Malware Analysis Report

2024-09-23 07:02

Sample ID 240616-km8nqa1cll
Target 2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk
SHA256 dff1a539db2d0185ba72bce0bbae89d300903b52c0ac427d8b409f5a4969ece4
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dff1a539db2d0185ba72bce0bbae89d300903b52c0ac427d8b409f5a4969ece4

Threat Level: Known bad

The file 2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (8871) files with added filename extension

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-16 08:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 08:44

Reported

2024-06-16 08:46

Platform

win10v2004-20240611-en

Max time kernel

141s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8871) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\empty.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_history_18.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-60_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT532.CNV C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\AppxMetadata\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\LargeTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\AppStore_icon.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reject_18.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\View3d\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\call_failure_illustration.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-default.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireLargeTile.scale-100.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-150.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Square310x310Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe"

C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-16_653e07dd89847f6c143782108fc5dfc4_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff7845996b8,0x7ff7845996c4,0x7ff7845996d0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde8a5ab58,0x7ffde8a5ab68,0x7ffde8a5ab78

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp

Files

memory/3196-0-0x0000018D99950000-0x0000018D99954000-memory.dmp

memory/3196-3-0x0000018D99940000-0x0000018D99945000-memory.dmp

memory/3196-5-0x0000018D99940000-0x0000018D99945000-memory.dmp

memory/3196-4-0x0000018D99920000-0x0000018D99927000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/3196-10-0x0000018D99950000-0x0000018D99954000-memory.dmp

memory/3196-11-0x0000018D99940000-0x0000018D99945000-memory.dmp

memory/3200-488-0x000002A087C60000-0x000002A087C65000-memory.dmp

memory/3200-494-0x000002A087C60000-0x000002A087C65000-memory.dmp

memory/3200-493-0x000002A087C70000-0x000002A087C74000-memory.dmp

memory/3200-489-0x000002A087C60000-0x000002A087C65000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 f595e82a139e5781c32e7ae68419b5ee
SHA1 d1a38e5a9e71e0890527115941bc7cadad53ecbd
SHA256 9fb67142e43760c6127795904d54b5c5f0811babec65ba51d64bb679ce5111ea
SHA512 2f4550476281f5bc9fc745f84b299262d0196c9c5777503e7263c2c2c2c1112396898bf70d4f8d9eaa1968ff1d5224c69044e6ff1f60d0eec65bda089e7b2a8c

C:\Program Files\7-Zip\7zG.exe

MD5 33a2a7c1d2e42dcec786a55ad2389c8d
SHA1 d2babf42c69f26ac293135b0c943c189601aaef1
SHA256 0072990a8bf8cba046632d9f00f1c1da63baf02c6186c7b40925089c91e7e92c
SHA512 1058bd6ea3d13aa7e1c8980ee29117b5d4ee2843447158593c4a3c67dd3fb5ec38d4d9919bebe7710c27f016b83d7442903c4e32379862a18c97a7ef56255b4f

C:\Program Files\7-Zip\7zFM.exe

MD5 a3f3381df7e279ee403e430ead63c3a3
SHA1 76c9358efb714f386e6073ad8f80a035edfd12e1
SHA256 7e655a23dab236f216239486c8c4fb004ab633d3cb297d25d4ce7fc65bff746a
SHA512 f249fbe5d4bfd25c8c663dcf8f486bbc97cad40af52f85efe7569581951712e95898b83521651d23b97fd2f89598e42b19eeb3bc704371437a8915ec15f6c8c4

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 930beaed8593b2de7f9fab13564fdde5
SHA1 19df0c2d848bd0c5c2ff651ad5a35b895c94513e
SHA256 5bafe8e17c80669990812720ee9ddfe996cae68e1fc0cc72c93f535175f544cf
SHA512 7fed716d0d5dce086203e821a57a1ef8deeaea26820fa299ac5ad7fa46f361533e8d8c1aebd1a5d00e80689e6577f209fa1f6f0750a724bb7eef8c5354a239d0

C:\Program Files\7-Zip\Lang\lij.txt.azov

MD5 854ee00ea7a7adef76216eda02eac2d4
SHA1 b9aef921acea8b5fea0042432c6eb36cac7443fc
SHA256 a326e9b2a0e9a92c51fead86af0e153eedd4c5fede1a3d05ead80bc2d7ef02a6
SHA512 2f2c1d3d0930854a34ab9e33142ee6a9b8c229788e138b2dcdb5f215a0d3b1a1ef3ed869f3ff6bcf5593833aae51e76aa9d39554239ce6bc40f3721802251e22

C:\Program Files\7-Zip\Lang\ky.txt.azov

MD5 386f06ab99557859d488f7709c19f26e
SHA1 1c9b360e90b4965e2392a9ff500ab754c5e3e172
SHA256 1d191a679857ba8ba24937ced2017d6d512b12deb751a22a2d370f487e14b9be
SHA512 f09c93d932d6f68e26181e98fb9c13977e28e4abb36dd88b4fc4872d8de65bd14520b8f264582f2d011066af9d52f661232dec50b8ac6d8ea83c9af519e0ca00

C:\Program Files\7-Zip\Lang\ku.txt.azov

MD5 60f306dd74f3965dd024b9858691984e
SHA1 0b2688e7f144cf3eac12b667358da1d752c58725
SHA256 6189e807356f13ee4b7099eb3b5a25b4d16cb18c4aac6d7cf5c35b9b39c8c37e
SHA512 df48af9ccf875ba7d6650d7c96f23d66b59592a9aaaf58ca7ac7c422f1b068c3375b3941955b997cab2a25d2a4678e5a542f4a41639fd12dbdebc197462765d1

C:\Program Files\7-Zip\Lang\ku-ckb.txt.azov

MD5 b4d7e1d99b3ba26ee7b68f929e473dea
SHA1 20e76bf0394729b26deb042115625b770c4276a7
SHA256 3366bc1a849ce609c1a5c90cc65ea64d39a94396df398d551e5333e4380c6db1
SHA512 e8fc00fb9411b3555c6fa82ad5ab5447e100514f4f43aa7a3dc572c33a5f81d0752dba8504b4d8ad0b029effad2130e31d14947d2ef1762a2e823f7ac343614f

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 0e413e92e19a202c5cee3edbee1b8486
SHA1 d451269996a866b86b1c8a130a215a69cf9dff5f
SHA256 13dbb6cdb81d5a8baebd53d1ff556a5b49fcc6209accc8661058d33aa5ba17a9
SHA512 e52f2853a5317927813eec488feab51d0fdfc7c2c7b0136ce44b455a22e33c09653bca6965504433f14ee888dc467c4ea24b45aa750bb4ac87fc1e0d743e7265

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 6e449579757727de05308e9f06f046a8
SHA1 8d021219a53e28c0800be747986bb9d08a84b018
SHA256 fb9e7550020b76380550918bde38a895ffdfa862b34ca6d451b8b56324f7bf20
SHA512 dfc24637387045aad29454deb00131cd0743b0cd5a27c49f3195d8434405284f6634c0be04dee94d48d88c61fd8891af9226ac84ac1538d377a744806dd5fca8

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 bb47b59ca90bff48fb972e014e131d1e
SHA1 f125acf45196f82ed22f173008a3b88358259d90
SHA256 ac9c2a47713c1a8cf8e5534bf5ced9bd5cd81799e2ceaa84bbc9a0b1a2e5cfb2
SHA512 10d0b69beac97dca356d6e842cea501f1583fe2920a0b27872f897ca554fdc377caa4b394710c842ef9e2d88fa03b68320f6a917a7a9245042d900c0802aeca7

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 8952cc488d95812653023128975f0883
SHA1 2f4020d9fe951d6827ef8be1510bcb10eab09a57
SHA256 fcb8eaded63041195694d36c1de84e41878104dd6970a85785b524ffb4801b3e
SHA512 9171a05cda7e13dbb5693e8f651a7d0de978663481b2d25d0a8b71a67a4efe944f029f4bfb62c74050dfb5af9c74110a2fce65ff749a74a05fe59ba3c9d774a1

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 d684fd3438748994d1d94c9f0eb8aedb
SHA1 665dfaa04c1d992971e4db215a8ac5f54126fa56
SHA256 ff270d665763e6e9a3d5e9eb6dd1cdb67c1f7e7c57a62a43c5b511ffa0516e25
SHA512 4251f96b6ee3bb28a540b4cd11fc941bb0d5bcdd99013988d76fe3691b7a0fef1f6222e901e379f4a63bf24a30cf7e9595a29934407de02395988625fbe95919

