Malware Analysis Report

2024-09-23 07:02

Sample ID 240616-mgzjzazdmb
Target 2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk
SHA256 b6f5f9f64cefc40397e3b56157fea90b31bb7ce042abc843f61d4c653684cc33
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b6f5f9f64cefc40397e3b56157fea90b31bb7ce042abc843f61d4c653684cc33

Threat Level: Known bad

The file 2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (8399) files with added filename extension

Drops startup file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-16 10:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 10:26

Reported

2024-06-16 10:29

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8399) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsSplashLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right-pressed.gif C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_he.json C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\help.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\63.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_backarrow_default.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner.gif C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\AppxSignature.p7x C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Third Party Notices.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rll C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sk-sk\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_CarReservation.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt.azov C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nb-no\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt.azov C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\PSReadline.psd1 C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.scale-150.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\3px.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\PlayStore_icon.svg C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\te-IN\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-60.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ShareProvider_CopyFile24x24.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MotionController_Diagram.jpg C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated_contrast-high.png C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe"

C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-16_c1c8d51a21db95800b0d0ca3080e3b54_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x27c,0x280,0x284,0x264,0x288,0x7ff6d83f96b8,0x7ff6d83f96c4,0x7ff6d83f96d0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98fc3ab58,0x7ff98fc3ab68,0x7ff98fc3ab78

Network

Country Destination Domain Proto
US 8.8.8.8:53 clients2.google.com udp
US 52.111.229.43:443 tcp

Files

memory/1644-3-0x000001849B6D0000-0x000001849B6D5000-memory.dmp

memory/1644-5-0x000001849B570000-0x000001849B577000-memory.dmp

memory/1644-7-0x000001849B6E0000-0x000001849B6E4000-memory.dmp

memory/1644-14-0x000001849B6D0000-0x000001849B6D5000-memory.dmp

memory/1644-6-0x000001849B6D0000-0x000001849B6D5000-memory.dmp

memory/1644-0-0x000001849B6E0000-0x000001849B6E4000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/3876-478-0x000001DEF9E60000-0x000001DEF9E65000-memory.dmp

memory/3876-482-0x000001DEF9E70000-0x000001DEF9E74000-memory.dmp

memory/3876-481-0x000001DEF9E60000-0x000001DEF9E65000-memory.dmp

memory/3876-485-0x000001DEF9E60000-0x000001DEF9E65000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 24894122c156f1c861f6233e28db450f
SHA1 42ecc127c9943081be2f34734631cc35f28627d9
SHA256 335e4423970dcbdd4d05a996296008e07fb4bb7ce3f8dda3d9ceb72a8f69198b
SHA512 9ee50329b01fb0d563cbbbb8edda29f62a8ce1a2a638fb354e7cc8cd83fc35be4bf8db71104dbe810181c22e39de2f1259216af6cc6e285597c7a193a13ae582

C:\Program Files\dotnet\dotnet.exe

MD5 0c5b45bb32cc1729be30f58ef46d3de7
SHA1 c21c3e436731875296763fe1dd9e0113ea59f282
SHA256 746f01b4f7674901dbfab514c8bc0ba8a1a925061cfbf77491feac088cac7c31
SHA512 7997bae07f3ec39ff53baefda07e12d9acc380fc77e989278341bc04f17e2dacacb313a94d06eef27d9ef0e2d2bfa69bdb071e4f27135e2f3256a11812f44a10

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 3b58690052d15dc41d14268765dcc0d0
SHA1 777b83fc4ee1863b48956b5fe4d42ea326c2aa34
SHA256 f353012f5015dab696f36cb967c67e816398061dcb0e06eeb5aed27fd5ea7a80
SHA512 6f860278962e7340f8d2689076fceb5bc10e089fa8a4881357c498a59ecd219914a70b2bfa12462a52b6befb3e026dcc4a3c03b11bde5ee71da2c3fe39971921

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 f0d2bb38d9f18a93852e8c9ea07ec57c
SHA1 3006e451d18fb1fd96a5aa723477a57a283fe247
SHA256 9739efa197dc0228077b6e814e19f8a237940fd4e7fdb0261f0754a54b750feb
SHA512 08cccc4207201d8c5fd1d44134a2c561f3b1ea0c50794929a54ff26d9d31430215ff5413c1f0d60f059970248f238038f0e240a3197a7adf0443ecd7ccf4b230

