Malware Analysis Report

2024-09-23 07:07

Sample ID 231018-pajahsfd95
Target 11135191670.zip
SHA256 4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b

Threat Level: Known bad

The file 11135191670.zip was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (5260) files with added filename extension

Renames multiple (276) files with added filename extension

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-10-18 12:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-18 12:07

Reported

2023-10-18 12:10

Platform

win10v2004-20230915-en

Max time kernel

182s

Max time network

181s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (276) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\Services\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstaller.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmlaunch.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ado\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Photo Viewer\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adovbs.inc C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Cortana.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EU3498.tmp\MicrosoftEdgeUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 456 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 456 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 456 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 456 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 3324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4108 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0x208,0x20c,0x210,0x1fc,0x214,0x7ff6ae59b840,0x7ff6ae59b850,0x7ff6ae59b860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8f74046f8,0x7ff8f7404708,0x7ff8f7404718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff644055460,0x7ff644055470,0x7ff644055480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,334216982918983177,11335815203966796069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 126.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp

Files

memory/456-0-0x000002D02F250000-0x000002D02F257000-memory.dmp

memory/456-2-0x000002D02F3B0000-0x000002D02F3B5000-memory.dmp

memory/456-1-0x000002D030DC0000-0x000002D030DC4000-memory.dmp

memory/456-10-0x000002D02F3B0000-0x000002D02F3B5000-memory.dmp

memory/456-9-0x000002D030DC0000-0x000002D030DC4000-memory.dmp

memory/456-6-0x000002D02F3B0000-0x000002D02F3B5000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-1926387074-3400613176-3566796709-1000\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/4392-345-0x00000233FB9F0000-0x00000233FB9F5000-memory.dmp

memory/4392-352-0x00000233FD400000-0x00000233FD404000-memory.dmp

memory/4392-354-0x00000233FB9F0000-0x00000233FB9F5000-memory.dmp

memory/4392-355-0x00000233FB9F0000-0x00000233FB9F5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6bde7f9641c8931bb289c5bc15f021b
SHA1 3cf9bd628c32fa8099dfca29d1008d43f67daf45
SHA256 01aee50b6af7030363eb45c0965175dca64bcc0baba6f88aa6cf019bf44de9d0
SHA512 f00dce169b57b20e087c455a349dc3b024ef34c3e2a9b8c6f749ade443b9eaef1dc9390fb1033a3c046b22061fcd2956bda7b65721285128dd8d0acbb16139ba

C:\Program Files\7-Zip\7zFM.exe

MD5 20af9468811fddcb92cdeded5f66ad4a
SHA1 9757fcb63b8b32e86ab4a2fd0a544df71dd3a89d
SHA256 7e635b9aa26d1ec20fe15c76bbb724c52e7f70d26b5e21069592d252cfe5e66a
SHA512 6455b7987a30180fffee9d9ff53df97555e499754147be759c9bf186f08c5540630a6aa7d96aa3e6d0b81945ee0a84542a134d2becdc25f9770a4749ad0c15b8

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 768373b947a7d12f09fd0ec3446d431a
SHA1 0134e29e645bba064319f6385e52eff123c43805
SHA256 9ab37d22c2d0749835988324311159bab9f9941dad6b5019112e515877526def
SHA512 81e892ad9d1f0fb2c8735f787b41d3f2d9c3eeb767c7b39443509ed8538225224ae21458ae7ae1bdb3f5c6224352404d75b46ea555d3b178a98a7d44b9093fe7

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 6d1b0ef7e3ee26a70900c4d764042706
SHA1 b6f5c8d7fae145044b2301f438129de46cdce2bf
SHA256 a71878391faca8dc711c6b28f3b2624986cb615e18e9aca73e1a6513791c69e8
SHA512 a1318861cbfb3453de9178bcf84b4cc04651a910d52a515a2aa44acba209759b4f3fa0d369982e8035b5c027790cd4c06228bc6a96ea921d64522324c6aef8f5

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 f658b2c1faff9af7fc0074290f52676a
SHA1 d92b1d7c60d3006ed92022fcdf5527fd75b24bcb
SHA256 02f84ad3e00ca76fe4c7f0180a5b5f8b13d371860b62375201a8d21a1f54bc0a
SHA512 c4ba8f4cbf5e8fbc05a7bc326363d54c046f7c3b2bfe26c2ef0aa0ed64a8216a3afa367ea22a18a68400a6900be192c1b739bc9cad469d73ab52178dab433a2e

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 bf8f64d7b21d51b235141b2c4a812aa1
SHA1 2f2fafc4354bdad1de67a026e1eb88b6892122e6
SHA256 23f5e041ecb619059bc9604645bc50aaa0204a019060bbf49ad9e645d88dd227
SHA512 e096b089fe480cba9993b4e2daccf672e1c20255c1131a264c32b34aabc8a369d2e26282eb266f85a710aed6009339ecb85a771099028168eafecf8495811945

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5d0d4ec1996b10aafd7bcf4544a4a23f
SHA1 98253395a3dd5fc2720e4e0cbf9e07dc7d030f6b
SHA256 c9a8bc378561412cbf295c228be26cbf2cbd9290dacf068d6d108a134c1f38e0
SHA512 89e622ed09d865260bd1d3855435d9f5cfff23697b4ba9ea672eb52f7aa7c1eb78de61d1b84241a17298d2bd7f9f718c41090a19609c7764841f5e85097fe906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5d0d4ec1996b10aafd7bcf4544a4a23f
SHA1 98253395a3dd5fc2720e4e0cbf9e07dc7d030f6b
SHA256 c9a8bc378561412cbf295c228be26cbf2cbd9290dacf068d6d108a134c1f38e0
SHA512 89e622ed09d865260bd1d3855435d9f5cfff23697b4ba9ea672eb52f7aa7c1eb78de61d1b84241a17298d2bd7f9f718c41090a19609c7764841f5e85097fe906

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 8a9eb954c710fbc8f7a12f87fa434388
SHA1 c8dd3bde33ce3e91d2adfcc9b7bb04169376cb82
SHA256 e8876d6f8b66132559c1f758924fc5cb657c2fe7d4aa4171d765945d4263c333
SHA512 95f66dadc59282d8f61626981bf6e8d646e91b63dbcec5139121c84a25995b5d6371f1cf44c2f51c61617825973529a5c2ba0220b7d46b1ffe74774c6f3754d8

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 98a01d43359beedf77055f108cbd6203
SHA1 8cd27630bf1b81ab26157ff8a81b3b1ff0a0e628
SHA256 726c611fabdea39c0cd42663530acb7c3e005a2c47170977e0d22483e1ba0d93
SHA512 1d5df26fb6ab858021ef616a335f5b44e9c1e559309c9b9f1938397aab6072036322e3107a2d8059785b410a83f5f614abaeb7650da37714a79b5ef8eaa817f3

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 408c42094bf2645441b42c07b6d90922
SHA1 ce8eec69d3874473202f095b309d7d98a29adf1a
SHA256 8bf67383bfe8a0f250bf39d8cc44baea2a2bd6203272c480aac39586660f32dd
SHA512 df56da40be7e0c391ad0f94c1954f6057aed155a9587a4ef59b4459017f8c23ca8e171c0e157e6f6bebcfddd0ba0f81b86529afbccd152d6df1d91df597f7bd3

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 fd9b61811a59307dbc8c1f95a65f192c
SHA1 0f861aa590ec89d5f35778b33e90e03b65a0b7f0
SHA256 99c8d5b4cb29794d95c35fbb073ff9ad56ec92f64c19e253a039651a5a311010
SHA512 73ecc358b73aba192ed17380e0d269c429ad5ef3e621e4a587ffbe768d2d7960ff642a2be8bb6e907cab09fb37b5ba4be14ff4f66c9d35df711e2bca1f3a3a04

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 58165f1e3dc2d7547ae3407923cc027b
SHA1 ea881ccbc40c751832d4756d2761e73dbd9328d3
SHA256 f916d8e6eb836f876af5e3d5ec5f72172302ae1dbf48a3e95f36e37da0a4dde0
SHA512 d0e1bafc14ada52bd60b398d8fb802a196a6cd7bb8f9317ef925666df2415d4e70dc47f5a0a03d07dcb437e577c4bab19e47c1752a88c2d901481958c1371bd7

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 ec5e4eba676fe70202af3d0b8e7e4b2d
SHA1 b1feef08f1e508f064b4196f58222f03550d0f71
SHA256 1d7a07fe46c2ad6344f29c175e2befb9766fea6154e82214165ce4b8862dd527
SHA512 a41d0903c9858d66d61084cce5f6fc7de1df0f88d081046aa28ea480f3eddffd8aaf041b64e5e7dac48a85a21efc8a38dcd48040c788d2bb81b7b5e3a04431cc

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 308508163295cf9f93813b53d5b181fd
SHA1 5d31332be835538232f96674f76bc2f719fd1e14
SHA256 05c1126cecd1a86bb14f2fce7a845516adb8afb46a61af6cfca591fc2264ee6b
SHA512 950005090ea0cca51ab22e64fe492500f7b95d2721afa575173c0e2492262bffd20db0ec8110bb0af8b340e8d455ab4aa7c1b83c0831a76a5083154dccecdd58

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 c4cd55118b5639f9f9cd955b04596afb
SHA1 c4d3b3b784c08ddbaf3f4132390b7b8a2db1d74f
SHA256 986259605b1c031dec5ef420c9eb620f5e36fe50b9f14ad585c123fbc051d3bf
SHA512 5767e3d6088a6a1c7d17ac0a1f25a792a2cf514699298214d4e95cac715b647544c9166d8528cad30d90942c4765868ea7b29a712221bc6c314cdba4ba9986eb

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 a431bb7254ad09e4cd1e07fb55484bb2
SHA1 758562ae25ef70e1716e5d892b2cd9bd581c9ebe
SHA256 f0b34430d8358575f19327362fed0f93d5aeee899d21a1a173e874a89a38b049
SHA512 1f62fe5b71cb536f306a659068d4449c39bd66029a0e55eaa08302a40fcbfabfc33c657161fdd088fb64bbe1427db4dc71ee5f0990f9068aca238962be4dbaff