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 3579433aa60440019309531394a7ed87
SHA1 bc1cd4a5ae1ad172e5e171eba94e48376f3329ea
SHA256 e1ace3251a6de0c3acab3f06c83357a86053c77285b7ff99a7f225bb0a6c335a
SHA512 050f8bb2b841d61b7d7eaa91fedfd61b536527b06857bdcec70749f5e9da1c3c97f27632412b32c1099ea45701b544fd7eccfa7016db51aae168a5909064b9ec

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 53b888ff35c4c101834d357fa217f396
SHA1 0cda43fd70a0a56aff4a7679c171a07013f84f7f
SHA256 88392130057ba473734cdc558ab727a75c8c363eb1fade018e561fb05618e13a
SHA512 15629034091a2bc711196430fc051e37bbf55bc19845b8102e880e5a8feec15eba4254b6dc15e8fe53608a3a46bf9af4d50026c1134c374dd5540aff27054b9e

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 985b5e3cd55d7f9da24a3e86e135a352
SHA1 7482763095c31ce95264a9d1f0dd2191a567e2c6
SHA256 ffd8cd2fcfba72c2fbf4206299ce534a00185ebc3161e5cfddb183f372ff0af9
SHA512 4a6cd4a7b6a7a8528d00c6162674e09538dc7211a9c5493294f1641ac856f0293712609769692e07fde81e45d88c1a23079f3a757be912a18fc45a28766a6f58

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 ee1f3ca7238c49f913574fd2451cf5b1
SHA1 3f105a20560a82f447d4b0cdd98ea086b0e51d75
SHA256 7656acef038a292f0e5b9a73fbe1206d5f3b285b0dfc9732e5b974634fe5fc75
SHA512 172d41b37d11f6625ffc6b69a24f0c3519d34836579b4ef7a76f3545ff4dd3a86d9d6e19d78d6f73eb84c79cd9c9a38bf5d8df7a6225a265bdc8e9ae881c11f8

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 4b08fe4635d7fbe5e3afa479c82bb002
SHA1 0ba33831ba98984b665eb1eca941fc6b9b23d995
SHA256 f0cdd9115a7e59d54810cd39f45015f222c53c8761b90e3fca6e727b455d5311
SHA512 7d77c3a0a273b47cebab00913ca043975eb13f6374e14ee64006ffc248518b8341d09e5d0bb736b01358449e1184adf5a5d72784bdfc13bb6d2d4d124cfa0843

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 b511b5f1a4c9a2ad2988a9a6e78c45a0
SHA1 d22e458c97384bc428499fa43f666fdadedd5f61
SHA256 38f5803cad942a9e36ebd05d25d55f06bdc5b677e8495376736e1dc399dd886e
SHA512 e000b86a7b528d06756af487591939c21579383f8ad790f5f24e4c7b781254a7634f368a439f0ce9edc175144a21427192990c4b0345a66188af28eefdb8a4d3

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 ffc7531a731e8cccdb2e0a0204829aae
SHA1 f79c86c5c63554aab7bd66e453fa03f3931fe636
SHA256 5467ffe229aca854eaf78ffe2d4d35e85d88e32164abfd65218ba4ee42ca98f3
SHA512 58c76971f3185c53f00c799561e329560b16b3e2d48ba54400ad255b5313e6b6ac9bc7c1a61ca2569a94ff2d257c5663e5229304aa6c0c4ebbc78c6830e80aa8

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 a7769fcd905179c99c84fa6b6a5dd418
SHA1 040236af35f739a903f05b09725f641f6fa4e42b
SHA256 56f44c9db8f16d4fd086735688dd23530b884aee630bfdfddd9670cb0ffa918b
SHA512 581416fcbfa4dd18673a03c24aa52da6368111868a552daa53b4f4921dcc7fb27e0ed079c0fb867ff3a77dd30544b55f10af8735c2e1353c249a4ead4aeda278

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 8714eda4885c0c5d91289cf32b15af67
SHA1 027b6f9128061abe446da1e069271d274c78e796
SHA256 a7ca862dd84f3fb5a59e269ac92a12ce48a4cb35553d9eeaa2464f35f1f3408f
SHA512 13b800f2b2fe6e7aabb5b4e14c5222dce961297d04b399cc94ba17e63ea4ea0d46ec41f40d8b2f35592a90d57b469317f6a1cabfa661e25f1a769755dfd6c38e

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 92a525f59cae5fa136ce93edb33bfed2
SHA1 b617c9d83be67c858f9fb6bb38f89e1f008043e2
SHA256 356d5b4fcf95c460f1fdd8fb1dc7651314d03108308010706644d61edf4a3a30
SHA512 ae9a801f42826a28f15aaedc83b4ba5144041bc163648d7f4063105b77393d9f0947748dd817a766bf1806155a0c3c92d929ed83186c842bcf81ff0bdd69196e

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 a01eb1f8391650c2592053245a15982f
SHA1 662034d6ddb6edd7dfe6354c1812584487288996
SHA256 092cd18f2fcc9f22ba2be4f0f39debd9724faccfe2a2cae5150879f0a8e62848
SHA512 3b8a3ff85d7a30924d55d30e14bbfe4db1d94cff769d9c2881959d25a028f73185f1121abf4b5a0665229d3b1c06aeb3d490f3bc1b23044e1b8b3015ea737600

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 281c0e9a35ddf64a1182ff0089c2ad45
SHA1 4ae3c5f282c0647fc9f72c95b40f6d2620230aea
SHA256 64756dfd88697298aeefc1c6f11c07fe32ab0923c9647fa4a8769ff974029619
SHA512 e046081032b9caf70842907a861cde307c7bfd4b50285543de85370c0b2975b71dbc71da9a0936b0fdd4d946a2cfa19a2abce0508d4768f1d7bb23d2c81a3d4d

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 b23489f6c81d262f9bc2da1886869b1a
SHA1 85d1ce4c0a03f071ddc246fe0d3bbaff5321d037
SHA256 68ce58bb00204bbac9f7b3f81a5230a7c5fa7c7181505672b944e7120c4e929c
SHA512 87e4113033d3c73f2d2255d829ca581582699577de68bd815f383a32ae1132d532c4a8ee81db083ec0d3167a95c60a312ed610ef3174facfe7af8f241d6ff02f

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 c29e3f90ba359447d3b5572918e515b6
SHA1 4889da85c120016ed50490e83d363e84e670fbe0
SHA256 89eae621c204355d6c581576773387d4c2adfc8cc21992223083e147afec6343
SHA512 2b7f1ee06fdc8390230ea203b090fb76f29f72c2268dff8395180b20200bc253738d0f4454996bb38d7a64e56be018bb76d262bfe3a97fc458eba8ec5be2cc0e

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 24ea2de7a3f17da713816d6cb5c473e8
SHA1 f354572b38ccdc750aa917193837518b77e96952
SHA256 a08ea4618f3855de32a445bd7bf713394fe482091e34998cd812ce1ce1a981aa
SHA512 ce3809ff98ca2fecdca1d1cf9d8240551373aef1f4b90ab77d309e307660a9cf142636e719430ed014b065165ae7a1aae4d61bb9262dd58fd9af8d459e16a77c

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 0e07e00dc4f9f55fef32ce53b726b4b6
SHA1 1074cca57fecb051c519d2b281a22d3b4f84e09b
SHA256 4a589010a5230257ea4840c68d9763a522c31b9baaadb3636b86d06b36e2af5b
SHA512 91b5558ef60950cd0587718f3b6377222133e1b36995b2710c9648b76bbabd64b16b30c6a823b26ffbae29f7b5d144736c42c6f501e577c2ed88127295053f61

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 4572fb28edbbec16c4ddaad8ed33564a
SHA1 58ebd80deba51ad94abd2b03483f392ff6c80abc
SHA256 a10fd2c47cb731ed6872603351ca9063b38c88e77c732199075c78eec35b1047
SHA512 84aec8d58cabb45f425429c7b511ba3b8a74c7f1703fcef940a0514a18c9da8991eae1a32312e693b2c1c00a8a546a8d06433b9cfe424d2c3caf45dcb856e4c8

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 66f445290e41f57360132cb280bc819c
SHA1 eeb772c1703a0c3d93f66f13600118918642013f
SHA256 4dfb3aa5205f493518cccf79e4e75f828cd4e8b0e59b81682be1f8425b0ea4f3
SHA512 02ce81287b4d1861265ee9e6fd3d692331ea9093a130f3e132df28e17ca8611eb40f73e40b22a7f3251b661362116c307178aa76f8950525aa713b2014f47a55

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 aa49f1e88a652a450f77fff08a15293b
SHA1 ae1afec939c2e2b7ec6f497199f9135f0c208afd
SHA256 19383d65042e2d559823018d0b3d7857725907c1e81a77b24cd2297ad325a068
SHA512 e2ac2da702d00d30f881a8b5ad2ad9e6eef6ba84c982a4853d8c44186e5b4fa10c9cde793dd08d51e0d2ca19e8245b94206bbc200612276a41d0bda73857836a

