Malware Analysis Report

2024-09-23 07:06

Sample ID 231018-pammyaeb6s
Target 11135191670.zip
SHA256 4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b

Threat Level: Known bad

The file 11135191670.zip was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (2535) files with added filename extension

Renames multiple (2895) files with added filename extension

Reads user/profile data of web browsers

Executes dropped EXE

Enumerates connected drives

Adds Run key to start application

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-10-18 12:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 12:07

Reported

2023-10-18 12:10

Platform

win7-20230831-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (2535) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Samara C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Monaco C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Dawson C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Andorra C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\DVD Maker\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hovd C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5 C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\YST9 C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0xb8,0xbc,0xc0,0xb4,0xc4,0x13fbbb840,0x13fbbb850,0x13fbbb860

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "2300" "348"

Network

N/A

Files

memory/2300-0-0x0000000000020000-0x0000000000027000-memory.dmp

memory/2300-1-0x0000000000210000-0x0000000000214000-memory.dmp

memory/2300-2-0x0000000000070000-0x0000000000075000-memory.dmp

memory/2300-5-0x0000000000210000-0x0000000000214000-memory.dmp

memory/2300-11-0x0000000000070000-0x0000000000075000-memory.dmp

memory/2300-13-0x0000000000070000-0x0000000000075000-memory.dmp

memory/2760-32-0x00000000001E0000-0x00000000001E5000-memory.dmp

memory/2760-37-0x00000000001E0000-0x00000000001E5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c36178c58e58e9072d4e554dca13a4
SHA1 e6bacb6e9da51236aafbd1abff65c2d1bcf2f169
SHA256 6639ed88a8ccd98647baf29b710e7fb91fea7fd472e68f9029c683e517e3b576
SHA512 d2f2d843e94e03cd1c1b94377647c736fe774e230dd13ae35b240643f231144bd0e1fe89f5215821f03a587e7ff05fc12ae45b8bfd440969355b54e99e936ce1

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Users\Admin\AppData\Local\Temp\OutofProcReport259429215.txt

MD5 3ca92aa91585fd66d226f35a4b23bbb6
SHA1 b5100bdf0c83b01f59fdb9153db5b8d3e359d28b
SHA256 8c99e1023f1c62ec3865a08c5e5c0766efae69b94bfda1124c8a9165e7b37813
SHA512 b3256e14bcdceadaaa8b0a4f18efbb8e29dbc48ba24abb4d1667d6e1fd20c53711ff3b71b4d00eebd9cc25abd2325e4503a96eff0da238749c0f5ab6fbadcc54

C:\Program Files\7-Zip\7z.exe

MD5 fb2ac4d4b7806d296ac7534896765589
SHA1 800319e89af4b47853f1c837cacb8b0146b61c23
SHA256 4a1dad91dd410c423f930637a52f4da638905d72e39678f855a9c1d4f366c71f
SHA512 9ff279b1477087f2acf242548beb19a53308a12527b3cce34a5581e0aa271de388a7555ca59ab305883af172267d07752eb6c2429c1c1b7bf92e4332be4406a2

C:\Program Files\7-Zip\History.txt.azov

MD5 a1d69852fe943a9d2109c32ed98b614c
SHA1 ce0ed6b45dab6c906210a691c322f3e7626683df
SHA256 dd5931d6d4853b5a7b7781f7e2a3fba8adc1f1a90674f1dae13c9785d1203bf5
SHA512 fd69f42b0ea89bcf39ad7905afc1f1ea68f41d7a3301975dae9ee6b7b2f6465d2b80a71d5bdcc8aa7237ba7d95ad2a206bb1b5151b9a5eef4c63b0694535010c

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 a8176fdeacd0ed2aaf0a0958ede8be36
SHA1 2007b59a19b42c8c67d86530d9bd6cb9fba65c39
SHA256 197b9f95443aa37c84d2fc2af23476e90fe8ca5199c6237f1fd3468aa3a49596
SHA512 fd0a4bb3c2f74336f56a533e68101813b4aa4808a7ced8e8e9f5d7ea276da582c768bf294e5f980b470b42d8d345a07436da8318e5b654dfccfe722651df61fc

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 cbdd00bf9f0aa5daccc27dd829d86087
SHA1 de71d0cf313567a9b34ac29d2c5111bcf91700ba
SHA256 595d0770578348d621eea391e93a36d3fb40b02d3c95b8bbb382eadfc4b226fa
SHA512 7a27a92e95a805a85c92ddae6b7dcb660ca26a655ffd8c0a1031a3cac4495d6c116020f123e2ac4c82fe346246bab678c50be75e57950be2cb029d061a6b5a83

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 68e33babd8ec3cb6a39dc22185cfdbd6
SHA1 e0d6da6d2605bc29d3520de3dde29251e9ce4f4d
SHA256 772ef0f9e6a73af8cb0cfe54b9c941fb76df08d2c1be7b813402474e9feb60e1
SHA512 f1f3f2a3ef83edbff26fe34ecce6162434c7c9585b59dd978d6e8420198740a11f28faea0e7432f726751b5e843377d5308535ccf6399278916aa43128579fdf

C:\Program Files\7-Zip\Lang\lij.txt.azov

MD5 0f215996e0ad610b523268fdfd642c6e
SHA1 c288d50df8a9c3b411923c13772985bec1fccba0
SHA256 267245a26362cc417349c0345c50c94896622a8cee6a06bf80f4ac6f290568ef
SHA512 69957798b77b5f566b0f15cde341924b92ae895a77af79f72e4ac72ffd1406ed50cab912872fe600d39631a2c1378051e5a9a3b715e017c888bf7016590eb3c0

C:\Program Files\7-Zip\Lang\ky.txt.azov

MD5 836540e5373b0baabdcd8626e05abca0
SHA1 102e92a0cf887ce81c0ba00b8071a59ef7ba9db1
SHA256 fb9baa87c5644cebd8be995c3fd13025267125a82956ba40ce246012ddb7a162
SHA512 96e76b2a03ca80630edcda972ae28ca0b003dbd82d4f6d3435e55c7cb49688e2f6eb5c1c7bc00db0fcccdde15dd6a5915fa9b8df781f3900562156ac27ea3b64

C:\Program Files\7-Zip\Lang\ku.txt.azov

MD5 175dcd462f64e11263babcca3211c3d5
SHA1 582819c035bd26c2ca9c2f296190369aad71e1e3
SHA256 54a45f34bcb0a3164f921feb17a79ffc9eee2999f6c3cd33e8d923923746e5d6
SHA512 42fe1989254c8a595e5499984f10851a60bda8f3d157fe4107100ea7ef94758f52d31e4ae03056497d21dfe3fe0effcf873c57323b8c3a36e79989359fada1b1

C:\Program Files\7-Zip\Lang\ku-ckb.txt.azov

MD5 8ef37cf772554abb93ff064af535b3d1
SHA1 8ade457953dd945a3058f5530f6c9a10737c2eac
SHA256 4602c1c23647d287b0d861ffbc43ba05d7d82c91a0345b10764052a240675b8c
SHA512 eec401870d52b780d4156da5a77342304547423a1f3816362e46acbdfc93adb40e3d70e2a1afd47b7eab041b5e72591cc9998700902d480e49c95b8a80c1d69d

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 5b4be8109e3938f09c0a9dca7b6b6029
SHA1 186b7acbca0b3a72931a9abc34f83e237bd30d99
SHA256 a19ea0aeee794463d5b3d133a91e49c85465dccf75ef3ea26e51370a54d579d3
SHA512 174bf18f182479fb33abb940ba91cee499997af0605652be89c0d5c9e68f2d222eb140e382c2892fd76aa885e5ab6c7c6b33ccc4a1084bdd4785cf5a1a93837d

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 a2434410b6d19fa989ec63dee8b50ca0
SHA1 a369d44cb6a08db254de1427bc75c291879ded9d
SHA256 6e0e073b68e672757745f91cfe285aee3f80e5211ffbf4f8e6b1624ff2b2b9c1
SHA512 bf54c6ea99350e6caa8bda516421b14543426215d6eace53cde5060276864a44bb1726453eb700aebc03d08e231c42bcf648236548b25a0158c308ea112b9d61

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 a5b3754649f1b494208581f2e4ad740a
SHA1 50c739e9ce433faa5fdb18b620f8bd1218b1df71
SHA256 e55dfb6d68163ddd24190ff00b82846d17dd52c5bcb8d30d43fab3f44a3484b5
SHA512 d083a27e5596ee9c220d02e1d58d2b92a9a10a4c6d515cafe4063d4770c5ff2a2eee8360a5402c72034a78f92eca56d22326dbd2647fd2af4394f9945285d6f3

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 b17b3a6689334753abb33a5bfec08d4a
SHA1 9b5dcf1a8ddd55a1895a9ada888e9c74bb73cc68
SHA256 4f1394538764eb219b67db92214eb957af4cad7e891f6b092d3eb7461214ba50
SHA512 43c182a23f41f52a63737a18bd286dd84cae1e717ecc549e55072f3dfb0040959ffe95d4b2a2c1aaf9b0f6592bea48dfdf11d7a680e8141500bc6ba3cf7d0384

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 2f2a10af90cbc354443fddaab196e49f
SHA1 71d2b8d2ae4a8d0f9199756977c1c8d5d724960a
SHA256 f689d8d8389b403c8151d8aaf57f99d297dc957d165ac458e5f8afeb0a53948b
SHA512 83941cbd87bf85a60fa07a6b8979f3dab74143a66b1d9d09746b549a54bf462cc228d74a35b42b694fc5887f384d72dd94004fdcb39b1761cce196753ec7d726

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 41622329da69a8903630a16ca68fe6d8
SHA1 28ec6544bfdfc0318e43c4732942fc1684f76a9f
SHA256 4da6007986192d5ca3c11b2a90986cbcf5a3b4aef00b3e986e2ae6545b47060a
SHA512 327d77127163fca61e08faf877f5d31c1ee86cb88ba1218a0b1326973c2b31c771038f7ea3cd28bd5573b2034e311fb9d1661fd3ca939ad142104b376e8e47d6

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 974450b211e70604cf3c4d3105069dd4
SHA1 45dc3966f600ba6560e185528f46e40fbc164d69
SHA256 08786cb44949be62f58d38ea1830802478a031ea8681e0338eb9c6c215519505
SHA512 ae548b6d1a79dfbe8fc0897666fe4610fbb753e80accf7abc3c7b93547408e7b48b71932da8b524597ff859343371ff27a5c4ecee35554b4fa1add40c3d29938

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 c60700e7509b9e18e6a41b8f66f6aa74
SHA1 2a40d5ebc42ab7525b829fe50e449225c43d94b6
SHA256 0973fbb44e5c103524cda0e9b854cc5fd9365f00fb96aa463f93811220e4586a
SHA512 b7a75a2b55a4f367ebb7eebb2efa77d9591b4422a64f48be88cc182cee37a756c9db8d76e857ce612f8c1d76bd73ab2169e76bb1f5bfd019a6fbd840a1ecff4a

