Malware Analysis Report

2024-09-23 06:55

Sample ID 231018-paxsxaeb8x
Target 11135191670.zip
SHA256 4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4931f6e4d65c362743d3233661a08aed3f2161ae7961e17ead74c9288ad8c36b

Threat Level: Known bad

The file 11135191670.zip was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (313) files with added filename extension

Renames multiple (8126) files with added filename extension

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-10-18 12:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 12:08

Reported

2023-10-18 12:13

Platform

win7-20230831-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8126) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.HTM C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0151055.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02285_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145272.JPG C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21325_.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\SATIN.ELM C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105306.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_07.MID C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187893.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB11.BDR C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106208.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR43F.GIF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Jamaica C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145373.JPG C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0xb8,0xbc,0xc0,0xb4,0xc4,0x13fccb840,0x13fccb850,0x13fccb860

C:\Windows\system32\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "3056" "340"

Network

N/A

Files

memory/3056-0-0x0000000000020000-0x0000000000027000-memory.dmp

memory/3056-1-0x0000000000110000-0x0000000000114000-memory.dmp

memory/3056-3-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/3056-5-0x0000000000110000-0x0000000000114000-memory.dmp

memory/3056-15-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/3056-11-0x00000000000E0000-0x00000000000E5000-memory.dmp

memory/2548-19-0x0000000000110000-0x0000000000114000-memory.dmp

memory/2548-31-0x00000000000E0000-0x00000000000E5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f9e48e3d1eb6dca118353a075a5f013e
SHA1 846253fee5da48f7e32198c55a12699feedb072f
SHA256 849d350e8f35e9d577a33a64480e925f5ec39ed1ebdb0f4fa69b4f5992bf70cc
SHA512 9861b0285e25a0e213bac43f5032da12dc8dee908433cdbc237d90b46f86813a5acb0c9cb9d7dfd659c763f762898c9f611a0d0d381fc8429285312c454addfb

C:\Users\Admin\AppData\Local\Temp\OutofProcReport259416093.txt

MD5 27e28d0704d68f957517cf4f6b046dc6
SHA1 4fa251659b5c43ffe9952eba04147a36c19c337d
SHA256 569167bf520b052385be57873d95f324853c50a0bdd795c9cb9d52d450ed8293
SHA512 076c84629e84c2bc96e736eb3b119c284a8a196707540a6e942b0ac4ffedb9cbb8f99bef21ddda0f4188e5808b906bbd20aa21939e61e5102c326544cc6ec8d9

C:\Program Files\7-Zip\descript.ion.azov

MD5 f1fc16c318df15f98e93995babd8eac2
SHA1 97d755f36923dc1fe0d7d0a6163c0ce731a1cbb7
SHA256 b7023d7dd2902a8bc098f25d096d0dc906905f232bc6fa8b8c4afc4890d5eb54
SHA512 05b5075d65516b701e8ea6ad66a655acc1821b72fd164eb059a41f97c75c1e7db063418fd55aa99ed336b17a86167b6e1ea148fe603f5842030a4cc5c9ac9cec

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 5d72fd45e9befdd241687ce2e2b435a8
SHA1 d258a1a8274dc167521c1f8f330b26254f8ea1aa
SHA256 d8cc577a2e967a7b2e7c6f77e22fc3968d9907ed749fe939f9bdd602456b2af0
SHA512 d3ec9babe1b877bbddf01cdac7e309f883ac680b860f5d108b68e1595c86f9cbced68a2bc956136c2d92a19f238d6554e9f5f7507cc3b414e18d050c3e685783

C:\Program Files\7-Zip\7z.sfx.azov

MD5 b27ea6695164ebbe43e6d2b230943191
SHA1 d765b8ca38548e0ee9879a3b4e3b5d8170e7fe0e
SHA256 804381508b757b3e285aa319f56c8ad7bee9daad64aaa0088fc5972a667173bc
SHA512 85223574716a487f6a30a38aee0a535b4c8da9a1a21959484103fb46c32f0036bcf0c33bc5c6b80b915f3bcd2db7700663067a8f8c83c049bf22d80159092519

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 b51d406cca630dca4c80895ddcdf40be
SHA1 de253a77bb0844f3bac4680dbe76b375299e47a7
SHA256 2b65d4272dfbdda95360ee06fd3236fd845b4807973b993afe05f4e95ce2b095
SHA512 b33838b44b7f8c0f8719d809861619eda0ae71d6a137dd5dffe9d185ea38c59c947f2a9154a4d4709337114ab12c9423d7b4f3dba98248686a3bf660d291de8e

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Program Files\7-Zip\7zG.exe

MD5 4f17fade346470ef1db964e00405aeef
SHA1 7859c4a44dbc5f708a6c78390f8d85cf398abcd1
SHA256 671283e9f13611c0d2a344955bca278587ab542c57fc50f72487a62d2da1bbdd
SHA512 4eb3d07455d367507753b60bfe5ec17b5c90716ae5eee6d45b458dce84c2c37ac5298fa25f876944c13d4d24e941961710b1c1604c8f3c1f43ee7eab28e9046b

C:\Program Files\7-Zip\7zFM.exe

MD5 ce693f66ee70aa5adfd17f39d60364ea
SHA1 5b9fcdfafc459a31b64be7fc9e0aed31068322fa
SHA256 2889eccb9925a8838d4a23489a75a24fbd4681de7c4e6757d654ddd982708511
SHA512 27a167b8ebd868c27d746cd6026e22f9e10b50816be049e27d024b3e8e5b56bfc88298425d1b1b97cd51b52f81caa9c44e5be0b167693e3ce828039125dc4dce

C:\Program Files\7-Zip\7z.exe

MD5 5a673257a65dd267a311a154424cb977
SHA1 e5bd645efb8b6520139d70815e5263078956b4ca
SHA256 2e339b17d8c2187cbbd3fd584eff58528f31f2a074fa2b3e163c17016da1ad8e
SHA512 e76d0dd816074a1a022fdf8b9936d42d803efcbcf2137fc5217e206afc683d7235c34bdfa107644878313b6fd8a4f71ba4d57ab9d08d914133ca700406a8bc24

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 d8bd7b1fa98080bfb157930876f96db0
SHA1 6b4ae62fe1fa28fb89e8b650b00826398e4f277a
SHA256 86167ef50022c27a3fdd7fd4f61637fbd0c29a507b27e89d89359c9f0733a790
SHA512 c0835a7ee8064381cf6aa5ddc57ef525c28c9d9acd62f4af262a0593f4381728147b77bee35a4c942f60f4dbbe922200ceac337127f10105029ab0cb521d9d8c

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 1001fcab7b95e30123a98c7934dfcba8
SHA1 2bba35d83f935665b131dba6ebb4897c47969649
SHA256 34ebac386179f597eaa8f32975c8700e1ab42cd2d928b8513c6752b6270deadd
SHA512 59468028ee29edd6edde29b049e21f6441fab696c959a5b6a4016216135b2fa02803aa759ad5a70f729875d16646cf7e11b879bbfbb03c4934aae13f673f27b3

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 e853fc7b206b6f69fc9dd2efaa5ec561
SHA1 7e2a79dfb32c60258b0566a0ae2055457fa8b928
SHA256 5f4e8c0912a87fdeee6809b78a9908b52df87314893810a5a755067fb3b077b2
SHA512 18ff16ae391681e4f54efc40a909b54bcf4ee7a529d00b084aecd4c17fdef35bb3d4158afb4dfd69e3708743a3a1f45ba9f2bd8c2f03e8ff5df83857ea5eaa4b

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 4146e553b3a40d1feaac77cfafe02b12
SHA1 96e367c0e8bbdb8c08587ca6d64fa84945f4966c
SHA256 4ce6e5ffe59d1f83ef6f51d4f3a9c7df9ef19b262162e31fe178b83145f593b3
SHA512 8b5b58fba49c5229783a19926ad472b8861e6bcbc411df2af49861943e10a13718e77c61f3e89bd6019b56dadb2a08b2f3b5e27ba7dcfc066c4a0e8635f338c2

C:\Program Files\Java\jre7\bin\ssvagent.exe

MD5 3ed20dbaea9d425010b2b70ccf53f3b9
SHA1 971f97f7f43035f0fce939e6ae4a3d0bb01bab1d
SHA256 d53caff4db7524ed4f00adab8e99cf841b307c9791c2dd5d80f36a7993ecdab2
SHA512 d6264fac5d9cc7c95974b4a66434eb3f51ebcc23142763f8365a3b495d8580ec55f8a2e50b1cf87f126bbd7c645196e065059cb10a237bdb7145692fec12b60d

C:\Program Files\Java\jre7\bin\jp2launcher.exe

MD5 a9710a0088a5a0023fbdcafaab82a155
SHA1 0937152c1a81789e2fabc4b6f62048fd424e7821
SHA256 1098618301d30d6295b2a4ac371ff5e9e811d006462dede7a9e65ddb5f3fcd4a
SHA512 4a19988228c1106586837a4e2930fbbc31a60d99cd8afdd62106b2ae4f47fd42367967df1b90a6ce0375097b806a1b1707bdf1e1233326b0af2dc01addb3d363

C:\Program Files\Java\jre7\bin\javaws.exe

MD5 2f75dcdc274800a51f857eca70f772d6
SHA1 3ca9e9774e801ac8957c047b0adfac6659aa4eb9
SHA256 b8b87f6e1e1b51491831df4833ec78edf906520de074dceba2e8d32ee294cd6b
SHA512 fcc6e66104ef79c2ff306a437c9d6b8f252aa31cffed158f2b3cfeefbec243f19731121ec00cd143f958cd9cc895ed0381dbb05235b1410bbd27f295c9b842b1

C:\Program Files\Java\jre7\bin\javaw.exe

MD5 9f2bd94ca4b09fea96b51014fd419981
SHA1 7d4e481fbcccf325795a5f81ad37eb3bc4cc2db3
SHA256 661e0182b6d4511463014a853ffed8c665641ce1a83ea7a001b0956acd651249
SHA512 b83ab70b77f4d949797bb9c13dac50fb5f07f9fe845d785734bcc7158e59518775fec1bf26749139f9d37d5aa951158d8e614100f296e9d2930dbc9b9961588e