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 0fe51d885d24fc0bac8fac51cfba1d1f
SHA1 be1098f0ad11addfe085ce90ca1f7ba46b26d304
SHA256 3a3859c061b6793deae2d379c9a8de0969e1f1bc4028b00e09401d114fac047d
SHA512 b35f8627ebb6320e72858c1a64a06a26e990b937d689c0d4d10b9dfd670083bbd9737b52896541e6092ae66a953381a0008192a0cd2b2f154dea6ef8048991f5

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 2d83cab6e82c47f4984a5d2a2ef13b29
SHA1 46e42fb2b9d0f4b9ccb661db75046c9eefcc86b9
SHA256 07a20f38c0cdde5a05e8ccfbe164d16db9225edb7155f4672f650f1121d55b39
SHA512 45931abf65c77ff1513cf66fbe09d4a6d9d3f101f887d6d4d8f19bedee1010f19fe9e97c61749f99668caa7f74c832f1cbb2847ee13e82fde984f536a167a917

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 0ac67e6e5c38c65acce4205802bdc733
SHA1 ded3285c83e0ff5d15d20ce3d5b7ca65cfb25aa1
SHA256 e093eb07c97b03f4bcca972567a19eac630b18101e4ea38f5900e5e25331309c
SHA512 68b648bed134e62faaa66b37dd3953a017eb1539c7c94d862e7e9a3da82c820bd65ad812f6155cc109511ec0d12c06f444eebcae6ad45ba4dbe0a6a0ed5bce0f

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 8969e7dd9b0a8c73bd3f3f5fff07367c
SHA1 6da3890612bd16b5472e2cfe46726429c9152711
SHA256 bdb3de14d8b77f90df9d5fcbb11dcb90de0d500852c0e5821b694cbf320d804b
SHA512 2c354d389aeed649bf9d01dc0d6f5fe8cb850516676b25b78a8d366287cac5d6e3671e2aa0fd4caf909b33d7391837eaeb12486c97381ee16fe35422b37f3a8d

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 8abe002a0a3487cb5a2a490c7631fd8f
SHA1 63bb6dfc989d49c2a4074ddabb05f770d7cee533
SHA256 5690391aa5ad9564a24b895299a43525f1999a50c48e17c53a821263f77143f5
SHA512 34031d483f245532003f0097156b4a3133fe676d2a8cb61e2852774f47c21589b0aa3305e073d6fc95101a6ffd6a4dd3e4374ea377baa928c597972c7c1c5e01

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 e56c0a54dcf17af3a0b7561bbea67e17
SHA1 5b61afd1435c7729c7c692b7268ce5c0ef714373
SHA256 550248333be4c119a72612b4951438fe40b2c42eb1a0d1f85092dbb3cf47238f
SHA512 826ab89ab972116a1846da1069844a4183e02092c1796f6947df5d7c961505a753ee2c392202430a779327defadce4d23c288e113b12ae96f9e8389d87ccf076

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 bde68e5c086f9ae1752b00ebd76c6e9b
SHA1 078dcde1662375c76d7a4df5ef6e5a35f24c5e2d
SHA256 50b0d38138e91b088a38ff4195b8d58d93fb66eb7a98706b68f8100841ca2793
SHA512 bdfd003339de7c8b897f1d429097bdd8402b6152cd123852990479fd57d7c328c2036cca92bf98ab7b668881beb701369e63319cb373bb3ab915af10f5841135

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 fdad22faf9ea18e649b5a6098953928c
SHA1 6d7eba064e84c99d13fc41c9ab1c83f9713d3698
SHA256 0cfc4f4d9e5a4d7c7ee84f5cb612e95b380079f57f37062968c3720009328b75
SHA512 a61d10c1cdc2bf5717e3c792d5e7c4f840f3aafbcdfca82e14adcaedd2bf45610eb78317dd786e3c20f2267a38bb2a55618245983f8ba2be5e98bd6db5aee518

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 7e8eef7e0ca61eaf5e246663b12f051c
SHA1 4319b7876e9e1b2e0bd92d799350c1aebfdfc0b6
SHA256 92069f74eecf77331dcfa29f81638bbbb52ac7ff555acc41d0e048a22f779709
SHA512 1d120f7da086fef8e9939e8741022136fdb48dc062185159686af442d47393ebcbfad3a2a7b61252d7c963d72fa319c371ab2bc3fec952745241b12a30e0ffc5

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 2cf63c3918264f333305f5f8dd0d4fd3
SHA1 c8c91dde0640c60a1905e1c38371906afcf24c81
SHA256 73d83b8adc2585e826460eaba94cc088a72f91e3003122cdd5089780499c0256
SHA512 e7b46d8a28fa4daae4daaacb96374b7960914eac623e81b6a5070e078ef78b6d7b37868139ccbef841a24f7720823eb458100585e83c45004726c5ed54040974

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 c9889c73e674c56a085648c4b807f68b
SHA1 b291874ac3960a7c7cec41c0b57291d3d978a30e
SHA256 13c2c709d41671094dace1157a6652e576d0c00f93566213dd5aa1f81808c52b
SHA512 18aa622b53028ab2fcf318e1a00fced425064c957c95f9774e07f0b13fbe82f0d163a02e2fa061b46fcaf8ec95433d62cc2c76c34018a8f8bf20575c5469e965

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 a0ee2b39a1698fef184a2a214f70e2e6
SHA1 7b4d5b099569be3158549cf10cd3906ba670b83e
SHA256 887bb3926b6d10f244148cb6e6aa94dbed1b2ae4362ddda8c51efc516423d05b
SHA512 bd963099ef9236c8789f623647e660742e293f68b847e3a68d53b6b69fda0e69cf8116fdb3273fdcdae5ff2043490b8159f81eeac4ae722c8b7059270078acbf

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 d71bad887f1fc2b7b37d2dc742b84011
SHA1 98b8ff0fdbe84006a9e659bd81726580ae6a7ef7
SHA256 583f97f200b34fc0e10468fd48e2f4eea3f49a53b90094cce9806022f9d576a0
SHA512 74f923717e421b0d7749c53879e2c9ccd092ce97a4bd73b357fddb3499c6d419edd969e3a082ffa71f4e528e9e050bf324b25bdb2d229550efee189fe05b8f52

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 24b9916b9a17c351de32597c40d47533
SHA1 515f28bfeb6138db407d4aa9dccfa82e78d71d23
SHA256 0bbe9778151f9bf7bed20239a4488ff8e85c16a4abc9592c8217e9a696cdf749
SHA512 bda20d46308b40dfd4231ddaa46343f1c188f8dc35679acc019e38655eb683a5e9824727c545db0ca4334f4245613e72868a63df66e36af1fbd0e8323000e5bd

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 ba373a1f2219107af5c33503a6410d72
SHA1 499b84f254285ec7df677274908be153009e6b34
SHA256 90d6178f9b3dc668d971e2cfb841e4e8ed1e4aedf6fd9303b4705c041986dfc7
SHA512 e78a8bbc77709078724bbf4c2dbd7bf94653ae7deaa209e8c8bce3895e22b8c562bc078d8e6bf7793093e3e5c6d34b2330350c2a1c90ebbe9f585bb181475916

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 56a2fc18663e3fe76371f6c09717443b
SHA1 20c07d556ddf632798cc3e9f33a1f4815fd33f60
SHA256 c9e4eb89cfb841b94063f2622893f4e1ed8cf29fefab1000ba3f7467b0232e3f
SHA512 0c43b2e7abc70d6ceb18ba5f65c6c3c72b4449fcf801cd37ec359d7d1f2a5d10c3e7184d2210154ab5fef9ff603aac7ff2498e0d404c51483a782bfeccc3d306

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 8db6387b2ec6cd67a0c289a61061ed42
SHA1 828e1c13863a93a207202d9df7c5df541ddddcdb
SHA256 9170061d7f5e58bb0eae77ffac3505b926f656b86bd3a9998cd934228c6a597a
SHA512 a17ae310f1a46c8e4aa4292d97e94ad98152851ebb84833be7a1832fad9161d2a96aef75e4c35961b0df6a2fe9117a8d1711182a4d4fefcb36ff8f9ef6fd4f18

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 a78d91034dcc94ce1ff202a99c21d1ff
SHA1 dfc48c94ddeb1fc4c795a96de94e7a513b017e49
SHA256 059317d47159e1f455ada8a55e340cf082a3e430de497340882ada86bc317221
SHA512 93fea36e819318049c50f5658228cf494c1b35cc46505a7aca28fe609b2c48edd7f4054b0f4ad842c14a10cc2e8b2c2dd70e88f272899b68a893268bb6f582a4