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 924bcfa156237aa564eb06debddd23e4
SHA1 b2dd69cc050fa88dd89429de963601c46f792d93
SHA256 c7be0803011a87bd45f699c416561388421fdb1c473d1889a3490f66bf1dc258
SHA512 6662d3d9e2777ecff948084d6028a0191763e95745a365fca33c0b1dfe88c08335a9fe9b36fd659023911ab032c4c8f393215d621400ff6f8cff93ebd4d71ec5

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 50ebcaefa3a7a340dc0408ace37cf5c6
SHA1 1010a5f3acf5e86bc400157092df9cf46f8a12e4
SHA256 9d3a9eaa4bdc734b622b832fadb047dc4e84135ced4a5f55c6e787b89d193cc1
SHA512 3fabc0259c536ad301ffffa0c0c334af3721fa8ed4c8e082a22f38c8b68675c65ce91bf6c022754729f4914ea29335e778672171af505cc5da4b201ad8a01eb5

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 ba0c507ba78c4c20c8a0ce84c9683e8b
SHA1 5e6e64be8dca5706d504147bc9bea60392f082a4
SHA256 89c12e30439c92a6f1aafce88837736c77e216216310f371afcd50284d38b005
SHA512 258d4643d045f8a6c8999eb93827d290743612cc66f91dc43fec860d65702e1c93349e5550d8ba34be25a439ab012a9500aa257afb5f9fbc7ef252111c4949d6

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 5f9c958147f2d95d2194eafcd11fbde9
SHA1 85fd107c81f3d46f016943b45ebf557c971d9aa8
SHA256 55b631d118997f73e69368119c1811b41d27b4c5b710b3c7b201e1e00fcf6e1f
SHA512 1c09bde59748e539fe5d7064e8c192379fe7c1a8c73b1828840aeb62e1dc14da32be8860c5f0031178e34666c5877918ba372bba4cf8f0f9651310b7ff6fee19

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 c3270b7e887fe37819d1f43c63c6bfab
SHA1 2ecdc657e6397ce077bd932c0062e36623bff2a8
SHA256 84c2ceff1e04db10c470ca0c3764836769b88dc25b2241a76162077c5c79f2f6
SHA512 103f9fe8c7574096930e3d7676a275c7bc2bad8fa83e604c6a07f18a6bb88eec00d480bee3b5f734a14808a75688bc43c17d95338c6afefa23093568687bad0e

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 46b1d6b64f769838761a792010422aee
SHA1 2161dc32ea239aff42f7d564b3737c964f80a6e4
SHA256 d158ef8e06f48a9667b455c30c16d0b38cbd2fc5c9390f958294deab62e24d06
SHA512 e5c5430f1e19f7ea6163d4caf66eded22fdcfaed69dc6fd12449bff50c4b7babe58689e62d780994f462c70f73e12c7243c149fdd43c91e94044c5f59bbc3608

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 958c68bde86e8977a3980f1b876b2ba2
SHA1 218aadede53ee117d5e68a4acd52ace7a7762287
SHA256 e8d1bda58e9da7e1d4f2dad79f842b752c61fa5dcaaa613b03cdb5b3190699e5
SHA512 7ac9ea950641c58cb1bbe97c5186419ef115e218938535132967cfacf03afd7c769d5ec752fc8967b103f67247fb92e5a597f509a747242d5f54b3d54dddfe5e

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 f4862cc6307be142f8fe287fbd684bcb
SHA1 39d4dfa4fccc915cdac06803b234daada4c0ee6b
SHA256 9bec08a05d7d081271e90bb1e44b6d7b366f6829ce447151f30827f1680ad1be
SHA512 3cce0510798c0e2fbf98329cf5d2c3705b5ae90c621ae2ed5186d6f37e9749c5bd6ccf6d02b2808bd0f20194cf71312c0d9f485ff8c48d557d743095d0dd85bc

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 2de66f7b9a9ed51a4088be5df96171ee
SHA1 bc4843e17fb52dd33a08864bdbd54dbb990cf692
SHA256 c1207df1015f72760f2e0b68685cef3c295528864662fa25cecb99ce14b25ef4
SHA512 db8d49dad7328b3b913ed9549ce4b3a9e8a41efb3137b1d448038f76148019748a5c36395733d0292422e46bd288b9c186b0fc17c1ba8751988ce78bb2a83c18

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 e08bc8a3120c0fb6ab2f72377712e86d
SHA1 ea2d530c0cfc677ea357df7a67d268dbe1bd7ba4
SHA256 d70f5b547ba553ebd7b9f37f510cbbf946c8a8ddb00940cc8cc8513ddfe2f598
SHA512 c8ccd5a20f931fd9165241047dcaf7289c782628b7c249dc15e978affab983d94a7b4f6e3cffade4f2427720ecc2b2f02e2fb31fc424e9461a358ac376372cf7

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 029d9c9b011f71d46173bcb8622146d9
SHA1 c0c290868cc2f47996007027f6538d93255b22a5
SHA256 c73ecc6f3cf0b705917144ad98b8be0617f0372529d9d3b41ea817530e9cba7c
SHA512 71bf4101192f39f1ce84c9b2ed6f7601ad4dc0fe02c4accaa2011f63920a2da4aa087e90e47d3027d6592bf1f995a16d686dd891b8ba8a2f2271db2a4288f033

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 42961d019523d2dfa517d89ac872dfad
SHA1 b46504a5a5c8fb9a3604fc540685bcc78b1b41f8
SHA256 3366cba9aa79263e906ffe7f31291c6b4360a289894a5eefb0489ea6b3779527
SHA512 23fe24afe2aa6cf0ba6bc1e394ac8c2eed01294b0aad36cbe3e6d8b3efa72780a7b75dc5fe40ae39c88ed45c0e72131ced22b0dfe067ca0120ef609734bc42a1

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 a3160e2f64491be183d875d1c11a5239
SHA1 393c37d42575b61e1887415c63f50df72a9dcfcc
SHA256 60e3ca884e3af9e9b30969cb26bf41dc4944a75d6d619cb6dd944ec9540c54a9
SHA512 52f422d4a3686ffdb0deca8afcfa210755eb3466cc2014083b2737792d7a6a6dfadef43d787b0377d63ae812264828fc69f9eb59f4ed25045fc31c73257b7879

C:\Program Files\7-Zip\History.txt.azov

MD5 0bdaad0febe3b0402723ec25e910d465
SHA1 05b560717b4d7bf39b7757d9dbc2033c01b83f73
SHA256 cccbedc702d16b45d9c44b4c2831a00f9f359642ef4ec6e418ba55a5d4dc7cce
SHA512 9f689f8fd3814d25003c33562bc7e9edfb34481631e543da56c6e1a257b4f9d834a1b63a63904b148563e20833899d8e795b6515b576f89ec8692da486a7df96

C:\Program Files\7-Zip\descript.ion.azov

MD5 df18bb4b6411532ad1140d0504288fd2
SHA1 0688303bafccc6bc68535cc9f7390c0a783904f5
SHA256 7c0a713b9110091c6385dbfcfa110b89d2471ec660a334f5bbcf2bdf595a16b5
SHA512 135fcd817123204b969e05c0dfef8b738750edee2bff640266233669cc575765b5e02005b6c2432e2553b809164bc7940b4dea2d085151c3f6b74f3d43360f50

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 bc4ab2704dc3f84bbaca337b65c867d0
SHA1 1e8a834c3d4c640cfe95cadce75fdfd9cff5bb64
SHA256 d60a161bece97608f24e3740a15241d78117cd8595aef158cb2bbb633575275c
SHA512 456c2ff15bdd7546fd174742a3d12793664690fe0a425e575267e5cc8a38d4e29f73c180e30254129874c77bdded5f4043fa5cc061e21750a37e09e83aeb4921

C:\Program Files\7-Zip\7z.sfx.azov

MD5 b5f20d53f12cd88ee73c57d1c478e205
SHA1 e3d4104419868723b4120e62765820c0bce733a2
SHA256 14402955972d7fc560d1f8d25fc443939320e5b7c749f13c6edb415aeac999b2
SHA512 e4da746da90a050ef1c9e7615cc66683fca2999a6186a396254482e10286fe78c9eaf5881e0f8a5b4202d4d63421d4134d613bd8bb3fb9ed5302390879d57c8a

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 bb4cc2d33856ddd553ebe7a570a321fc
SHA1 d6100103b6f0d42ddd33181012317bc891740001
SHA256 c506fd5df05cf8194c98c83716ba01ba93227950e868ce411fc60751259aaaf8
SHA512 bfa8d1f4df787372162f36a4b6f2b7a8e5672effd52589f03f0c2855b935b4eaa039f95bba89a15432fb328502bf670b731f52b3e66bf0aee698d55798101e8f

C:\odt\config.xml.azov

MD5 b22079ac7763fa0a7c8a5b5346258418
SHA1 0d345f20c7e413749c68d8c9cb140cf1a17bdf8f
SHA256 74a83b9267bbbe4c03c82ec6f1636e404a789b34f0a7819f516d5411b312017e
SHA512 a35fd4147065553639c9a6a0ac40f5a350406eeb8889cd1234d84fbf18b86ff574304516e5bbfa96c26e1ff93a17d94367a8569465cc69f0157ed282bc8cebc4

C:\DumpStack.log.tmp.azov

MD5 486c5fa622208f598c290ff2a782acaf
SHA1 1c944550d81a5406a0f10bf82cc7591262993e4f
SHA256 0ebbe01134b21072fc029c2c5237dfa84a0f1ec11e97e1bdd049ee6847d4f065
SHA512 a6e9d6a04ddf17967b004a3364ff4f6f6f01dac922a1502827454a5335978f0c54a5fd5ad8cbd7d4ebeb8514e27b0bea24f2aaa418d6ac17f8bf8b1a7a8e6770

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 6629257606a5621b2be18ca98b6ce1e8
SHA1 f06e0c74290c621f70e6851226d07017ad9c087a
SHA256 576577a8cbe58825621e9e2efac67896e7e70e1af489909e3f96c0396555580c
SHA512 7a520c3f387ea76b53d0493d2199044db2d4a9d4c07ab386bbe4514cb4181aadbe63b6b901142756e874d345d1b8cfd2897c475a1e20042ff9a0fd7de051fbf8