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 7c1a9b5431cc31be97e974b4a5533f3b
SHA1 a2ce9a323142a7f807aa38a272b9fc30303aea48
SHA256 cbf585a48cb73c62359b1323ecee8adda8e98849dab24d2df9e07203a3a847af
SHA512 6c8590a2d564b02d521318b397acb19cb4b1501873c6e502af893e3fd9f1bd73903f27338cdea6cc0f06fedbed4352bedb7704860f0e6abeab89a2de19ae836b

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 0b4dff20318bf38f1300b4ca0cf17730
SHA1 9b9ce4bd40ded98a3f3940b553fc2a7eb1557f61
SHA256 76d2801eec4322b45bb90c9819f0f177fa861eb1bb41575f92ad783ef0d7e876
SHA512 8cf1d21fc09005d3ff2571bd0eae97239e0e83aacc2d479f801123fb338a118d93e32a50438705e48f4a734c59421dda4ba1ebaa5a0cd80ba1c3fe11cd7d20f6

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 7ec480bd016b90c67c47ed5944221a9f
SHA1 00aa7610c1862f296666965d54f4424be518f6b1
SHA256 88a2e1e19cf78bd145cf53d12515a0a1cba113d11bbc033dd2fb6b3e911c9d43
SHA512 02fc01ad1cd5e7a6fcf08f498415f95ff3604fc0f4badc8e32b385d4c30366fdfe32415b0b8938975a78fa65275e028f869c3d484cc43d5220b7168b0fe6baae

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 38a0e605142a2870a8d38b9892ebc965
SHA1 f6a1d92f61a171a7c92419f265c59ea93c65d926
SHA256 6dd0142a90760815695450c242a35c2d0b72205e5cb0e2c74efd7e996ba95812
SHA512 9e8b86e3ea78ad9fe0a6af14ca8ec8c8ffb4965c6da64eb40fb03fc3f793da2748c3b67ebfa58bb89d4083a6adf463bc3bef2a3e676aec19a813d3ffe6926f87

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 f4cee6bc73a663182069f25a61ae36bd
SHA1 ac1a7196a26fd175e51460f34d618cf69bff5319
SHA256 930f16346fafb07f96db2b7c96feb4ca8d2ffdc7d1c2c28d1735a63236c69276
SHA512 ce2b7e69d99b82b1187de2325ea3138b8562a0bc88e7d28fd06a29ac0612ade4815570eff23740d3ead251a7e5e6535d70f15d8f1092c9fc74d020d3b41e9b60

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 cad4244886351005ac3389ff67f5e12c
SHA1 838ccc9ee360806809474942b57b2aec355a05bc
SHA256 8f8e258cfafed314651ecbfa46ca73d04763eb58ef5a51b3709dc92d6ae16b37
SHA512 b8f98750180f2449f19599c382c492d99c81c3389ec705ee491026432f84ad8bb9ccd15cec4d2deed6209078d186ba55f3773263e78c82a970523c9e1138c91b

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 a578affb2b49b00e748373d3d898bc44
SHA1 a71ea439d6374e93758478ca8dcc5aa9fcbc52ab
SHA256 7589b493288310cb0a4f1019982bceed469ef9e9dee1faaa2c622972a74432f1
SHA512 67babfd72389bf328d37c0d2113e3039de4cf7af966ef48a69bc67a93a11df2904480dba891c58ad856ec42403e349e9a8504cee1f084e10fe1ef5acf0ca62dd

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 2c4768240ab2d8b233dc50f506cb2a36
SHA1 734b089a65e5f8e22947f391c580ff754f4422e3
SHA256 6b3950356e24384ece594cc3c337c403a687dee8d1f7ab800654d4a673f9f92a
SHA512 6fa479d6f442242035fcb94900f4d59976359de7fc911b6d22d0b196ea33fcb6f8849d5ef9117f9fdad836caa7c57d5faab078b300e1673b522ba976dc5ede52

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 b63fcecee7e58f4ee3b2aa32b86db1f0
SHA1 19c177049cdd7ece085e283efd9c4ccbc89ed3a0
SHA256 839dd93655426ca38b3945de8ca5768309cb1c3ce3c5371c1108892e69593cef
SHA512 f9462a9f62ec37d34fafecaa90fd0bebbcc46913e94a8d8e8739479c608cf46d514a4e05941b9177eb576a57b211ecba94b1cd811ead34b6e58f64fd8c12ba03

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 fcfe160843364e5271b0a9cee3dfcccd
SHA1 f8b1254726f219d9c49e30b5b6d83e99fec8fd9b
SHA256 8b60f6c6f003f3476c8fbbf87d977787ba835d8ec0c0e88ac4c8367c5fffadae
SHA512 6fab6f032495646dd6e3421f52754ee29f334bfc9cd6e0d1dc1409afb16edeeb99816650249784c0c845de8bfe9dee3e235b827710cc83846460540fd15a1e4a

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 8b6bfe1cb604d60ec6ff8f7224503e12
SHA1 3c844eb8d931769fc42ad7eea64041a27ffa82ac
SHA256 b45cccc4ef7016a67930a387915906dc3c5809781e5de6c3050526537a07cb42
SHA512 b0c830bea7846a498232082676983ed7c7319e18013544aa4362c4994f230ca758a240a4980a71e64997d8e94bfddf40d89286c7e8f199c6fc6afca7a1c91e43

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 49d19e652f4e28213508e0c9a71b0874
SHA1 d96e034e559b9231945bc255c4ed503c07ba4152
SHA256 67b20a75291199f5cf00b7ec27edf46972cf5994a875a1364eabaf4bcc3224ce
SHA512 577a31b8cd763052475b3cae32c64ecc55a0975568246c03f55e0a3d93846810353f9ea12b6c3fd85c28d08f6dae9ec5ae2b698ffedf1f7f33a9d3968d1b1dfc

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 5f62c790900491b6adfb31fba2961409
SHA1 9de7f7ee6300feff9c55f2f915f320705b5c959c
SHA256 158aecb9dbcc46e00f47eb5a95c0c8c9a3ebe5c504bf48a7450269e19345a65f
SHA512 40442c63406f7209bcf9b1e465b2581871ce0da2b6268d1b5948f7ba0169171f6aed08db93ea5360027a7cbd11d9c08ec49a504cf8dd9f475f84e8b9d7c9bac9

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 1a966c1f68598dce5bf8635614e34acb
SHA1 cd31da554e0bd669d9cae82dfe5ce815e021573d
SHA256 837d43a5dd6f53e5de872b3298bffb62ec9f5e455a210e476f57f469c24391fa
SHA512 1be59a882d0576c6e6e23d5a3fc0b44dea2e2bd001a038231225524b8cdc5ff86e077f9b68f5976f995a9cc7145d013909c3333b0920a8119be3f7317662465c

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 c94931e076a46fe69c9dca9400ae44f8
SHA1 63c6b10ebcb1914a53f4316d9205e8a39d5cd2bf
SHA256 12c5e7eef86c9528549c653a01dde24d832c23642b947bd26bad353d5c2116b5
SHA512 8e5ed26f6563cf0c5141b5c1f76aa58fbf1482d6efd10eb58677def20390f07f28247ed45aaf9472918204aa6be09fa00c68a7fe23d282cfdeaff6767aa2a152

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 4754c7e04d840ec1833f126768cea076
SHA1 494fdfae6fe4e827337b53b86d911a3b5ac21060
SHA256 9a07aa66477bc21969e8d27946f80b719871aa4294b74e8ada8a2526214cd19f
SHA512 69eab6d7eef4ffa0239568d0e92fe8471ac413d67399c12799026484cd8565c1958aec1733a39c0eb966d3b10dd80bc03c59616bfe8772c1b9840b344682f525

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 bb2b7b2cace2a302989639def0c566ee
SHA1 ae1f070d722ff6034fdc4b6b70d4eca4eca35952
SHA256 47fda8e08f85796cbd27f9d4d09b37fd3cfd394c483b1a912536ed6aec05ba9f
SHA512 6e974fda025ba0f9b10b775a1228ef1483fecc5813862a4f85267cb922bc6808ca07f9a0fe48473dc0681c24dbfd85439c72c9b228dda05b4030905a6be54539

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 7b4119d5f51a0f90fa2de4e5eec67713
SHA1 13e46076c189fffb907b630e381112e5b61e9030
SHA256 fff987aa32bd999560ab0b482f5463a7a8a56bdc79249a351a1127b9b8487944
SHA512 0185a209328dddfd8929990059c096b905647c4c38a6c3d06d10da04f952a166421e6e931bdf4e7604dbe1b1d48e8ae5a52f7ebe61e0adde3e43728ce74a533d

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 c81a56e34a0865ef0f4180b265b69f21
SHA1 921abcc6b0016558919406591a8610cb35bde8e1
SHA256 327aa85cb74264af2e76e8cecad5f23763a0243e6885c3706b79a89578ab0017
SHA512 a3eb0da6dce59b3c4f3f53ff5ef0ae26892b83112b9dd92254b6c99c2687995fa6b91cd8cedc1e982a56dc6f8c0918f9563f08e8e755a68e9a1b5ff6405edb84

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 9bdb287ac403fbdcfa1f466dc161e114
SHA1 796b82cd7f65360bfbc977c58b6ae6a06cbe2e10
SHA256 e2b09a93a30b010ffb1fdccbe4aecaa53b1468b6543bd4e885134f5d1fadb39d
SHA512 933266545e324e8d1e320e33cc917845f4ef34a045f4ca858c0545f3aa15fd68270faf6e060f00e1e5d032619bc459a5dee0ca0f47dce8ae47e56406baafc022

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 fdf95dce88255c5765747198254e7aec
SHA1 eaaab9fa3efbf342f863d8c68dfe80035aa7b705
SHA256 0a7729be13b11ea6339645d48131f5ffbb9281f4013b6075cdec94fbc919e2bd
SHA512 b95bd3967eb451811702fe37cfc0e68887b0e709621bfa55c2ce28cc840d3c3ce0815c572d3583f7dd3fba25a546d9a20a6780403e548501dfc5517e0160e438

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 dba0f0451a61c7acf0a06bd88f7477ed
SHA1 cc5d9cb4517d3d6ab752ff147ebbaf68250c4c9c
SHA256 59cd4a9df11ddd8f64ac395870c9a9bf2b28185b0aa8508710d33f250b113ba3
SHA512 8846a08130d954c1f1bd1f0026e48142bc76717386f13462d516d53dc61da73657ea83a785bb358d2348934ad8f3ebc89493f73fda8988f0f6faf4ecdf234caa

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 759eeee81ff2c481afc7868b639bb8ae
SHA1 64028fe4d741793502dcc722334bef563eb81c4f
SHA256 f3d9dd769997776aa522f2c0f730cc62aeb40dfc9f17d3255e0a8f8bfb158952
SHA512 9e6ac3378c2792fc0017e5611b44565c8403efa91fb62f5a49aa4f1a05ce76c7d411ded1a2e05b58ba1dff50c7d0068c7744fd244e8d62e7cc41e2658be2d366

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 3244754658f6d9374bd369e8f67b9db1
SHA1 d8ac636bddcd629dcc11664f4b7043ac40cd339a
SHA256 9bf5bc257a8a355ee304acaba07c0b8d613b81c04f15a0ae6f2701734299b745
SHA512 2d336d59d06069a6932a7667e41a8cc2c590604e7657c1e9704c69aa288fde53afa8351beb992afcc643391a24386e153849e5577f583bc914a5a897119194d8

