628c4ad67365c79bab1b60b14c77630e0baaa6c82ecaf22be379417bfeadf946271d501

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 b8d030bda87ac1a26f5b4cb6bd7809ca
SHA1 51e4829dc3ddfcc810c2b683f50a8407b035debf
SHA256 2b0e12325f7024dee07d4684ae0ea22b9d01787a7b5741689d9eb02bf975e7e8
SHA512 dd50a9da8ecdba948a646cc9f14d4649732949b34b4aeef9ffcb1a95366f801f81b504b69b946fd16e29b3212318b990daa4b1d7b1839f0c043828217294ed95

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 d7a03973ac4745497e8f3b8b9b1536fb
SHA1 881d89831be55674c91408e305cb02af3cca006e
SHA256 060bb62869900f8c7c93667b287caa002e027673e355bebe584c1888ab2eab52
SHA512 ed01630f946bfd5bb64af78c315fdc3a26212b2a925b4f6189fd1631a9145110fc18c778fdbb87c69ab28abbbe53e57f0bd88bf21cc22b03ecbce8e22bb7d687

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 cebf5f2dd79bb505be0b42d60bd85689
SHA1 b1071db94518df36700d481c05c1cb42169fe3e9
SHA256 fe08d2c251a921f23fd7421081d0a811576509d437aaa003a28fe5c74de44f5a
SHA512 e5564205fd9d69b324fcc3129cfa2b70dbab128909b6eadbb95da21d94f0dce68142f95f90cb76e8805da7f4775eeda2bbd2d4746dfed0b62d4b12a665229b8c

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 a8830bae68d123edd517bd7a1e154e83
SHA1 90d9cc5035fc16107e7c29bb702de199eb74f0cc
SHA256 d6d29a1b41e3c532ca826fa3dc5aec575cf680b0bb5ac03e6e2bfc93efff83ce
SHA512 a43dadb55ac9ee01799ec00db38156aa65d2f4da01fb4ea677aa50797c17ef9356f84fe7c2795b24c4ba10d95fd3e5681044b4cd99e5e0fac2f98fe43af6336f

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 55f54a2c98e567e232d2eeff182f6ec1
SHA1 9ef532cda87b64873a5e9f1b3bf55645801ac314
SHA256 f1bb78d0bc4678c021b8b3f0309f4541f7e9f94f1b903e6f6752356805eb60d1
SHA512 ae3107c87f3ca938b96d2d779e64f34cbdf7cb5bf914039cb50fee3af494b305bc3871e20ce50434b4865d9b84b5dc76f5f1eec07915a3ed978bc5b09ca01b5a

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 45821d1bf01d3da1875ef4e2d020bbe3
SHA1 a04dfd553354a6dec3fcabac70433bddaf516726
SHA256 b452ee9d4f3644f8033f0671a5ff8474a4597cc0fa42753d0b73db5a0d4762ba
SHA512 2ff2b5295c69d8224754c2554478a5105b433e595ba28fc1d28f3778f9cb042dc99c203e07bb23b196b1506cb84e51779c9a1eb04dff7dc18e335e38484d30f1

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 fe4fe8ebfbdd4640c865c19e56c8d3a6
SHA1 bae815b856f41f66be21ba692678dfe10e7bd3b7
SHA256 006f6398803cd683f8848acb397a05d0bb0e8a2d1724ffb551b8920c60bce3a6
SHA512 926ed6fbff4b2b727e5ea083d264c46bb22a43bae9b97a77c49ef0a1203a591de95ab730087fc106d9f3ad410ad1a143543227310ee1258b2a4fcbfdddbfddf7

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 43c541c3404460d61c2c0f04fc15696a
SHA1 c98bcf0b98bca5cfe36abded21fab86a986dab23
SHA256 0710e5efd009d2081b1d0c166314817589b8befe93bff32c05f04e360ba22e24
SHA512 7beecfa78ae31d215910eed6d0adc903513e45b31a1c7e85644e1f7b2101bb11e30fa84b1ae7271a5061132dad6b0e01a67cc32bed391a6eb276da90443e146c

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 0b8eaa884655fd36ec787276ae6d374e
SHA1 f082b081c955a29f116bf5dd37148a428b35ad99
SHA256 74123a2da890eafab48f329c238400d1b160a6570d8099c2552d53959f96417d
SHA512 43f747cd4797328d653d77709a846c18eaaf364ebea084b60b910a88d6617ac57e6d1330e56e71df8e242003882bbf34e79b53967492f0e37a0cd3e51c1e5333