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 f14c45aecb08da7f1bdd0ec5fca9fb7d
SHA1 5b61504374520cca6e6588f79964682be3d4a4e6
SHA256 08c401e08896637b6fe7f2cbac5673be92df30c2995648f631bb361680c9f171
SHA512 c092d34a329903b3859656beb4688032161e44efc9be0dda220d2ef8d8553d8c28771c25491b515bb081f2f5539b636c5cb87cfa0547f3f99cc7871b6288346a

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 7a435bbb0ab2f2b071f29ea41f412166
SHA1 3a065a4134ee54a8622c4ab4f24c2960bf7f81d4
SHA256 ba4b01edc33c1ddb863d6baf65aebd6f1d8ac2a929e9e65a469d136fd4ef6ced
SHA512 b40aa5a68b2aa900d771e6b3987b6eee46020cb8063971860ccbb662328c7254cce26f4e35e31b4e9807c6d9846fd94ebf8dccf659087b3e7ada6273aeba03d1

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 43c9aaddd5cc24b51f3640cb340dc3cb
SHA1 977a4a5f9ccd165d97116c445959e7aa0fee6a4c
SHA256 6a22597094fc85443fd6c13602d27d1f89b3b9e98307380202f9ac4e6d2ca569
SHA512 961856fe20f26afc5b325212dcab770b2b37aa048d0396097a434ba25a50cbb7b4be0fb13fdb42fbb9099c56a09b624dea66ec6a5e864423efe0c9789b6e6ab7

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 b2b6b9f92cccda722a0dcd8802e46f0e
SHA1 8e9531a6185fdfbbca6d6c38a2b14543b35b3f07
SHA256 8a51bd6f025d4942e81af9057af08167a56825fa3e7059a282efb54e0491baca
SHA512 edc579e69bab0ff380acf3d8c81540c15427da58c2a0164c204cac90f777fd5fc6635f10034ed6c7401d0535149b75c54a65be9914f36c8fb71c8805fbd27f9e

C:\Program Files\7-Zip\History.txt.azov

MD5 50021f5c19b2c5c4f385a24a27675eb1
SHA1 0b03585d58742831a42b1c8c94d82a85a76a9c87
SHA256 c7490064add2bdf1ea887a7f518ecd83a2c595b6d1d5d287bd0b5c2126b289f2
SHA512 3ee40c1aac10429b3a95161841e15525a9966d93df74b7b8683f0ae5832cdb95da8728f305f08bb7a42a681fada4532ab9967671e541f8c169211247041bca92

C:\Program Files\7-Zip\descript.ion.azov

MD5 43db521b6a797c2c6928185c888e3b0e
SHA1 7d58c69d69e13caf9a39c7c052141059bd0681dc
SHA256 6317949e2eff27ae16bf4b5eb7800543f7c23edc0542fcdac7ee029af541834c
SHA512 8f683545779d93fbfe70a3646b1266c0f54bc1fbcc5644850d9ab7793f373c2b595a8d78b6e83aadfaecfa6375843868d070f14c7fad8216f7ca63647e8447ae

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 0d53ea2bd7881de6f0be92ac690d09bf
SHA1 697c2058ff52e10d812b8bb6db9c2e282d1adbb4
SHA256 e36e5ea3427295f5aa94fda9cbac5e77cdd7e373f2ce4ab85bc88e2b33966461
SHA512 890a423d977fc5f6acc8113c7c535c36fc5ed55a89c022bb7df83a9ed48375dbdecc566f1247bde757889a29896540c51d50204db56561f2f52c6094e9953f53

C:\Program Files\7-Zip\7z.sfx.azov

MD5 3a32bec36ee940e636032153ce44ed80
SHA1 68328eee95ced8d446cd15b10009d6aaf12c818d
SHA256 9dafc8615a69a9f1ab150b21470743a9360be0711277447f50bb83ad1b73ea02
SHA512 7eacc78026853c3d2863806f310b6d201f299534e115ba3140a701f935634a8f7fad96c530fb28fe57d8e1fac60581ce857374fab612dc6db8f94a696abe5d85

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 5aa3af9f6ceddb095199a3516ad52929
SHA1 61dadb74675f8cc57d2242105502ad4b7fec4538
SHA256 7ec154872d5d919e6fdb79b09f9fad9da29041ae04aacd4a57eb52eb7ba95733
SHA512 115c4aaf069db9804a025930110fb33b3037485e045c1242e78c477168c73294a86c34ab105353d91eb091f5f0bc597f0e0143adf2a2b2a84e74f2193049b862

C:\Program Files\dotnet\dotnet.exe

MD5 df2793f044ed69558df633169135495e
SHA1 b47b9b1615fbc1bf8315fef5986b0e1877cf323d
SHA256 7db6de496bbc3e0a063936baa2c69ddb5a8ce3a919441008bebfb8ffb775212c
SHA512 e0eea4e6095dbf846d143455443cc19859719857a7ca1d4968aae1a0cc5e13bcf6e636c5b8d7da2e5589b3872ff7349f750173d86a28094410a5720bc5905afa

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 863b7ca10a5890564aa645d1e95dbfce
SHA1 5ca2680593515364c36deea51a629f5a4afbb777
SHA256 3effcbff044a7f1f1a3d1c86a79bf1fbf5ac2f4c6caa4e4c48b82d8fd667ab45
SHA512 43e5eb5642e2b461308f045ee578cdcb9f7fd37a31bd3151f98d843c6b762b693c0306ec5d0970cd1a5f6bb6b291be588b2ac1487b7d28acd66f3524bd968aed

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 cea6662dab9be5b84f24f66169effb54
SHA1 e1643eed5abcc6b553a9bce65c20e62ed728a678
SHA256 a21aa48e58e393105c8008d7b535367cfa7fad7e12489604b25d9ee916a1ede8
SHA512 75e82f80393be70dc88548ce38e3b124cc24767ddadc7beab9f13d5978aed85009182d3c1778b0de8f94bb3be81b0583abe9b0901b4353da6909b3f6911cffb1

C:\Program Files\7-Zip\7z.exe

MD5 9c834573123f77ec18d8c498ec30c698
SHA1 d2414adbf643ab8b613c24e5537963e28d79212b
SHA256 e25b838a7282a8fdf7d675393269931990c898e197137d3ad2e0ea9662cee48c
SHA512 b96d8957cc0e2c6fb2813a84e6db898dc133a57db9c9f6852c5402ce68ec80671e4697a9c05c55f3e109c42c34b12149116f94514b266cd70c554de01cc514cd

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 7193e53ede0fef73806c8bc7d880180e
SHA1 a858b78f72dd967b98b2d52d6bb7cddd8b8028b2
SHA256 bc2b3888ec073c15deecb4a06bb9ccafed38eae65281794ffd0b2e5d44daec94
SHA512 52ce781a536da977d72ffce791b9eacb62afb69740fc64032c6557c2a513e58f9194d11de53f218da003c82fb9389962c9068385b96c73c0aa4a9fe48a29f618

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

MD5 7c0b37b3697b4ae8713b406d20c989ef
SHA1 7cc35a98624586030a2e3486a4a1a6c4b79be9a0
SHA256 f7cbf7da11d36043e414fc1b642d2e6f3d9f784825aa1d4db8234b025e90c8c5
SHA512 15d99b99dd0e2939a5427736851e9585bb520b6c37e1155dc681ae4ab8b6e8f46d98e1a595a57945635f55aca2a23235a6313810a177444a78e3110aeadf42fb

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99406\javaws.exe

MD5 06c35235ba1bcad02d79ac0ccc0776cb
SHA1 b708be91e6e703b538a073a14c4918b5d3c75af8
SHA256 76e714d269b94dd07717a613b7adf4cc74f584ae62572c82ebc0ddc40f8fa484
SHA512 bfeca3135f0547066ea1cf0897825db8ac414159a4f5b6d508aeeb17d34b4436cb92a2bd89c0652bd461988c2052fbd0d58b5e3791ed0d0e9a64d90bb7c90f08

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99406\javaw.exe

MD5 cf216e37960b2325997d60a9b04bc196
SHA1 12391d19df8a095ec1dae4cd032b65004d4a4318
SHA256 554c8604e0c744f9d4189593ca4bcf7178d62b3f543cc406b9a39b6127b4a083
SHA512 8653de7a3cbe7ef7dacfe56e4060a0c8fe10d5cbbc265ffa1372bae342c8a2e56e5f15e9997fe5e0367b1af5632d2c69230b4f1ae8035df1228123fc6e758561