C:\Program Files\7-Zip\7zG.exe

MD5 d9f3b6973a82e5d5f1183082cd52fe76
SHA1 cb58376c9d0dd46187e3b2e3662feaac1517eeb2
SHA256 5e6fb5f532445314076f324e7d11feba2b52770c208f7e6ee315e9a3499c94c0
SHA512 7107d84e9bc5d1ac60120ee327fcef8b5edf91487bbcb5a48a17dca9ba09ae988e63f92a945979de513cdfa81ea133b22516cfd3bafc758c01b753f3cd5d8d0c

C:\Program Files\7-Zip\7z.exe

MD5 6022ec656bd6733485a6c9790ea82c00
SHA1 65fd99b991108e7ea41c546dff8ad14b238c56e9
SHA256 a4c2c4bddc494339d450be71183fcc14f8199deb556826ada6c0bde570529a42
SHA512 4cd3cb7d8d1ca362c12088cdc2da65a98321daa627f7caf06b8fd80599d4143bd38166f70c5992bcec932953f00d838814181540f898cb3d7902aabe9d029b19

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 6b10b55c1c9aacaa667cd3c58019209c
SHA1 f8e2376d11d921fb497ca175321a0d64798a1e54
SHA256 b4bb0a61ce7d049d51bd11dc631ee867b923a1a391077ee92b89e735a949af9f
SHA512 12edd7ce34bfa1d775769e1a65d04a5df7fbecb306d58d8e34ec391bc10863a8355802276a85470291d7efc0a95cd84a0ea52f11d026ec9f08643c57119d1b03

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 eb037240e54ec9dcbb1538dd58ecdfff
SHA1 24885e3cf44c6e1e0d6f9a37410b9a8ed46348ee
SHA256 eb6eda3d0d79ef25fc0b5c74b4bd3e6a161f6489e007f9c30deffd39420cd0fa
SHA512 f4a570ba560170f9ec0ff29a1674ee5ee1e57ccb8fc90ec4442792ab244666481e6455eb04ee63167f1acdec0e5783510d5ee3c0a5522588fd446b1133133e90

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 832156b78b2718a7e6cadafb02fe858c
SHA1 0a0db5f0caf21a165f4892beeb07c21516b11aae
SHA256 283f5fc6e3dd0e9aa36b81c188ac4e9a0d7273722d5890c4521f35c51ebfd772
SHA512 8f0e7c564fc6580f2056bdb040db92d9f0c9bbc74e193435940faa299ced06d96dfba6fa9e8615bc350b8db80be9ca9fea6657ea887ee5001c23fa3e1db9b8ef

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 d28fc02ad2ef3f5a38ee6887498157d2
SHA1 4d5583dee783fc794dd3c1ec54900766cbf29d80
SHA256 f30a2a3bd6976b9e6fad146ee96fb73aa1759d16f32da648e5f047d5cd858d35
SHA512 1c4300017c51aeb6109b74765238d01578f87687a97eec35fdae3a8edd59d3a4bb13113db06531c7aca4211adfffaa9fa2bea23e424e5d964fe61207df91927b

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 7f3e31bee008346782c1f2aa3ca3fa4d
SHA1 8f272590f4ef1ff57a54165377ca0b11691c8fe9
SHA256 54aaf78aa8f7b683bdf67231b5a6206a1638a294be3c4c8111e4a424a733de0f
SHA512 be3424d9d804d9b10235f75b7034c86b466c58607a5d13939d07db4a6401caedd46ece0d9d4ca3df71c627f8ff5b4c18e0b4e73d0fc768c1952e658432763b2a

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 ca0feaf47ce8b262f9199cf019136c2d
SHA1 ac8fa9f59e226a1854793bb7ce240fed37d46382
SHA256 7f99bf14694528a7c29e22da20c99b005c39074ee6f220056f23565fe3e368b7
SHA512 809f07a57e6925bcd3f8d9c82fc0b27a51310342b5b3f00a261b4bfde56e7f433534a2fc2610bf5b0d57b157217acee1f0123ca6712d9f87f4831487852c1e3d

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 55538cef89e0fe98db35cb2c0c45cda0
SHA1 c3ca229c41287b2b76c1965d67e4331e117efdc8
SHA256 68b654d4349353f586315c8b09a5ecd9f150604c3ac7ef8de5200f1e6bd6c3c0
SHA512 868942f17b1f2a24c7635476c6f5ff4751e0ef6044819020848378686c464785f73fa9532b0d4b9c27609b34b5b0092a7461021bbea667a2ee3441f704e15041

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 c743196fa45be6bafab2a449c31ea3a6
SHA1 f1405bf019d3322c4681f8cbd7aa38848cd68cec
SHA256 6d38a7d0062b59734417305c9515f31911c618478fba815bd40c28120b6a42e5
SHA512 c5672726c3572f80cfe7e26f2a521b55f66e9e9df327ec564a001026d623eda38a8e98d41009ea989e9868539570ecf39dcc46122e8be5c451d571c9b4add33c

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 a6a31791e26ee173890083e245e60b6a
SHA1 5cc0ea79827e9c626310dbe4e5acb6f83f7c7854
SHA256 83c7d6c1d13d01c9e4f5fcb101249979ace29c7264cad0f24379ce8c7267dd3e
SHA512 c078f9790d41149bed0aed03067d8ff9edd766056bb2c0f425053eec9a3c2954314b7946a8b9f0a25462d62aaece865ff0360584653850ed5ff0fffcb01f1fdb

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 438cf7a10438f545d0480a82add84477
SHA1 717728112d8077a6dc82adce9cb27c806eb24004
SHA256 0f3db0b127f24ab096d3a34411071b2a3d911b6e05e483e74abc6bc40177e396
SHA512 fbec396ab89b3277b58c2ce6647eebf313c89ca280833c115152d98858a6c888cc762e1629f8846ade1b64bf2b3f9313365ae40a845e43ad92b0863f9dd5ef8f

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 55ac2dcdf8c8c01ea1370312a6195c30
SHA1 eeec0c4feaf5d2ace6f0d45a6aa920562b7c07e9
SHA256 203d449d39669223eac8aba337c785e435f85830beda56e87631074c254ef50c
SHA512 ea23271f17c723afb78ba898bcf90cff48a6cc3f9d614d0ebb91591121ad8b537ac62d7facbf8db42ac70daf9b59dce50b62f1a5a8b6fdf1c3fbaa205c07cd9d

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 45a3b7ebf37498e0e72ca15d8086c1f6
SHA1 f737707a10926d4f7a9f6fd74043b41f44f652e7
SHA256 2d3ae9a20052dfdebb7c4958f3dd14fee11548408915ced737d2e5ba39d8a3c1
SHA512 190ec9998aff6f84362c383b5a5cb6c2e22e34b823d7b9ab1b97c3c4158149a6e012c2ffb2c88a7ce70da71797d48dee05001e0f3a2efa1e332c6ddeb7602d2c

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 99c8310edef96bff5b354262b339a522
SHA1 87df90167f14f98b500bf56483b8c5be33119bcd
SHA256 81d5ec83bd3b8a88f30bf54fb14c1ef8a3f2cd313af33510a55e04866d07000d
SHA512 0afb54fbaba46215737da07c0e6e233528db9a954b9fec33303f5b4ed9c02abc58373d989f33466a20bb2a46c6ae6474c661d752dc7f3193f733ed4d118d1470

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 79ef6c873e05ed826895b01e5ba7e044
SHA1 8057d9ce6e7bb27ea3230605379ad75b2d9ac7fe
SHA256 0aef15c657049270512d4200240e93ca8c3c6daeaa39d861e868a8bdc10f0112
SHA512 087f3dc862d3cd3e2a6ff59d3aa16fe851cf2035cfcc5eea8c9677c45e547c647dd5551343fc03b7386feeef080665b3408405f63f8ae1344fbe56e963957e9d

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 953c5d19877a1c1de51db4224e7232d2
SHA1 d0205717f0a9f011e99b30817116b7e4e9c0a9e7
SHA256 f34b1c330d4e5db265f0dbf42695b06474b7fbed3d761519e07b4618bfdef8f3
SHA512 de513ac4d951c58f972f8f829071c3aa0a387d42a759d4d108f7b3a03979e994e498cef775ce05dc604bcba124cf1b06813297e9394460fd03b6323003658aa7

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 f9605ca1e78b465518f9e11cd47bdb9f
SHA1 2b78b3e4a93bd4111ffe0256a771040149030468
SHA256 c5558c1055647dce0e72e8b34317a52675312349958dcc73cd53bbb9cab854c8
SHA512 75798a322d38b92e6fd7a01bae4c2ed5b27e49c5efb16872458bf8ea0d72b10c7bed6cdc38c04d71e066d1bc6a5e8f5b48eb2a1fcc0af4b46e5d475192fc845c

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 58704d6447c3d35a3327bfd84f70666d
SHA1 d74d24e371b294b581d1d1de47725ee2cccf5247
SHA256 cb6fcc5cdcef298f374ad4a8a255dcccdcb95dbc1fcfe5e72c4a900c1bcaa2ab
SHA512 9c47e7cab127ea0e4605a130057be34089ae05d857b15ffc8a417f4d69fbd8d9fd63a5dbd62cb027d1e983ea7b49c36a303b66a604b293f3690531eda65c5b10

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 38ed9b97e3d13de38fe81861f229cb22
SHA1 f7e41529dc87530e6efef9abfa019c54d4da195b
SHA256 7d5b14b4d00d8fa6dad1e376e4eed279beb3605240b2bfbd4ebe2a162bec487d
SHA512 57c7475165217c82d45c5963244afca7db7b3ffb706b1e1d1714caaa1541721f580f35da76cd80f0c52cb4a18c6c0420cc783a95e1be2b79b4bf14d7566e73f8