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 b263f4bff1850783b3a35cb2178ba17f
SHA1 b365fab8168594510caed2686d52229f80164c0c
SHA256 3f2f4cf053b13074adb444e1808cbedc118c139036c75b2ccd78260e4c4f76c4
SHA512 92211d9ba51a9259d2ed9c02077088cd9215a3e562ee7f4cd889c73b720a5d311e948258fe926b510af66515a14aa4d2cc83cf752edea17064f53515c64494dd

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 ef8698b85c3a82315e58fc9593409449
SHA1 9cc64f28dac3fcc49cdfbba4cb723eaf29a4660e
SHA256 ed465bd6bb6c71b4b2ea4a55cf6acf30d4974e63cf667170579351a8ffee6e3b
SHA512 d10eb1557c851d12faa4560baf871064382f0dc1388bbbf842f9a1b259ffb9060027df8fda6c23715c78e557256a338e45e5df00a88b339d0b552b903a0689d1

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 165eb733faf197035c873d2229567545
SHA1 1d9bae6039bca9fcd7903dddef74954e3154bc25
SHA256 ebcdc76377b257076c252c3a2beb99c25394c43d9c75ca32bd962f443da349a6
SHA512 3dd0119fb73a7c9e7fc83b075d6b933d1c50366d9c938ff508cef0f6290a92db7130982b22b668503ca671eae8dd36ba0ac6d43a3844ae7a05d87d044836111a

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 233d1199ac143062edf5a8e593e2632f
SHA1 28e022e3b5ffea47a3234986735b228b47923b6a
SHA256 48f79f9e063c3540197d836ff941a744676aca99a18a6fbcd507b66e09741855
SHA512 7f2640a6bd1632366ca55c7ac33df33bfb2b769a34fbf5a006feec07797ebeb4de0a7d7bac7fb7276a1c3a54ec63d4b01837648463f880625134c3a243d400ee

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 9b687224556049ba935f3335f4a746d5
SHA1 aa3975b66f0c7d505a0df169b31b487946c9183a
SHA256 6c08cbd0417bb2c5d68dc08d8efa655bfa25d7c593d573460dcc206497b21cd2
SHA512 e26fdc73292a2cead3f5f3bf0f923a8dd5b3cd809979b462ccf50eb449198c8047cceb04bab26ab1704791e788ee65b8aa9aa19f66b5aa0224f4eae4416de841

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 53e652e3d8c8b4b94642a7963c5a500c
SHA1 d17eca53fb845dc5c519d53184784c72e79c2a97
SHA256 dabdce0b65b41e3ed250d8fc4333d360c3caeb50cefbaadc5ba8f942e1af36bf
SHA512 3002a25bca6e5b31bc8a678322c5a35470a13ff1d7564c6efe111a66ebe97aadf74021adc9d14b829cdad394d1528cef422e2850ce4708af899e55e884401e1a

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 7decab546e28ecd880b20c7b3f311b88
SHA1 f6d475934ddb299bde14a7bbf85d9ffda53b42b3
SHA256 408e80090b5d003b0d6ef293fc18fcf97315b399c8c4c03c6349aabdaa4dde17
SHA512 f7882b8b0419636252fa56c6cfe9d2f0ccea5f404f5ec063f889b0fec9af21dc58cad80c4c1428c6d9a481926400811c17c4eeb3eb8d746d9808b1eb696b82a7

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 0cad8503a9a56f572f948bae7caa9f58
SHA1 3c988b406551acb1bf0183f68d431b852f25c7cf
SHA256 4375e21a59f6bfcb9cb71686b86aa464ed226bc44f914363f345956fdfd9eda2
SHA512 a73a8deab0f76eacb3a993c2e2e36337a9e808dca8615d4262d600d6ce13d0895d69dce5a8b033335acec95d280c4a3fe647b7b877448f3f7ab7ef8789023540

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 9e5204bc3a5ec376f0d852f500c0af86
SHA1 9c743147a5896fa371cd776abe4217122490e5ae
SHA256 ad7be25f6952b93f6a6a9b184145f979a93825b959476a194d21eeb741eb4e8a
SHA512 4dd18d0bfdb1342b8782a9ff1f81d4b89ac04ff5c434bd19dc793a8ff95b2d52dc27c6188ac62b56a5be963c8442e36ed6da9e0c2f9051fdcde7931b4b7a5179

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 038ca3883ab7834fa7da8acdcdf7adfc
SHA1 95dd0f9af2cbd8e3f886c9fca5a3dab6407b1def
SHA256 5540f780d91a3f761bbbf7d8014afeddf9fe4fc1a822b41827da23cd2dbfbcce
SHA512 e34c6df984d828ac7cd8ee48518d356a27ee37fad18aee099c0024a2296f36fb934b451da8d48c227a29d8b8c31a4a668d130c37d8127a6058f2e85b7b4f0ec7

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 89f4b1e77cfbb7d1bb091d5025eb398f
SHA1 c7ef5515bbcab78735adaa16ed57df712489ff93
SHA256 607f8c1aba051534cc29d902a4f4e097fff94c6eca66de9cff46d6ff71d3eb3c
SHA512 7f0d82a215ae6f3937cacf17f61caf578c61dd0d9a526608f49944f740071dfe576a28f2d60a7f643a0d6936b164a9be7a5c5019cf46f70ceec19e55b44c7a32

C:\Program Files\7-Zip\descript.ion.azov

MD5 1d17f889fda76a40c7c8f12170142678
SHA1 5c8b4f07a401ac3a6dc4a8f8585dcf1f3b9ed42c
SHA256 9121cd01f277e6c2a60d229582d21a797c72656737dc1b833e9fd31f9905e408
SHA512 1e68d356287aa4b2d0ed8188ae7dce73dd316c5f9a998328280fd8697bf8d320e7b1c11182c2c77baae6d92d10dfbc6e40a184300954c1e8ed4d8082bdcb4508

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 de4c3dd92f841febf05a3c5d6241bd4a
SHA1 807e6ffeea195970e497a363a45b8a5a78e96b7d
SHA256 31f4c1d085cf13f159cd28cf2ad983290f3744e5e33e4cac333a2586736775a0
SHA512 acb3da315f582a21fe9064c236d36f56973168d1b018f4b79746bcb01655ba4e2f80ecd692c5c834f419627c9d9767e0137637371c6485a2334d598409fbec03

C:\Program Files\7-Zip\7z.sfx.azov

MD5 7ec5ef19620a05af9d0cdaaa5344317f
SHA1 004f60b1a1b61d2057ce686071e83cc504df001d
SHA256 88bfdd106f4d28e9835d453ebc68bd1e0223287ba7e35ed7e0f0c4de609f9595
SHA512 70c90356cbf2d909b7ddabdfd942ddec3a11998a865d0ca3f8ebbb6da61a81751c62d6d37ca9fdd1210022ce37325e7c8803533e08e70b33c3dd616dd1d403d4

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 e6c81e57c4c76d8d26a5a92861874ce5
SHA1 07641b8ed3f3639444702ec90288131fc76c84ac
SHA256 a8e98c5a76aa240779ee950c6400a18a46dda450b864f783ea043745abb057fc
SHA512 60e8c44b63406b43cb7ff28598a88a7ebcdd8a0ac15f8a1291096e9211e1fd2f6cfc48c879088f95022287a34d07d8efd8ea5d6235035c81de5b5cac8fdf9e91

C:\Program Files\7-Zip\7zG.exe

MD5 702e63a543a0481214897627509e40f3
SHA1 19e0a450af47bd40349f5ae256edc8c2137360b6
SHA256 76c3d7edae14df7158f47e4050bf84200deae3aa8ed14e801f0ce9069bd23003
SHA512 f23e010cb5ca4470aa552bef3bf1872b138537baab4ae06397f0674be248c0279890cd90ff27630a49724eaa8ae5189faa70ad88995a5532ae5d428719985bcb

C:\Program Files\7-Zip\7zFM.exe

MD5 b87edd4b5dcf7c0c85f43ef7b9a47599
SHA1 5bb613851dfe076f7da70708c642209d7abb13cf
SHA256 5f67d41ea1e4eaf8d9c7bd6c22d4df5fdc26b58ee3e23eb96388432f48fe526a
SHA512 dd2445529cf19366f381d30e109f4a37b2c6248daf738f7835ee2df5dbae4d11623a9f3e2f687a83d8656d6caab96fcb28a9313b6e8b631a3a187de946650c2f

C:\Program Files\7-Zip\Lang\mk.txt.azov

MD5 29c0894419b4a6502101e61dc39e8519
SHA1 8ff727f617833daacd834f7ed53edea6ad1330b4
SHA256 099f4b27c80f7c55df88c20311bc90bdb44cd45403510ffbfb9740b2feadc505
SHA512 562f7c1f1258830f553b34c39ecf0f091d1ccc8f067045c5e30f7a479a3e55b8dbdb80261afcb84d061a41d662655d3d696d09208b4620d63dc2783df52de49e

C:\Program Files\7-Zip\Lang\lv.txt.azov

MD5 7f98d6e4dfba64d8f75c9df38d695e50
SHA1 1ae0a6a7c17de552824c1a0c3392ea48f2e719b6
SHA256 9d169a8c21a6b3081d5af1a49a124d813fd643cdd4d4cf5e2f48cffd3235ab1c
SHA512 f76e755c0b7a32280802d6eb478c01e796333c57c1eb2ccb0c86ee59b486c50708739d6ea3790b6115c1b6a8981b05a66c12861710334d26d56d3944ca981a5d

C:\Program Files\7-Zip\Lang\lt.txt.azov

MD5 959e267d526bffb8eb3f1f3e1d8a82fd
SHA1 e5c758af31774c607596c4341a65efd51826c3a5
SHA256 ed19dba58906eebff8d2820e6ce7c043c757165a86d5e45487c0ab2bbe83dbf1
SHA512 2ddffb77e4798e6c07dedfe9cdc0a47f5f90f20302acd449fd0a2072c53bf072b36a3ce16feea54853ec4ed198d827d1d5d9e35d3acf1c8beb83ae5675260af2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 14f5b997e6826b578a48a6ad904dce22
SHA1 0ada39aa3604572420ba1c3896097b860d139edc
SHA256 abea3d53c0e9955ecfceebad27dbaff061a17ad4352f82cfd2c9985981fa3de4
SHA512 fdd3ab28e76c4c8c4cf36266abc14c622a9c612c946ac5b623d754cd0773ac955ad03ed0a5ab48157358339a5174b56cc2642b8e33b8195fa34c7841e7083ca2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 6fbcb86b032155f6b02a970c81c92496
SHA1 518bbad8e79348e1faab777e8ef0a1bdae5408a1
SHA256 ead6b28309791abc20183391242097704a226e72dbe19f1a7696617fcd2dabfa
SHA512 f21354e27815bd7bcb9ea41b61ed1aeb2e3b4fccd729b2951e89efc691c4fccf93245cc2ee1a4d3e55f2d26abae808bf7bcf103638949ec94346634eb3b78dd2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 131a3838b74ca82a569cde35c9a1b91a
SHA1 cc003eeccbbcb04166b871215e49fc03d5e80f2e
SHA256 4fb934d3e33adc810f5b1e95a5d543ad929b1aa7a568364eb43a8c667327e00d
SHA512 774e7a2f09c5f2e46ab4bf3f11eae128469f7e768ea1cd8cd2eaa175086a6968d6e8514dd053cbb3f299797fe353a6a42fd73dcf5fe5b81dd70db78459cb1eab