C:\Program Files\Java\jre7\bin\java.exe

MD5 8ae58eac9a227bef8ff505f3493b19d8
SHA1 3e6327142d0890ad412c7f147b41a8edc0c55248
SHA256 dc07358ed57a7e7a42a539a1d06fa721401a9ef343ba8fd43fdcaa3067640859
SHA512 2348d500b9c421c0cb53e37580c54a206e85880e1bfcbdbac92618506d772b6d02f79a6e6118083ccf3192eec33c7aca03adb65a4e9f5a21978f77ccab6ef0d8

C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe

MD5 3562b129bcaf936e153bf3de8ce0536d
SHA1 3b3627b6f4f86387b577327b7ad295fd4f817daa
SHA256 518ab28f5d8a59bf3bac63797f71231141ff4b43b12169b100408761f6af805c
SHA512 15fd97aec26647a63d77449a39dbb907b7d8d6e4fe8299e9bdd6ad5437bbbd7ae87d9f032eb8e2757e5a096f58e489db626c0cc0bf75df7eae0e730729ea6286

C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe

MD5 d208798bdcb0acf92d777c2145810f80
SHA1 c18ab6e76837fd2046dfcbd48512f74884122e9a
SHA256 f919c914352aa17036703ac75a59449cc76574a2f07412ffcf17dddb0f20f273
SHA512 a7293d973da8d31d80caa8a0e4732890697c1e77be1dd6a6681c66f51dcadda57c64d7bbcbca195ca8251f49b7529c992c028b162063a6f4fb0aa07f92999fd6

C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe

MD5 60969d1d6268bfb8e403277824d20053
SHA1 d577a635b99a9b16a2053d083db22c6670c97504
SHA256 df64c883980ab5b82729c2b8e1d1e7da223c25ed75417aa0a2045e8c1b4c495e
SHA512 c01600f8500386a2b98dae588c40b0b10862664c5bdcd4ccbbf3f7ec02e926492800d480c4c2c3060acf00b7290be76d8be5ab358417ddd62a454ff80001ef90

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe

MD5 2dd7f27a26c93a1a3a0aa45a6a979d85
SHA1 03bfb4e59ef3ad28c67ef3d9c704a430cdc1a0fe
SHA256 692916ea0a0f751a3d6da46a25ceb6a6b0fb0d058df612794054c922e7be1488
SHA512 e83453624f2127f82cd3d30101d3d63ad1fba7de410a62a69cbebffb74d86d2c03298e085f341f1e828695ec3e334d7005318bdedfd789fd46eb1c6be2e9c50f

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe

MD5 089f7a2ed23c9937d184bdd16969b16e
SHA1 2430ea2993fc7efbfc5023269b5e8af2bdca5d7d
SHA256 4f20f20dab8f1c75b428165fb35fb793d2b8c0a3b41a41420b43bcac2a4ad210
SHA512 ae2c0014d5160e12f13fc7001e8f92db391e8ddf57f6c35f2fcd0cc4d131f30312d7ab404da229310015b70d2110b881a966327dbcc203cef094a06ec4074b2f

C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe

MD5 186d6d56fda9e21bda382bc11dbe7994
SHA1 c7729f5792ad8be89051113c686f170fa7ff877b
SHA256 8a0480630668d285b28ee2c21dc43e57f3275fd7ca85d943a703ffd234e17cd5
SHA512 f9976e8734f078d38bccbe08fd19b5be6b0cb0c5bb1b3c9558e56b162e5d8fd0d924889abd24c1f4dbba52dd488726963e96eaa6f36b7e80e9cdd0487dc7f1ab

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 dbcc246f03c760c1ae7030440630bc4c
SHA1 e42f0ed7eb6833b449efa3663884249875531190
SHA256 5ed3eb1f9a8cdddaa0f6a55cc58f20862a015a2a89ac915b8b95c236e59d38be
SHA512 c562aa30ee977bbf243d419e9bc22d4b10ccfe0dcfcba8054be8402d02bd9775d0ef23f797c2da5a0b9a68ff988f2e1d1937907be52641b592d8af94f310e763

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 2de74e37f98edc461324c66cdb88438b
SHA1 3c08dc4faf53926f7135b9049aeaa218a48d49cc
SHA256 3cdd17afa11b60af890aec240016ab1ad0ce745249819394c55bd0f807022011
SHA512 106847a8aecef8c7ee257c53870a73c7ed642b6be616d4e8d74ec3199eef95f9c5ceafe64e4ad0d371e5c02993608c26d944a333cfb79644a91842b29ee263d1

C:\Program Files\Mozilla Firefox\updater.exe

MD5 e2327d1c4014cb52733e918a7ad12059
SHA1 ec96d7ab11adc853d2470c903d33f7e1ab46885f
SHA256 ad3c889b3ed3de912fe48c705380b1d7e6a7e349eb4f3f55d9d321277066d68f
SHA512 f8417c572a81bddaaaf7119a9403522af7fa0762177590500062fc7f3ac9f9ebcb1a5642ea5f10bae5c3e628e047ab66ab8d846918b3176d2311cde0d748dd1f

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 650c89471a861ff6dbd5b79541c4739a
SHA1 a5ed176d3cd890a997972fece7afcab4822b4e82
SHA256 5aa7876f5b0beef8d7121d5d06ff0308eb669318bfa64ce286dd23112849420b
SHA512 a129c5adbb1448e475a45d03336cc18dce65893bd2066eaf64f8b083655c6213ded8b7546a246881cd840be372600a65cd7e0f2d10b1acf2b002f3a641c92ac9

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 713ee328488ec831b26cfd4e0aa40819
SHA1 2d61fd11fd8f94428927627be38d30965d43ec06
SHA256 242c055774ec12aaec4a9b270024d38954bb028aee0ab9847a729f525ef14033
SHA512 e2865d9ad3a554bab06de08b57082c459eac9607cf00da62d91f57b97c3a6bd69a554c96f33d5e61331bdea1ec89a7e7bfaf62d1c160fdf5fe224ce4f968518e

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 3f7e44ea52f472500b0a1434666f5777
SHA1 ebb30cb54d76224ad420a1eb6c0ea96612456893
SHA256 018a99ada0f8acbc4146db19ebe386d2e97821d2773e614b0f90620533d493f8
SHA512 c4ff3b08b9eb7b58fa3852fc6e00cdcd597461829cfc8897b9f31a2c9be1847b139a10a7e7bf5c77498d42f604ef859448ab2126650398d7ed1661a06dd7503b

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 4860cce1d917259f85a648102ae3840c
SHA1 9c701e6bb5e1a0a7f4210560b56bed6e4fdbeee2
SHA256 687426c6d07055373fb41065cd43ac270434475f35d70e856f8fdd16b1e68ff9
SHA512 14bb5707d8f65c3b07f085fcf133ac552523f54518d6cf13ac35ca2976e429def574263f230697bc2b5a3cba58757062514b891b95664e5813a5bc701013057e

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 6bceeb27c3cf20bcca3f5ea0ba38f322
SHA1 f1d163a12de1043af17570fb62dab51aa35bd296
SHA256 386006952f3800e32ec15572f355b6dba8f9305b8e272d93d41a8a8a5d0227ae
SHA512 78a8b769e095385f9668ed327c9ebfec077b6cb118603747b2567eb88861c5b818f86d0c5bc1d762e67d35263fd765c488d0fe0727452085246164aba5f7923f

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 a9032a3b697559b17a90c65e2d6fdf15
SHA1 03796c78cb8201d545ad92663bd6e25ac858cffd
SHA256 65d256de3ca957f0f3a89bf0cdc22f3908d4c277e9ebb2a5ee4cf6dde44c8799
SHA512 efc4db39b183c49836756753860f777c67d880b3872af72b790038b4e1abf60f8c9913b15bb08e352bc42e6e8e2dcb86bcba58de471bc3cda932488d81d159b5

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 061200a8f635ecd84386d79b444626b6
SHA1 43a268982fdbb217529631f91212309afd09928c
SHA256 a8cb1a2fcdaef040cbe44f7dc7df69a4cf02101142a819237cb8be5642d2433a
SHA512 86836b29970a0c0d4029b4e072373738f93b6aa229b8c8872269153561d3db95489a776fc41fbbd7f295631f612fba2105ccc60c379c4ab63395a29e61568da1

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

MD5 58bfdb46705f47dad582fc774e1a16d9
SHA1 cee91047c77be45ba81ba669d0af4132000f1b28
SHA256 bea1874d41fcb9b0e23d71417c459b3503d07fc4cd2b863e2c4a6c643c990636
SHA512 2aebcdf19bd871650c6e03270cb00c171e4178895ef422578486c91bd0fc4db73dcb96978dcccde0592a1a4774cad14058a5b995d223a09aa311f1ac705afa83

C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe

MD5 06110da1495eaebf34b82d5d93fd89ea
SHA1 e16f7dfced4d88b0fe36ab20458ba7c437d94079
SHA256 d56c27d1b0ee55dd198288552b0d8024bf23eb8bc26b4b35771473616e8c89cc
SHA512 83a996e8e05d41e425078fdd3beb20960f494a2e76306b123e65d0366fc36c080d11a3c49414303074ef44be2943d86513cdb5cf460d0eb1dba04b403c711218

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

MD5 8b9545b8957f6e78f9b0473650e35e89
SHA1 a4913a349294709516006cd01e41b4e47d7b51b1
SHA256 a66ccbefb6c362371d7b4de08531bd42383efda5c3723da7ae170937e24fc03b
SHA512 d92dba8b896c12ea3093ceb17e2a62c1e70a31dc42e646d737f063b62d24cddafc0776cfe99f3fe4ef17fa675777ca3666dd434e44c5f52d1a1a24fa5a468562