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 73ad9331291a4aab292e9a6aa9e5fde6
SHA1 c7542cf6c70f3bf481edd2f583a541128cd2a225
SHA256 cc9fbc139d9c9e614c1f8479a16219bd9becd3496729816653d15ea18ffa567d
SHA512 6bc20adb03909171b8ff5d1bdb4112460d13e01a6859e996cba06e96b6f98cd799fc4435d49027806ff6bbe3c117b0fc22a23d0f5cf370550fa290e4a1ad069f

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 52efb5078ce39810eed69c36be11af42
SHA1 e43909e068d85b6c2bd68d0e9ecde1efcc4bc7a8
SHA256 888781166d9ffcfb444dbb80efee9378e41c32f37c942cf7794df7fa8fa77236
SHA512 d8e38a53475135f3748d375685307264f0e23cc92ba0a4cee1b1fdd1c58b54d82d46f28d64d3ac2e1f648d87a6825dea2c3e8b8d6969c60418079d416f11fb69

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 bdfb12cb450f8ae6c804ac81414501f9
SHA1 416325db1af89e214081c83d26c713da1153bf08
SHA256 3427526ec762deb6b3f167adeb7b81e7507f3d6135a6ac364ddeaa83b9ee0454
SHA512 b7ee246aa574ef663ad63aac3338fa30ddee365b323f33e6d9543f61c7699826e2395b95a6c50f86a63023cc9884821dc18150f1414467743e12085884e5709a

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 0f1dbd4003b7fe160cf73ef5935ad4ef
SHA1 46f933ef1f558ad9ab5b2905478a471dfc07edcf
SHA256 2a95a0c3299a8f59167527ec7c5baf0c9e8837c0a34158c830b3c8f0620ea323
SHA512 1fa1048d1e38427b9ee6ea2a9eb6f6d36cfa9f05ca4cfc9f0cd9e6c89f657a2990def83be68bd2037ae92741222088faab36483ef1becf136b2e838dc2131d6c

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 48aaf4ade74e8538146fca73bcb65356
SHA1 85366c4624af0d185af076a81fcbf327044869c0
SHA256 75c4c68b0c18618007e263cd1fcbc2c7df1653d7a44a73ce11f9b1ae4508e675
SHA512 13aaab4453523b517be35f4844999ab23f174b69324c407aca29da132878ca4003702c6fdc078c2155f765650f559d11c1d8d3a66d47873bd532fe3abc2ee5a2

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 19eaf08b19c1f0020de80f5b58ae2e55
SHA1 d83959b12d0f234f18bd48c62283fac2aa819947
SHA256 ded557b8511c9bab79d8ff6b17216b560ec3fe44db9c2316d8d04eda0e9b285c
SHA512 e376b44a82f1836e8983321270ec6da3c99a86a08fa252773412fc85fc0f58cdc9c598e763d447bd448ef8cf1c309e3c2c48c0ec0d4c55d2e4ba054988a67714

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5d0d4ec1996b10aafd7bcf4544a4a23f
SHA1 98253395a3dd5fc2720e4e0cbf9e07dc7d030f6b
SHA256 c9a8bc378561412cbf295c228be26cbf2cbd9290dacf068d6d108a134c1f38e0
SHA512 89e622ed09d865260bd1d3855435d9f5cfff23697b4ba9ea672eb52f7aa7c1eb78de61d1b84241a17298d2bd7f9f718c41090a19609c7764841f5e85097fe906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 80dab49c310b9dad5797521c890f0883
SHA1 92c9f3df66a58792e9ed5c9d5a57b43121d365f6
SHA256 d8c597fbcaccab3f263cc9b2a53ecee42c8cea2f9a85a63888957bdce2914b5a
SHA512 ae916b6894d386649475dcbe87f1f2ea54b8cf8aa8e026a615d7fa2b795ac0b5cbd3b15b68fd8c28fe9f3bcd16ddb4b5d1ab83875a1c4da7b4e8ada44ed34fc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53565db4a2abf20e81a51537001fbeae
SHA1 cf499a7a8a9ec4fe531a8eaf6fa2fa53d92707cd
SHA256 78cbc958a9e16111b41e5def32d51a4cfdab2822292986dc9d661de24ceb0a46
SHA512 5ddf04fb55b4fd2c83a38496caba5bdd7cbf5f92e3eb73616377066568770578e6ad8781a350bcb11937c5a3b039eb4e90a41f22fa377e697781884e082ab1c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8adeeb7e4789ea909dcedf4395d26e8d
SHA1 c13aede35f859ae7463c3647c43891e4d53f3fdd
SHA256 8015b082cbf88b8db5e741365538f0d73d16b7aaa43096a58c18e596570dd855
SHA512 c2b0e1a4885a91d7a0811515ada8d19f4fb3d94d97c40e90dbfd2367d8ab5e651ecc37dab074ca0f81ac7aea0fb139e0993fcacc6eea1c70471dc7e7c4da847f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a2620ead-64bd-4396-9520-e81540a3ad43.tmp

MD5 43e1caadf7e38b9afb6ba7e4f0283a26
SHA1 0efe30e6b122f042c50400ac06eb8c6a9d8cba13
SHA256 0a0dcf56c19f419f4cf23a1123bc32408020e964331dc4daeb3867efa2706e3f
SHA512 821e58d560424dca15b2824281b3cc6f38329d863ba0fd29a6f1b2f08c97008764f1e06a70e5d648671e5afd69448eb45e770eb0db572a39829d50babc8fa298

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 4a078fb8a7c67594a6c2aa724e2ac684
SHA1 92bc5b49985c8588c60f6f85c50a516fae0332f4
SHA256 c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee
SHA512 188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04a1526955a4f283cda512a5fdecf44a
SHA1 fa622636a1c167e4597caa6b242651d4d5a6e1d9
SHA256 ef8f938dafe71470b7d180469798a1e2e633edf25f6799822b496b74e2917354
SHA512 b861311a2e315bc78524cada90361325707871e562e2da07b00df9a734c01064307bafa4d545a512cf2fbf18d1ca7cbc8f4e961cc0a575ec918586d9fa618247

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 28f5381c7cc5e50f9fb833812466a964
SHA1 b0e489e26d0d8c1931a376ab6fecaea576e8acea
SHA256 c29c7943f84e6f91489144106257c0b2116768694f61107503a5e19c1b539e2a
SHA512 161934bb29af83344bab4d5ff60970c8c2da647b1ac23a5371b8e7bec021bdd701478cda15e5cf46f2c9d0fa2aebadc5c711cd8cc078c6b97345cf59f4ec94cc

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 12:07

Reported

2023-10-18 12:10

Platform

win7-20230831-en

Max time kernel

151s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (5260) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02066_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Angles.eftx C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101980.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Metro.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00603_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00685_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SY01006_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Atikokan C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11 C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00728_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02269_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00913_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Equity.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Microsoft Games\Chess\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jni.h C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\library.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x13f6ab840,0x13f6ab850,0x13f6ab860

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "3068" "340"

Network

N/A

Files

memory/3068-1-0x0000000000220000-0x0000000000224000-memory.dmp

memory/3068-0-0x0000000000020000-0x0000000000027000-memory.dmp

memory/3068-2-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/3068-4-0x0000000000220000-0x0000000000224000-memory.dmp

memory/2108-15-0x00000000001E0000-0x00000000001E5000-memory.dmp

memory/3068-12-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/3068-14-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2108-30-0x0000000000210000-0x0000000000214000-memory.dmp

memory/2108-35-0x00000000001E0000-0x00000000001E5000-memory.dmp

memory/2108-39-0x00000000001E0000-0x00000000001E5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 be2b7b192e993770507c74de3c7e99dc
SHA1 360e72622ce3b44689f23f7edb1a838af3e6c5a2
SHA256 ed7b40beb3d7b75145613a4ee095c6b17aeb5f363062efb05e0799c44732c0af
SHA512 f44b92d9cd4fabfbc35fb63eada98e20b3530d6fdd2620d96fb0acd4ee77377beec6421822a74d57e84899241cf123f05a93c7fe1d6524f69631754ef5727941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Users\Admin\AppData\Local\Temp\OutofProcReport259407313.txt

MD5 0362afa710da3753651d2aa8cf3448a9
SHA1 a9586a36d3401577cfa10cf7c6d29f6720bc08ec
SHA256 9aaa004956e6f83306d8400825dafab8628516baa1698e442e067584808eb956
SHA512 48aa58965186da8ee84b92c48b2d3efa002d4e569b3decbd1220727d0b9ce2cd1d396cf0c3109d6ca9b0e94baac4097cd8a7e2cfa1fd1ed292b923ae8f5b74e4

C:\Program Files\7-Zip\7zFM.exe

MD5 6a535c0a425b83c5c0b27d135b188b72
SHA1 8d1fe2363a15885225c80adf57da014c6c2b9067
SHA256 0b3a35bd5d8919aa62b6409a109ff6ac8859e79435208f9f77a1b1978aed0cbc
SHA512 d3d62acb99593ce4744ca82c07ca85bb4a9ebad923a2d45fe860f184198e4136b8bc5ff64e8fccfe071e39dfeb60ad642fdbd27bf1bab1140daed4c7aa3507ae

C:\Program Files\7-Zip\7zG.exe

MD5 128915a82e595ef7616f72a19a8b054c
SHA1 cfb52bc60aa403199a94e1c8f373c1644a7b6d39
SHA256 8c9d65fad6c46033f062bf3deb51e9aa02b51a74242f2fa122fa26bcc3f79ecd
SHA512 3bcdeee0996e3fd8840417237669bf676692b666ddf575f3668dd4f8a067f2d9d95943529659c4c92d1af7b39465b941dc11dda310b1fbd60eb6d4b4477d6499

C:\Program Files\7-Zip\7z.exe

MD5 439ed5be883016d0673cf636228eba55
SHA1 00afae4dafe544a2babc949de63c01e0538bc80e
SHA256 98949d340f578d699939f956df572ddf6792d752ea1199491561f7bddb640f4f
SHA512 9e7bf1eedd856b696fea3358fb38f7699de293a15a7f32e95c82dc557269a902fa9a3aff4b8d455faf0a5515650dc9396ac7d521c3af445eb74cb7b3d7ae2d64