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 5bd821c9474612deb6b31c7a4d27823a
SHA1 0a6410e911de89fac167cdd5d53e0c13bc3b38cb
SHA256 88a058ba1d681ed11dd5cf1fbd8a04ec7427142b6bc7635b5cc37717f5155fd2
SHA512 cbbb8d31af2a6d6466ce3278f3d9c0434c9cf33d5ea504f5dff631cb8db7bc24e40046e185b70eb5415682bb6d4161eafd8e7eef365791bec2e2e401225493f8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 e40acef4095749db831cf22f9f96624f
SHA1 41f9d8ae859105a0930b3623d248b6e9e90354c8
SHA256 f860af7a89907a0806815216985501fa49fa9a9af9c7b54050158931b0f83fd7
SHA512 56fcb58e369ac84c46d0aacd987afd38cb7b9e21015580448a988109a6c16268d6d603967bf30e559f33ed3f5ea9209be2165131451d438dc85bfc56ba6f106d

C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

MD5 3ee2fd043b469c0222ec5917ecd8537b
SHA1 f92f3907ecc8e6a1e7426bfc1392b2061b9eaf90
SHA256 b8b9f9ba0ae3275a4573a274190f073c5989c7e9e576e70f716fb7f7071d28b2
SHA512 b37a864d784dbebfdacf25a8749ccabcb998bb11575a756bd570bfeaf051b453d6bbf7a45a24cfa5cc50ab6225012b1b0dbd09f53b86f37b00d4dd955aa79221

C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

MD5 d6daa1d615909427e3f91afa3fc381bc
SHA1 8cc028be32c9f520c67e25bc7a9971703b7afbd2
SHA256 097d6944d31b31b5d524e5563b7413001267bd5d7d72b63e1bd290cf4f3b583d
SHA512 7461b58fad167f348ff36b9b06414c77f043cc091f381d79d3c5f856c78eea2cae06ea1a87c0632a9cba27f4c466fa1a0d6c5a6f41573ab337e0d2d784b928cf

C:\Program Files\Java\jdk1.7.0_80\bin\java.exe

MD5 e5a5fb83d22ab7c02df190b6fa07f8c8
SHA1 37cff19e8fab1f9556d4b61d37c422bc187bdbbb
SHA256 a65f9649461552b52c34cfc2b30ad66f26e3b6d71b3333965f75d9d373841e54
SHA512 a8af8a94dc249b12b63494adb3e496cf10494b921b03544cbf3d5dfff1e83da544f25c74a4082cd6025962bc082de8414d3a9e1da3049e3bcf46097a4c5ba28a

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 87be378b896aa342cf00414a495befdc
SHA1 2132092e4041b40050465bf47dcf04d6d937e284
SHA256 4ed5a348da6043a324ce99faf918b4ee4048f8e519ac8bf1302aff63e12acc69
SHA512 d3a26bdaf34223714d67a2558055c13dabebb2df5a15ab23634490d79666375a56b7eb12fe5d858da508511ae17946a51d152cf69cc0085ecb8a4f9054e06049

C:\Program Files\Mozilla Firefox\updater.exe

MD5 eafef0cdd1ab7d07d64f7d3137c72b03
SHA1 bbd7ef32032defc140653d6931ea021a3db97d7e
SHA256 2d4f120a0eaca7c611b9d0acabdd98a1ecde626cd58b4be5abc95148342816c0
SHA512 a3bf72a8a64d67fd08d1682ec7b375c99e058ea01e37aa6fd2b6a424cdda8dc470708628c0f801b0c9c31ef5f7877f9a7ecee9020bfc98c549a9430dd583f4d3

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 987e7b2de78231804ce157d0ef1407ed
SHA1 ef97f5acc8a51d4971321895feaef39bc3826293
SHA256 ffb415afbfecc8f677238bd003d6b4190d77c447870c3b65c3e4470ba6b17e29
SHA512 e49c3fc97af7c6a9261c81959e6c4244ebe0765bdc4583ebb98c9fe3bf3ebbc57e2d911b7d73d934236b95437e7a1501049971ef2ee6b58fc3513fb15f432e19

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 ffd61fafc5e60126a1d7d1eb46868b24
SHA1 c527a6d0a61ff0b1c31dca6ba50cf5d18e7ef9e3
SHA256 af79e4ff46c3eeff925b62372fb81bd7d25ba6277d9cf9758097faed1baf4440
SHA512 c77dca69bbdefd4bf83c28e75842663f89376510d6584bddfbe5fe757286f3f3ca60910dc403a51732c07a3c9fcba665ca5b3751827d143f5e0a18a9ffa35a28

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 d61a950976cbaec2b32fc090e37e111d
SHA1 4311e568e57f0dbc205c07e56f93ce5d10f19b14
SHA256 2dbf015b86187ccf03d2c8dd347c346ed2201b170754e5438f4f6ee4160db7b4
SHA512 9b33eeff1fd6063725896a1bbe9c77340c9e195c29a2bd22d80882ee44743cf125bae888f962f1480b245050030c062b3ce4f92ba6a2648cbcb0a4c7ecd26b97

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 6229e3d95e932a1e822067323af19bdf
SHA1 2918f7c161f708e3d5b380a4f0ca5385f7c2fad4
SHA256 be1d9c2c6c92d721e536f99d93858f72ad4ab8e1af40b300bde231dd7c04ef5d
SHA512 bf95c265d00a41d5bc4fa6b229229b792c537376153b540d549542e67cad542777b76f6cda3b50895345d2c0d503439acdff3529f5f3df908dddd5df11bcc124

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 40f00c9098e957d356b7b171f3fd7ac9
SHA1 35ba7744554d1fc92644c835cc808d8d7ec38084
SHA256 6ed520cf934a8d79229c872d4637bf43ae33e255bae0661a03d8928ecb2d0f7e
SHA512 e271f9c5fb7113110fb51388de3d8524755df990b09a11614458d135d1d46e11f4e5ad579c4ead8c81dd586b7c89a06f9f342a9fba4069ce6cfc0988103baa96

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 4046467ea3d80d675341f54ecf3b046a
SHA1 b9904963ea5beb3820126ca257876ced8d071839
SHA256 0593252df948328742b40deefb49ee1ae28a1cc116ad1e1921af3ea7c57f49df
SHA512 1fbe6945a8d01b760703dfd0579f2851a17d77fd5752e126cbaa8de2ecd9e15c1ec6aca7dff7d0cd4bfbe9e803d1fa403798344112a4d517ea49de14b4688a33

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 cfd183490adf47ea290e1e4ba57189a5
SHA1 6112f6ce940ead8bd0ceadcfba43902ea3263518
SHA256 0d423211605068a6c3a4e89c7bf741be2651ddf190861470e5319f5afedef599
SHA512 38dce5133666366851ecadba8a7ad156a2937ccb3b9ba530a7dd28a263beb37214d613d93995aa2fdb3596ee5280f322fa6218b6a6424499eda5b402792535d4

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 ef34e98d3c612543e82ce78c7e13f8e0
SHA1 69bb13f6a8bbda3275b7736825743dc92ad99757
SHA256 c7edae0e47b32a7947ab913515a7a9e11d6916fbd02c732ba7cf26bf92cab219
SHA512 1107acc25a904cee9bcac5303fd121a5aca298b4424361c32d67cbb1d87b8a2ab00aacf9a1d83735495b2ad768eb2b96daa5e83410fbc0dd79c71db0bf738201

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 39008100cd03b0d59ef3e592583c1b66
SHA1 9ad6201031e3c423f4081581f41bcc74b24dff8f
SHA256 4dc6b1ea7e1c477bf0e1324e80fe13923d748189f6184ad22807ca5876022ba8
SHA512 2d6e7ec349553ce46da17248a4d6a9ab25c53a1c0c63e09a2115a05db3bcba0570a54ba88840af2fc911d001f6e765becb1c6bb3a9ce88a95abd2ab0d909f767

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

MD5 4ae1018ce90848bce77a933670d21d4b
SHA1 19eed0140038a3a9dfef5b20dbb057369b144a62
SHA256 c70092240ea716a25dd0cf3253082b955ecdef6ec6c44546ec48328fc9d1e36a
SHA512 d6f791934735c00ebff7ab79065a371805e0ca5b34da4f0f9f81bf5611000308ad883c995f9bced1fb25f5ac2a33440b858a9e3ae280e9a2861c2eb8f96e408f

C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe

MD5 d4d7d64ce25a4feede21c37be43181d8
SHA1 d8131d84f799659b027bf10de539a09d4e9ed136
SHA256 e49a4675d1e7087a1ad23fd560fc722059db6cf50a10d594f69aa9217aa37c7e
SHA512 f901b8364882c3d700829a4b6a77c28d8c14f36429e568fd0a2670d77db50293097d1a304f14156c858e288dac57158ac0085cbfdd834bdfffd8dccdb500902d

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

MD5 b361e6ca4e085caec088721c8c3a7124
SHA1 d2896fb2cfa7d2629fe7c303dfea5329ed03207f
SHA256 5cc008b99980c09fdfc596c0f9aed63a66fccb1820dfd4116bdb95663e22bc04
SHA512 0f86cc04c4115937562b67cbb4697b8a6f9712c9f85d95bdcba18a7071549b95d116a7325f01cca14c08d6eb575107bd5ce8d0f42435afeaa96393e01236ed72

C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe

MD5 611cd8097808711bfd0689fb89924c1b
SHA1 7f8e38467cdda57ba06b471dae47be7263ad3653
SHA256 a19f3105b59f84fdd5e075e30227a1751583215b82e0a3088d4ebe8200c5658c
SHA512 b31846716aa90b7c5248e92965e77c0fca626d92704df022662652e161d6e07a21961a21b5e99e35a4f59058cd688266a8bfcf7282fdd8c6163940b9f1801c47

C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

MD5 37613429671396db19ce394967a24889
SHA1 9abc58c3a0c1d03f361f00fdf8489b5b147dec36
SHA256 4d62763863fc8fd08fca4eedccf0e601e71529f1d7c37d2a2bb3d5d1e03604ed
SHA512 17d056cad70afaa1b7458a1ce89ee09c09d48f43593c61b3edd04e08c521a4fbc891c04e03500f1c5b6ebcb096134cdae82a38043f3249383e883dcfd5deec26

C:\Program Files\Microsoft Games\Hearts\Hearts.exe

MD5 2049eba2e635106f680e70e36c8a2cca
SHA1 c1970d73c701ccafd24b9c188198e795e1a6d70b
SHA256 13782effd7097612c99191f68c3ef517ae42af18e268698862514a0ea5aefa23
SHA512 b91067ce1ce5d9be4b3449cd49f6374781c8692e8842c6db40c594f25db838baeb58da02f193e807e16467ab9894ecf17f6f875d74198ebebd564fceb85e4b6f