C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe

MD5 5b22912af1d65c6c044db733e20a3fcb
SHA1 aebc1860eb053b7ad3da75b18ac9f31e4f42280a
SHA256 9f76514918f21c27a72e3ae1ad4ff13672791237d924b9dcc58e1a4fc7d52fb4
SHA512 681f97f776934c4d1c5717afba3e8a2d3b8f407a1cedc3788460a9f45d210cdbe0dabb96d3d5fc0ae64e5f1d03f82ad932921b88b57dea0ef92c713e453afe07

C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

MD5 3cc3b509d62f3c21cd553ccd2f0acd29
SHA1 432489ab1eab4353268c597f63e715d5d68e518a
SHA256 159aca58cf623ca9954686b56005c09a2264ea44c8ddc5876624ffecd29ff044
SHA512 d3829a40f349b20af23f28d7f2f1c3020da7bfc64181bbf6fe2249e44c5be16eb017227af2ceb99bbd3988d344c14e700a50acb1f5fd6a4398907850df96c3c7

C:\Program Files\Microsoft Games\Hearts\Hearts.exe

MD5 f87a14b67c16ae6af92614598a5eb92d
SHA1 15ed468668da0de749d257ea522dc7269b308438
SHA256 260680934b315c649d4b2eb59f92072077ac4426bd230b33379c870188d07ec1
SHA512 38a734a02e6d493d9c6c3904bd875b326b8056d7821b91744e5018704fa83d7c18c456636cbd533e1a9441a51cc9e685689842a7c8af85b9ccafae7219a50e6f

C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

MD5 bfcc55a61558b4c82d987618427b27b2
SHA1 057de2d2d0460a1e15b6fb8aea3d337fbb318c8a
SHA256 4ed7f04707688a4acd0dd6f27904c14cefc4f68d1c27450d7764485bff71f113
SHA512 c2b66c8ef3364e03a5baa53bec8c18323eda86fe87e520a5277a237cecd85648a8bb22cd347a78a8dcb83263b0530c4b1ee655307ce4813621bd8d2cc88a1d0c

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 f93d73d9207122788dd10c5e27a99191
SHA1 d889a12d7f032aefda116f4bd02e2b7559123949
SHA256 29cda8e4acafc64807a23861cb1689ad0e9689116eb900766b2064008193ba05
SHA512 268e2e1510c8805f5c086c996c7448253abaf117cd6d47de7204c4d3a2de74e03fd01078d41e0d3b2c6c64da512a74090a736c70c22d71b939db4a6f4e657d38

C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe

MD5 1372e855163a26b1f4d296faebca3cdb
SHA1 8845d593d637fae26837f73b3bc0f8adeeea7f07
SHA256 10563507ee8ada362d27a6188509cd71b790dff64cad2e7cba4a1ee9ad2dfcf0
SHA512 46c70bd985fbc21d60fd51e968d85e1ff80f56343759703d2a117d3f372a8d485bc88a3afe17c0c2b1401cba688a2e233d04743c9bd4b2defde6ae78b34e434f

C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

MD5 043f712a435f6663c3a57284f252d55e
SHA1 b44cb5b004afd21e21e3cb30e5554dd20b2790b9
SHA256 938236b73e9ca87e7163f457bd433d0ff42ebe59d7142714926a9c567e537644
SHA512 5e807088c715586a1c9a6e13ee1263f7de96a940add5334d2908ebd5c45c112f0739f04576b1b80bfedc6c3b2b76623b5ea1de31141daa9c54856f7827bd04e1

C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

MD5 ae797837241589db8e7f481d5145c1a0
SHA1 7277f2af14dda21cf9ef68bc539ffe5144157241
SHA256 665416aa7f38fe24fc06bee596f0d77da158d03ea412b9cc717cf24caddb9751
SHA512 7cb177f17989de4cad2824289b5af169ac8dc0a26930442f827f38f2e528941fa59b54138549b42cd40f649559554b21e7e86805726e55664481f93d960bc59f

C:\Program Files\Java\jdk1.7.0_80\bin\java.exe

MD5 61f263ab492a365584919f310a061f59
SHA1 252c1e958286a4b63992f3a0c4b8ebcfadf566fc
SHA256 80a7b5c35610d32d0c4d5a4f47b9bd33c0519589ec4488326d00f8f566a8c11c
SHA512 fbc5ea0605f251f6ed6208982430c3c63652d7842ff228e7f671cf614148631ef697e3ecfd3a39d212f8c23b9eee2aafd19b3b502d9f750cad79ef500a3c2458

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 298c2c1f8a16a3bba90076f00349ffc2
SHA1 a7fc3d47da1012d9c67a39651d82ed0ca3b8ffd6
SHA256 fdf954b47c7436956cf9eecedead16191a3471d9c4c923547817f52f90a6e803
SHA512 8a4eebaacbf43f46fcfd26ed562ed864a699c5762cb7c3279984c244b0aefcefa73c9919968e060892a9c9723b3153ed7e29b8433dda52cb2813c066f77aee4c

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 4e95ea33067a443885c4e5ab93441458
SHA1 e46baa615ea991e71f2323850c8b9205a1f3ee8b
SHA256 0edab1c0133484d8d22dfb12e79d51013f2b09cf9fecec57b3d5eacd89f277c1
SHA512 42b6e7247308cd744e1853633637f0eb348412c13ab0c2b62a53fcdbc0466c783eb225d9ea0650ca75f56841014be5f9195de285beec70697db48c20c6a35ba6

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 84d7fa0e3b759f0dc8531c5d06db66b2
SHA1 95ca9756bed22f934742efd57df44cd26ee48a73
SHA256 14bdd16e0f6e4c6a69073e571c4c007fc5e00c38b18fa3f18fc9bb5d02e0ae02
SHA512 324171ebb82cc2e138418ab5a100cb4cc1c46c9a9efe77b20ff2d6f639adaec950556f72391cb26e3ddb50441d0e54ef8aef89baa058d3bb069338d971c31059

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF

MD5 a84d1e346cbac7ca1d7b92047880f233
SHA1 ee30ad61cdbee1e65b992a94349ceb4272d171aa
SHA256 27804e92ca6a8c856af90c2b1ebde8424d9cf265890fb20f8a2acbcdc24ea0a6
SHA512 5b68a8c77c75c5477a98a82d9648e58a4f8700c004151500ad780cd56c0bee2d8e724d495e5f17718d5f74fa515d17c98b951feafade3ed086867ceab075f872

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF

MD5 bd44b9703e714b361c2c0bda03478b7e
SHA1 a8f2a04852b8a86d5d2044ca15170526e72cdb38
SHA256 abe4e8f8227f9c532d66cc30a5f68eee09fe4ca7803af2310384d01bbad5a98e
SHA512 c81a8975dc7ac6866b100b6f61ed2f964d729371712ec06ab68a981ac6dfaef96953b0f04be656886a988f9881e250b50556753bd20597128ce4f2bf68751cc3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF

MD5 185ec73dda1c5f9976eb347d66f3966a
SHA1 71ede4d00d0a11465b4b4babbc6781168ec5c4c3
SHA256 70997b3c7b3692c8864a40ef308398bc095230b992f36f2a9cf6f7dbce5906fa
SHA512 8341dac4b70aef5b1eabe142ef09231bdbf901098bc7970cb47570f349d7279749078652cff3864c3d963d5610f8bf5a29a2cfdb2a4802dd44474bf32729c38b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF

MD5 b0970671bf8a753f372557adfb02ab59
SHA1 a882eb17b75bfece0bb77e038c34058ce21829b8
SHA256 32691ed535cbdc5fa2cc767a3d2dbb6448119f3927629d94c3263b9d0bc7056a
SHA512 d2b6252574c5dfdb0292095a90c7b4a67e21bbc976c1b9fae2f11590504bc1c370ba4bf259f215ea9093659659be1e243c78e28ead2c7f7a8970362c724db390

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF

MD5 95c8ac200a773ccf4767a8608ebb90a8
SHA1 51c17e6987431c44ad85fb665674e5227c0a1d75
SHA256 d87a3ca04426481bcfe79abfdb5547606d657bf773b6b4eedff2dab2835d2ed2
SHA512 35607187d0ac42a101812f918547138ac829c64d6e8e7c76e9357b9fcffd97db12d3c6ee6866e72225579289c4643792192d30359a4fbc0e1252b3939080fa77

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF

MD5 98bd1a7d2d6770315e0180dd2ce68f49
SHA1 a08b45d81886c7c24a41df8f6a842a4cb9acff4b
SHA256 3bb136cac16043981707cbc4f9895049cb496026aab80dc68440225610e8056a
SHA512 553190abe53c6581ef738ffcb7d899e86f8826da7e9639a2a5555c4fbf53e2fbd513fc05efe39f6f0b9c1ef6eccd153a33361733e4fc82e42f87253ec9734803

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF

MD5 20b485ebb16a3df07c16c7fdb32cb4c9
SHA1 036378bdd20653f4900284887e299165a8d648d4
SHA256 c8cc958932bbada42b79043657d73594fbc020b0ee575234548069a0d5e4f932
SHA512 b3632977e604404a5d841905b7a38ecd8091acd7712539a33197094c3b5b59b5476614fe4eddf18a61b5c21763e61c488531f1460804d9fbb00c0f7d938f8853

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF

MD5 0a1416ec808fc9c7c36ae041449ea40d
SHA1 50db27861cf506575ca331a9710cf5603656b533
SHA256 5d442a75922848ca63aa64360de5fa509b81f41295012b4e6557c8f2fbca4572
SHA512 eeb4b5760405c38c8c902cd0151cfcdc9163456affb5a4e2a23165d4697cbf3ed84b22607f7a880a67a442862d8d857f7193c7b22a15120a74183dbbc22f2f36

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF

MD5 9fd4f80fee84fdb71ef92e88e9cbee71
SHA1 c809f94dab5da8f59e58cffb939fb3ab2e6065fd
SHA256 c69f68debe1fa7e3e3cae5a941fa2f98fbf1838ed62589c850f761cdc0a544f7
SHA512 421409226a61a5c9a25a5fbd3d9f7c2f5ebe0d86899f822ed9251f8a034046aa40989f7e6a331bcc66dc1e4c2c4b6a76ea54a2ace3e7a4ae9fc10624d0a2dbef