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 bcc4d5c8ee3d96f285e88269232fa3a5
SHA1 9c5d358f5ccceccebb9bb452d1b2e9d87b82e7a8
SHA256 87946496fedc1e1c5ac3d19b1155f721e71f1d2c7a4e6466f9f25fe2faef9d67
SHA512 33aebc834fab0b0fc9db61b35201a48613a9c6e42f7b800a412231bcff894532267581ff3e6c70b68873e4c40649e158b2a0559183956bb9079520cddf011294

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 30d77777e3fcd81401412132d7fed258
SHA1 7428e60c26b61b279fe21ba6bde6d0fdc2e07e7a
SHA256 fb0d12ffd73eceb5ec1e31c6bc2a6f990d4df7cbaf64674be39b0501631867f6
SHA512 6f07fa24167cfc304cf4a958e225c365df8e06b3b17994c5547247133f1547427ebff84b8f6aae0f925ff6f4915fe71b5f49093fe3a7128f29048b3282fbc1fb

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 d0f9e8b397fceedcdad434b86172806b
SHA1 4a4769d70632629c860eb991db11a183eee98562
SHA256 6efee0605db6e108c7c38531e52f66e19c01d205356bf2407739d5b7abaefe3b
SHA512 90cd966127c1efaf003fc9e2ac78f5996bb035d435f46d3229509f61814bb2d9d6a5a36d9a8d4443a599f66521cf7d86d86c7af7dfdf922a636d0460fe4abea7

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 d354fa4397654c40fa03179834d9b61e
SHA1 eacf0f289eb4473c27df163e79af241ca39c2de9
SHA256 4f465ee7398324ee1f11184768bc5e7eb3b515a35f4f8f4692760a19327ececf
SHA512 b92f8526f6482ae9565c0bcbf576905e767459ad2bcbe64c2d00763469a9dffd30573a8387d4ab83c43e0283a8dbdfb03898e7af7aed21597facc51423d4b121

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 6c9ec55adca0b4d4283c263551c4d846
SHA1 66be11774b5807dcae7402a88520a1965d90d0de
SHA256 a437376914abc83a31e461923ffeb45377495bff6d95a49f7d6ff6c59513aefd
SHA512 9456cca38490e08146aaf6583dc136c91a643e0eb2c5ca0a64ed2b2663d8f1ca9a9734c51fb64d5a518bfaa65b7d09d0d89ca178de0adf2f177957d22dc6a2ef

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 4517719c4aad82562c42135901b2114a
SHA1 ea67337bc1218548571caf9fe9afdfa66dce9cf3
SHA256 548acab8e2e8327412688237849ab21052889f8115be6d280f4082a56d41182c
SHA512 0013d0d3cae59fb862fabe944b9365385b541af7b6d9826aa3efeb209a1b68b4b2866f1564ea6a0576c3ed3712d0cccd0c32b4b40b0ae4dfab76508c42b8cad5

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 97398e0abc8b5078bd0c48489f9a1382
SHA1 0da4ad3f02bf2f61a49f1b23797ff56b2158b82e
SHA256 eb5e10668b19d7d5170059ddef05580de8d65382d478e1eaedba7889ff153c9a
SHA512 d8df16fcd40fa430cce76db3aa6fd35079fac0e0a9eeb36c795bc1fdba6bcdbca1d0bc9d87308b499c1b65ab1dce01ff066e429704b53d63afbf9a23b530a9ba

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 fc9c2acf6c56e2c0bc847cf2a3bfd3e9
SHA1 44a766277179e80ed75a2d639debc2d8da0bc3d5
SHA256 340474f371e06abfbf33ee414920b329cbe6261e8a0c7c78aa3dc934bafb44f5
SHA512 11a4ac9f3ebedc456e1c51c3b64ac72757c0cdfb962c7bca58795629428024186f0a0b9c7b7e3759c0fb92ed02be490951b2d221ff8ae60ad2d75b8c396002b6

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 07a62e42f06a79924d50b27cd7fd2167
SHA1 edf931cfeaec2a23768962802adcf44c9ea030a6
SHA256 05d6b0985972abd2f0e39e09d44860bf95069bfddc3aa068a2cfdf737c421b6d
SHA512 745a125e290c42857ba680df58916ee54a0c4dead2e3355707324150600fa3f59acac57ea280e6571deda39205d154a1d68b9dcbe23121f56c589e8d713240a2