C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

MD5 6672a6324807650557cea69ca97ffa9f
SHA1 a9443fe3fa364b9cd9a3ccf73f9bfaedc3fe348f
SHA256 71125f2cf73ce03215c9a3f380f2a128d88a3fee3a49aedeb18766d8e3a4527b
SHA512 8060ec49099946c748fecd4bfc3efb6cf2bc4e7db5bbce504896de7e3a1e41cf1d1bc4629c72e797ee3894335db93952aa641f66c71ee00faf4b97ea07b1d516

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 784b3d4ad0945e0ae587cc8319440208
SHA1 96be73fe8b858c3e9b0cf91c7176593ff46acccc
SHA256 1b352d7d2781a1adcaf4f86f373bd834fa50b84813b6d52dbff387cfc62e7f4c
SHA512 d045a52e34d61e8202e658ca613a17ca036b58f3f951acac552c3ae0f3492e29379d3750bd43d193d993f38ada4068b1b6ef078e5ce7d2a3ac7692d2f2548feb

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 478c525f0445f4720f11cdddfdb605d3
SHA1 4da91e22b2ed0c4f17b022eb9991474ee3f9108f
SHA256 962f51acb7ed04179350594b80799de2056b5327cfbb3eac741262a2b8329019
SHA512 6a761b367741a0e21ace5bfae74abfed28c97b810891f841b07422950bcd8d8a538645510319c222da0184ce7b5ec24ea5fbe0417d5173940646bdcca98da9fc

C:\Program Files\Java\jre7\bin\ssvagent.exe

MD5 edb01cbdcc9121cc5c4ce1277556a6e8
SHA1 b25f274375bf98d5f73075bc237e6ae7fb65d82a
SHA256 146331b889c0e01562c902cc0967ffc267f351f80674a319c6bd2111b92eeffb
SHA512 00348b126ac06cc76b2f96563c676ff75b65491aa80b1fd9670c6bd10e8f36aa75a985a4e63c753ff9449275a47652b5a12e485df899cf02874be6a3f8ec82f3

C:\Program Files\Java\jre7\bin\jp2launcher.exe

MD5 3ab650b8e8026b0ce5105bc5da8a3cb2
SHA1 a81e4f6c6c7dbed54b68f044ff17737954c02ff6
SHA256 92b632b87ca77fa5d1f58eaba7219ce423cbeefa09c38a3498a4aa20f104ec91
SHA512 ce52742fa38406b0e60a9679a88056de8b43603de5e253803892c1a905f76cc488d5c566b3ed94e6898d2d7638a23c03d32b4fd140f6dd4ff9335a7e785c03e3

C:\Program Files\Java\jre7\bin\javaws.exe

MD5 2ed21f63023ce9cdfb0b891d5b7452bd
SHA1 08b59081c11e06c700c808f1cc96da993fdd750b
SHA256 942b7411c3b9f4625e8b7c5919d1fe2588e41c92abbda82e76580a258eb591ef
SHA512 c61d02c7b12278de5b1bf31758a4bb65e91c385b1cf7a147690828ccf67ae10af92bc192e053cbdc113fec26e9ea23869ad64c84bfcba8724870330bf0fd58f5

C:\Program Files\Java\jre7\bin\javaw.exe

MD5 31d032259b7e07e9bafcec35727fcdcb
SHA1 b6943f46ccaa3cae38e741e8f34484481137373f
SHA256 504cea5f20e482d22d7540d912ab556ad010b8d4c2d23b9dfeeacd63d36304e9
SHA512 7f229073f8f2b4f1d757ca29f6263b5d9937e412ba1b4ccc1cbba89d26fca8162a807f9b7876c529ee60577dec331cf26a737cbb6ba7f8da625a4efa3c73846e

C:\Program Files\Java\jre7\bin\java.exe

MD5 fa6b5cb7fae5070a4611a0990a456982
SHA1 a1384dbbf430113a2281a88ddaa5258d3dc950db
SHA256 48b44ed9001015a5c679140e8ae16edd4b0344e7f4b9d9942c2c32e36cfec720
SHA512 1435683db6de4f6f5afc4aa3e03353badcd6d07d9a5d55f037f85ee0a4d252cc1732de0386e1c3ca690cb4674bf906a9c3b14dec43d7239f3f30b5e2d7238244

C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe

MD5 8db43804c4046be109481af6425d096b
SHA1 9a7604f87aa678f4f141518bb76e8b743db52484
SHA256 5506a993b0a899d29bf71c639cbb28aabbb69ffe0eb88a1cb26e0df14a74f510
SHA512 691b0cc243daeeb114a9803a4cb1202a7c9a6fde4d0bbde131e8d702f2459154911c409309ae5198c7b9a48c340f70b1ac282071faddb11ab8438531d0ec4030

C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe

MD5 a702fb0c46543d12b847038970c5b5c1
SHA1 8f556d35afeab4d5913f8a771a09ec9f2ebef6ef
SHA256 9e8acd6f91a2d12c1732787346cd8978bec6a4da362eba68b157604832d18fb2
SHA512 3a4b2936fc1847ab4e56bdd4a51c42115e38328d4e946cf999b33c46a1bbc4514783848eed108be822a6602c09a64e435cb86b48557a52febf89522e049fa0cb

C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe

MD5 ec1f0091254255626646156aaf685b3d
SHA1 6c882bda7b0f085c7af6cba8f7847d8144252316
SHA256 3558b71f625c83739393207740729ee2e8db89ef18deb971e9aacd458c1c533a
SHA512 d160b3e14ffb62ed85373d7fa981e01e4d653d83610368968324b08fafa2d7e4def8cb36939993d548d7c77d4b10799a57438985d8d99296a401946b5684e5fe

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe

MD5 9f2a56aefff16ad6453b64cf467d2b63
SHA1 bdd7e1edb29e6851ce99d1c62efc2638ec7ad83a
SHA256 bcf0607d92d9d1eb5f0aef20f95a6f9d814fdd4eb5b05f17c68975e6702eca59
SHA512 7c4c8a723ea4b45ec051d19e28ff5a6c6dad1d4980dccc7d114b7a3137bebf9d16942eadce65873462a31c67994be5ae19b9101540be465cea9872c683f43b62

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe

MD5 d47880fb0024f98b1a35b1475749b6a0
SHA1 51cba948abc43018af9a7f20a6035684ea4ab0f8
SHA256 fa1e758cffcca962a7a299ecf90b52013fe8a00e7b492408dfd19601c9505715
SHA512 dc42b92aa3d6e8196c3d528c09c944ee5169c9449caf3d1ba48845e5ea1c8ff83de3922e7c701d569f4e991ce62970a1bbe810041709ebcbdaf911bd884d06d5

C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe

MD5 d725670950d8c848bb07997849455b07
SHA1 bb44774eccd4d9a0674cb775d25c55d79ea2a62d
SHA256 0d5f1a500f482bb7ade05b717aa643adb4f0fbe83108c6ae3ca7b16db2fc2e51
SHA512 026700598a6e51b426614f90d07b281576394e551026b0cf36aaccf2578ffa3d579c65d5907521739155b0b785dbe5c18e3452996508e8a903e7ee1d0692f15a

C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe

MD5 49e945610ea7b77374d3f74ac501a752
SHA1 457c327cc74494ea767433fc7ea956267d074852
SHA256 8b9224d746b4e7528c6adb2e6686ba754cb6843b3178f9583f32c795522f43af
SHA512 3e669823c83e97cfaea154c2f4a480c8792a11e962a8ea4a078c21cb1d43c90e65a6eebb989b7e572273c1c7f53b51ac6a4a3fbc02bc23be13ade08ab6561d68

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-18 12:07

Reported

2023-10-18 12:10

Platform

win10v2004-20230915-en

Max time kernel

149s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (2895) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeComRegisterShellARM64.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-windows.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3DViewer.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened for modification C:\Program Files (x86)\Windows Mail\wabmig.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ja.properties C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.Brokered.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\jjs.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoev.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\XboxIdp.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.177.11\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3224 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 3224 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 3224 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3224 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0x1f0,0x1f4,0x1f8,0x1e8,0x1fc,0x7ff785f6b840,0x7ff785f6b850,0x7ff785f6b860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c7546f8,0x7ff91c754708,0x7ff91c754718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x1a8,0x7ff603c35460,0x7ff603c35470,0x7ff603c35480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15222873019148395444,17836702713137453406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 254.209.247.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

memory/3224-0-0x0000020BE3D80000-0x0000020BE3D87000-memory.dmp

memory/3224-2-0x0000020BE58F0000-0x0000020BE58F4000-memory.dmp

memory/3224-1-0x0000020BE40E0000-0x0000020BE40E5000-memory.dmp

memory/3224-5-0x0000020BE40E0000-0x0000020BE40E5000-memory.dmp

memory/3224-10-0x0000020BE58F0000-0x0000020BE58F4000-memory.dmp

memory/3224-11-0x0000020BE40E0000-0x0000020BE40E5000-memory.dmp

memory/3224-6-0x0000020BE40E0000-0x0000020BE40E5000-memory.dmp

C:\Program Files\7-Zip\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/4176-385-0x000002937A1A0000-0x000002937A1A5000-memory.dmp

memory/4176-391-0x000002937A1F0000-0x000002937A1F4000-memory.dmp

memory/4176-392-0x000002937A1A0000-0x000002937A1A5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4e5550aee4f482d6d750430de5c18570
SHA1 eeaf529e6bbe99a226bfafdcbe1548155533c624
SHA256 398e0f647b2ebae4faa4e2900f6f463fb1d5955edc2e8a525bedfc117354a556
SHA512 efb4d10f2812f6aa5fd9fb71f8418e61c031e68b8c1e43ac0d3618d6aeae789b762b6532a9589057bbce2eb41ac703432675f2f3340e4c788b40ae8167ca0835

memory/4176-396-0x000002937A1A0000-0x000002937A1A5000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 1060a7acc72db9fa8ab1f9b3ebd20198
SHA1 c1e51e09f41f4c44351fa3f8abcd75237cdedd45
SHA256 b821e2ea049b95ab3fab6f64c40b5d774ac2ec6b697c0d5af22fcbc51dd7efaa
SHA512 94a956ffab854a8f39ad1eee62c4bda5a1eea08f374c723bf917808b7fb429f124dd167e5799506466c06d2d224871387421685789865d1a39baf76ac7e573af

C:\Program Files\7-Zip\7zFM.exe

MD5 ca0f70621faa3b9297014ba20ad4f015
SHA1 5bed58bb55ca1705d5d101a7a25cf22549f3e4e5
SHA256 5d2a6026eaf6a05a287e7a26003a361ce6289a4a2fb1b940b16c6b0ab1a7d528
SHA512 e71e81025fa534cded5454db03fe06d8bc443e881ed0134bee2910288fc246515961c328ca33fcd23149fe73417729492023cc34241ecb1cc2e0e9322eaaefa0

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 7ccad4ae7a258faaa08f859c70793df0
SHA1 3ead7a81662277c8a0fe53ab635679c5f212ace6
SHA256 2fb25d804b3c0592ae3bb750b36f29c75a42ab36e47b26b45518ad6b053bc4f5
SHA512 c995a1ed2ed6db9358437cf8b996fb5862a660f4de3c4dc19aa14564563fc0d993e858ed9c2840d1d48750eb0f9eb0087a0c593c88240157e8f55cb085222dd5