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF

MD5 dfc47d1c7ed65c830a1356798eb7624d
SHA1 a620c1514268aa5a78d148cd8a112eb6bf34567a
SHA256 26439d483bed4214e96b76ec59e3a2ca80c36789d57964343e1b440e8981eaff
SHA512 0d471490e3c135cbbb458633d76ee4b36b5d6bfd635f57f379d11cc1e18b4a121885481db42530d9b3d4edab4aea3928a265b3205038b3dca5df18ca350cde57

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF

MD5 9dcfd4412b8ff682dee50978745c5831
SHA1 563592b2c90f1f1cb39e4c1805826fb515145fc6
SHA256 c46c20970228d198f35fc22b02c94c4645f555f820b8594c5dc9c7ac898d11f6
SHA512 322b7ceb2f69b824e28969f2f4b058ce176288ae898a26e55409bfad456187331e14765e2cab2627477f7ae5ca9cd7405aa9a731cfe999ad6c1818ac0797ad6f

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF

MD5 6d107942f08a87377cf6fdb0cf04e2ab
SHA1 96de7f4cb136320dbdf1c483d1a2e7362694bff1
SHA256 f6684c1293de1992d339edea2e55b9726aae51467ba4a53ed45f6c670eaf32bf
SHA512 791af4e3b0290f31a076e4c321f41d4fc8de29802d71163aacbc57ff5450db7e6be5fcd3c2c188538b50aa848b695a2c04ff2672e9eddeae7659cd9dd425ec7c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF

MD5 e9ae6965c8c1be24cea655263a4fcf7a
SHA1 1672a015d4275fca6ead444fe3fae93b45bedd32
SHA256 b5e033c7153940c3818b5c84ef9872158b497e19e36dba7b091a0cf61b6c633c
SHA512 42ae6ffa68de15ba9936eb8bc9032f69c98059d27c6824b35f3f9f5f035ebd24429f3e89d9558b65a1892d67dcbb9107cd2e92e7db7b1020d1e6ea3ea33c7ea6

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF

MD5 6c41d7f0c052b7c9e76de192d9f2710c
SHA1 fb88299baec7efc7c347882a6d7b603542c3f8d9
SHA256 cfa57ce3c8f6ed74a391fb72941b0591c2957a9e52ea0e7a2720eaa552d18b03
SHA512 cc0230659b300b372b9c7ff56c2ea93c7926f5d51663013a71113b01ac0d9b69cbebfb6cc524a1423da6ca74cd1fb8bbc5e4676e208f826f69383bae7318f283

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF

MD5 677c7eccf831cabee623c323c0c4b2d7
SHA1 bafe76b97e4169c6dfdd6f5cffe82d18343724e5
SHA256 6d2fee97c5dc569c8f8f2e0b4458680513f84965b6a487f04f02fdc97a77999a
SHA512 c0898755c1d6e927c729d11c8efc164224ebd9d421cba773e165e5ff831ead06534d22ca2f8bb1b08b1a2254903245a0f93978217f04e7a0fa8dd2381a7e59bc

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF

MD5 2491f20e1eba1ad18fedf1f10e3f9b3e
SHA1 6013d12a41e18fcae95343a74dc423fbb840cdf9
SHA256 9f2ca427a76b7ab3f5da864c983106faf862615b65e12ef74a6354b161cd0c3d
SHA512 2f0ebe006891ae44e4636c51fc07fdea80a4d3bc9fc10d8319ff165a1e1618e386b1b06c009554e0a60ba92b01c30723b85b881852f861827ce128b35578b87a

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF

MD5 bfe92be6ed75f4818828b44c38a12def
SHA1 f8a74321e702976aa9287c6acae382736908cd2d
SHA256 3f060139302cf1d0d0bb7c4fa60b688ab5e3a3379498d70f24a7759cb393cc14
SHA512 629aab3f40c641117f024cfa955d9ed351fd75728d163320d85f5ad9457ffa5b457051bcfb17e3c1bf1949e0c1162195e7b8ee2de4270a8f95713908def9900f

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF

MD5 c580d057ff83bfc0e88f10fd344be6ac
SHA1 378f38376a6dba00e14ff47a636a8056af815517
SHA256 3e5e682c445e80339a93f75459f83b4c22748f66b5e4b4deb15f20b5d0223667
SHA512 b1d61c20081910ef41f9d0f2f878642bee422d79431326065a68d138763754162e6fac0191cb88782eef65eb923e47700d964c9c6beae05c4638de7e95e08d45

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF

MD5 571be7f387a71649933e01cbfd4d900f
SHA1 af742d5305406a46bc3ba0b801056852c0682c26
SHA256 7ba1c540b414eed9e77c351a1ceb706cf4fee8bb1148cc7fed3880450d649777
SHA512 ae238e337492a0af9a96b80a06d8bfee2529f96f30731c8a20ce5dedc37077081d08abc9840b229333d60e9043b3a60677277eb46fb017ae5b8fd53fa2a324ec

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF

MD5 dc1beb23f075b6251b57aad33f823703
SHA1 7a29fce23b6c6b8827c4657b40417b1db428d14f
SHA256 20cfd1c863047296d90645b21dc2a6ae98b3256e7eb15fda6e8edc5231f8fd6a
SHA512 36134e7b5b4297fbb58c01ce8190f77c294ed495de833bfd311e9b9003b9c1e9fc11a82f33150fe36498a3cf7c272d5d219a44d63d17ba4e88f3c65398528caa

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF

MD5 4c8fd4d73de33d6ff5a6af2f1afdda58
SHA1 711faf1d630107b7d36fef57a51c01aa57a6163c
SHA256 5f5e183f5484a4d01e75cbd9bcd40562a744f943bd2fcfd06dcc6844a976a904
SHA512 81dc3b317635e22a2ba3ee5acaa2af6b66b2a571e502d07a64e5171bf3600e67dde542fc8bdf6732bd2743637f920643722e69beabec4485df5e83dcb181d73b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF

MD5 8eaceb263706a7a38454eeb51c89e386
SHA1 9a6a5f96842af3144a295045d98d1e39bfd5d79c
SHA256 03c06be2c241e519af13448c57a76cfd1f14529d1956bb039cd21cd67a20bd28
SHA512 706dc9d6213b9ac14745990460b2f61c4e1f4e0497ad55453518323044bff8326908e375abd6223deea6e307fa93cfb0b23f3e8baccda19a9089422a7f1cb85a

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF

MD5 3f00469cd4473d26b13b8b76e163ba24
SHA1 0ce92609fbbfcc111d69e7b70db6059d3337d678
SHA256 0474a9a2ce644fcc797462bdac7f558beede14c08d7c61ce1df4c83d4a23bbfd
SHA512 56d5c2a5802d94d4ff7209e525e0cf95475ae6b5c9cccfdd2d0ff87a0e2eac0f00e2a04c815929c4b15f2806dd19efb7d8bd7227638392af8a4bdb392f80089f

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF

MD5 ec973252c3999163f8447b70cb73927e
SHA1 6a7fe0a9245aa1e24a38f17300cc493b2009809a
SHA256 9f1e90472e0ecc9de39d96d03cd13bada722705080e6246a6dbd814396b573aa
SHA512 2d3cce110e018cea025e6039cad912e4ff629c35fea2b6dc23ca511b3506c1b0016c120b60e4b968ee7bf1520dca3b7841c1b6dcf8d4738b26bd36106188da6d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF

MD5 222b0428d9c55f31721b669cc9ca7102
SHA1 bd8d68df44e5f815e3d770eb8b76fb92f6c449ac
SHA256 011dd412383f2d845fc371dea026bfe52006954eba4a18d8d576593c3c676e38
SHA512 3a85c91b5144d05427f176f45f823be0ad4feb7a2e05c70d7085da23a7e981efa28e73736b8595ebdb3f244cbd01d990b0a40d1845adb1fc96befcaea23476f6

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF

MD5 5b4e7c3f18eb876928615c97188fd090
SHA1 8917eba1320b28378cb37824a051d55be13f9cb5
SHA256 4d32850c4788810293e06749cc6cc314e6e0b87045d4736032d69fa51285aeb0
SHA512 4520fa8223ecfd6ddfb6334d20a1c11639fb9d1cf5e8d76c5f143132f4ccd60f14679db48a48a329f1b579917808e180f048f56abab7cb1c4ec717f0fbd35b2d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF

MD5 615a342d4c6a826b7fc0a4eef5837387
SHA1 ff2301f0b58b23e55b67db66ea1152f6c37e4053
SHA256 2fa1a8a5d4987542c1e14d833bb7260cf4eb8c9a991c8344a6953ac8fc8a8873
SHA512 a57c6c20db9dfd39c7b8415a16d4514dcf0c1a78bf6a101a7dc01a8c450ab5a5bd8b4f2cf12b789d4f08f5d7876afffa0f71f292b5d6c11e08b35935fce31b7e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF

MD5 92c40f3671c624731c7f5321a138c572
SHA1 1547375f48e445bae622554241443e0a7b040949
SHA256 df289194f19b1a2e5092c7bef5c32fe2d097ef2322966bd463736193f19e58ee
SHA512 ca513e4b330f23c04fe1c2994271e461d9b8ce3e60c87d4014dc702c9730062c967c5e894474001bb71b64fcdb98289c002bfc53a7c7e582df65f945cebc6cba

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF

MD5 ba6c52de8947c1669cdf97aa7d281fc8
SHA1 b258cfc84cb525f75b3bc7e70b30aa39cfcdde2c
SHA256 8daed5af52f7f3b8584cbdd27ea5a3f53dede38f28930977def644bcce4e28c3
SHA512 3864acad9e8e14053fec235036cc09586335c521a42f805e889555cb82de6320c21888c09ede19e0cc73dbcf7e569ca3de0863a75af913ef2e0e818b5c555dbe