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\pwahelper.exe

MD5 8a7a721f01bfb78f48393a15ea28ca22
SHA1 d9f30c952ce3c24445a7331744d6ca49b53bff8a
SHA256 94fd6a29a0a81178cc0015047d7bf05336b22c467288d7911f616e88fd4877fa
SHA512 408b3fc573df0480ecd4ddc5e421e6571a3ba8bcaf588a6110d5188c6495ce555b4e46e703386eb83255af6e740bc477724aec64fc3499151257834807d2736e

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\notification_helper.exe

MD5 f192be79eabcb9ff33c1e5750f7a4969
SHA1 c0f4f5a35e94e8e19ee90f604ad455e07c8dc9c7
SHA256 00af0d456e4077db5dd344a6dc1b8c51e24fe34876b8d961f0ec9c18d5d305e7
SHA512 b79561999af2e7c07fb3b1ee9d976223f0d8f2340875ba188602cae3eb6ea8814bd45e7ea12bf0e291aa76cc05b92b55ef856fea0e1ff7cf2c14040ad93558c0

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\msedge_pwa_launcher.exe

MD5 63a0c63c3ffc1cb71f0f1303ee82d3d2
SHA1 ccf9e192794519539e67acba4c5f714000d1a668
SHA256 b3568d423fc3a45f30c89b963292c73c9d830298c11e758f32d8cd2c54b44245
SHA512 4adf032e7b6876e995f4cb28a023bcee72fbabfe5e8be6db5cb6d06a488b46fc69a9e87d740b2b1568d9f471fa99b3aaafb10fbd76b986b8d4301c49d2fc09a0

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\msedge_proxy.exe

MD5 a3da9fca38e1d42e8036c6ff73968c5a
SHA1 e1a3d555e8e2a201bb4003ec5a8be441dac4894f
SHA256 62c1abb4fd62d66a0b35ef0ff549898d7f82567bb23861d1d116e7e0b2182ceb
SHA512 73c6a0a548bb1be2fd15728b85a5ad4b02ed87a2fddb6a56aa9a6a0a8a442848a279feecef78852b47dd19ae59900fb8636fada69d3273b9da6b97fb6e76d349

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\msedgewebview2.exe

MD5 4aa9c2bce59707d67715e4a5b05d0552
SHA1 127f808b50c9a26f745bf3d5f6434b0076fa9e5e
SHA256 9d24ea2628ff37382aeb21038183cbe47ab6fdde6be7b6e5a89dbd709115d21f
SHA512 bc6c21c7173efb1ffeb445055703a0058033ed8d09eef764ca98053cc0bc82555c8189b29f3b13ecdb8fa1717f480752adfcd646255df02127488087ecf14eee

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\msedge.exe

MD5 e0a8ce9b3d1765f522fc62618d348557
SHA1 2ed9304e8173e0568bf47bb49f3deb3e0bb3e612
SHA256 72dd66ef253b9eb3ff24a5003324394bf4b0bb319727106f6e44e4c04a906905
SHA512 169f6d2d98abc31b8356786b144d6e7bb474d56882fc470216f9c5ac4cc546e2cbdf32d0d0c3470162217417c8d5621e45e438167b3410798cb8fa03d0f51210

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Installer\setup.exe

MD5 0bd308a69a35c4c6f41e7ec9f035c61f
SHA1 56f4c6fd1dedfd498bea1d1a1010ef25d80f5115
SHA256 a81776e9bf0fc67a0c79782be52a99d6bfb418b7c8147b67a802db6914480e93
SHA512 fec19ad6a71561d939f4e83236460970ee10b87dd51dad9903aefa8c98e34658f89a98203bfd804a466401889f3e658423b356cda2fad1a5ad29ede551ff7d2e

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\identity_helper.exe

MD5 b62a6b80e69f8fc977e058ad034b109e
SHA1 61a43889c1d931a880aac58b7c4386ffb7e79a4c
SHA256 5547288ef9ac3dd9e5937c2eaf471467304989eb228e0cc4cab7aaf2c807cf6f
SHA512 c4215fe0444e837a79fba8dfc432265426a020cb670b6ea3431e4a5efa82ef94c573413289025ac3a270006d3731970a4287db2bd7c4317cc6f92a5fe84dc8bf

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\elevation_service.exe

MD5 ae0e7a488338470791ea244ad3cc21fd
SHA1 acac8d2b350ff174851b2cb7a7db46fe75091ed3
SHA256 14cfbd6f824f91df8ca81c8b0dd82e2b7fb1f87732fabf15fb42a2af55bf9529
SHA512 be4f6c8292b8762ac3677a2a7f1b9bb32599c2dc6415b890d2a73e44285567077306f833d4e9872c005f683f0ebcab763ddff561fe64f0f317e78727c129e37e

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\BHO\ie_to_edge_stub.exe

MD5 2a5dbf5b92e34f58ed21253196b1bf1d
SHA1 e3462580379bc9f267a5e4e2378b46092ef2fb64
SHA256 c1a9df7deecb00dd8252def76226271b7090e65f839535bd361417d5e301a43f
SHA512 d1e761d607c2268ec41c91fde4fbce506ce004d326e4137a37ca460a86dfcf6bebe8f2e49efe005150869d998922a075b330d5377ece9f2c11685018c9654788

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99406\java.exe

MD5 5ded6d15cf3877816874a731c0e48bb9
SHA1 c6621e151a56038d3591ed3cda70055e2b6ad158
SHA256 f119b685a84181db0702853987bc1cf58ce2f22a309efeed87afe88dd92644d8
SHA512 818493a636c0d2900a8f0b21270c438808b9e0876b08f0c80fb1fad73f40e347f02c34e30e7824c9176c2bdfae49aeaf53e1357c7d2802080c2cd743fd0afd3e

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 a58c78582404144dd06d518d506e4db6
SHA1 1530974ed915a18dca676b6511de296c40086968
SHA256 8fed7ed61d5c6bb32bf55e2a877f579b5b167a6f9e5ad44066e09f682665ba10
SHA512 243b9cef292d50137120da6488459541a2a5ac6deb8132e79e66b1f395863d85e34085de94aefd236acfa45d5ee326292252eed06b2762de6d00a1c5a32c429d

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

MD5 36fb196c346ea6c0598e4d77ce1226bf
SHA1 8d43e15162da59efb263017eaadcf4da53ab8335
SHA256 a7475ca79082350a08b7fb734554a4022ef9b1bf55c02e398101cee353fa121f
SHA512 426c7d465e52a446f2e0a6f1b29fe77e62b4224d90c19cf52c9bed9d82a1e5f66ef7370b21ee39b746aad17907ec8403352784c7ad5d9878d48ef68bee990fcf

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

MD5 e3809bcf66df9b67069481882830c254
SHA1 c8f0dd20991ac7ef6ec2fd4c1bd2dad1a9e5d3df
SHA256 8fd55ed6fe0013497e1b5f5e48c2fbbb46b2b24fbd2a7d40381c6c4c06d6b76e
SHA512 5acd8261039f04f63bcbed21966f554c13e3ed09054e3a32edc7359892003257551ef3bc7678e8b1a3b6f741dfc99045241590276acb9e2efc68de810685c619

C:\Program Files\Mozilla Firefox\updater.exe

MD5 446a8f989ed99749685631bfed0a0a3a
SHA1 38a9e454fe0a3be588f66bd93b71d4c34c452cf3
SHA256 6d025e92575f4414663012a6e5cfbdafc6f0f76f76bac0527b843dc9731e23d1
SHA512 5337903384be4a7a6667b32957b1da70c7ff7ab396eef4d51516b794bdc36a539dad03a1773d5aeefda9e84dcae223e6aba2669a775225aa2f9fb1b300bdfb81

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 c3b7a798beb75c61b248ccc5ad56861b
SHA1 6fb747eb598c1d0717c6a7658db79471cd76e3ca
SHA256 465fe913f9bb2f640caa289e8533f4497f5cb7398818b59e9a5582d3e9dfee69
SHA512 6abe01d5ccc4c7fdefe8976b88946070ac6bac1d52637a670303129c8518809fb102ba57d6d1a3bf3825a9970ebfc3decf71994cdd9946ff942379f536b5bae3

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 968adcd3034ccbe0478a259e47d2804c
SHA1 3c4470ae502c74fc9fc8c6676048e0a30adcf375
SHA256 1f575d060b85c857cb25ab01a46cb5a5456a090f390f7419e39e0b6954aa8a52
SHA512 fbaf58f58883ff12784149b55c5a0e2aae16c77daf5a9fe4362cad43b33503422458b896f87da0e0e7f7609816726cd0c3171dfaa1ce2acdb55e6abb9e712739