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 36c6c33728f00a81c5e73cff24d55d76
SHA1 6f4a532259b18f0b6915f4278fa2d734ddb66b12
SHA256 b37a06acb8553760bf5d75825d6353adf660d2d14b494a4fca6815ef2579c5e8
SHA512 e587b2d34dc99cdc3d4d21289f998eeef1f60eb5c62f7d4ac4371ccac61aca948cc24cc866b32220fd03fdbbb72bcb6b7887d428aaa7adece00420547ad51549

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 d980d7684ffae2e65699ba1609065f4c
SHA1 87d0e0a4e2ab741804ebfd5357cf71a84dcc6b0a
SHA256 971b6dc12806a52e1c4bc923b1618a7f0bc0b14070ca35f0d8cc646823e10e66
SHA512 d83b3ac2057b3e5c86fdad7e462452f249f5c46bc5a06f35d8f6cb6ac04b55ffe0bf60a8539f8d243b0f39721e61f6dfe3e847e874d5408c65c7a44d2ebefb4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 24101bdb9b9ef4ce67786dafcd8fd5ff
SHA1 2bcd4fa3b529da64d078a9a94f42e5497ea2de60
SHA256 3b81b7ab15b50e9b0509d3d471c3a26d3c4846172124ae03d7aaffd824db1553
SHA512 2eb45754c81861d754dd1fe541e3c18f1f0984019d7daff9ff89736944f9535338d810d08171b1cea5ca2cb36bd624350182351fc4e324485c8ff83cc28f3553

C:\Program Files\7-Zip\7z.sfx.azov

MD5 b35cd50315eb31f44962cdc85f2dee92
SHA1 6639259424074e8297067e2a74d1cb816f4018e4
SHA256 830b33003b644c4ad3026cf1230a5c5e3d766070f239037c1a1c816da9c59af8
SHA512 7629fc1001e7a5665ae4de817e59e0ae4f86559262480255537f41877a477474d749280667b18720d0e53f31f89e9d19f02d54ce59cca20238b4e4cac3f5bf99

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 bf7009138c976888d7708b5c53f52fbf
SHA1 eb601206e43498a7979e62729630256f604cf478
SHA256 994ee5090c5f820773d57a7bbb6fecbf8af76808e5502641a102ee04de801924
SHA512 269fae168e4cda6d8cd3dadea5033a17c010e486ab7693cbb8fe1cb80345da623c6adfa228abab983f8f37c666ea572a24bb6272c4eaabbab0b8dd0a1d2e8862

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 adbe6559b7cce7eecc9c4086c3f57b9a
SHA1 8a80fe344cde3f5f407142385671729902e63ba8
SHA256 37980baea5ae95c295dae557340ec75257654428a555d5a097efa1289a768353
SHA512 bdd4af707ab4bf434504ba4b898bd887a0477c766a2c88f6687edc78e842c09d756a0f07703dc99b958516575369fd1ee5f3487fab9e1ffd67f619c4c60c33e6

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 0ad5597793ca2f1f685060141a0fd81b
SHA1 9981d1cc02e302effe5aee75cb55971121bcbe5f
SHA256 b87885028c7fd17fac8cb045a34610cc49d9a5fbaed168d9f3ccce90992556b1
SHA512 877d7a55d81c7015543bb6309e579b7f7a803f3baec098c4abb7259ec3f6d4f02cb458d209f6daa469d9fdcce157e876e5ad0adb54ff74eee09c0638e85ce6f8

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 5f9c49c5bfb98c404aca8876c0a12a5f
SHA1 5f66ba90f631925fe6d375683c9289dacea988f8
SHA256 b33d0fb78f60ddf934d10998fced9c9df9ebc1d0e32f79731ca7aeeca8fee78c
SHA512 47205486001edae2d4b866bd8a61effe5e895dffdaf8bd73badc22d8012cf67c1f479f07c2174f8a42e8750aa5fb55415a962bfca8a3b5702aa90a8a57351885

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 f54a937291b13d878aef8c8d123d6f20
SHA1 bddd32c19c71888f347a5389a98198b8b0e7b4bf
SHA256 ccbfc588357c2cc5ebb5a653d558c5d841461e9300b100fc47d2737fa40471b5
SHA512 7edb1a0a2c4efe41d7255338634bb053ab897ec08d933e69fe5461e3079ead91bea8abffd9f15f1cb0ed35796f2368a44c5587435e894f48e4ef62ad09419f58

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 2927a517234c592feb336d8f0bf6e5cd
SHA1 c0654ecab849f610d2166fed7c5b137d7e68420c
SHA256 f5fcd8bf2b617f6cd983f7c75ef35a2b9bbed07ea37cc1eb0a6d684252dadbce
SHA512 0d673062a613a0b5d41c7fa6cf1971a8d8c2ab69575cb2621979b8b190d342938009e12817e5a7eec56bb79dcf1d3997eb94c0dd54cca15f02b81511129633a4

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 8f7e2ee82cbc271090590f93dd9c30b5
SHA1 d99645fcb13d5628cbd7ed37fcce21212111ef76
SHA256 1d4b8cbaf4fdbdb3002ce0f9c7fd4ec1c049302ea952c20ae91b10c4548d3382
SHA512 6672f8f36e3daa1425c261423bcd8fb2acd06948ecac8aad41e3b7713108939bdd78cdbe6ba68a5db7bcd8c61e851ff6e0563d8bca7392eef0cec72dd5817189

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 3a344a9eb2e129104b64f4599b88a3df
SHA1 224e3c0db061f958cd6ca7f67bc6e080be9bcad7
SHA256 bcd4ab001b627a35f5f4fc457a48f5f0287ba690c109365adf7ffb05b11753fe
SHA512 d3358fa39eed6da1621859094e93cbd03f9e0913f3215ea19fc4c28ac00c29c272fc17f1024c1103c251c5b0dfb81c3447d5454f07385558a9609e40dbc07488

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 0f442e5cb10c567e5effcdfe1c517fa9
SHA1 085a3da770d05fa1c80d396a5a57c8d02257d95a
SHA256 222dfa04a2577a5f2e210019b274847ca37ee62312cf7d66ceb25d266fcbdc44
SHA512 9706c2f265acc8762c9c07b65f7d04c9e0af9eedc9a671f33fb2a0332c63c73bb179e7a1d6d0f3950ade68ca126f9ca9f4b55d231fd0c418a3f41a8e7bfd5fab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5b32584bd9fcb5ff889427de01706f88
SHA1 90989f7de8ae9ab50719c12ccedcbb7da8a1c624
SHA256 0853b19b88228a6bb6e2fe8e47a225bd8d77c05f3bf1d2c662e0ed15978fe8cc
SHA512 1d195e27d8847b104820b8ad72795595f016bcce79eba24addb05a31c48a40177e73544147eb7bafb3ba001b5787e72770304eaff34ac069cecfe57f91db2d6e

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 cad909b424047dd013b474f951074390
SHA1 be766b0c7d8cf9f58c5a309205eec30f431a1a44
SHA256 2522016ba5302716d02e000d85fbb7874e7b2858fd229e88356b7387a8dc95f9
SHA512 c86d7e4a3716d2763e431165e384b0172e90dd15e0fa09192f7bef64dd9433404bc6b6ab27f370e84c3aabffb899dc86291336605f5827318bd07ebafda1fd28

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 09542d23ba2883a8278359889f0eef69
SHA1 9fb0fd240a7de90573b94fb48c0feb9a75b6f311
SHA256 eb3b03c52677ccc06c0b39969ff6e3f58eaba617b4b0a1f9e5faff8e92f62c7a
SHA512 851ffbbe11eeeaf534d44286887d101095ceb645f14e47a65ac91c16a9dee83005ad8f6cd213999949dfb1ad06fe1b38ade539dc8caf358f5fec14fd363565d8

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 319222c0bb1bfd20cb67265a9fb4b834
SHA1 148e70f27fc292b8ff72e00e1b1b6d83d6ec8fcc
SHA256 67bca1a8d3270d057a3451c2c21ab431f3a8c27655b59ba190af07bd302b7503
SHA512 7d9b5f9d13d02f1bf740cec709d9f7b94330038ed75514fdeae30ff446d3731f3f3e6d231735d83af8314ce3c2d282e5d5fdef201e1596edf0a0284bfcb4f69f

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 38f3014b7a3b44da623456c822ac61cc
SHA1 a937b79bd0224c8ca8bf7626d2730ee3b1ba91af
SHA256 c2b059b30f968f24b608fb03e121b9c105385bdf566225b11d60463fef2e27fb
SHA512 e54a3fbccf16f7cf61a757fe5f95917ffc91e27dd8ac0352ad962a83c030924e05362733c2a6f24c105dbd0360fe82c26771eaa90582292ad2f14fca57fdb055

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 d5f08b3b94d317ea93fe6ce397608e1d
SHA1 da84fc2c14f2dc7b4eb9443358b12450ebc9ac98
SHA256 6724ee9c05bb5086b9449d0bfd290cab471b38771a53c2badcfc19617fa8164e
SHA512 2585d66af3fe3740be2989253efc906c30a4d242b21dcd2666a41613c3b0235d9c97453f8203bc80e9093b9a874e705858e03e41c8bdcafe9e88cf03d104ac3d

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 e531f08bb1386da991c3557e44f94f5b
SHA1 0c6c070178c224f14ab7e9ab63ee418d60ae2867
SHA256 efd68b106b4064423d90de73de37f175e0159f15b14a39e02c6598e82b135d1c
SHA512 9fd359d3278ea5dde67ddfc4734ba276afccd6e197ec029e0a1c3bfe3cc6010cc2d946a7a16cead717fcf2ddf837ea40c2bd75099c64e1de235d8ba9413870a8

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 3341a6de94f6f9edea67f0dc220a61db
SHA1 75da8df94e9b435089b0b3ff7b33066cb922366e
SHA256 34e3aa45f41bf837baf7cceae39f4f922de606a435263c9c18bfd7b60750585e
SHA512 5af74fae80d3fb18852812e803cf3dcbf1bed2d0d682fc5cb56bddc7dc69d9a13b2a1344be1367fd27d1445f67b5cb29d8957fd32038ef35cad7bf775a8c36fe

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 b85f8513b68d99bf57f28af9fb99f953
SHA1 3d3ff67adc2f42069f12e7be8839ea4bd2a7f851
SHA256 35e28edf73491ff43c4b1b5fc078e5131be3a19545a5e5ec72c7992cc06dea7a
SHA512 b50f9cc37a8b1b3d6fd4e39f5c96a34df4a02522e94e9f8a5b5826f7e154c85f2ba4cc7390cb1f5ebac0d43fc1af858b514e3bda7d1ee9c856e0249b1e9222b6

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 e91b3bfd9b5d57c41752942f764a630a
SHA1 c8a850a60018d7775ae6ccd2d56f1668871ccb0e
SHA256 fdead97d8341def9ac508930f6e71cc6e5fecac9479686a3c9658494007df94e
SHA512 a3113dba5a4589c48c9e569999ce03b1be2d896e7e4884735fe1ff97540852549f1fa683df53f296627506c0639088a3185a414779333aad5d54a392ce292855