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF

MD5 b31c20e11fbb20a721e35cd5acdeeddf
SHA1 552ddc0b0c30438d77885e772057cb4c39745cfe
SHA256 4e2709933feedebadbe37085f2cd787674ae34fbcd1038ea73d2a321dcebaece
SHA512 164f0776f8bcf7bc69e0f3bb993697877e2e456521f380f27ca3426930a530a6014688a150558c3b28c7812fda816f80cf12fc30f26347ce178001c10211171d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF

MD5 f46e928120b36b62f7376c767b958808
SHA1 771ba75ebcc710e25dba949a17462f31871d1534
SHA256 43cb58ea81d37081ed86577e6ab22b07c5dee90a0c0a727cdb020ba454bef5e8
SHA512 a23781288e8e49fd7fa5ec72831f697213a4ea61223f20d80f62e9513da324b9ef6c728722cc3ace9a10c6b3a36e93ccf5d6e5a9b8b7678ab42e46af4c8cc8cd

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF

MD5 8f6abaf7f864e71fcab93b05d30b0fdc
SHA1 31f143c49b6ef697f81ecd09c389cb08d8afc137
SHA256 ddbccbc028e671abaeb4fed39f3158a3f2768f96b3b4e6d9115454651dfd1f9b
SHA512 fd0753b64fb6de3e9c3164b256b4df226eb1150d640ffb161502915617da3e679a43ec565afa9d7a28cb99344f8a5bf9152e5220a486e90777f83dae36589e7e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF

MD5 2813072631c39eed35e4efeec5d55b63
SHA1 a5c9c6e2f810b6907f6f9fbbd26e6f7394a3f167
SHA256 18233bcc2cd553b9e405c9aac5bc9f4b4edbfe235174b28478535c69ac9d6dc6
SHA512 577b62d036a0d9a9941d94c6b684c7ab79e0e3c6bc8699f75e76e1211be8231b954b7d02a267bd400121c407afacedfdd30d81a07d54f7d39382c196af9cd539

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF

MD5 3852bcd32593cc09a6fbacec90ab6836
SHA1 f6ff4234624a0bd698beb84ad70cddc1c2df7b73
SHA256 1176d3a991d1e8a315495d2548e3a1e1abd0908c0815c834f7af78b1d01f40cd
SHA512 5d13540598b7607b3760c4a8b7d268dfdd35a0f58536cb085604064fbb4e920d7cc541e662580b800df7357741603bd6edd0d5e8188b7ae5e3fffaab616d634b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c99fe6d47864d06a964e688fed4daaf5
SHA1 22e5f39953ce0508649c4f376bf55f5b4f67e99f
SHA256 da6dbafa9ec63834f853e16d9a177dea8985dba6b690ee4ecfb2979b43c8dd7e
SHA512 d6854ed497e3aa2305a832c18673ecb864cd0b8711d5f0c6dd9ea6a0161e104551cad590d527602f7894af8218df653b109ebbd0988adeb76d0e1ed6e36e3d92

C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

MD5 18a6ca61ce0f149ea189d9d6bf6c2631
SHA1 e071725b2991b42f76cd3e2890ced1383990d5ad
SHA256 a659a83bec8ec64a46719bf2e54dcf6eff9bb42ee11b27f062ebb0136ed1df47
SHA512 d8686dd281a8c6a67c7ac13f7535310315ab50d9dba1be0d2ca1e7fd29be27ebc6bc60bf69f4bcdd9b0ee2c95c9a783c9ffaa7a4418474145dcde0cd500b2766

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-18 12:08

Reported

2023-10-18 12:13

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (313) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d99ce105-071f-42cc-842e-c93e8daefdc6.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20231018121137.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstaller.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\msadc\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adovbs.inc C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msador28.tlb C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadox28.tlb C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\adcjavas.inc C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado60.tlb C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\Services\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt.azov C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msotd.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 968 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 968 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe
PID 968 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 968 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1512 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

"C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe"

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe

C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=80.0.3987.132 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\edb12949255bb127a3e9c280181d1e227e1e99e445381b5b1cbde57bc7070260.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=80.0.361.66 --initial-client-data=0x1ec,0x1f0,0x1f4,0x1e4,0x1f8,0x7ff65e28b840,0x7ff65e28b850,0x7ff65e28b860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91d046f8,0x7ffb91d04708,0x7ffb91d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff688b45460,0x7ff688b45470,0x7ff688b45480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6160009429875850177,14006160051654068917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

memory/968-0-0x000001FE45AD0000-0x000001FE45AD7000-memory.dmp

memory/968-2-0x000001FE45BD0000-0x000001FE45BD4000-memory.dmp

memory/968-1-0x000001FE45B60000-0x000001FE45B65000-memory.dmp

memory/968-5-0x000001FE45B60000-0x000001FE45B65000-memory.dmp

memory/968-11-0x000001FE45B60000-0x000001FE45B65000-memory.dmp

memory/968-10-0x000001FE45BD0000-0x000001FE45BD4000-memory.dmp

memory/968-6-0x000001FE45B60000-0x000001FE45B65000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-919254492-3979293997-764407192-1000\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/2576-164-0x0000027EBFB80000-0x0000027EBFB85000-memory.dmp

memory/2576-284-0x0000027EBFBF0000-0x0000027EBFBF4000-memory.dmp

memory/2576-329-0x0000027EBFB80000-0x0000027EBFB85000-memory.dmp

memory/2576-355-0x0000027EBFB80000-0x0000027EBFB85000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c48e844eed6a590dd92896dfb69e9654
SHA1 30afefdc5442cb5d403b7c5627e8f1ee61ccb7cb
SHA256 b18653266c8189635d7bc47552c48a6fd7f11af878ad42ecf36c82b4b6fa2250
SHA512 0582a81dc7d6bf4a14b310135dde6729f53ac82aed5d0fdfd8d0ad0531e8b55d0ebc4ca966dfb18a34bf7e1cd4adda87d7323a75a72bad061ac4c9b8f59dc33c

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 42177d3e4cd52ee4c2abf22363bdcf30
SHA1 382a42bd8805c7562d2e6b3697fbc14d563b733f
SHA256 cf3b50a3bae18bba05f19cc83273562ae1512878a0f837e62dc1b6677b766089
SHA512 f6282a98bdb5096a6bf37d0bf7c07a21f0f0b0260bfac900d9360c1d19e53858f0f2159bb3d6dd6bfa34a1d3787029a3f7a0a8cd541d4b249b4304f955efef4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f5a18b6042855e07dd2ac5fd22fd0f79
SHA1 3988cf6ce71fc72e8a50714f1f8c4e80788011db
SHA256 3279bbc29e709a8690090894c5930494b068233c610e109300054de39af049c5
SHA512 fbdd4c2898747ff7f0e30e7d926f723eedaa54d8212c8ae185c7088c6a29725a992d632c07967e87e93535f56c8de2ef8358355f1bce11eb6aa31657fc20ce72

C:\Program Files\7-Zip\7zG.exe

MD5 43cdb3482b253f9528ebe9002c69fe24
SHA1 9d220d32dec9b4b363e4bf6d3e172b98e47bdae2
SHA256 7471c4a5d0346e28cf285cbf8ec2a14d9d3372f34e67497f712a9ecd93921983
SHA512 e35bb261ccf05656a0f5db793f0ab16454c3ebeb325c3ce2033996fa4d99a65ae8023c7b76d5f1ad791f30bac25c7b3c4007813a4a8abb41e61176c3075134e5

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 ed5744320ab64769522197b5794fda29
SHA1 3634bdf7191ec32cd2bb7f9283761b7649e870bc
SHA256 1ac7e900251b2fdf9cabc4d9bb37117d791b3ad46a926c8a7a8d31e59a8390a8
SHA512 5b39a8235a7963670d15aa3f1a2b5660d2ad97cfe06119c5a4e8f4012a4d22c4120651aabe4907a8cb6e69d625fdfa6ff8cd5cfdfdc338386fd89c72438a1cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f5a18b6042855e07dd2ac5fd22fd0f79
SHA1 3988cf6ce71fc72e8a50714f1f8c4e80788011db
SHA256 3279bbc29e709a8690090894c5930494b068233c610e109300054de39af049c5
SHA512 fbdd4c2898747ff7f0e30e7d926f723eedaa54d8212c8ae185c7088c6a29725a992d632c07967e87e93535f56c8de2ef8358355f1bce11eb6aa31657fc20ce72

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 7e9aa77219f0b2732275cef2d4224b5c
SHA1 7777d73891246fb7528944e1793e5b96e778d429
SHA256 d4b0e2c702e259a8690353fc21f8d929512d92d2c3e88335ab7dd8faba19d8bd
SHA512 9de136dfaf0491549fe2fc41711ef12de01de19915241731e02d9222949483ff5d2854ae2aca3379abcbe032f0c8ba49e9cf4ca605f39b0df5025edeecf68718

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 baeabc1f0383640f124a55b2b717b730
SHA1 54bd2f7975ffa7069bcb74cf5af54380970733f3
SHA256 048516cb18afc4374ec9e7aef8e31a8a97e717519f4c3aae91c2baf617779d50
SHA512 7ba6078d96fbcb69b97866de2f97695c0592caf3554a5453cd2b8aa0af502dd3b40c639d18ab1e246b699556170325df88c52b58295bf6e11a31c8c22f8ef5eb

C:\Program Files\7-Zip\7zFM.exe

MD5 0b96b3d5ed5f843b8fb05bd3f28a9e7b
SHA1 ee0ba99a3d1f16a19e34abde57ebf10dfb812d6e
SHA256 91f0445f3ae809ac91be4cdd60466e247e025d84a42b297b2c6537efe3530012
SHA512 913aaea43ff52fbc69601d21ec378593b15b784e0971c91933b5eaf5efaec504f0f8f4f5a4a67ede1afe5b17fc2ce8af94732846298c0b4824bac91ca55aec9f