C:\Program Files\7-Zip\7z.sfx.azov

MD5 ef7a1828f017b86232e9ec6d7c7c2ee7
SHA1 05272406f8ce051c6b535421aad9fd9f7ca254a1
SHA256 6b11d2f24eb06c714613b6c5091e100162bbf42771fe16f5f5ed8536d8568c42
SHA512 8a0e47b70b179e307061bdab54a83007cbc60356afbc1e94caab4e31f5a45b6715741954ac38ca7162188abe0eeb23890c59ff800071f3fa1336becc3ce3fbce

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 b031aefd3e5c144f812886b7c32c3dad
SHA1 7255c7b606a345c4e8a16f0b044073b67566227d
SHA256 68ffbee4de197ad36d7625787506829de512b0cec7d7c7968e44fc238138568b
SHA512 1cd2b0aa731c8006f60800defb8069ed1f2f3cda583dc432dd5150797a8c2f1b80713da68dd5dfe9f624e7d4b71c7ce8845bc44b0febfdb7207e479daa0b363b

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 747ad6a2cf22196f2d7975a0be0032c6
SHA1 adc2c6247811c2855d900d582db9591d1476c805
SHA256 641ed85ddd948bc86a072ddbd4455d6b353cece7d29a0ffdb22aa399e61b8e3e
SHA512 10cb2b698a25200e6e27fc903a1425b755a6693235598893730937dabebe1481b3aae31f3f647f8a8c10e8f547be0aaa1ae5ed1ff135385cc1ce756381583f8b

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 12b34e108f38ec2dca05c3b279cdfd02
SHA1 e73c923c53e8ddc96e0bfdbf5e6c07e04a566152
SHA256 f60343e7ae22a3c6adf83506eb66c5394dd27420c9299bf37fddf680ad7ce60c
SHA512 58f23c2191facb493a8206c92d6ff4cc3958f8c02538a2b0f9eb5b73842d93a0f12127759654d37c653c0e06768b9d5cb206f8a1a650444341750134462cf6b0

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 f44b625efc898b36e0865f3847966e5f
SHA1 15ffd5805165ca04a30446a634ec80623a3e8139
SHA256 6946ea86dda89aed5648a6ecfbc8b4cd2aff92b7cfe6847921999940a01206e3
SHA512 68ec02add930284db29b275f9f72c54d51774e9384e3faf3b7c027cd06924d251d6f6b645d313de8be96efc43c4f8981819c6ae0bb21a3177ff6bde048f1b646

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 b92041c333b3ed43be5c0765aa3f5c10
SHA1 c0f1a3a65aa0035792f4454b665a3168fac16cc0
SHA256 06591b18df51d5ad82c729dd2134812b8ebbf9d2431dd5ec8ac361b59d294727
SHA512 b82a54c46155e1151e41e9f175116361366130aeb2fe16f20cdad0b80ea3ab21fdb29d16bc8d59320b2dc8289c0eb33fdb63ba61f74643dece57f65c12fe0ebf

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 42e9d2bff3259c8f6ef688ef928b58c5
SHA1 056fceae50449c064129f3dd88263ec9354e0950
SHA256 14a6d51d6c9a364d370896af5fffa4e6b2e5c2a16221aaa069d23e7a9d9a26de
SHA512 b01a50c455d0874593b86b2bbe6f8578aca3f75fa23c7cd50afa9c294629e3f1fc9d343b2f4f4fee47f625a0058a960286a4255cdf2d7f267f31390a1105bbf6

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 3c5bfe261215c968fb15d83affffd15f
SHA1 4cb66eeb7413d34301a9d5d4783d5cfce62ed45f
SHA256 c476f3dc354670b52f4373294456b67557fbf6653baad231cc5fa97bdb929a08
SHA512 78fcfba56f9e536acd5a07a711af33eae7542ccdcf5198d7e53e3122423ad41756d4c5ce9f573dd4e7b79aff63ffd1d7d00fd861782afffb3ded9812f53c01d5

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 9ce3c2352ada9ac0e6a8b8be88599353
SHA1 49a0588546605c88430bfadd4072046c5396ba37
SHA256 42b74da5314744b22620341bc0e3564c737d6d293ac5b65b73331cc7238aa165
SHA512 1b39b5f1b9377520f4189960dfdd49142d412ab75ac9ee8c3aac785e0c417179a763ab219cb4f385ffa4ff42516fde9e79da52e4b26f60dd327366e9ed8a73c5

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 cf34ec88542771f0c651a7e4d362f314
SHA1 14c47c1db6f45b9245ea848e8177a56d8fda931d
SHA256 deaafbe10d4d553e75191cee7d8c769d32aac8b39a9356c05cd0d46bce74b28a
SHA512 2c2ae014f187e47ccbd115b47f4091033109d095e913f708b167fbd2aa8dcb35e519d93793a40c034d73aae0f2e276140023dde3fbe9dd532fef1a579cc27d06

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 8f558f241de625a0eee8c7a6ed62d5ec
SHA1 e5970f9337d1511701656332746bf00516d135da
SHA256 d370e99f5622ba520aa1a9f97de54bc75c37d477f492e080fb7159e4e6c03d7a
SHA512 1d040069c661cd475b18d4b425ebaf6fe7ee19a0e8ff753a3ab77dfa1fd77b1f1eed77cf6e8108fce8fbb6c2934e46bbe08a8a62223f853210d7dbdec30942f7

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 84d347d6621937b7a0edd565b6761466
SHA1 55e4305bd555c21530c51e837e3c1812cf7ce2fc
SHA256 c80061b92b68b610263226a6a3dffc744f3e77247da4dec566f0b041f02055c7
SHA512 62d12cbc2efeb441040793f2afcfd5d54c421913bbde1afac4553beff8526b73e4d96e94ff666138cc8b9ac54e80500e70f3db7da8d95686300dfdd370aef803

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 685cce0489e909335916846e1bfef78a
SHA1 df6ec72177f186122ab01c28cea0c156db21d014
SHA256 c733ec13740fdfbc7382657f9bafbe1a36563d3eb8707e3c9b2456006f4ff1d5
SHA512 e8229dc7c3cc63658dd94a31289f8f6778780e88a59cd2b48c4b6bd1831d160b23a788801075464dfbcd1ca459d75836c0c8e9c1ad368543f2af23e3c6499dd4

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 cbad02cf2341e5ad96a199229f2ac571
SHA1 f4ff97ad25d5261e77120a16da2b32a483e98625
SHA256 c2264a7bdbfd87a7cdc5ecede92f854ccec0e2270a2ad9e077f9c995408ea507
SHA512 8ca27fd1f277bf97d20be16094ba0f1766258b70b40a5657c9d54f06fa6435d9cc65d93c4b3676a27f8df2662177c4cc2ead989a705787905bcc723ba4de845f

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 8c418d3af782c0f14f7eed0d0d4329c7
SHA1 2a332de70142fe966f6794728e806dc36ab82705
SHA256 c51a49326d30af42e748277c7ee8aa085808a455844b0cb959bb1b56cff04060
SHA512 5a89a9563bb334a2321e200e7904786a75635bbb7cf98719be1358a0e65491b61bc6726118806e03e083bfa10510db5727c1205746972f888027088354b4e326

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 607771f6232610cac588c551f63f8a4d
SHA1 b4f5c3737d0c9cbd85cb518a80cf00e87fec92a8
SHA256 2e1a3fee5d628331ae63119fa1735ef1d6d31f771f03b9844586aa8ab7939816
SHA512 2cccaa2ec8b40bf4003165c15004c83e87f310f210d4872f39453af07141b129cd47a2a7a8b62ac9041c93d38bdeed1a7daf161f6b30413902a3e5dea9d4e46f

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 1180fcda5603c99338f7aba8fd26f437
SHA1 3258306f4633678f593b25ad82c786542853e31e
SHA256 85f3bd099ba093a27400205b84e37790ca0534b797d7e3b2c76f9064b69b11ce
SHA512 bc7599793472ee588f1345743d816629ec1d2c2ca762d04c3e9c25acf8428e9d2da1ae2c0021635583ff79b5c0ff4ab492dcc5a5e251cec8d1faebb3a9f364c7

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 06a08c6284326eba19c0875a3ee20e05
SHA1 ad93976b93e76db88e727ef0614b9735f597d776
SHA256 94971310ed7ab7014bd33aa3719ea430538919c75c72f8a78328568b57f6942a
SHA512 d63742450a21762b9ff345e37a629c57de61771200d6f5267177ab16f09ed426e616bb38f871251e203bdc1c02732596d596f3376e23d8a334146dac6bfe85a2

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 3f807d3b5bfd30803ee7cba194a077f5
SHA1 34cbe134225b65df231b87e87a9eae53a3084ce0
SHA256 b798e97bc0200a6726722b1269360f51b46533759fc2a63ddedae991167d638a
SHA512 603350e125dd31494260626a38567595d13548cf85a3860b68d3aa8d2b10d227558123f938efafcf7f57ec6035f0dc214822ef7294d8c1ac2f2817e2e784822e

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 9642959a739d4214fc64eb826f2701ef
SHA1 090f653dbb506b28315c05629ab4288aee7e39f4
SHA256 91c226c542c8eff06468f3fb29c2a0a63b48985a1eac2c926f79d42708156743
SHA512 46990ea2f74147a01dccdc02c7c0e41496bef089ad2b05e08151c211b1dd3929062f4cf5a6cded6cc8f03fd5e566b3a592400d8976b2e05e70e0c42588044ad8

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 38ddc99db38babaffcda946ee5786ae7
SHA1 dce1b8cbf1d8b596600d11564312dc1bd676909c
SHA256 4f5bb0504670ed0c3832bfce0851a5f2a2834dcf6fc2158573d0b2b77d2d9920
SHA512 f70f8dce84a1d401fbd7c883ac37f99907e97963bd4fbbf9d5e46895436503f7bc2d78690cd363434bbfbdfb93d9773641a60b6d243fb93823ed806b668d45c8