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 aa44955193ee8e19417c260834901bb4
SHA1 4e9aad8136247975ad595470c930b7a5d46470d9
SHA256 0849ef230ed82c081de6f250d9950d2934771a56442100f21bffa966e3789e6c
SHA512 5e8303dc94996f0ccaa33828711ccd22acd33532aa1d44f0123c1d7c2bcf87e56882456b7869cbb024492853b5e86da2baab221cb367bd99b51405f9a9f1132e

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 74046045282cb62946ab8f3c03856834
SHA1 83abaefcf64203403145bc4d5be083f427846827
SHA256 3912f6b8bd1469e3703801e88f70ac372a45c43623c1ac793aaebd52d13716e6
SHA512 5283d1b44ed7e3fb1cc0ec4cc6622e8ff965aa3be4854f5a40004c36ce2081433253dd0c9e4b45b6e4672eeb37b7f2365ea991e92866b3474654aa3504071165

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 9c07b90a6f50f7512a74917ccc70c7a2
SHA1 9205632e6eb23a9c97cd40da78377daa76ce39df
SHA256 47a4f2bfeb82bddace76ed2ad2b9c5b19bde3e9108bfc1ebd2b9f23916adf594
SHA512 b0edfc59de3d5e5f9b2d35817c0e4dd60e7f0889c1a52a07df4777a6060982db041194c9f3cf0d88afc41611966ece38c768804cb6306d1f492f7b1787476162

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 fa1ae03886adbf6de0bd4b9d89d63dbf
SHA1 2ce550650883ba94b5d5ed07c216f64d32aa625c
SHA256 15b3fb2d4dc50c9e97adb0ae4e80e6c9dc5d59c0658dadc69120bb00eac7ffba
SHA512 cb773e50e6fdb7e8b84777057921be5ba75e47eb254ebe32280fdf9da0cfd9050fc5a6dcafee8cba192d5b2020065e4ad13f1792000d6b5cb3088f9c659d8bc0

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 5f6eaa48af773067baf88ce296c22e78
SHA1 f8bb23e428e38a5c53c3d5f86bb7f96857b934cc
SHA256 879029bbb6ad0f0a57617264a3dad36fd09a1c97967664ab436deb26d48b237b
SHA512 b492eaa14b0981c72657164aab0dfddd4d4bb5b92792535ec0cbfa9e987026a2c1ba4b357892ab7f2ac6a4253749790be4b23ac4cc19a58702fd11696222cbb5

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 3ab3b19ff1b7f1747a5f846e90c9b6b1
SHA1 e2bfd3e133809e41c061783e0a96310d0659f8e7
SHA256 234ef1cdd2dd9bb51f374fb6ba245585fa0ec8a75363f3c90c5bbbba48377cce
SHA512 899d8e39629a440a4a758656bbc040e7f4112942ddc60c8626c274ce6d037fa3a33147ebd4fded6acca77514523ae2bb224970684c82cb171fc035ef954986f6

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 378f33e5496138714722e676934d5ffa
SHA1 8523eb90112d1719dcd3aacc63946339694331d5
SHA256 3a2ab045f0d43248bdfc5edf865b02327242aad30468c8386e28ce0bc91c851e
SHA512 c7f6026b6db0469e12d3e4eb2f86be846ad5a7706e216a09e7405eaf9ce4c0b994904fbd772a3916b4494966779aa8b65190d6f3e45331e0023a865487f8ed96

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 6acf4671d6e3b84d2387172582285827
SHA1 9b474d60249b5b602ebe67324dbc97922e1b1038
SHA256 68401b6a0328f1ac15fc305d7156906746d85f65bf033d709a8efaccd935a552
SHA512 d5879d1f8c0f6ab29d0877ba440c29148e6140c0eecdd399516f29d4e8df093b35a34b7f9f5071a90956e0586ffff5de430c12db63341d8894db9437f999d6ba

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 fda74c8770a0df75510c80e18b4c7802
SHA1 8175bd06975279c6f7313e317067a1794fccb5f9
SHA256 de9c6d2874509ed169747e5cf835dbfde3550d005c0e39ed7c106eea7784cf91
SHA512 53d6ecec537a77af519a7aa8a8af58927c5cad811be92ed0e9bdf6491a27c98a4799b1144b109daabd6d2f6247ebd4624acf001bfdc47497f00dc42c1c141aab

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 b5afc7faffcfbeb588c27470ca62481d
SHA1 cc8ddeb99507ae87efa1f064343db138ac62663f
SHA256 83c1f62be753563bab32c0632e078fac06dbb8814fb4b568fc4e861b4c42fa55
SHA512 8dd729fa2fe50761dff9072e0a6d8e79d830c205d98e199eb0b8dc2f2bc0bb7bfbc5649eeefa091fcfeda5ff2568a18771ed85ba868536aac087399f46990b9a

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 2fcf5b56af648bfd00831aa73abcd1e9
SHA1 8ab2bacd01f9217a3dddd9815c01d546d33a1344
SHA256 32de6a04eab394bcdc55ca55284d7c42f4f5ce3ce4f13b1c031ceefb66c00f0e
SHA512 a00ac4063e5e48b4309aa4648f104cc1b17601cda65428bcf8ef67a3d19da6dade528a6ff52e9c9978b2fde2293d8b22b73fca44e2551e567f7d2e80ea23b662

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 13aa279477f90ce4c230d749d95604c3
SHA1 cbb412fe863ec25b1896efe7f8b96b6b3659ef40
SHA256 f8ba0f1ef77d77e9fdfbbcec7449b7dcbfaeb766859eb6942a1c0aa644152e47
SHA512 954357d95497d5efbf6d20d7f589f2dd077709b8bebdf0b9455840695581763a5884335984c75981bac3cf52d4dc1ca72c921bc46241d47584404bbd56d064ab

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 43d12f057b67ce41a2966898b4dd99bf
SHA1 b4e88efe24369d62b758dfa84f0950557a50e9a7
SHA256 8f2b76c9b046b1ff33652e5b39f95e13c13a273bf13a18f166fc3cc17f706e73
SHA512 e296490331b364575b65ba69991ddc53a4a8b23c8847831c4b9f083fd21fa509f6dae816c8edf7616a633ada189ccb7884bda68eb93d0241bff3f388267bfbe2

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 0e7c5ce7c93404ac75804ec094fe818a
SHA1 d6938e9daf9dc9797564799d2a973041c2ef232e
SHA256 4c2201ca90db0923df5bf25b41550b8c3ff05446efcceefc532c11ccba0d9088
SHA512 c8648a7aeb5cea8353dca5fd96edf96e2ea93aa36170a45df4fc2f9dc4e78d7a790f3bccebf4139bbcbe75a18e64a0321eea2bf0df9e62980a5c3a07a706011f

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 e7601d353d9e9634ac902b900068d4bf
SHA1 2f4269f46060abfe9f1fcc528fb1a6ac16044615
SHA256 e1fa40ad8c81401a3c339338e7203024a60af246b1c1db7a62772e8e645d1a0e
SHA512 dfb4ede3327132064a6b4692b2afc8933fbd2373c3e004d8052dad6c1cc20f6c11246570e47794d949c1bb571ddb6a1c31dcf96dd96a8791b6e22faa87ad9603

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 b5aa8331c18ba0757f427485457a34a8
SHA1 1fb923687549da765a9105da85fb0e78298b939e
SHA256 2c619f22327b28cdad08445aaadb0e8d4f014435bfecd7909e36084a962e9d53
SHA512 9e9ca530d1f91d78d1340127fa5bfaed209522bcc10e1e5f46156eba6c15f90de8baa98c493e49c481c76f8e511bbdfd8df00190d520e753f0f009f9592ee291

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 67b92f6196017fe176c6a46f0809247f
SHA1 699a105b2c00686f59b031a13df53bf1e43b924a
SHA256 328ea66bd9a78ad5ef23b3d3ba184be652d5ccea22424aa19022580eaf7bd965
SHA512 6c302ae7e5126daed9d76bade1feaffc1c4daa58d2dbde3b720714736ab96b3394905786513e3658e1e8d5f6e356360cd0df615d231dc4bb5e53cf76f1f18738

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 6da727c59cbd007d719e7f0d85d4d589
SHA1 562573087ef6529267312c2790d09c49964943f7
SHA256 7ac810e6a223e13ebeaf9d1cbe3403e3b2ecd427dcb8a496254675895316e65e
SHA512 9732ed0d42a94c5405ce03cb36ea056ed8eb3416d9ef95a3ee92be041de088a1a3fda0e1e8cf4a3708a482da8eee9edb6510b41a5120f08e31d3ae4e93a22e8a

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 d7e01b6aba9f8b9e3d130f1258ec691c
SHA1 5709d170635d49ce1c347770ae16c0eef87768f7
SHA256 c9e27f675279790d2882a233440998b5b114f0a1ed1f61654d5da1d865607b1c
SHA512 12879996490d1b700c1a2923616cc45fa8a97a99b72aa440af3aa7046b746134f10aa55a50936df2c69094879ec62adb8b612b41526cb3e4fd1d96590392d11e

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 09b397472d86a818c4d3a4d183c6c37a
SHA1 3b892a84a994fedd0e3912ef7514a87a0278b659
SHA256 2b96deef730f8489f3f15c194d508a623e7e9b3a9071553cb961a23d10c3f0af
SHA512 62915f563f64ca3f54d2efe82ef03d48c239c5d54a4dd33b6095fbfbd256139c7a24418f411c0feba699b5bbaf9256e6a3266cc2fd33b9b1601e2eb76263bc17

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 c301929d22d35f405a763fda65f6ca7d
SHA1 1dd8e9c64e3bd46981b6488ec634f44df2d8e86b
SHA256 5b9cb2666dc0ef0027707f22481df5d3f8435d76d6c4d49bf9a66025e33914f7
SHA512 c4807713b63c54fee69087b7cb4ae422798874c6962686a57cbc96ef1b689a5cb0bbd8a4dd2a71347f527a4944273e3d93b29e8e1108bb27a79d416cc09557b6

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 0fca19b5be3f72e6b0c39acd245c2015
SHA1 a516fc610c0e703f0296272fb0368c424114a11d
SHA256 8d55a1b5be902498cf1f2326330a1c1bb634556c869c416ddd8469ac9f960e78
SHA512 bb089e33a076ed9f618842dd2a1a331e646be31cb618b7ba72d461a23f9bc45e323ecb8413130c5ffb1be7e3b8279456ec024bfaa64f7938a547028210ed9ed5

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 01edc120aa511b29641981a5f9a715fa
SHA1 0e31818e27ce031c0d79e9fd8890d66dc9aa11a7
SHA256 c79d82871b790c6a2f226006e55f08814c15e59b6095314ce5a6828e9e0779c4
SHA512 baf8d0bd02ce6e3c64fd832ab081cf5221a0775d97f7df3bef7cefed9b79bcdf5359b7b1b0ad5e6a849f0cae007716a398b8b45e2c3e9a45e6196c002386d43c