C:\Program Files\7-Zip\7z.exe

MD5 3e5041577811fa0aa658393072108373
SHA1 fe687496c606a6c26b4c8c74d5ea36e92accb03b
SHA256 8893ef549fdd232d52cff38493cb342eeb0dcc300834e7a26e6a05cb07519df0
SHA512 ec7a4f2d7f07f8939f4be6de47cf91c4e72c693d77e53266cfd727a8009c6773d8d265a76c480c98c78fc841a6f2513d4628bc9f1a067c728613a5936764202e

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 cc788c71e855a6a1f458814e46e5d522
SHA1 ded296e9bdea7347504a5aba9dc6e628f675a271
SHA256 3068f7dbd6dc6cdb048855bc91d0f31e33a131c0f7c21219cdae11f848785be9
SHA512 d9ddf577b40a9c49b41a4d88852f1323fa809ee761af1e8469f8f4cd7cc4ccbda76b464ac56b2d2370c184fc9f4a4b74d9b6dcbc0db12e2f1042a921eda446f2

C:\Program Files\7-Zip\Lang\ku-ckb.txt.azov

MD5 d03b8c45aa215ab5eb38bae33576060b
SHA1 166823cbff56dbf0ff3788d62f324cacee247f03
SHA256 ac37aaa69c1ff0bdd96d1f47bf18ae073b0134b8f1b17dfcf56cf675c6f18304
SHA512 9a1bc4c16e1144f3eb0c6994bde413014f5c3a894493a04b25c30354ca2ba54765348b3da175c0e37a3f52993249da55cc3fc7b88469743343c48412f30cb7bb

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 728acc898b37ef6c45ec2e07cabb537a
SHA1 cb04fe053f615c77fc27bbb0ac3054891079ef4f
SHA256 e952c31c76f47ebfa05f09370420ef46d64f498b8219417bb6cc31e311296c3b
SHA512 d2519ffd074285d780a601a6d0bddcc46613b701c3444af1ea651e63b8fa631c565662315c806f57a2c72704502041ac95af070a4861c57f87543878bfc57657

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 8a1823f5d672650ad3aef6dff43ecf84
SHA1 c197189c4f941f99d8f5a65022f2fadcdee49aa5
SHA256 e389bb825312474d4a84161070ba0d3cfca956d43e4e59e54f7807bef5038c1b
SHA512 62624e3d7721467f1dc7dbbff8604d0864e3ebf0abb9f3713427dbdc6751a691373e4f42f2b16c7fb281224908f0603cb1d7aab5db9ae1df1877cceb3a2850f4

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 ca2ee7fb94f6aa4bf8fc79fdcb509544
SHA1 a8999fbfc0ed4880d22dd13c763f91b549334fc8
SHA256 2b116cce8215aa45a55a8e445d995b00125c8bd4663bd89331a04e4bf15a4fff
SHA512 f7488ad1f46acbebb39898f592b6aaa3a7b97f9b94914ab230f73e0631069ab57112ed9769c0e5cafd648c7218f74cbf97d3bb67d6526bfef6e07a440969d49e

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 26aadb86c9e32d58b241e2d0d6c9f9ec
SHA1 e30ff750f1e2bfc4d319af27c89a649bfdcd44f4
SHA256 d60ffb0a6ee00dc72bbc5b96d195c605a19f698f12b998b5388180bef92720d8
SHA512 0843575ea837eaf832680400c95d1553cc0be8be98565d6c5070899207a8e10176b5c705cb452fcfa07ceabe22b718fd1736f0b942f82eb649f7df442a14f754

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 d1f3f226d15311f1eba04fe4c000b644
SHA1 4664c40ea69853c756f17f2f8b7674de35e5f2dd
SHA256 6ee25f4b9ce17b428ddd8978fdcc65816bc7485a35989a4e2994a45395dea43a
SHA512 2005ddd92aea1d216b494f908649fa1e7bff504f6cb9fbbc9952da23d1e9068c1765c8365727618f4f7857470057fe7c638f852dc330b9286565bdf02c1e0b44

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 046ddfd6f20eca45b4c16ef6c3e86fed
SHA1 5178eafa79ac43338b12dd578145b37daf7e43e6
SHA256 55c494c91037b2186ec8ff97b4a1c382e2f3319d39ea06e3bf82b4a2c8960cee
SHA512 7bacc9d290a4bb702d2086b49e557135dd386d63a9712abc5d243246168a151a8ae1df997206bfafd22de3737932e4f1f2ced3d4f9b148f817bc7345f8adf689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 406dcbc081f2118ee2df113d9aad1458
SHA1 be6fa0305809cd098a73e94d31d541d3f7e4bd8e
SHA256 de874c508a1d37552f86c1156faf34801846d03f757adfeae661a566111ade24
SHA512 580b5272f35a560cba52dbc3795fc5b125f5bc421336082e3e146546d28b6afef00d43d40d4f3516a0662106daab57f9cd5bdc56da2b3fee98c640f38a257e9a

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 d42753f2f00fd03d9286303fdb1a3b59
SHA1 40fb78b5267602bc712eba65af5e850e0b6edd76
SHA256 39d4b3dedc09080adefd00495bf39157f89c5230d6f150eafb1c58c361af856d
SHA512 9f045cced12885856a655984b4a82ec14627988032d0e362b78d7dbb9e2599f7516dd697c02ae212f5732c5bb03166149306fad7851ee8f769ef8224ca143f16

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 dbb7e500e5c9ed618373681373b528aa
SHA1 c7d70a2e2e6c207b0367521cc11c8e36a6b7427e
SHA256 8f3e225cb42118f41152c3f909c0fe4bc2d34da6fb98e7b69d0b8739410a70bd
SHA512 b31221c8c8dfee39101a80751aa4f72defb1cd6514a8bb85930242bee7ea4382a9780d9b894bbf9da6e06cd3f503442614ad4e82b3fca058ef3ffb98006f18a3

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 2c0d64f179414ee3130ec20cb38ff8e1
SHA1 5fbdb99d90b4da0f22179f13550b8cc65c98ac0f
SHA256 521d97e37445ce7b57f6e31cda948b63f2406840a105a74347c5a3540b14da75
SHA512 5e88a28db00902bc55bc7e83c36e5bfb40254e49d2eac665bc4a7548d2472d282da3713f4cc31622c56f9e70d66311aa7aef118539384ef6b35d3ecdfe3bb7a8

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 a8ebea96c9e39ee41201c1fd3d6b7cee
SHA1 720c544ebd4f1ec07daeb98270e6bfe258a81b32
SHA256 a85db83230efd650e1653dc8522956ec9100faf5b8bbd9a90ae740fc59e2258d
SHA512 8521539995a02a8d56bcd02348bde084020691a3c35209ed5012c2fa732af56bf197fe652d86f3266f2a4c51a24c472f8e2e39b7bef42a7c8be3234e4aabd61b

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 758cf8f53bc3c39ca84582e1524a7944
SHA1 00de2e4a36424a8b5763f416dc348bb14e89d07e
SHA256 333439a4a6e9c20b613b4eab35d07acb991486e18ae64fe200f4ea2c06e143b0
SHA512 7746f5de6c247369ef1123e82aebda779e0f0ade75a89c2d12f2e2b111af0dc0b54834ce38d5d98ad3959b0aa21e03881eadf82c0a869f87d70a232d6c26c1d6

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 fcc9ba18616b06b61f67d98c966a5754
SHA1 f26f6350da02693426d24071b585f3735b2f1ee7
SHA256 838e74500425322cf2c15326de2870903cfa71d840c760d32198edea0d295769
SHA512 6d56fc78013773b5ffef92911f1ceb72b865c88f6b8fa803f1cff68b757cf64a42f48ac4fcce1d4f44d96c7bdc7e0aa5c095f5199bf8fc2d58c9af090c64284b

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 44d0b18fc5eeaa8c913b4403df78b100
SHA1 b62c7db24d10de6b1d9e16d47b5452a99995d22d
SHA256 002be04fbf3c742c71895d6fdc67e5b3ded329552accef3b00e30710e5a16275
SHA512 3f80006528514cbb288b2ac84d19db5c75ad46424a8a0b7b35de66f7efb609f218e16862e75459df128cf5b1a0f8c678c280d4622164e927d2ad00bff2afba28

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 97be08d66eab9b57bafd890d80415ef7
SHA1 8691ffa5efb54b3ec34b873c5ed47445fd229d9e
SHA256 7d6e206c78e4ee6a04cd5983dc39b2dfe476ac164f5218616d27920566b3ce65
SHA512 1fb41db777aeb96434689e39d2982ecf23712264a7366378db3c4216424f143ad373bcb22445568aefb62bcc7016d4316064e634ef95c145c78e6cc3fab34cff

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 61f40a7be9f35915945de51fed64402f
SHA1 a71279bfd5c44fd13bb02e5a74a0f2930ce5b35c
SHA256 fbd9f379b1fb6db683e5fc19339e904e542109e78d61cd384c5accb161a70510
SHA512 e710f5074e08463cc4651003fad01f276a7604d8e4938bf50cd3aa189b3c745617a315648fb305b4d2769e08e86a2467d8be68d89032ce428eaa0d9f157214bd

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 d1eaaac9bb4a115f71f352f74dcaa76f
SHA1 019c306f22b629ff7a8df8adae033043476dfb5e
SHA256 00eb28e995a265970411114a06ff1d53e16dd388bcc167e2d16f9f50197da556
SHA512 16b62447913b80991f671116c44a35ce8f0931441f4b324f85bc7dd96bcc5f7560fb3437816d4f4678b53b699426404bab3214a5dd3ba8b59e9c7e0aaa92ddea

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 ee4684fef30924a851775da123a0608f
SHA1 c86a3cf9a906a8b59b9c9cbf023070b423d60ae4
SHA256 c76d7ffadd17dd620be7fc51ba88829e99233d7935ea5abf377085f692c87907
SHA512 dee90fe8c94ece6be14548e8c1d257c470d2bc7f43a5e694ed5f363660f6ae8e16796b977ebd82d4cb72f4fa40eb12942f88cd505c504751b5510c63ec197a9f