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 bdc1697963339b383980fba1bda2d3e4
SHA1 b4caa4aaf1d02f3e9cecc852b875bf0f0734d358
SHA256 fcfe643adfd5f9c3f7ff5089dbe5e75e2f9d779527dea65ab0c85d981ba5a5b7
SHA512 09b1924a94d0096ee2df6ecafbbe2a805d55eae48320cdce2fda45d21de4351b4b231ccc487d06cd9dabd927c5dec4767ca2c0b1c6f4abe155f515691af01f3d

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 2ffd0edd08240b6c184979bd1e897eb1
SHA1 b008535eb70b0e9072b6b54862bfde6f5a62fbe2
SHA256 9f4a45259f85c79e0767ec21c5c5e75cf2557dd756bff888ec7114559106580d
SHA512 0774982bbc91f5829430e319d51194de6ef9d98ab84c928abb76571e25155632ddcaef59153ecf6bbabe1dddb17d03caa85f9e0aea3053bc5624f9f3b44d1b43

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 693332f7a7b64af6e8ebe5aeff7e84c7
SHA1 260a501f73906be8d326f9fedf495e61bc9a86ea
SHA256 03ea6c936116ed5fb902b995f222ea64e48bd7da31b93c1a25d45a3c7ec27c4f
SHA512 19bd324ab0344404bc9ed2d38c23d8d2a012ba9c47ddcc869f1f24ffc55e29f62c1f4605972df275a0493b75e774d272f5a69fa10957a63e9c740dc643aa344e

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 7d8820b591aacb5d89159849004a92cf
SHA1 9e7099bd38b8ab0fcacb11f415a078b92a9652aa
SHA256 691dbe915238f77268f5665bee4b841b30dfea7215e663cf67ea76333f3117c3
SHA512 9c1a68ee1af5da9f67763e6a323d6f879ef3e1d59e99cc67a4c9eaab89d1acf67781d1bec28b834b2661e89aeaa41232ed1d949a9e6346c383e28b373eb25a0c

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 45d607e2689dd37d6f7ed0066825722d
SHA1 aed1f042b069efb05eae543cd178bbb9410cf56f
SHA256 2baed40c8c0c8f8bbc7748f6e4f7c6bee005f01414b4e51108c8f3e21600ae8c
SHA512 28730d6d3239db9bc87d6d780c25e7db7d6a29b08c3faeee515654fd26ce2306bb74fbff8476ef528916294ca55f76c4a767ede271a14c7839d89beb5dd46633

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 a7d7bc81130a2a6e3b68a7290d9cd9ac
SHA1 77c14ca1b78abf1320cb998c4f6bc513cd1d2896
SHA256 2471b77d9f1b1499a70eb301f4233dbd4f7177740d6b3ed3d46b11cdc043871d
SHA512 a6448167614ecba0d3dc4583f396a10dd0d7aa8698b09e028eef2d1d6bd641ab79addc4a369c9ec62f3094663c9eb8ad46b9993d774aa467131a5d603af8a577

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 e6898499cac34f9d3efd579a5704324f
SHA1 5468d6ccce431c73ca8840a15971a9fbd1deefac
SHA256 d0083101881454d001d8e534d3f551a66978d44e19642641f586931e9cc2777f
SHA512 27d847086324b1ce5e1f0159ba58e6f4086d4767c71ea0046b420f543d5d7814889e9a50b6a5012c7ec1b5b545fb598b3cf3f75d63379fdb92c1b68f4e86c53d

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 03ab3bb9948a13af17086b51b6931e64
SHA1 a30f90546cf4c5e866cefcf518e23f4172ebe03a
SHA256 efa023956e2caef36e079d56d1e4894e97fd9b89e49942dffb02516f3e22f424
SHA512 a368eedc474b794f2698fff62e71125afb6f3eb93bbb9d33b4fcee353ca1e84089f4af74b71dee84a68c9b3242a59a5d73c64090784331294023532913107f2b

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 6f450522d61da5a2f3f71d1b8734883c
SHA1 00aa5d03be6c85b6d3774892dc3c6db5661b59fd
SHA256 81c1b9644c87dd91a0b8db5da33b1468704b0bb96471fb94770e36ce6db9aee0
SHA512 fc6eb60bbd199843289f3851406f3a7649709ee44e9e1b95b4d1b291c9254c62c545090932e3440c227660cf18b5d9de6feb1e94f11f7fb42e90f30d8c602914

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 b4be5c2f9c41d0135c3e5fb4192d9a9f
SHA1 c998402fe53720275c8cc31b272dc3d8c4e7a06f
SHA256 724ee362986eecc53f5acf81f5b8793cb1cbf8b349d61400c65f1e5d9009b8f1
SHA512 de6329a61e0465e89ecfbb8f3a15320b942769db0630baa53c09443ef8191a4d8e6070539ef2ffc9d2237d92ff02772c9b31f536e1dbd6b034beb9c039a3d2f6

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 9269049a34e7953057bdd7879eefd508
SHA1 b7a5d28bc74743dfcc79c3200e684abfab8d2099
SHA256 5df3c53b683a6ee0c99fd881367387caf089140e50abde829874108da2b4982a
SHA512 a7de4d84f22806d5c4e21f6a6f16d843194b5448c97eeaa1f1afae8a2332925104d0a65a11a85f9748946d9c75dd235508c273e67cb5988609b9062226c702a1

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 6b092a07a3160eafa7e613038eb69e7e
SHA1 dd033b1748a293b722d001657602ebf729ad9781
SHA256 581c113fb45d1dc20f522df66f8d73755cf009179b497fd39827d4f43c033a65
SHA512 1c8135181d73158dc865b5d9cb002cbf9a39b6a7393afd5d21467d0da283b3a6c585c93804ba94546505a2662458c5458f58686a4fdeda861f97ad84e3e180f6

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 8c9123ec2bc97b39ce96ffcaf1615098
SHA1 ba186fd769883199ae43884492e4ffe20960d68b
SHA256 8e280848b410835a79b4009ed47ddf11b68f9ec5bd03cb5be674af0f8f886a05
SHA512 069c5f43e9b257a95ad6a433108e97437436c5af41d4fa4a90b0ebd64af476ad6c8ae56f83c3e92d4d9a03701f42e011dd3c6efc65981a199da7d91a6d7fced5

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 b72b108b24e413e94095fb28ed7dad6d
SHA1 572bb25c9e27f978262181850406118988054624
SHA256 92795d31bb6bf88201fb8a6436ae68d23a29666d47b8ed1b6ed1b1a8ca13756b
SHA512 7b698dd4b0854d7c99492e650ff5357432a6b186a61d6b4f7c4feadfbe4f1f7b32150a2e526cbc70197f54429b4348d82fea24c85c8dfa996a6314f88a1bd32b

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 81fe19cc13d7edc0fafb11a206353633
SHA1 43089182659d9910cc644fcb3d6beb719d46d1d9
SHA256 7af543044bef36b2e13ae201c7375ae8d0d363d33cc75d90aa9efddeebdafe54
SHA512 0fc3776caa3c032b58bf1278de98614de68fc9992b654bb616e20eca2e0f0ac5ce2ea0614b1f8b98e5078fb3f1419cfdb65e2f3d23cdc6f756518236d7cfee56

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 fb8504edf0a2393922f24c162700b6b6
SHA1 b3261887e6687c72c78c53b1bfb6f14a9baf9d8a
SHA256 ca679edae59d7c6feec3d6efcf728936a52eb95929e450d07bcc72cf57b37081
SHA512 92f0958cbef80bed8340321b566a99ea977c59d5a06662116d017ba5de5be6a09918bd2a32428b78924bb10385ddc1130bf1c5d0df30054fe625d9724b17fe79

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 fc4edb3493dcdd2b45f0be14cea67f07
SHA1 5efa58b3bbefa19a88818b91ced8f9469c2afca8
SHA256 76736f599bf3bf84466bcfd8f5d353e8ae05a437f7a87d114ef25c778580d520
SHA512 be619ce7b5e2a0fb22ebe860a7b9847c4b76727496e932affe44794e50a97c3bfff9439858331a1b147a86ae533fa4b4ab236bdeee23f033ba39ef1dfaf9d7ac

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 e9d1ae034d6933f5817396d3f30ec26e
SHA1 5fc61253d96010f1d580455af9d74136b5f51829
SHA256 128eb63c7d1b6e8ef144d70ac0333543e9e81e98f47989f852cdb82a23e7bda6
SHA512 b16f304efddda16d4a63f6b2d5890b0007f41e93811e5e9bbedea4f25b1e3b8d3e593af4953b7a393fdc6f6f37e13e964c05f9a085c293492af90df6f38da82c

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 930db465c3176f36c40028603c45bb14
SHA1 d046ac7ab2d0ba27a130fedf086a44552f2af2fd
SHA256 aab0d8d7b4dcb7eff093b0aa467310e3c99d26b8d70417716a436c6c5c3d2848
SHA512 420dce3ab401e3804073f4e5a1df77ab75b3df674e41106a995e536b67506259d7fb7b0e4e7348d4cfa88d95427a08aa39efcf02bce7ee25efa86ac2b6a61cd0

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 aad19d611e2b43603b5f9de81b558f0b
SHA1 42e9857b78166a1c851ba765159adf80d92179bf
SHA256 8e5e5ed2c517c578b90ec91a8cca710313b0f3d39e5f85093b5ffd90a701d80b
SHA512 b1a1fdd4982bfa5aeef795d072e3936de611ec05b4fe8ba1b8271f0a5f1deee17894dc5f0a73a16c2d9ad3075dccd2529dfb785f1cbe04f10c962435e174477e

C:\Program Files\7-Zip\History.txt.azov

MD5 5307714be748912774bc5898976d9a59
SHA1 07de1202191225e717a793466b03065b1825606f
SHA256 fec678b71b130872055ba59ea2d0b0de03e5c1b857280819116892175215cab3
SHA512 55b9d21136e55fa2d74441296b039a8ac58c80e2b56bc839f75270098a658db973fb0a17e912a609077e228ef81c4305e5d3efd8ef37e31886d5c79ccf8fb96b