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 5720c7c4628d6b13c01b2880db242210
SHA1 57a742bdf97ce233c140a34690cdd31a3ad43fac
SHA256 eff314eb88a9ee6cd22b2fd568bf7b9b463cc7df7ba9d38bb60dc9887b64a1a1
SHA512 5c8f66b44f242d3aa1c24ddccd6ba25fa3d286ec3eab8bf0ea71b5c0058f8521c4c780469afd4a66a95ade8cbe3ec470f572c92179326e4c827a705d4b2f4a79

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 96d19da17bf6b3f01f5c1625c3c3cd16
SHA1 414521acdc79fb14c4a057b93ab5cb35bdb582aa
SHA256 712c9adcc3b6aefbbf46dc300e3458bdf9346fb74d8cc6fea6eaa7b73ed000d7
SHA512 6f3490cdf3c3bd30f916b0bdea95dc77eeb4779b209f63de30b0797c003b1264ccb747da7a2dc70e54237d0a8a3315d3636b61465ff84e720d33805a23faaaab

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 09f41365b2694bb70802bd941060267e
SHA1 862454762902b3792854780f1d0a0c7802af6323
SHA256 d23fbb8754df15beeff029585ceefaec24fe535bd4b5790de00c5ee53317f8fb
SHA512 8fa6136a003699354766417e9e71e1badeeb04a09924f08d342badec110a18a6a0476ae0f715d32886d59979263441d59f06294130494c07d9477979988d24e4

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 2ebf2d75a430f7a15356e2ae8c6745df
SHA1 644307b8585ed746855f254026a2c72f0929b15b
SHA256 7047c839b3bbdbbb97efb7a8ada626447f64af2c8923599705738f049a9b7d29
SHA512 e06a4035bf0f2487bb372d685051f8fe44a1f75ad106786aab98babd4fe9c3f6314129bdd799ecae62c3f97ebed888cfc460dabf6ebb39dcd7d9240774a3edf6

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 a64abd0b8abfb3f40212dbd3ec4e0b0c
SHA1 7033a7d49aeb0f23df3da23febd8bdf0a226c3e5
SHA256 480b22530cb87ef85b9097488f7137cfce739e7061794b134dba28030b9c7b68
SHA512 4207de13e107fc72c3eab0d420e00e15ad9afa053015be1c560de4498504847a0d7cec2e78fc535a1f1c0a339ceb17c99663669b3def79fe191c69cd55d4d085

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 ece776ed2a1b5e282d3faa916af8dedd
SHA1 baebbd0efa0b50876f4ebbe44fa4d7d767c5d867
SHA256 f7ff7dff2f12ea05c0fab7e00a2a5af1b85cbadfbbf281aecad802ba948d31ac
SHA512 6cf411b800ed3cf6d2b69cbcf9aeb249c1fba3e9db5c32d8e4e9863f1feb3bdc79d3810e2684b985dee97b36fa95a666499525e7dbe30f1a27b79d41ab1fc469

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 9f0aac5295014222cb9794b3f9cf18ec
SHA1 0a84e17a61483043ef1bc251aefcc4b509dde5e3
SHA256 21f155b1b0cfb721989e6d61b473fb6f0a9287a9807d0a6e6cef6444c2e9b260
SHA512 57e15420a6c65e1135d961ec76ee7606304778dd1025c152c83dfe155adb0417a5a184e5af218d7eba6ad79dbd3132a359e81f977e6e076224756d6a7bd44b32

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 1c1d5b875d9c47ee2b2d88f925dedf5e
SHA1 579c2109183c638ccf7135b74492da72dc8bbec0
SHA256 747ad25ccf5dce151c553ae645ac10cb8a356ce4a05b71ae112f7746d33eead6
SHA512 6ec629797c88085c92b32ae6cf965b3bedcc895e7636cef3dd19c7e51e2c73170b989d0d2c2e7ad5ac119fa03bdd457fefcbf8e271ceca2a291ce4723ce3fd04

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 70a6d31bc4dde99d5c0a66ca1d0bbbf6
SHA1 3e6a8f840a90b2ccd97cce8c3d883ed715cb1ce2
SHA256 f42f9490eaba7eecc235681e60e28e34e6422cfc67b1f8745ad407792ba8de2b
SHA512 df0b683a6909af59bef4028426fe8110c5f73fcda7d4fa373a9fc30307ba6e1fa0e21671fdee3861c8d327a39785ec4a15e07be0ac3cd627406427bffaba9a42