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 86d72933f5e412626dd680640ac5f378
SHA1 2313a364c7e56ee7614069cee26cddf87a818fcc
SHA256 6ff0cf53b39ea62d7626eb65baff8e7d3faa456532821bfe0f962a649e6b1d7a
SHA512 ace98e3f8b608ad2548cbd6e15c9f49299ee8eb1f8c7543db692b688e779aa06ef4c88432a7f9dc3ba6c1bbd7ac463c6951d445da54a24f64cd178157a102d97

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 ca581921295ab9e036aeb611ea69ef3a
SHA1 e41de8867356ec722141f4aac47f4a0fa380f7a6
SHA256 c1d2dda85c64797536be5cfd87ac7b482ac895412742b7ed7c0e538c93f61fe0
SHA512 f93a9a5cd0fbec58e421957977348955eb21f261cb78f01df7d9f55036aece14f4fb8fea915f81e13882608de078d1dc194bc68d3f07cfbdc6a7be1ea043d6c9

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 63c48d0fef2f2db989ed42d08c2c2268
SHA1 1a87fe1d3dac5431b834708bcc54287faf791ef2
SHA256 4d3d9b33335a4d0a1fe2f2585020085d6b68c879d697b5659da60ad1e0a73008
SHA512 306a8c5a587ed2792be4726da67e04347cfd4ec0322b113e3e210e740853dfbdb88959f12ddb90fbc242d818cb7c218fa4a6d2ec7a570bcb85337288c52468bb

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 1d0cca9c0fd5a0a3c6ba33cb956ab681
SHA1 3b59b0a8917196cefadc28b424a8fed873ead814
SHA256 d81f40d5620eb330de73c5e9835991b7b266cf8898f7d9174a7625541217da1a
SHA512 c54a0f1be42f014336f86ce341a51270a8c3bd911366343ebae9120c20055d1785c36529bcdc0e81d22eae23e31d348930f8f848f3da126b5f249c37bdf46556

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 fa730a670cd2aee4b09a71093210390b
SHA1 df30507af949064ac0bf75e5e6a6906c5ebecb85
SHA256 78691de2de5a97b488c665a47245053ffb27c39cd4a100442970101a9cf068cb
SHA512 af57e69b894dee3cb602c096aec413e62205972e4e12354c43e0cf965f57c53df9386f5802153fe68388374aff028330740f1ec0bb859d05f9a3ac31b0eed478

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 027df91f3aa12dc5f542b1ea79069b88
SHA1 943e1d44d1f80750d4ed7762694f28dd6bedf746
SHA256 1693728ae09c2190224ec5ead94c4a67e984bb104e043c57837353b0a7c395e9
SHA512 6a0f1f9f320212fd01623ffd4c414c8b54623291726ac817195aff56da4f0682ecfee5be5a1ea28456b15524762184da3b0a6fab5f73416017508ca554a8572c

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 74baaf61202761cf554b8abcc063ad92
SHA1 a3683a268d78daee3cf9f2ad2f366ebd673feae7
SHA256 29ee9513a2d514641ac337964d08cecf2685e7c0a8a9d5ac3b248867fbfd559f
SHA512 3673e209364d283b3745db4b2e9a8121ce416a34889bb086cc318b2a97e019a0eb143ec98f8b5a1294b5909adb7316099fe9af37030b03214c4ebf3827d4dbfe

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 effd8787e2942fbf5577144979928305
SHA1 e6715cf28fa8208bb8d62a55078b9fb483731c07
SHA256 7a239e68a6bd7b293677a94dfc348920d871be15ee3047d7a40e9d4c1f31f52d
SHA512 68746ed60b0388b82b9fb69ce24cf2199303764a68bfa4fc505b85cf58be0e3c6c757c6b0b221a4f7a23c31abef39de4056f6f1f467f5d4d9217fadfaaeb43c5

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 87820bb7efaaa5b5e4bbd3efd64f297a
SHA1 cc349eb3734bf8c3c4484ba2a82ad9e418276a77
SHA256 323fd380253b45f2b20f67ef01469b445e631c5fc6aeb8e0279841f77fe5cdd2
SHA512 9aabf34d226e41584cc810c931b53ea409bfa7214d15e23a22c8b256a2cced8015d08eff1cc1d38a917128d5278fb23854c723edd30849abbfe36de064fa10f8

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 ca511734c24a80199a18a1d9b169667e
SHA1 085bd8b7c68f9a6cabdc5a8b15f4c0e043dd642e
SHA256 52aafa9ec8c673863b6b397e08a51d7845e40d7d6afe007a9b3d88e91cfcaad1
SHA512 cd5c4554eb7044738e5bb62f2b38d805d3d447ccedd918ca65e37540b783d13d3f360838b26945c7b4de7ce26f1c44eec3c2d2db4b4f75e6b6450188cd37954f

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 d71cd5d28c1a889719a33c8a1e259dd9
SHA1 b3b651611964e4bb9371a73285c790006e422c38
SHA256 7643ad9cf723c580d38bfd2262227cd094d568bd9e9ee0a6c67580e8c614e2c6
SHA512 d3a2b20ad337a5fdc930cad9d028051bf1ae21726cf7cc27a08dc1c4d9ac3f66031ea87a97f6dd684be9bd3c6b994de4c732c2090413deca5d3e3052d7b3533a

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 0f4926ef1cb9ef905568b260da37e7e6
SHA1 33f3239a769b2875eff5844e4a7201988cd42edd
SHA256 96d8e49b1b7f431befeac9ad4a3b165d99f89429a2954219faf044aba9d3d704
SHA512 d4f132654e6c53e87893a5ca2ea845e8aaee01086f637d0bc42b89107627d6b82c577443e4ad3109694ef25d4c4f2c567f934c327fc0e460f61b7c2235bbec9f

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 6fe6129901b97e815a111d0833ba80ff
SHA1 3c2b8ee19223c5065dc430c69dfd27c33dc230f3
SHA256 c4ff194d9a85ea556199d9aea25ea7336747fba933efa51998e26fff6225f1e7
SHA512 609108de91e50f9efce1f784604f8fe0fad6575820e2e7b76f4a09689375d08add2fd218cb922e8065de7e7e2337fa0315c1d7f5ddcfabf7537d6203fb49e3ac

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 60890241f961ac2aa4810ddc2632dd98
SHA1 b4dfc1d0db6ff4aa7efc6d881581269248d2ecce
SHA256 7d8abe09b2991c003b10f4c9b0dfebca34ae720bd231a3fe320c78c68f19add6
SHA512 b11bd64edfb6b17d0b57b5249d0b4a647e113b96436d8aca133bd585c95c690d9635080db091fa0c938cadacb09f34ab988b60ea86956f0b87a74082bda1eb22

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 c774766319b55c4ad8f0d7bb30253025
SHA1 2b91d8b35f46a2ae097cdf7af35300022223d3dc
SHA256 cf4668d1fc4f9d87e548f044a8784cd8558a0ff0eaee3dbeba9f8ad31a36aea0
SHA512 4e608a6867ad845e69ce240beadbd5cedf1f2d1cdb338ab76b3dd3545af40eaef8ef5613b433b4a23982018d6ae9d61f2a41d78ab9784b14f6f3a9b789925fd4

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 398fb7cfbf8f282523d6ea36c4d62830
SHA1 0351f766ddd67ca7eff4222b2cac7d0cd452e692
SHA256 d4952f102c1d6d07812c68c15a512a7d83313c1c1036cdf524348d7bb31c986c
SHA512 79732ca9cab5be812ae1609b72c870645296f29ac550c69463ec99a64e97e46a3b3d515f0446d9b9d3a9c213ab28ad20b53ddfd6557e70156e1fd5cde3cae089

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 622423653775d689812bc661d1a649e4
SHA1 1442725ba7b2e2dd20247a2659d24ccb0d69a70d
SHA256 90aff1896e7440cd619cd8ec5e683f3a0727f638978696e1a40ed36d2441362e
SHA512 039b7497221940f2e2696cc5433afea669f5c8dc880cc053b1eb0ca130a3035170fea4c776b1c3ca16b6dd5da25424f135417cf496ce4e94a7f6e071cc219924

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 7c9e8c9862f16c23829aa488734e834d
SHA1 afe93b86af921b841e2d3961f7cfb0e73a79e37e
SHA256 9f77fbfa61b64f136191f3af69378ad740876901e224e3a1f12247ae0297dc06
SHA512 4a042e3e34045c36c1da140b38067a88cf236b7e5051813a817501a10bac75e1d94ea7a91c0931999c8d2baaa5bdaf9376f9b5b083b19ae0d6bc4bbea9385d86

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 e3f52fb55e22f04565dd54f6f8dae642
SHA1 4e68ad6b4481f13a5fbc14e9faa0a09662c3d5d8
SHA256 84b8d041d0a9ddc45f58d2a119e9ae50b8875041f6cb62f72437849232bfa8d6
SHA512 10e4c6a746b99ca4d2c5c0053794ed64420e00d4676b3284f2ec86ede3857990502b7bffea90c9c7bfa7e3a8029551f4d79f3e5046c024362f94ada5b01f7dad

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 ecd55d6fab28c8674ab4aa7ba9dd6a75
SHA1 f53e4a7e6ff4595490c68389f14299d0ecb18032
SHA256 1784cde4c9444a76af1ff3334969a88f47a696133d22c6d09e6ad4a30a1af469
SHA512 92ca3e354e8316157785d974094a018fe33438952d3d705898281f574b72ef64e74686f80392be7bdfb6e7056dac8b471984f682fad66d825b2b3d9367a121a4

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 3b5cf6a2ef56c8ad041147f0c3cce957
SHA1 24844a558a287d84b76b61509ddf1af4575c7a8b
SHA256 411b9d01fae72b3e17c2d078f206188831c0572ee31cebf9caa8da89ec9dc279
SHA512 dc305f9eb63c4b71741a1c027be91e52520cdf809192d809a1f3236375111647dbe2efe11ff8dfc274081984fb0c641eb2c2db76c307c7a179142d8d80874326