C:\Program Files\7-Zip\descript.ion.azov

MD5 b4c42a2ca119b33e5a9b78c70c7bccff
SHA1 f00fdc9531149c7bc7f01c9281714faa5ccba717
SHA256 889fe01805c1b89b9f05a6ce3975b0895a624dc7e85c036c11d4aba6870018d1
SHA512 8aba789fe3b81b3e93b2a68be735d9f304fd797c528ffea002e104ea2ad141ec24692084a1a33608999f4fecbe1c2aa804312e77b633f8a4fabbb4fdb6a12a47

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 924905b74745f3b4a8cf43a15da3f491
SHA1 3a98e931430e43756ba0ed90d13d5b0d476b384f
SHA256 c89155be6a312504e76716e8856837c16fc42848167326926d15883a7c140a85
SHA512 b4e0508c1968d5a6a447f74440cbb8db11fc7dc089f3d8b98f36910f8b52a886eeaca53ccb920ef18b7c92d335afc6a6bca2096d45165799be16c81fd82da4db

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 b17b6d9f884bdea184a0017026472026
SHA1 485e0966f52d2aaf6a67dda1fbcb9a6ad786dacc
SHA256 1a28239beed00ba9a8f137b1eceddfda62af446a75a4825324a9c7559c4e98bf
SHA512 dc7cbf55b12179c61edac1a6add0ac7aaa4f94adf24f09d156c878670f6d52b175461675b9d3ce00594b0955990f908a0746983f1998893ed230116c2a410ddf

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 ebddd2a1d84dcf2547144e70e3566be1
SHA1 efb7711a53d4853f87e1ba535609850083be3c41
SHA256 5dfd88ac9c3700f9d934a3159b4f6aae4770874cf938884fc9917492632f3b7f
SHA512 f64ee31cbdd823b2b64fbea9478a0473c7aa2f1eacd5171a24d584bb70f1b9026b33fd0be32349db9984823dae5b5c5100bed358db59b87b9fa9eafc58d6c646

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 f6fae23fb5bacb91fdda9d208cb52707
SHA1 4acf4a177aa00ecdc8d744ff9a807710bf43c6b8
SHA256 b3fb2560e5e282b680e295f50c210f3681a9a43a540c90bab5991fd891cffeb1
SHA512 f5a7a879795b322303fa58031cacf315234c90077090f28b4518cc3df8a1ad7598bb277cf81ce0298f409c4c728e2dfdaaaac4d50c48bc2f53fa06d8566081a6

C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

MD5 bccf79ccc78bb0870b313427c7bf7849
SHA1 c130e50fb0ca210caa57cf2654e0e12010fb98c3
SHA256 08609db097774171e533c140f39c755081f2c5fd130fc465f232211fe43a74c7
SHA512 a8e959f8a72da224e7039193a15b1380cb79009839be556aad580400b9b4ceffdb10441c33f629a32a7a817311784473bc3d4f09c4e0a1b3520f15bf696507fe

C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe

MD5 18ca65f4bfee3176547ab65d9212d13b
SHA1 a86f1590acf4b6afc33301ac6e512d2c6fdcb471
SHA256 2497cad2cef0e7edced76b829c37905eb9b6bec42edf8c069c46dfd213b32736
SHA512 41eea0a75d4f7eb9b6b1aceb11304512dabed755424dd46e64167e5580d475ee068e502a29b96dca379535de69c16fb7625adafdfff0cc973f1df024ff29adde

C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe

MD5 9e6714f8a17127aea0ae9f574e824f54
SHA1 66cb466a665f026ac71c846e4c2f890e4521e37c
SHA256 a12e8a9460a058dcb3e16dd4f4f8b163aab2a12d7b6c7f2408a47a9d9cd5c0b7
SHA512 197c18488eb27211806eeb81a8283366f1d0a0281deaf08a746a337719e12684aa1e5bd2cf73f127a9c7f9dcef5c219f7f403d0e00b70fd56b6f13c85cee78ba

C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe

MD5 17db909c772959b4dcb4d7de2b39fd09
SHA1 3b25a71198848370cc1d24997735d355a2fdaa74
SHA256 3998bb09b872cac9d4848b69523c9ece1e27c778836b13542054471fac15bff9
SHA512 2c62c7f1d87cb1eab9960a7e72de700611efc63e84a0ddcce4d72573deb679e991745044e2635576f55d2a81a394eae73a4222d40a51b02a779c1389257ad35d

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe

MD5 449902e00ddd0673b0a8124e7ae53f30
SHA1 8ed2bcf66e6b29c30d6419de8623f9b09766609e
SHA256 8ed5b26c543feda5e5a9d70647bd6c8a1b2055856c3b12471c1ca11350978438
SHA512 cdf164bd4b689c15930538a6109dc27b0e50b89444a5539d96540422a7962b17a1f720c3ce3101143def63d180cce20d234ce4844e593f1633665819ade23a07

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe

MD5 3afc55e88491b07b3f58eb8fee64196d
SHA1 5f4d79e6eb838e054ca0c1da7421a626d5a1b170
SHA256 406d57e0c26f062b4a81f131c3afbddf215d6213ac8b9a6569f8f1c34bb084f4
SHA512 55e3cdd952595bb521112c8994271b4f06a9003b688e1edd66300cad97f22dc6e7259e0b6e86c6224be484ffea445c527d64626da815468bfa44bd3e163c1038

C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe

MD5 b15c4489a5aeacff37902ba7457ea57b
SHA1 d679f34377050ec6a1ed2a5ccc337e2fb6136a84
SHA256 22891cb960b7fe90b98691085ff2cf477ec94120a58ba60b04fe8b524068d6aa
SHA512 aea3fbfe1ea3e22a36784107aa5292b97ceebc04e5632d44a3e12cacb98687231f6912381906e530a910aa6acab82507c4872680de464e5c2f6476e48d71d7cd

C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe

MD5 167ef9c24142f2ea8fa95931037f8c6b
SHA1 23b5a965e05ccfa89b35bd47f3770a1fe252ff46
SHA256 e4482526e584e8ee0f5126953ccbdb911a36a32f6ffe0e38ac06e082919cf434
SHA512 f21fe46e62be3c703ef9f16e0e092e7dd354c7539eceb5595dd4f6a4ba46cdb68f5fe49b061de98ffe516cd2feba3400f9828febe484d1bf93d1de2525da38a5

C:\Program Files\Java\jdk1.7.0_80\bin\java.exe

MD5 6a8dc272938406ff0c601350a7041fef
SHA1 06fb173d7d841fc1fd23bf54e6870509d29f5d94
SHA256 73089fb1c0042f1dd75c1b19221a5c96130a742783781457a81c9c18cbe9c733
SHA512 efa667bf635139a657b084d596979598b0212c536860a2b69dba96de509694742c9b91b98c10f5a34dae06aa740af2df4b068365e5f48cee18fc4f2f41629af6

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 683c090a6ede0761540aee22ca9715ef
SHA1 805a34f2e73a34779da9791b3675b891afcc840c
SHA256 b1d93f628e3ff8a7bda5a88263b2cc75602f4b87b2d7b6034fbc051d11c2c595
SHA512 299e529d431fe09152c68050071ac8d2d38ffa8d59fc65c013ec8c299f873854a6fd2d809bd2865db394b9a64fe7ef6b6c9dc9535c515bfb666143a0f26ca91a

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 828b2b87fdcc90351f9f12c5cd9d0545
SHA1 070dc388b0b86423321fc07d455b99d404c02dfc
SHA256 cf81df32e405ec931052b0d85148d8bbf1c1584e5a4a5b6422942d4924954542
SHA512 0c00d0cba1fad38e57ce220f001d6084e81b2a99e3da8962d3f20a354f201d2a129569de0efcc7a2efd62ee6a4334f417386dfca82e50b30d541b6ed7e441da4

C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

MD5 3969e575ea06031aa701736deed30054
SHA1 a25d3b6dcbbb9890fa7cde9d96d37b962b91f373
SHA256 7f382917dc484aeb4840e1aa2167acafa31307037a4fb6068b6ab609c0d253ba
SHA512 63e02fab8996601600bbf17bd604b8ea95c2a2bc7dedc6b93a0148ae327aa5c5514b4889d83237fdfa59c85a85a6687afb02dffef1cf4372672488b45a3b050b

C:\Program Files\Java\jre7\bin\javaw.exe

MD5 6218e6a442665b30711baa8fc197e425
SHA1 2884d9c72f999fefcffb0d545ec9d7f8fcef01fc
SHA256 42a7fb0e4e521ee36915cd5695a4f2c9c3c0e60c096382be4e3080aa1e07ecb8
SHA512 e9419135c650f403844ff15225887d25f1ae00932ba70ad971ba6ac527d4e3e4217510b358e5aa50813b0bd4b165e586ddebcd736e8c660da832fba32cb5a199

C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe

MD5 2e27415f4c1d73ad7913872ad693909e
SHA1 e0a72b34182a3f341e1ac078f2dd7ff28c864a59
SHA256 cf4bab2123cabab5ec88dcb199c7723e0e0be96e777b912aaf5837f516353195
SHA512 cb9b2563ce45693c3568ce68d3792c2d9c8e63e2fab191d72ee1059db513b4f806028762ea884b7d3feb59bc9c078752d2d9cbf5847f68918d5ae40732511ab9

C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

MD5 c8fe932fc3aaff5379d62b9de596bc28
SHA1 188ffa73aa6698dc607c50cd8aebc943c42fdfb7
SHA256 3c0ceffe54f1e135ccd0c3d9b8dccfa28a8193a4e6925d5cffd7ad809eee8896
SHA512 16bca422145e8ddc54702fe21f8cc870ef1e78ade5a85a141c0c09039d47d0750e91b6fb1ca9e1804be5811b25a4cba51d6d42f5c7ccad7b68864980feccc2c5

C:\Program Files\Microsoft Games\Hearts\Hearts.exe

MD5 c0e0db9ee17564697fbc4b102e313bd6
SHA1 5fa25fdf3467b55358839e88923c76ee19f09c15
SHA256 b22f32e0f49376825aee937bd792b8ff7a7dd5bc29e8f5aa3e561a7f60862d24
SHA512 1a94548c94fa11132c2bbf15ec0ec699b42ec65f235ee33f4aeddc0034810d470360d44adea6904a1d71b49ea8c5c48317e0a9beaa3b7811b05c5de61f6fce1c