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 5843a7d74d939f26eff55d64ec335110
SHA1 c3247eba1bb4a74a69a278f5d2963d954d9eb62e
SHA256 3fe58b4d248d3d986f4f52dd68c420237d21b23ac96359c4dfa014d844647b13
SHA512 95429aac18b7f9fd36a66580cd9143a8c314c0fc3de63c634954570a2a155c94c3ffa0f6b073972f5699bdc1021903648681d4bc030b99bdfaac56a1be2529f7

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 cf4ab3c98965cc5cd17a65c5c682d7a3
SHA1 20b4fe4462a6dc68ce56aeeb5bde7d1f46df93e7
SHA256 8050992b069575cf9f342041d6918fe22898b632c255fe57a5d1290ea3866629
SHA512 7964133e57095d56eaf0ed281802a9fd77cb83cd4384966685a4236a4e98b24194f5fc75dc15dc5db022b332afc40050b7fdc44da57fc10697dc30b14242f834

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 db2fa680e78ebc6bf643e84adac02387
SHA1 9e35d069a237c8862d723ee7b7821a3a44f803c4
SHA256 7ad0c427cc321a0447d8fdee9ad2b598f2df226ab72a32ff8595d7a3b5ed9a31
SHA512 16edddbdaacc6588fc9222f2b0c145e1254b79fc553626dc6177986704e9c23664cb538a5f33c8162b3796e6d16ebdff60a5c7904496da061ac56dacd273cf1a

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 da5357c9203949448b7db065a450d8ec
SHA1 a871c2971a6bb816223c172ba159be1013f1004a
SHA256 b2e755f9165bb1a27d3de72be51d91052c005d05f61dd9bde66649b47b43838c
SHA512 c1b2ffe0d769bb5579c7f13b44eccf13c07227699897a022cfb23d74bf3ef3e190b524ae3066014dd08a9796445acaca3f5da9229bb848bcff3bd1bc97e490e3

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 ee22be518a8367531afa1b8350aaae57
SHA1 c4f25aeb891c20db1a27cf4be20a9b0b8278defb
SHA256 4d6cb96c99e2e23161a1ca31fa4d5fc0e1633ff3c55af07f432d808a2142e87c
SHA512 c38fae35be0a6585ecf75b0f6401a9737ff8b45656a5e7adcab513c4328152d52f8cac9b18a06b7e68c72571b31faf9c6ce5b1d59e39dba3f97b6a9148c2b74d

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

MD5 2ba844f26a53f9e615f4f118a23c2b95
SHA1 253a862386e84cc26784cfb558a67ac60b1a9103
SHA256 9c5413a9c6e870fa1cb6840727cf87482918bccdb639c81c8889874abd46533d
SHA512 23eb3f2708aff6e301cb2ae9b48714765611ca106ba112afac5988b576385e5bb8f11ce61845fda01aabb40986d885f0beb1853689357b5ac198bc6bbe262f8e

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

MD5 536383cc5ee8d4638fc8aba32e8fa110
SHA1 bf928511c730c677cfb48e07bb2d4fd62f24425c
SHA256 0cfeb226ae1e37777f4db5ab126843020c904862fba1a6d0b9a3ef0201f3e5a5
SHA512 449c3dee6d37b3d1fa70bfc54c79c542d183f5c9a19cf8d1a42522a4eb3fee78292bf08a7496dd428b2af0a090fcc55daae102ee69a26f6787dd65d2776d114e

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

MD5 540ac7ff6537d4e4cf40ae89a22dfdc7
SHA1 d55eb15aad205990f7d9143d2ed6cb58996fc699
SHA256 02e9933d9685bd12d3871c3e114b08b564876247920c9a021af946b935f044e7
SHA512 ff6ce02c5fe90eeee487ac0ec5fb4c6fb807e5f153e8860cd8adf7aa4728624348efcf8ab44c9194c1090e9f5c97051faee0c1c273d629dd39d896fdefdd3f75

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

MD5 b9a94f4282cb510dcbc2e876cafa12de
SHA1 b181339122f8dc320e7e10a353a1d7aaba684310
SHA256 2e66910d4f46ad0e26e0f460bd7d1095ab3991aac1d42b36d2ce6e3a6698ec08
SHA512 ba70a97b8033e038bf47772a60290fb31ff03d644c99ae9076ff153a3770e0a8732f9c8702637ae6344e6631a849c2c043a39f37308d7b85687137e0c299e1d5

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

MD5 cc578b3cc4a75ed456b709b946b5c9a0
SHA1 a55996a2aa2acd0be466a60cd4bdecd6c557a906
SHA256 abc939e5e04c2427afdd1eb915d253046b8989a8664ec211b92b52bb84e2ca7d
SHA512 69e6e1623ce4705a8abb09482d3779e23efdaf72e44a2850a59f438dd85f35f0cdc1773fe3255f571e46277a29bf58ee10757ee63e826ca9b7e5ba35c78e5285

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

MD5 45dcaed28ae4e87cf022080168a60a02
SHA1 1e41ae469dc864d96a9d85c9313ac8848ef4a845
SHA256 e27d54487ba259ed65cd4915b549510845779c057014863071eaea2bc113e718
SHA512 d69e4aec5d34c70d29c8586ebc72ed69aeb9c8f52e69c3ac7f23d02ef67c2c5147ff6dd4533c7ed8e8308a374bdb1747352ec85c586cbc237a154fcf33e85b34

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

MD5 0b8707b2a5d845bc8b65bf50bdfb35f6
SHA1 98c2a3897c042b406619153c6012ac11d6ac11da
SHA256 0291d3763d9216ec4aa8fc90e4a84edadeb7e3324591f476fdfc1f1e633ef602
SHA512 b47fbf8b955ac3d4c95d0f44e16504082b34ef62ccff6b541ce1795e6f6c151fdbc01b5af36751dd5f974ea68877e608373563212c10094c819df468f31e50ce

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

MD5 ad83273d67ac59063db86e2ce629d563
SHA1 a69c3a95d95434a8c3e979e06cf3e7dd91936680
SHA256 68cee975db9d2c966269916fad528ce7832d0300aa3471962ca4a2e461d17a50
SHA512 18d4bed34a82c7b5e69e42a36734b12f8392b07da7dec32b0309a76634516e87df68c2a02ee9f264a09d80b511a0f23f156390743952e0e2efd4c2cf4cc66f65

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

MD5 a259ac1e611cb2138557bb8fa3d04bad
SHA1 a4a2c00a9c44013cfd61a27cf0455beaf9feb183
SHA256 5dbe27ff86ae0497c6b30497ca71da426012c88d0c416c340fac7e5668b679d0
SHA512 d514f467c46b01990fb6ad0304c8da4268a2ff5d848db4aa98adc3b4257a98ac3af20b0d40e5594aed0d6e40d01ded7ca5696cb03605f40a9b3160b8c981a954

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

MD5 296ef6f8cf177918c6f9a8b6755ab047
SHA1 473db73987617304938f4c6682e6995288a7e40b
SHA256 6c386c2a7f3826b8419a69b69489c023e154906f88ec1f14b3ff1d7779654c38
SHA512 4b27504a29d981f2998dc367b9493d51d2a80b6cbef432e366ac41b58b49e93a4c2abc3d713d4ec5175f9fe776a72cb94359078497ee775cab2dc3ab58cbee77

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

MD5 50cdf580b7a876a9d01bab5f076cfbcd
SHA1 f1e0dd64618dad68f34a02b9ff9f3db363b3f3be
SHA256 45c42a7d6ee1deeadd02deffaf21f16830be40803db2f4eeac53c1cf8cd3e24f
SHA512 da0d1237979bb0bdc1eb9d219cb87fc9e411633a5e3b43762471d1c3b1dc597d27b0be84865de4af86cf27de7569149fba57d9644bb2e56fc6deaf65afa83688

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

MD5 b8c63841400065fdea8583b6abd038b7
SHA1 57c813914d94b56571d8b39ffae5e0bc19f8f5a3
SHA256 b32219462c109af671dae46d8a1a7f92d3dcbec326bd3083e79dc0a16e799b4f
SHA512 000cc5b39bed62fa09700dfdac46b168319db1fc5132e297d3308135c4cdcc923609c7f13c327c540d16d98aedb9fbc6342a3567637c1c3ba8e7bd819ea8f691

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

MD5 d3af3bcb6bd5df830f54176f76ca85e7
SHA1 8ca02d87b715e4087acfc2d1047a2a2240cca325
SHA256 ef74d5b8bb03d233218e15161474492b0b5d827d6f1247e75b2789d9c360a175
SHA512 cc6989d6ad8fb000c3e4d1f79fa2466bb464c905d561c27af44168ba7b3ae4e492f62bccdd13c1b07fc40307f48e6731ce6ffaa75c3ea0a5623987cb92c73c47