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 ea01047d554e8206f6e59fa7e1decab3
SHA1 c37c3b0ac132b0d29390d03341c3449ed873d648
SHA256 bef907e2730cdc195b443059f9b39dfa67e1720f33cfb77cbe885cd948f7ed0a
SHA512 fa559a95eb44ebdcabdb60c5e1473915258bdb249c1b02e7c18430f4f5e459868bce13e5e2ed9f853065ae64346856fdd96d2a42f09637bb9f9ff4087d0242ca

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 52af6f1ae1451869c5271eaad8c67ec7
SHA1 2461f3baf015af14499ecdf1cc44d46cc7d9924c
SHA256 4e4e84d915b85038a037946ce5a274f7f97acf05bf795dce12bfe0b3af10d167
SHA512 9c1271c296f6616bdebdd11c68875c70b5b480663dae19be18f53d0926061d45aae8b5412e3f04c7f39ffd122be5285298fb9da9d6d983634a516df82567da7d

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 4d6e176793f8ef201828febd47009e7e
SHA1 9a44c10668abaf3edea3aefc8871ba410a92143d
SHA256 f576abc08b14f565b2742675e39246697b88d0f8211fa1b37d883d9fd8f299d1
SHA512 10946fb1c5ff80b61a2c6f03d8fefe0e58d5a48b1e8c97c1e767d4e623daa992190fb5dfb092f2f8ddee73e37c587e4459c383941765f40f5379fb7bb31c47ac

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 8267f6877105c85d18fe8f5d9eaa1294
SHA1 774182faf158200dd0f68f5d24f6b5912967914f
SHA256 6d29c3253cce99490e146c1320a0cbc4dc704c3654d17fd89c343f626d8e29f7
SHA512 4849cf0ad8110940364dadbc6111d287b7474c1aa0f76acd245cdc5668a890d5e6ff4fde3917ce61f7c8566f80ae4c5c1d2b7736846557fb1a83fed605e3823e

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 c5ad27daac83c58b4a10f664925d1a36
SHA1 388385f5e8f2b9e3e07980e238e529ea0d663b9d
SHA256 0430bbb80f408c9c011ef2f2b7f56f6202cef3808c89af65c3404cb08555bea1
SHA512 ded64d479ae9eddf5450bffb5d0099313240d6bf394c6fb10e7d7bdf6b1937ea6b45558cb8dff153b032e6297cc5373859c7057b221240140ba1692bf5660ce4

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 d93badcc282b7dfa600e69c01ffb0799
SHA1 0914a9accb1687f38e807a6b63a10b70b8e9b074
SHA256 70279e932401f19a3c722079bb8f20549f855d118d3f78148868e9f16b730af8
SHA512 17b7053672ef7a2bcc7299669885dd390e4330324e2dc75bc836a165446aa8276ef34134cd419579d4e1842ef9a8c300e8294193c391a09961e47810e44ecc6a

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 e1dca1b2c3b06cfa04245c2150fbcbdc
SHA1 a03d4b2dfe536f1826402b0f9bec196739af46f9
SHA256 24aaa38522b6c384439b44177eeb136262f12842846cc7232f962104a3c1e4cc
SHA512 9b84318132a8ee9dca3b87125f470705add8b1b61a4be3be932b4427a04f18b9c0defb0c533832756d6cc09b7dce7e074522260c8d238ac8840266520089660b

C:\Program Files\7-Zip\History.txt.azov

MD5 e6972052163bdd62b9d296e331e38543
SHA1 db0554f6c0f2478a0bca0b16d3503b52ba2abed8
SHA256 879943071e27e26b6b380981cb846ce406ce0b428509aa896faea1d73435e52d
SHA512 181d5dae9eb712f1c217130134da308d9362a54d2b2a712e660af4d9f3338a4b887c0f120a7253de01f91918de6f6413a4d5f6a06695b3445d5d803339ca48e2

C:\Program Files\7-Zip\descript.ion.azov

MD5 cc3b520919961f4464ccffc688d30a74
SHA1 439c985a7602b5701c0dc382a4f340acf5ac8587
SHA256 77eaf6b91abc3b7b030aaadefd0af6bcfba0f39897376cf018c6a380eb913277
SHA512 7ea955c64b7a1b0099a2440907a5a747f7b4e5875286e77d2fd9ec165a9979255833fd3b3d0fd1bfdddf71912dc4cc8e33e68edecc08b108c77309d7f1fdca29

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 0f3e0cc7e067b1e2ba14d9fd2e92c08e
SHA1 0f59961acece9080b12c1cc9ffcd6e4a8abcb458
SHA256 0ec233e4951e370cf8d63744ecedb4d7d0a93dc678081f7ec12cc7ee1a70f8ac
SHA512 6129851a43b0b0cb7766fadf83eb0c6d4dd844f5f8a23b850593fc4a0760574f6ce4a0462af109998b63734355a39a4060a171341a393615ac10030482410ff3

C:\Program Files\7-Zip\7z.sfx.azov

MD5 8b0880e0906ab28e506cd10b4a1a0bd8
SHA1 ec9db35f99d9c3083796eeab4350aa4977758320
SHA256 b5d6f7640eee03d0ac5b6713a305b468633a1acec8cc190a9aba1e6d6c5a7917
SHA512 0a75145c9716ad4cbc4b49952b3ff1e76ead787caae255109cea65aa83e6ea0eee62cbf4b93e553064287f8c9cb5ea64bf6f4f0a0d049bbfcc4c428c01b5bd85

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 963434abdb47b9fd94c29be7a3acfc28
SHA1 5a0a63ffde3d0b0d9e1e5ec689aad052923bc82f
SHA256 3354515f7053603ec82f63c150e8801fc8f23f67627e4a22c857672c86f3a9a9
SHA512 7e463058002321a4ddd51bc15926873b1ae47becb04befeb6e79008f2b7073d8118e622857d32e7155afcbc223420861c3c8293da0c0df8649f376f4af3053a3

C:\odt\config.xml.azov

MD5 ecf1caad936f716cd4151a7305730bb9
SHA1 2b29985a80f58f0d5e93c5e694f5afcf0d198e97
SHA256 582889f3a0eaa66f4c4457392820a7af513d5f833dec4546222a5300a9587e21
SHA512 4a5e16e266fb1f425f28ebb35142b2e6f4ab769bc448af3eabcecefeeb4b422b6e4f32819c66853b00e674e4560df78bc29f1c17054b2dd17ca66b0dfdedcc29

C:\DumpStack.log.tmp.azov

MD5 d86c5110fde1843c6c1a7b443f8f3572
SHA1 eb84cbd50ee8545d6c5820d8a18bffb3bd3d78a0
SHA256 bdc7d9d110ce34160ca822cfaea896a676e0c9f31753659b78e6cefacce75c84
SHA512 5593af210419b0b8fab607d1f954d263cf020f651da004113751995bd9b1ba8bab4f3d047c983c1ed01b23d7bdc48fb7a6a734f9adf07b0e9efd800a6a7a4fa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 03dcf1ff7c16cf8a6b79d6c19b571e81
SHA1 9927c9a733b5a55edeb09b531ee87d76e06b65d7
SHA256 29bc2d8342020431b39cd6e191c7ad67240fb974c83b8aef41b7b2331eb03254
SHA512 40accfdf7317043f1ebff18d7c6fe414340f2a129dfe34b1df091d710cf78738d3b59a5cbe04cb72af1d3f8ea98788ff7ec186efba20775410adcbaa5cea088e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6eae0d4c518d4ec49f56c668841b618
SHA1 b643f54adeebae5893a21ac0ab86519c78c82f7d
SHA256 8eb91595ab323e741223122bb53f3148501bfcc33aa24cb00d1f4d858a9d2cef
SHA512 7a14f55770dccb70bcd5a31ece5e6ed89219704d52ead44529c03709fd4d2945a2c345be143afdc6227f205fd793f31b6325b7521bf0ae09cd939f03e3cfe637

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5bb72485dc84fb81b5679aa600ab589
SHA1 3b95065d50a007f4f7a312798ac64295a5810883
SHA256 5b46181cd59c3a0d7e8b6f1c7ad859eb83a71db6a5d475f31741bd3a00d7afad
SHA512 077f6e7915df4bcf5c66978873276e62acb274791e2a11cecdbe30e1ea0ec0cefb07c281c8f89d5771368e110714f22d159eb6048dc47b99c4f64f55e4a50359

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6641ecfd7dc6d4016a66361a0d123291
SHA1 cb386d4e8615cc41f3e2924bfeac8be7c33d394c
SHA256 228038247d929491c983f6a8157d2a5f800a1309d46cf101e3765bfa5223bd90
SHA512 eec0b8b73a337bdd83e85eb1e275cbdc4e68da02c029072b6526f3fd64211c31a526d8d53d731291f49f559d5b9b0fa10f278a2cd9d06b19bdd0e00c33f04aa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\500d2b24-e457-47d4-b7cb-32ef94bc6643.tmp

MD5 734c6b0078694d37b73fa0e2db8d42d7
SHA1 d0ab64bd631eb8d486f95455ed4dba7a5509deeb
SHA256 8dc234230413e7decfbf15570e33d4251854de2d56455976a9e0e39ae43981f4
SHA512 0f652e17e4db143065442f1008d4a8858a6adc366caa4484a8dc2556aeb2a2843401d6953929c424f0aa5e8c0a61d9650e597662f4da17d8eccc0cd1afbfea29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 699e3636ed7444d9b47772e4446ccfc1
SHA1 db0459ca6ceeea2e87e0023a6b7ee06aeed6fded
SHA256 9205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a
SHA512 d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5a886608d3d050498ac6d04693bb4e1
SHA1 7247a8df0572f4088013cc465a2908af67da0a0c
SHA256 0bc6dd86eafca28cbe13ce6ca6afec884ac00db84140f65d2e8537b934702722
SHA512 7dbdd4c790df625f523a70de1f4fbf124c2c63aa7f85d05f45a68d7f9afa699737368ef273f1b7fcdc295140382d3f8efaad2dca40fc59b68e08c4011d228e10