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 176b7b61e486b1c83ad93d4599aedb3e
SHA1 14901c6704db45875816b42a79731730d74f8fc2
SHA256 0f266017900f500e836091e7dfc3e4fbdb7d271bbddf4c9c26f503c498a544b3
SHA512 fb1798fc0399e8cf85ee17fe08689a26bcfbd84beb866ee1859fdd06c68c0653952dee6675d05be85ff8f06200dd9eb35a54aaab4b0515bd89e101eb9a141bc3

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 d050f698937369ce6005a14d17965f75
SHA1 9786fc7e027d3629f628de3916711b45fe5c2575
SHA256 5544300fc3d76e8da5610557e00735cf411ac9285e6a0c0d23a977f1e28449a7
SHA512 c80d291face1850226d35fe7067d6577407afc46f70b88907b81d18c0d6501cae5f729820a386260f36606f7b3706810734173010d218c6e2f52302b7a418907

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 f04b1f6a50885366be337fd080a8cafb
SHA1 96a092dd1593aedbe755eb0c0c7076bbb8e87bf0
SHA256 54aeafbb2d57beda136d11832c2585b1e310857460de7968153185d80aeafe35
SHA512 745b42e63056f6e9d0d324b10e17bb376340d2365a501bee43ca5d906776c79c78bc83bd6dca893067850c7d32b1c57d2cc3b9445aac9b65c8f8f65fe8c403e1

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 077bdc45cf587bfebd8c077a6cad718c
SHA1 525676726ffaa3d6193e81a63a82685a82cdf38c
SHA256 091abbbead5caab5cf71554f67309b955023ba8473ed426607af6c7ffc9b4f4b
SHA512 220db891480663e88be82cde4483fbf8a8e1b71a990bbf761c78fd52517a849a8538a4dbf17e33b36304ef135a784fdeeabc7098d3435af18f48e5207defbd23

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 917c8326b4fe0f723387675f85a6600a
SHA1 3daaedbbf82783a553024839d86d6ab7bb2fb9de
SHA256 96d46b2b4eea56b9bd9867340128699243645996f5c7aca39c0603978ae22c5f
SHA512 54f813e4478dce1649db1d63eed6e7a071d2051b6c217199fd99735f64c2170dd06db8e24cdb99611457765b0b6f1d88fb42180e1c3ff6d10b27fc981b698d35

C:\Program Files\7-Zip\7zG.exe

MD5 d445b7c9cc7efedc9d17d9d9c5590c5a
SHA1 460229f8a6ea4ef4b45db9375190399e954b69c4
SHA256 bc4c07ac25fe97fb1e33ddf7e85667ce84bf63e2cc62f8f5b2404d2af56d7c14
SHA512 8bd7f9b6853d8254eac479e60664ca108d4a46e842c108421d0fdb21f14060697a39b1f5b9e09eab5db82e4d5c9d847f758be60da504bebf1e8565bba32ef69e

C:\Program Files\7-Zip\7zFM.exe

MD5 eb232b8ef3fcd740887986502cd9e7e4
SHA1 3e92cfa5445002064332668786c356b53832aa5f
SHA256 ccc9890fb9f94675eb9fd44b373c634588a0502d8bb3a56baee802da1e64e583
SHA512 3c1c672e2559622ff0cb15560ab999f8d09ab8b1dbd080e1f73d1f57c7ec44a077ffd9be229352a41d97a62e25ec26f75248e3f58cb1e0490996f4d6e17839af

C:\Program Files\7-Zip\7z.exe

MD5 7c8d277204f7a0cf2bb0f6416f8200c9
SHA1 f11060c73e47475f64b025182f7abf4fea9e97e3
SHA256 561fe0404c5961adb573ddf96478a3e729cf9bdff8113a778a980b560bc0edd0
SHA512 5e801a0d65581c5391de3b9fd4c2407e92092fda65cbadbad95c71684f17b83d358432d2f1004289d0bb11848f12856a77fb6ae65719e804ac02fbcf4d7e7445

C:\Program Files\7-Zip\Lang\lt.txt.azov

MD5 1d70bfbfb23376bd170049a6e5a93d8f
SHA1 73e1136c53b487442c3bee6dfb5e13206cf051ed
SHA256 c415de9ea6f608e95f14931e24a5233e173e823d9ccfc1bb95761010cf50600f
SHA512 ced614d2d3b064030f4c348923ce175583d38e61671cb8678af33bde6b4087b4f2048f44b4aba2860e9da826884c39ada2eb63e4e8a15f7ff704246ba65d38dd