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 b1898cad257e47d6d428276ff472cfe9
SHA1 8b1240aa529db69989ad83d9d1b4c5b49d725c2a
SHA256 e46f51743392aa0ca9290b68f948d29f78b044fe7b21952f3960dbe7bacc68fc
SHA512 9630ea5cfe7de0ee0083ee4c6a433791273fd0a62159e0dcdeae58945f367b950a07346f2a9c22411a54aefbdc4dc47e06d81f40b7b939cb6d8406560b5ea590

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 251f584e9382b29f1e1e9ba57c94bc2b
SHA1 fd5ce9464ca0e1cc04a6a9aaaa3fb687460a9637
SHA256 3e8649495f59462a9019748b8d2cbd9a6e08634acb8ddec2ec9f60a4e3f177a5
SHA512 b659efb00b1bcad3841e2fe7317d9233bc64204d208d295e69dae77ca954e84599c2564b3ac4c21e2b5b53a283b1747c11258b92293e348900e32dee971cb13d

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 9ab92fc4d58ff1283ef61b3f65f8d1fa
SHA1 d72ac0dc1af85613867e31ab5f50d30e1d324e42
SHA256 aabdd054a8db7be01570f380b6e5d41808cbcf12bdffaff7dd289d43cac95e0f
SHA512 5cf6a2999c98ddbeea5d5f2998b14fa91f9567aaef7f6e25b82ef00a144b8cb1aa6834afce97c02c01064d67926effeb2130e5ce7ca87933ddd1cab25c2b29e0

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 d041e3865c49a4374e3384e88639803f
SHA1 6ba93c97515014781b1f307fa4a5b228cc64a0a2
SHA256 d62443c7a7a960f9697ccb6688af0479442da545789bc67dff0e94906b435c84
SHA512 e6830c29db986d1b4f9330af4714c2097f26a7b5198a6305ae35a39eb43933e2b082a0b3e5d72ca86dcdd202042b40b1ca2e751ae7172f276fcd2a9ed99cd545

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 690671b08cc3226a2dd8fdd5de9446a4
SHA1 ea8dbd0a71857e1c1ab632aa74039a36e7c97894
SHA256 ba9f27186cbb62c013132b6e1a0788c2bf56341ca7489d86aa525c751e9858c7
SHA512 d91675394429bdd103b11510891ea6cd0cb621790bc4bfb1f8859d17bd9709fd36ac45df95d4627a6040c0ddae188a03c00ede09df2461c3fdb82d31ed78dbc8

C:\Program Files\7-Zip\History.txt.azov

MD5 81f273e02897b16309b2473481fb6c51
SHA1 12c378121c72480a07af883febcb5a43e4ee43a4
SHA256 a9a768aefa12780b14887d691393fdf94adf6fd7ebec6efc3094e860b9172c36
SHA512 64897837d9eb991df37f757c1344cab4b8ac96ea48a1ebe5d2d01e2e606841d71fa5993b14000967a09cdde4cb9aa0ec0bf81b7417a1792319987945c6c1d11a

C:\Program Files\7-Zip\descript.ion.azov

MD5 c30bba650e2d96031638c4238e524c32
SHA1 69d3d8cbcd7b6f89cbf5b139d8b97a28d2aec238
SHA256 bc9c27e9e6ba0e961785595fefabb1be9c8f9588000049252d5bbfdbe2860a12
SHA512 dac3a68775365cdfc62f0eda1fe306fbec86f3545974a313acb9e1f336639d0eef5250cf84554d4e999c05c09ee251cb9bc469ad1f0c29ec7338c2339d54f2ed

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 6e2d3126c868ef4c16771631121c7663
SHA1 9efcdc6933d036f26a195d731308d2bd170aa36a
SHA256 fcfa3835475eadcd7c1ce2edef0cf5bb15605931e2cfe48313955718d6a74653
SHA512 7338719f760f8dc17e7db86b677eaf8283f2f4c53a161b6995bda5ce24af77b0e2c36a46f8b2144c38a1f724db0ca834e879b8111c290071118a60a6549a7910

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 efc9ddf205efbef9cb1e4971a6d240a5
SHA1 3b3cce652365f55e5197739d5bd337cd4d87dae3
SHA256 bd5cbf34431f094d340220b316748a9bd70e7f176459f86018143e9f433a682d
SHA512 8baee6bb3f3b7c97bb7cee5ecc7e556ac7f011c698e4befb726672cd7c21f791347c0b0bacd99a11a5e0eca2bc56d51c84d5fffd7c61debef02f91f1f4b83371

C:\odt\config.xml.azov

MD5 59d859053705e87f75182279d8c99993
SHA1 0de87a51e6f8ef01309b4a28bd2a5926f459eca3
SHA256 2b04c05e8343c1ecc79e23d5026f99b4b3e0a57c24814cbe40eb4880f05e93bf
SHA512 432fc8cd1a40658e5e7e5d1d4b467ebfcf15328b0c4857293b2d941a74b58be5d901f6905782138fe75710fe5b5c511716ce1758731f868662ece408b5577f65

C:\DumpStack.log.tmp.azov

MD5 c4a517708730f78cb840454f0a59c4a5
SHA1 e61b13df429204515b6b2375606040763c3c3e9b
SHA256 8ffb463c56b3ce79d475419aecad528e2da0d4ea50a1fbe2b64f9462cd960eff
SHA512 d34e3e1c8fb90305ec32e6389c2deb377d7a3b3853d2bcb1972acf753d7df4eeb21694a45ab045b11e6a3195a2a9499a05863c45a700c36dcdd31e0ed1359044

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 2eac7abf865aa4766be9dfee9593c14b
SHA1 2eba29215ef56492190de6e90f635c740eab3ffd
SHA256 3d472be3ab8153fc22a5c3546c62e97eabb14968ec774eb9f576d7a68423f1a0
SHA512 29f9e6ed20f9d1b9fd9c1a1a5ea66f6627b3bab2513fc3491a2d511a184bc06972f26dbcc5af5fe4f95e6229e5098ae309c95a435917f2aa5be1ed61e65d4b26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 24101bdb9b9ef4ce67786dafcd8fd5ff
SHA1 2bcd4fa3b529da64d078a9a94f42e5497ea2de60
SHA256 3b81b7ab15b50e9b0509d3d471c3a26d3c4846172124ae03d7aaffd824db1553
SHA512 2eb45754c81861d754dd1fe541e3c18f1f0984019d7daff9ff89736944f9535338d810d08171b1cea5ca2cb36bd624350182351fc4e324485c8ff83cc28f3553

C:\Program Files\7-Zip\7zG.exe

MD5 6a2ca599f82006d2a80d41e7d67d01ef
SHA1 42ecf313da63ed5ed79996df2dfc525862a93ec7
SHA256 8807f60492a2ee0d24ed778aca5b8016d404afb8cd3741e60f7ea045dd6f2fa4
SHA512 2a730b267d35a6e058b5bc57574ee5695e1895e8c265250e467b72529aed2490990e6ce661b03564914cc56139a6203563af368e21f0aa9461e8a4a10032e735

C:\Program Files\7-Zip\7z.exe

MD5 7dc4e3cbaefdd3c26e7a328ad82c61a6
SHA1 fc78cd6c3f218b13baf2c30d0c7a71f4ff37fef6
SHA256 d6ee1a6ad6682a86ac60c7d3bb0dfcd722d19a5a69bac55d51ebfe0f9b1f5cae
SHA512 9eb78e2c3514cb5e1b949e3aa0ee3bdac55589cd32c24213570604c94a72cb2d3fe1d1a1f1f2f34cff663c2227eb3955f77c3e69470122aeb05b7f77c375946b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79aaaeda92cc7fa680e89776af320191
SHA1 2f5cb4190d235150360951075f80d4e1596cc4fd
SHA256 1708ac361a1e4ccc26345acfb7066e8ea86a7faf973d9d9d69731249d90be3d2
SHA512 be4e920934832dba461e2da37b65c97774c2c9980875ff8d6b096999de34a7342e91f975292de0f2465dfe144621fa3f5fc1289fab07974c0831cd0cca97da4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1d966d903b0012c859b69480c22e32a0
SHA1 a3218c101b3e0829198c79af677c3ac87066c119
SHA256 7b9b7bf6a74d024579f766c8f30a101780d00deb0fcb2cf2fac1c782fcb4a5c1
SHA512 cc8fb82aeb320de7c71a39f25ff917e322a1e955cd6a81f92e2013f361517c2b80cfb169a31e8e3e1846faee0e2af3dc7a4af05f6805fd97d7f060d3c06db886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6cb22e9afc2a3f5778bfab8f1d475a88
SHA1 15ece3380cb8a44e6991abbb0982ec730d38676b
SHA256 079e7c9e9fd58eee7195eff00c66a475982c8fee5796c1427b120b05ccd6002b
SHA512 4144cf75a35d35e6e823e3a131e41785b0077b04b8319b8441bf96954eb574e954bd152d4fba33512ff22a8f839696b65d7f02c74a3c802cac74770bd00b981f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 270dadc1ec4fdad6889e6e0a1c89f00e
SHA1 9b98c2a190d4fde8f7e5bca0ed9b42d1466e0577
SHA256 93d6fc9ba27fa5e0a58b9433d2af6292edd66d166338541e1f0422f2e1694003
SHA512 3eb7e9cb3923916996d768b895d18316dfa073c21a651e2af6283883a85f29b5892bf6fc8cb1b3083fb0e2883bb70f7b1efc3330976326d8591466afb5d027da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 699e3636ed7444d9b47772e4446ccfc1
SHA1 db0459ca6ceeea2e87e0023a6b7ee06aeed6fded
SHA256 9205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a
SHA512 d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1022391f0b370b0c8dfb7e627a091c1a
SHA1 1675e585f3a5521a5d292e93d8a206fd6e0fc303
SHA256 c1a568c591db1881a1752445022e578196d39e36e737a267d3313cde6aa69741
SHA512 7a652458dd464ccdc09d0f176494a0284e51b5bb4f050736ae5d6e850a0087a8a00b849ba715edd48103128c41768355dcd31c086b3e48a6dc6397b6ee9e4ba5

memory/3372-1000-0x0000022E3BF20000-0x0000022E3BF27000-memory.dmp

memory/3372-1004-0x00007FF6A0B10000-0x00007FF6A0C29000-memory.dmp

memory/3372-1003-0x0000022E3BF40000-0x0000022E3BF45000-memory.dmp

memory/3372-1007-0x0000022E3BF40000-0x0000022E3BF45000-memory.dmp

memory/3372-1008-0x0000022E3BF40000-0x0000022E3BF45000-memory.dmp

memory/3372-1006-0x0000022E3BF50000-0x0000022E3BF54000-memory.dmp

memory/3892-1073-0x000001B35F140000-0x000001B35F147000-memory.dmp

memory/3892-1075-0x000001B35F160000-0x000001B35F165000-memory.dmp

memory/3892-1105-0x000001B35F160000-0x000001B35F165000-memory.dmp

memory/3892-1106-0x000001B35F1A0000-0x000001B35F1A4000-memory.dmp

memory/3892-1108-0x000001B35F160000-0x000001B35F165000-memory.dmp

memory/4204-1145-0x00000219049B0000-0x00000219049B5000-memory.dmp

memory/4204-1153-0x00000219049F0000-0x00000219049F4000-memory.dmp

memory/4204-1666-0x00000219049B0000-0x00000219049B5000-memory.dmp