C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

MD5 a6e3ebc4d5217b06c5ea0c121c9afff6
SHA1 d13c62e0d2f93e22d40eb7c99c58bee2801246a2
SHA256 bd293bd84787f01bf8852bb1c83d850a40c9a0cfd034391dfdd06ab034831b51
SHA512 f3a7546252b2f59815334f954b1b78fd6ddc50b95060e5d40cd448fae28b836ec165814758c81648ad4712412036a6e51ad9e37b780e46692d7b9e3ad2544137

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 587d6bb25fcfe02836c6b52c5702fd04
SHA1 bb29f8181fb0c011edc741c95bcdaaf68f13f84a
SHA256 7133e960a68815bd87ef8d1384fb49e1b9645a47689edd0001aa6151fee41027
SHA512 5e6473b314cb55b510e7c410763ee35b5a5a21ffd499b9c9d8372226ff12ad0e7f2ec4698e045a5b8d6c23f3418fb376dc766f42f34b231e65ac918ec9cc47f1

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 c10813fb91e202d4f578a8f3401f1af0
SHA1 b62a00832bfc5f2c41256e68608f19e66bc765fe
SHA256 fe2a46aa05210ded8f3976d96d8b00a81602e661544f33763b440a2929e785f2
SHA512 89fdaf1b74adbab8e658b0336f08fa941f1eff32f7de05da2707cf567eca4624272e1736ffa67e2b45d86079691ac4a2dd4727c99acc26cb6e970b5b35200edc

C:\Program Files\Java\jre7\bin\ssvagent.exe

MD5 e7363248020da35f833ae6690cdfb8f9
SHA1 8ace3b84a1d7f2b2893fa5cb968d29d629170c21
SHA256 da57cd0cdf620b06f8526ba25af30a95c33386ea3a8497eed36b082f9a0c325a
SHA512 13f740c3e53bbcc540b167b919c5b1ee1af17cab9284d4ba335c8a5e8db042815bb098f1c9ab28646b891b19f36bb36b8e62bb8295e8da84234e9e17bc269021

C:\Program Files\Java\jre7\bin\jp2launcher.exe

MD5 b558d7c3ee89cc2f0db079b854df9fc8
SHA1 9bf13411afbe3fd7ec49ea3eebe4f82d15b3d4b3
SHA256 78bfdc06c1a412498915272de267fca33db25fabbfc3735b7dc586e1a2c46e9f
SHA512 17b4aeb26846eb1d2d6e07e28efcc6eecf7d913fe99e133946a90b195b3578f6b03dafcca4f515a2c2a0baaee4836c2fdff50eeb466368dfa1a42c95988e194f

C:\Program Files\Java\jre7\bin\javaws.exe

MD5 74d37bd91a54de39047993f5ea42cf90
SHA1 8e3ed508f014502edd5954faeebc1ba26b25e3b8
SHA256 11b13eec79c0b9f5905d86534a0291548a95eb51b11c8658aec4bfffcf5f8a3c
SHA512 d0fb987d6377d84f98c84b3418d30dd90b8218a668ff14ca97b268d007b774c27fb82fc7afb9bdea59fcc4668e3a01c03b3c08422bed61ff68361292f8821c47

C:\Program Files\Java\jre7\bin\java.exe

MD5 2e5354006ebe6ba7bd5178b388b9be2c
SHA1 dafeae2669a33aef6e9333c80da7872bbeedb68a
SHA256 5282296e2d26cc8e2f7c66f8eb25ba25b86ba29358338d8de3f76c3634802a03
SHA512 e7109953248a502266db9bc609642b24260f198698c1acf6dfa5ec7e93bb11ca9a5959bc08ef6f26dc3257698dce5f75927787342647e7875e9e90a5185e18b4

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

MD5 6beb8bcb0511e31c1a9848c0d6becb80
SHA1 bea83b3a26f966b6e5489b69241ce14050bced85
SHA256 cf225b3229d7c78e045b303b950f7232f31569a9a0a68c6e43f215b9011ba094
SHA512 fd7155238fa02b4deb82e0bc8a0b97fd4e43e6cb27da3a4a1702a235f8eaf85f5734092f2ad4499754989fac4bfd6ad5ca8041ccbf875c79595692166ac117f6

C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe

MD5 9e585aaa69a420b159448893c9495a10
SHA1 d9e67a5e03478efc075182beac54d65e6b22ca79
SHA256 c2b04f8526ce84c644b39e0c0a2aeaa093be13123fcc657a723b60ea17151ad5
SHA512 11b4cb0b0241710eb92047081b39cc867b8787cfd2858a31adee7997798ece84ba9b2ee2de6dedaa579b78a060d16104e1d4e978067ab484d08c50ee5240d17f

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 2c2a00c7d94bbbd3b65946cc25e38e99
SHA1 b98560c3841f00b80b4b69dace247f2bf03fda25
SHA256 1cde3754aecc264d7511b739f6f8cb2c8441038c7e12a17d3a9681194cbef0bd
SHA512 748b92738a917f697b57b19d4daa2ed900ceb3134d03ee1f63398a7a7f7da465bd1228e87adc8c546f2abd70c90131f2f50ce3cdde358c3853692e0a06b76a58

C:\Program Files\Mozilla Firefox\updater.exe

MD5 fe50be0bbfdd050fa35136c2dcff9465
SHA1 1de12de5bc9397f3c6a3493a0f02f542a0bdef05
SHA256 917ca5adb9df68ecb070c9611789abedaf527ef9b3234f519006e3c221601d82
SHA512 ef8022a6a7c6b3fab0b3fdd94e4726a4943dbe1acaf03093724ea57ae6e7be3f9e1db0bdcd17a9a763bdbecef44fd62fe5976c7619412a209086bb169b841045

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 e396c75e9022b43fa2ece9cd61cd47e0
SHA1 d2569ea3d365fa3dfbd28ef6e87a012ee8b4b307
SHA256 cc0b813cca0ffa9acaa371f93ec298f1b4655964b917a93162f16e7f8f76748a
SHA512 9a148bf53b83802e3adf1ff13b591f68998fd57b44e9ec5f0f80ea527cf5362558f40b7e04156b39a6487336053824fb0cdcab982e538715ece1a6ea657d3ecd

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 1195bc86ec6b79be75a637599091380e
SHA1 009f7851cf162b91b0ead28bec9030258579336d
SHA256 16751dd2b96ec8b6d69edebac1751c470fccbea2e18d9ee659aca4596fc60f52
SHA512 7ca5d6c744e0aca75d09fe779ce85ce8741f4cb0cb861603493c4e715da7cf43cf5e84de9651044ff009a168be3da39a898bab7bb6e404dc87cd7681d054686e

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 6a801472909815a393514ed4b2da8e08
SHA1 54497bdd2c3fa82dc4537bfadcb0408e4e407c56
SHA256 913e6eba6330af266883f248d62c8f59f3b2156b2e0b774a25c24a4d924d83d5
SHA512 ee64021fb67f97f4f563b31dbc121fdced89fd62bd77ad0e676ba71f049707cd4398cfd1acfd0ad229394c4451f41cf56ce5ab9b201e3a9834a246cdcad87d93

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 05993483b2b3db00e4e75dc4dafaf1e5
SHA1 9c2b86b078587b9bfba66f339f677137f452a408
SHA256 032d268b8854e42a0796fdc82a6143a0fe5569f11241bbaaed80febcd7be7662
SHA512 a2a32aa25d20edee3fb8acd7549feb51292fc3a62510c6d08d70c9de691db23052452aa68bf865c2bae89e2ab7e333e01d1d1e27aa39ad228767d4df2c44d798

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 af4379fb99da8e240435b196563f9040
SHA1 77defc6d684b681fcee72cc6ee706a590681b42b
SHA256 4442acd9249f73a050e46bfb84cef6ecaf9dd9a67f8b5d33359e6c46242afce4
SHA512 9c23d0ef519b94076c38f014483acedd9d3c7b6abd96cfb351037de3bf3e14f652630118dafa9db0aff62cc1b8bb88f36f8b7bacd210ab7a770ffd7cdeaf3ac1

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 97bc96ce27f58f3c03a5dc77834cc280
SHA1 35e8c379d29fa306472286a7736c4ad84d320c3e
SHA256 25dab1a7c63aaab5fab1fe3096fc6f22053a1765f0763c5613a57cc08794e7ea
SHA512 7aaf0f07745b960a36288a87c0d1eec4491f38f5b77a6d6f8bf7616bd01b5776b2adf00968037ae932d421cd4b7b791e68c43812100d5c57e46c2be1fed478b2

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

MD5 61d3e0f386718e6dab68f9d20af3d03e
SHA1 a9f467c982a96d0afd1a6998e04c7d34b0bbc3e7
SHA256 5e17b78bdd6a96e534b599b21e4f39cae0feb7c4c9b51fc126c97919f1eca61a
SHA512 b9ccd9c77bfdcf686400cd2a28912fafc733f1d119d442e923bde2925beb6e6dc3293c6254b381a13c9cec8b962d9787cca0b787283cf2bcbbd7b9471107d3df

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 0221b0e6b5535b7b6ae011ccd0b29c09
SHA1 108f58d48008138daded370d784b0f821ff3eb79
SHA256 263fdbbff179ef4978b3705e7f60c629aa86cf155761c8f61bbde9bd50271b84
SHA512 6fad467fe8feb63409b011a4f769a5b191ecac59a9f7174470ab4b1282116b8df2e0ea0abdc0a2e6a0a1b7163c5919a4244ab8d0af20b1b85a5fb6c2c30351f6

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 0ad8baa7584747138167acb3678c0c07
SHA1 d4448c541e90a46da545b708264e58d263a7fb16
SHA256 7ab170d5c19c929c9f716e7d939f303ae07936ab13680177c3473f09de748b25
SHA512 d82454fc07efd7679a2f6c9aa77b27fb6ca7741ae93a691f4aaec18a061b25de919bd3ca1a019636cbe190a058c0f1ab7fa22bec092cb8f0d9c627bd4b690add