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 92ffabf07f1edd812aca664c07887f52
SHA1 0bd9dd6b1cc87d89e33777555d0724eea8412c0c
SHA256 8f7bf6af05aa0b6c296c6cbfb344845435324efa6ff0e2a27115cd0f7159c3a5
SHA512 ba73676718302797604758484c2dade95f30e03de3d2e3f5ddd685904415aac36faa0744cd58b213173a75d66bf1afb463af0da4a6e05411ee82261a15b43d5d

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 5f2427a88b2f99d1fc23a325469b8332
SHA1 00f52af56d6fa27afacbd9fd0ceb8f2cd66d7d14
SHA256 8a3edfcd9951af494abc37c20a004f975031d521d9a31a6c49aa53045e2100d6
SHA512 86f0f9fbb9b03e9058351823d1b348150cf36cd648dccd00f62aaf505b13eded2492ceb36f8cc80ca1cb90e8f7c01580efdd5f1913925ec309d34b1e5f763e43

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 da244cdd6acbdca92f9c89c91851eda8
SHA1 7d6f619ae1de2346ecd79fe4f5f7deedb8a369e9
SHA256 62e49c5b5947d19be2c83f32d35e2c8ff9daf3b8481777e261650f0812c3d1e1
SHA512 4f9d1c2293bebcf91a59b8bedf7b7cc4422e55948c6b61622024e66a5da4d4949afbaacb4b96795ad11c1fd5c1cb98e6fdde353751a2bbd8c16fb94d1777fdec

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 8501e4bf201fffb8c8db46149c2d739d
SHA1 9891ed259e74661696222225716805f19585e832
SHA256 deb61fe5b5403e78d0db1a6555ed0031bd8727d4ad97af62db273c46076982f6
SHA512 fe03054e236817219effdb79153a8983a086df62fc74934009cf579bd7f97286b3e5e96e959a5fd91a56e3d3ac95f9983617e84f642ee446e54263e947cb7aa5

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 076a6e3d351b19a3b43d995c28811e31
SHA1 f229fc00d9de4c7efbb83272d9b8142818c6c5bf
SHA256 cb284ef2bd5e0d74828444ec58e294183a8247687dd5a7e2eb0c2f1d116cc455
SHA512 cbeb4343d2cc0d118a7ff861bdd3423875879dc647793ad19ce8eedaa2f088c5604b9442403da0bd54663c30b8c5f8bff9f33a40fa7fffc18ae4b9c6b21f7503

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 058212014766b5c85fabc5118ccd8690
SHA1 7bfb202092a61debbcabb27c1551f399f0fb69b1
SHA256 6c0443ebdb6ad7fe5bef0be8cea4c7932b0afa907938f9532110d2b5c245f747
SHA512 1d6de46caf5d074f11a1637e7e59e948309e5ecbfb3e52c67e9a6f4e0d045b68148303f30f69fbcaa0f591c9de1a481b351b9010f837d4df2f05196a1dab053b

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 d22164b109a3d1540a95f3c17308e97a
SHA1 2a974535311a76e010f470b86d920544e8ac77dd
SHA256 13af266ed2c9be7e927b99199f6d71d010b87f7285484085670eb6b69b114d81
SHA512 93fa00dd9b35e6008bf5a0384f6f87dc4c970def8468f9f14bb27386bba3d7b8bc82c87db7533093edfdba35dd2143ed10ee081c216a3dff0e87fe8d0a220edf

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 82affeb9b3a6428095c318a24105d18b
SHA1 9d7554712d31cb09f66a028c55bf8d6d0846f925
SHA256 4e02ae7b520c0e720e9a177bc84ecce36e07c8d22b9a3f0086ea4d08822a29c4
SHA512 f80300507cdaa0973dbc0e12d0d5063e4d6a83c0bf94b153afebdaf08c87ca34374c7f96ffc5702091b20d77af869cd76a91b6da2eb5718e269d02df4f5c7abb