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

MD5 290e941c1eaa84b792d33d2605137881
SHA1 90fa90907f70488b466d35ebb60d98c088eabfc9
SHA256 c798e131983b8b8d8e88de74349275591aadc05e92e8cf550be78d5cb2089e1e
SHA512 160587f4f5bf8bebf60b39f65004ef0286e0b59eea8657966672aad9563ebbddaef19294c76348e18c8e85a77787ad582e6488b141072d61f276c7d87b5338ee

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

MD5 e2a7d3e27fc8a4dbc599a512cb42716b
SHA1 575d3a54d2cea726efa6779151bb13709a189add
SHA256 20c09388873d0d8442765df390ea82e492a5cc9cf023d933ee1fca2f6d12aa78
SHA512 265ff8eee19aa2fad61e9956431c8c6be61bab0afa33f12a48f57538d54b6fbb24e97c600fab548f3c38ba01f12304514d2c7d9fe985c20cac171f1fa3d8ead8

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

MD5 5b7ca222c4c3abc9e5e0a628942d0eaa
SHA1 5aa214a533c1767015b012cd57dae523ee6f519f
SHA256 f9ebb5d63f56ae5e1e77eb66d1c03698e7130837d2ca553450b9098b2287a7a0
SHA512 37367c20e85a117e34987c11728f16ef8a729eaf9256d998cfc56ee1b1383cd007f06eaabab4c7939820935852076ea2eddd25053387b400bbf8bd48ef3049eb

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

MD5 bf09b1edde04973f1d3b00878d494d72
SHA1 34b189dd07a6cac8ecab2dfaa9e5a7377c122589
SHA256 2976f910fa196f78c80d4641154418309bcead282c0c1fbaac8261429c5ba253
SHA512 88006011a0e787fc1dff23ee463dd7f805b5211a863930dc5add67484c285bdc40e4fd4277ab67a5f7807a5a1136844ff9ee0f83619d1898b4bd1c1c750383a3

C:\Program Files\Java\jre-1.8\bin\javaws.exe

MD5 7bdf87ddadc4cc9faf9cddba7f122e12
SHA1 dccdc905220e5c0875ec4a07a498420e9a69a0b9
SHA256 2de5c6bc0d334b1cac1b7bedecfc8c8d48b1fd562602362afbd98f8a74736c9f
SHA512 ff8b6f32ab021e6887912f8d31eadbac82f9fc6b76bc0b9a99d2679bafc8d9cdff8ac6de1ba9e0cf6e87b0818910d6d1f557afb357ec01488b9c2dcc4958b87c

C:\Program Files\Java\jre-1.8\bin\javaw.exe

MD5 700406870d20eab42e67daec826035cd
SHA1 b406447c3ef04dbb650bea2e77374c97015ae6ae
SHA256 fcf3ce9f92df90829070976d9ad48850bb7f3f6206806a47836672548d05b329
SHA512 6f557a65ad0dcfd7316457efe5faf792b89ce044b636a3845edf12c53a8fe326da3b03437a9e5b63c38bffe2695f36e27c05338f5c6560193429e823ce89b4bf

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

MD5 af0545502abbfdb264c9e5dc7eb310d6
SHA1 298bd4783d6c55c3904161075a6cbae31b978d9a
SHA256 b3841ece37a6d10a39954c45c990d1092b482b56d1f8ccca52917101db4f360b
SHA512 01f9c151958b6ebfae778b4778a5a533684f5789b644f823a7403add729787967741621c328efe236d32ba241fb577b6be336eb773f11a885bccfb05ba91e20d

C:\Program Files\Java\jre-1.8\bin\java.exe

MD5 668db132b18f5fc47ec2ceece0675b04
SHA1 e24047ed42c4300797e690becbbf54312f29a4d7
SHA256 3310b64eec3e6872199a4e471056974b71930c1ec61dbd3eff2464a1ab7a1f8f
SHA512 b1c7225bfcc494c086c137e1248f77af4c04b11217874af46f66720c3657bb0714c37afdb78c517d9898f217d00aac9ca70e27b0b26eb73edfc01971827ba2d7

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

MD5 d20d231f81e5c695e516339c6e867c1b
SHA1 7ae54b2774b0e849af993f7db355c580d864209b
SHA256 80fb957b537987164872fcdd668c31cd97ac94acf6b66090271a2d9a87399653
SHA512 4e4a59c64b1a67dc53b86e602c8ced2bf8ab54c90ffb8ccc45c32a323680f7cb707313a74fd958e23f264e282ced913a793a6481e11b818768363269c183f6ad

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

MD5 42bb370f0cbc2274a997d77efdf2616a
SHA1 f8cbeae6db1d3ce6376a1d843883fa3a3bf977a0
SHA256 df72db86febbe7db52538c88222cfbc5ebc7a6d55fce09e5fbbd97784df84343
SHA512 be1b0117e78b2fca05eab3404c71005c005fa91aa6f1176d222216b49869d5db6693b481d1531b5d45fb3747d98958acaa6e028a9f91f52ed9998ea812c8aaf7

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

MD5 8533af648fab24320e87a6fd6a8ab9ad
SHA1 9b0fe79d0e37cf85775a11c339500d85d46e25a6
SHA256 dc9ea548599dae212ca9088dc678b5fc67d37149be761d5175ae2c2d7d66317b
SHA512 8d89b49b4f06814ad884227c096d916b1c3747dfd851eb41f9fc95933b67c074282ae6830deceb8b6c41d5f55bf737c86eb9b969ab3ee8549aac78c6213902d3

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

MD5 f6ed7a8cb4c486877542e06009cd77ea
SHA1 dc84872aef136540e91f93e5601098d61e90c69f
SHA256 c5e68cae1c3306520cf9008871da7ca624287c28c59379b3c14868ceb089cf81
SHA512 eed8e33ef445bdcfed7793db817bebec02c262ab624aab192f7494a022d7f7ef503192a7144699745e5d387589f31cb4818121e6195494c828aa323da6b0b8aa

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

MD5 43144825dabe71b13d42ebc8a7367255
SHA1 0165f3d17aa5ca6d0f37fd7c758bd09a3c6abd16
SHA256 b7f62ca2a822533c6822879e1fb8bd95bcb4f94f9d09ae9b86a34adc752c933c
SHA512 835f72d3fd2221103abf7a4853349224d74a6646b8edb5520c7ee5d1771a447bd9ead7bcdcb4f736fcf6291e153ef179cbeaf0c96af65cc6c71b6250acc57e74

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 1c0abbf75ccf730ae0e5b446ec5d21af
SHA1 1b7efc3dbc7d94b078ca7fd360c77f444fdc439c
SHA256 9b485989c60b045832820de9f1717daf0d7916aa2289e920e5870c09eedf0b09
SHA512 7034df8fbafed78a40bd07fded65a2ed34138814c00677cec7e4f25c02dabadba238d30e528386eda720dec608bafcb1d7646db26f3ec52f8a881139b88e5781

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 02ebbd64363843fbf349f0764e2cc38e
SHA1 b7105777df19c21df789aead68ad1b22da2d6760
SHA256 4017c237b10f2ef4ca9edaa0bf810581c14b5bd8023203d3a83761813ed6b47a
SHA512 8e11684ace86bc4a52f8ec812ed54d5eabd9e59de60524a75e6a896f401b38f37d5ec46c05deaa62fc62464c9de690927e49d662d0cbba42592b2446f54642cf

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

MD5 91ee994e4e900e188c6b61035e0e87d7
SHA1 9215a5c8798fcdbb6840283d2de4cb78cb1bbac2
SHA256 6f2f9b4d89198bf7275a02765ad94ad55d63d14d94973d1c5d644be1fce5b62a
SHA512 b38009a79002e21b406ddd7e9a4b3f211265226f1fc771409a1f120d7f1fc7c3be6fc789ad9e443f222eada19dcfdbcd0bce5f8ef5ed2d7e6fc60bf620f934ef

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 20cff9f972d6903ac93028111aa43871
SHA1 cd9bccdf0ee4c2a134b07373f22883677ba4f285
SHA256 754f8122e83bf23a11c38643221b4dbdd2e07f007ea366b9a8be1e6c8fea223c
SHA512 c2c497264551cc439c0526622ddb1d1a3c996f5fd8f9da11900c95b516671d5c4f2e187706668e5f05efe8738c4f5d182a094aa18e5d35d4e702dab8a4b3f8b4