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 6dae3e5bc3723bb97e4da924ad5511ff
SHA1 c66327de994a3a840547cb176688caf95ef60074
SHA256 eca1b1643cf3a4b80e7c40dd61c9999ab0ad070b4eac346dcad192d87cc977cd
SHA512 5a202bf8a01bcdfc32a86efb58b6d627d311be599b23c9e5f24e6171be4155e90ffb92646a64804df949fff443ed1f71aa14795faf8d26b664351a21897859f2

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 7dfab970f4c42e8cda23a3f4b0ae33f2
SHA1 93c90c1c6ae0e4000cd83940ebb3e71fd646e59c
SHA256 a8cbef46cd7b995d6af446406a3a0176634655108245f738e4279c91a3fe0d1e
SHA512 310dc576cdde3ce0e9c04806c82bd11f291a8f734b72fdb40a77c02d4fd2b029b66c4e068d6a0e3c515c2f5158968c2d49d00006fad10633dbc09038376d1ac2

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 11cc63bb98c50e353568f449c52f5d49
SHA1 430b563ee4f16c97b69b03580219dbc7a97513e1
SHA256 63717013aa5c97abe54106bac781abe78d802602bef8e7af83f4f6b1c6fa7e2c
SHA512 04e8b949540bf1e2e7a8f457c778caf73f121616ab2ae28d254490690dec22600b07b680affbe111e4ba2eecd4d46fe7f7c13972ada2d301facff4a76c5fa0cb

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 fca80186b9562b25a1c78ef2b0e301f6
SHA1 13a5a28be48a71a6524143fd93ca6025441c929e
SHA256 b378fa6b81ccf6d2530828b05c3e83f89904585b5b0636f6ac3c1d7269276e47
SHA512 5d615d60747026fe7ecf050176733e9cbf58825f1bef5f08352dfe6d403783a7154fa54f5cf3adeb0351e9859f85cb7b57056f16ead3c120512328ccb7b6f4eb

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 d6642c0fde5b2aab1b048e407160a9ac
SHA1 c9510bff925e53dca59c9fbfd3c0de62e6183504
SHA256 1ef0b0bdf7308aaa5a4986b213187989cb6586479b69ab5202064429fa9f656f
SHA512 780168b8ed99f439885329e9fd5c3d7ce580d52c120d92b37edae51e74ec4b259cb8203e10dcfb21a95ad2b3ec871084dea951168a6c680e444e6fd986c08a56

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 547bbfc52db321a0a697f4d72dbe0a21
SHA1 d25707ce17943c934a71e3aeed611e19cbaf3701
SHA256 ca7f323f9570470d19d2072571b1370a131c09c9782f35e51c3c6186887afd32
SHA512 d1d7f905ae0de48193a91847132d7ce4acd686eb1834710011f87e5756cacbdb36e2f4b36a869ba51ca5fa72bbf575d0528f0e8b172a9f1055627f45f467b613

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 f763408378b56a4296bdef64ee72cdb6
SHA1 28a7a599b0bf9651668ae7dfabdba0e5c2ffe091
SHA256 de5b2c70378fe002308f74261879ef163ea1595d0fc997496aa8f05a298fc642
SHA512 58f013cabc7164948fc856dd8681e5b6ae8b105c2d4d19238c2b0a319ef88d40516848dbd3b2f1a7ecefa8b3dae6be88ddcb752ab75b62355951d45f840e95e0

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 f8cb7c17b8a0552b08c873240769994d
SHA1 794a71238d6953d4a6e035fcf32fcf457d0265d6
SHA256 b04a46e6a771903f126e58b6df8343884962fec0db4d653f9005c0142d0e0db0
SHA512 f5509ef4710a41aa22570d56d2642c2d9eaee5d4b7c48797f7cc1f6244df053998c164f90366cfb81322f737cd95ae7dc5122378e468367c2cdd4632093e6f85

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 26d9f25ad918e991f932e863b0f3ad90
SHA1 dff55d54a9ad8a65ee58b59aff7bd986621c5359
SHA256 66837489a0a5269014c83df512f3df563d8e7a4842a123454332040c44c96211
SHA512 3e092cdba3a643dd81f3e595c1ff4cc3fa4212d07bd294b3968b977dd9fb67c9e987223d51aa40b416987c5a401816658350a0e517eaeb47a576849f2c77fd47

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 1ae9e77ebe44a53e015177982a5d4fc9
SHA1 0fd9152464a05c969b3f4bdbbac3c1ff8c7f6b0c
SHA256 463a40767b9a8af48b9899a15c2318f76fae25e03caa6127c18591cad4555529
SHA512 ad2c5899b62757bf8d744c2b3bc7ae730cd6b646791582e76c59f8f094ca915f1c498857038247849fdc398653ee33d79306201079e001c7fab16ec829b28f6c

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 5950d2b257c9fd6e7aa4ed8f509332c4
SHA1 9593504ba93592a19280265ccd3e30de0229bc80
SHA256 f2c5daed488cf2b3f4ed3bd40a22095d1161b176f5f8b8c22e070734adf0619b
SHA512 ee7431945db72478aea5e19ab9cc8fce2b920449f1bafba4e22d028aa09503617a96eacb73b80ffaafb6cc1e0cd1b720ee4a8c5b97451e3b073f32abfd256efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 461ef97e34625f7c9b4494b21da753cb
SHA1 7225ebf0319ec3b6e78e5de5a22f3d4f5f699613
SHA256 991f52d58ba880c92e1a2bda0b3929d1a32e6d534ff45cf4252cc82bccc5af8f
SHA512 03646d79e83bf8ada66dbb629a22c102edea23ea6342e15ad9fb5bafa5b2b602e43659c083749498d59329a0856cff2673c51afb5afcdfe4fe701a430b5c0c41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c4718dbcf03b6d421fe0b8f5665b3282
SHA1 31bf57e94983ceff2923092d2bf9a6e64ddc521b
SHA256 3882d6d984467f1c91707865704b483e1dbe69b0375cf94ccfc22c43784b093d
SHA512 0b87bb3e491154482028bee867b3c2e96fd135dabbbcbfc5b5dc57ae16736aac80abee4dfb526a2c77a178d407a4c07b91ee78a9452fa12d6c3e4d62409bffef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4074a99582e7ffe8b3fc5f6c41874497
SHA1 81b675257d05238998b8676a6d437d28c07af208
SHA256 e55662e74c1ea3c1375757eed37f47fc8566c1cda7a062a7ed4315d683a490ff
SHA512 ae586651243bf27615edd3e774ea80043a8398c5811d82e252c2f134320be38237bc4712d7151c41ec6fa01243e48402803c2b5b419b2b4c855c317926650052

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 91a2f26c41c6c91f2fdc68f5885098d8
SHA1 d93a88d3ca77d2f3cd89d8ef468d51849cef3610
SHA256 e6e71559ae330cce6baecd05afee620d2534855e3fe6a6b8345606cf4cb6bb45
SHA512 2fe7283ad962ca4f32feb89fe0d973b800641e99e629c27d4fc6db97cc9ef48809286695a59d032dcd8d4f893aeca15af452435975eb522a74d2f8ca0b5c84fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6d612b5020ae9f1f0850d1152a726f6
SHA1 9db77048ade5f532f3826c78cc4baf9c23af8cba
SHA256 607c7f6b3d8785c2e04f135455658b168f4a7df33f18edb86b20168fb246a164
SHA512 d38dd69946ccd798c7c4489d97904454f8e4ec8dbc3df24c0c37fe46653e4920745eff83da9f2aa6767abbf34e92eeafd034e566493bc15f1fbc89d7a62f2df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 904ce1c4369c0a0dad01c528f482a763
SHA1 4ea192332d5413c457c3c697cf3305f17c9577e8
SHA256 4e777ba3f914df2c1548b10ba832849bcfa1370f61a54cb037117a8c559eef3b
SHA512 d4a41abd606d0e29ac00d6b41df0672d15743aed482a8b803c6f7ef32479a4813c5efccb6837ad1b50c56fc3e2142b5eff137f61b794f02f4b5addf94a19a9f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 4a078fb8a7c67594a6c2aa724e2ac684
SHA1 92bc5b49985c8588c60f6f85c50a516fae0332f4
SHA256 c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee
SHA512 188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2c3972a1-3548-4c41-830c-331e93286881.tmp

MD5 42a8f7e7c8052039eafc7f80694cdb21
SHA1 765b9738ca38a67091c3e23520299964788f9f18
SHA256 a7ce73bd58194c73ff578ba6967d6ff89c6ee4decfd2520506cca8d07f867216
SHA512 02e302e805cda30a26a7d7c63278a0e3370047f67333b8b8cd7b917b172a6588979276764cb5e99fab563c63f08d75b760637168e287b0d74c8884d6e81ff981