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 7f768629f4d9691e94a358be21e8b8ed
SHA1 bcee73ab065a0d070fce35a501afb16b0c45cd9b
SHA256 7a1b94bbdd618fce7f7785b0989382bb501da4236bf79c579c957995f016135d
SHA512 9c8f76a1f10da83d24ba062976b62227ea446c0c7029042e43cc364b7cb550d4dfd15d20204122712179d6ac1561af64ec08a98c52965db9f613a2c98c70c518

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

MD5 a8f9f2e0c6bbc0e5c9a8e1dce4caabab
SHA1 7d0ab04105c0254a9d7e10781b16223b472ec0f8
SHA256 3388209ab2af42b6c4d9072d08071fa3b12b41d435feb864f626997c3f21e0fa
SHA512 29109abe99ce4d74f663659c3da17e4578957131ef360362662486b7b3516e601072259939688b658e33bd9ebc67dfdd1572135d55ef29954da0d0ee20caa08f

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe

MD5 eeaa5af56ffc175fbd24c45cf2f69571
SHA1 d6b2c91816559ee331dc45bf7dad66d5e054eb0b
SHA256 ffc4af9d0babf9d88e2574b1847827db7b7c59d43bd1c945f5536197be41a69d
SHA512 7c12e909c8d10d58c6a1a6f98acd0d433412f4e23045c44a1fd38155ead370522db67343cdf0871b50290d34f35cbcb7eb082a634ce38fe19e5f352945c9e2a7

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 095514ebbec9df4a9b91af8275d845ef
SHA1 72d5bf978603997f5ae07725c28353959bd38e92
SHA256 9108ba202b5add057752d5cb8cc67c9131e26fa96a3a72aa2c9cf16f7c3b9967
SHA512 34fe956861a59376da4ecd3e2d5ed8ada7c0075eba9422e9e8093ab175d45e3a8bdbb8e029d88228e40948dfef15364022f78960ce56e36986b4911535bd755d

C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

MD5 2bab9d8da7de746abb720a055ceea4fa
SHA1 86b6421be7ea1b7077a535f22331670701eb1336
SHA256 f9d134917628dbb04f9f147336160526e68a32ba346660140900a065836ba908
SHA512 52add8a1abd5281a2edb4a7ef5f0f64baa034e2c1b46c799ba0bcb79a8c039e28ac0d81cb5bc78709f6d1216944087b2927e893312b70061a25e0f631131c430

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

MD5 9ff73a771e3f6aebd24cf125c9deb098
SHA1 1824a79622b4f9085792b5ce0d637b8e502a6dc3
SHA256 d35c9d1c75e9b749757b259c20908f437b7084a38f6be60dae2cdce9cc215428
SHA512 cd7ac2ad8f5770a18bb13a8ef0678ec8f75260431fc88382dbaeba8d5a88401dd8079be409a19e4f71ab4e4b6b446989b48e79b5d89993780d72059f4e699b75

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 0cace4718bc84fba96039215b06ea935
SHA1 c67333abf2c80ee0fb98cfa7f04ca38c0dbd1cdf
SHA256 aa6bb2a67e1ffcf525b80dd1186ad62544a17b8a71e84ba5b21be1235f86b448
SHA512 557904b4ecc596dfb023fb5d5a0e6fc39df7add532df4dd6f12d4afbdd6cb010f6d11b2b315b965519c433e110fdb36dddeaa6de20c376d089e6f2d634488b32

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe

MD5 eaa4f1905189c4f5cc489b7de324000a
SHA1 6f4d8d73da1224b08660ec5d9697e177e4e1c962
SHA256 d99b12c001eb8d2abc58c83800e5fa68ee5dfb39e802c5d60fea8e3f70c148f1
SHA512 0155d952bfc80ba4ddbdeed0f0afb4f374de9b4be0b933936a51b901bd66bade3f7f28e4d4551d3fc5e302459925ffa76786846d43b2fadeb3fd97fa126ba5b9

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 ece10feb187dd77c9ca0632eaa057599
SHA1 5b84963accf756f83adfdc5efc5335238129e315
SHA256 107a2f942e0145a3e5ae3157f112d42dd1071ace1bf59cf384a81bcd2e3cfc78
SHA512 7d3156f60239463ffb245f83ab1c81461720d8dc117ad8b69544124346ca41d3c4841b119ab4eb122bcc9c2e2c8d4ac92a7987cc17db75cb76419a5af161b1f4

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe

MD5 5ed676fcb3bd2074e0f4e312aa52ccb8
SHA1 927c96777a981c56d3ee20ec1af57499a3393589
SHA256 2317c053dc175e6bc4711e1ce9b38b92129e80bc14bd2c39b4d1c7ea4deedd24
SHA512 e79238bc26b5657d96cdf453b1c9086b184b5585053064a830178e104d039f236dd98f9a055a8ac3d343969f2edd79b25ef48df06035c64a96f088f2f633c03a

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe

MD5 1935784c64f62c182a2e7e8dc89eb693
SHA1 1dd09ed7c7ee5f53f8bad39ab786eabb6a1102d8
SHA256 a9a03c85a37ef8cc31e2247a331d45df34aa42c35df3625b0b014eb276b81b91
SHA512 b44d61cfd2f7263e5cac3a58d0c6fce152f019812773f4cc40bc5226f9411cb683bb7f09d12b19701f8e441ea74efb14c6b063b78961848166a07bdca6fb5ec5

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe

MD5 d9714be98a57aa66a7443a16b38833b5
SHA1 7e4a5042e40a0d195fc76e436be59b551776bb1f
SHA256 61cac1cc5ea8dd367fb10fc7af258b26fee4372cab4e3547f37fa2eebded0a00
SHA512 6401ec78e43d4f14a8de5dcbfb7a26c103d7447ac52e5402a582c11a84300f66a53f2ca29a966cebf0703aee386af2deaf275b74ef6e1f62ccbd5e3deb80af5f

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe

MD5 898b2f8760b1eda85c0f1f41edf4ef1d
SHA1 7b1ef1dae01e16219feb7778355152ccf82c14e8
SHA256 016faee4152807981318d833f305d9c357f5572eb92989ab164afae19432662a
SHA512 756f55a62fba5e9c7bb66666fa69c6eade72cc5580a6c7704729046e0185abe15790e1f9d88b20b919be3dbd97e692520d732981d30111ea65f1cff546b99b51

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

MD5 68e778f2ee0fff5f3680946070c3eaf4
SHA1 964b78b94ab128b4228a276395a86a292801bfec
SHA256 b2e24e2ab405c127b2443e4f4416807493a3f2874255ad6efec54b6290f9138b
SHA512 0cb4fba0101f7ce3bb1b7520cefe6b563a755549d4eae50a92895d23b58468863d22590fd7e46d82283ef8a8bdaca29b4c7d7455964f789869e1be1f641e9772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

MD5 60ccf990dce4486c8e73330f9877e5ff
SHA1 58a64695f182068ae2d7a1f0811806d136dfbc85
SHA256 028de1e2bc02bffc8e91be17125b7418571736ac03fe4e28d9a2d99cc0dc0c51
SHA512 17f2eb7252eb02cfb92c0816e0d78d96a2bd765614886f709b0ca64d2309b6a2dd155556f2bbda3b59b143342310e517b302f6bd534f541d0fbd2f1a443c87f7

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 8319e8a17999d67690dda1802b79dc9d
SHA1 c55ddcfecdda652ec8344145c410c35ef0d9d192
SHA256 b8ce22fc60ef5d4732c49cbfb475d32fd6f6f6b4d690b4d589ffad02ecd8740b
SHA512 da803172adf3cf8e9fe9d464c8f16ee46908994d6773c8f38d55299ce21a4513fbbee84024bb003d60a7057c4f90657146b59c694b39038a77ce5a04043b0bb6

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

MD5 198b1d4bd6badb5b1b33afb13680a137
SHA1 d21b3c38ef2b83a1eb69b5db189b1f6b50de307e
SHA256 53aaec0e9d8ab171fb791f19f0f9af54b3c88519f101906299f9dc2169df6681
SHA512 28879b22d4c6d60a97b7004905f2f10898a6a065839414c47da48af5e4faaedb479cbc90c751fc12250f407496f5577f7ed2e611a636857677a1fb523b9fb73f

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 81467c0c8d95e2b35f919bb06cdd0cdb
SHA1 b7cdcc0f5875770f5f9d54454ee4a037b1eeef2f
SHA256 c160258e5e024b20944c5e3e151c2d904f3839f4930108b3e56ba9ac7db6259b
SHA512 b81d17ffa1b2c9ade5d0a71f100440416d72904cf75e51a3388e2a0b0691a7caffd35b101d9e1c6757aa05f10cc274e0d6da9a21bcdf6412fe327b16023ff100