C:\Program Files\7-Zip\Lang\lij.txt.azov

MD5 3e17a8636cd89284f0277565560dadea
SHA1 f4b3630a4b1ac025283d799d0d9d3c648743e3e5
SHA256 b607b275fad85eb6c2d953fe37a4a270755293478d6ed9217321ff3c6e5d94e3
SHA512 d3e87ba8127b616b70cef51a4839791d282b8069505863f4ba7956fe59964b2551af30668503fbced5f64ddf21c774b7471787bd699728376efd6836680b6a57

C:\Program Files\7-Zip\Lang\ky.txt.azov

MD5 c8f80049bcc02753308f57c49b2806a7
SHA1 4e9b147f700e909c7322ab40860a3a602e90a2cb
SHA256 d77751f78be8801d44aaad71221e51f97ef891bcf6c80acd2ef60fa61ac226fd
SHA512 17a53d25a1e07b7d4be315de8c00ff35e13035728ae390ed52ffa238ebb941d8d725710b1fc42a50cb8763867e5dcf23a81b12fdedf2fa04fd796baf4969e1db

C:\Program Files\7-Zip\Lang\ku.txt.azov

MD5 9f4eac119b07f9e6a2844d56951d1d44
SHA1 72ade4318a84efd7b66068c3c423798fffda42ce
SHA256 9561b0d405ad5b810a5eee34ea41b17d799be12d39b4c4c0a36c46b3c0983571
SHA512 0611f125b971a025a2d9a9661ad21a562c56c7e7a9f17888c38b06c7f5ca1c8d6c04a9f3e80d3b4d29de3e963ccf24b66dff8443858e079bfc36df8be205a229

C:\Program Files\7-Zip\Lang\ku-ckb.txt.azov

MD5 d7ec879ceeb8cb8a7ae5256f9d596453
SHA1 56a907f6de6e69a20237c25e50294451cedfda44
SHA256 d6285deb17d5c6f252e59deba2c5df40f43be997b7d0e8c2b14c7a357e05cdeb
SHA512 baf5a38513f2d7b1e4f0b0cb776c8bda63f4712b35b5ebebc1c0cef59ddff6da79ccabddeb7a1dec813344ee0b9925002d1957e39fc362c6f1c185927b2b7972

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 9f5868eaf42d6364b2857a97c05f2e8f
SHA1 6f55e2e9ee1c67157dceb6590be41612cd5fbf83
SHA256 5aa82827a9477e99beac1cb784316efe7c2103f7269c28bf76e729d88d94c1c6
SHA512 67c75bf5eb5a67a61f02fb885d124595f2bede6b5d7c14f40b5686e92e70aeaf37ac9afff4b7ade2899ab2b44cf10f630c2e8fcf6fe11365bb26a17d16a7e7aa

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 f4a15c4dbe3705c45acba895ce12eb1c
SHA1 c1a1decb19be585d2ec8f70ebf3b11a9228033a8
SHA256 9c3566caa9d37dc49d444ec92de02d6d28dbb06f730e25c6aa12557a2212b2e8
SHA512 561a3058aacd859a54020b3203a320fdfc20938bbefc3917aa37092a1610f0595263680d5848a9d875695b3db4788c3274dfe3a0c5044b2b25146bdbf2f66d0d

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 b27e739048e007ee861575a069459abc
SHA1 98afdb24eb33111007fdc460d9f48b1cdbe975c1
SHA256 0809aab24a995b814cec8a8b89dab9c5899979a7078923f355711bb5905ab941
SHA512 0d7be76e7ede97f5ed920b95d9b4bc4b2b0b1135788459dfdffba578910ca0361dd4ee1a8dbcb5ce47017acca17888c2bf6ef1b9ee4d94590cfcc63790aed3ba

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 6c186eb82c6dc4f32a6e0d62066e7bc7
SHA1 044b164e31f15e0f714f0f92dde118afbc61dc1b
SHA256 fc39ce926f147f4224949c4de1000b13e9df1a4ecd3f9276e34dd77f0e183d28
SHA512 43f18a4a5e662b1fd052c45c654c09cdc9da3e6b0890418b8958bb35a950158c9d897447646e5e40cbead8b841ba37f3477028e5c1dc41567be2dc9f3e7c350e

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 0e5ab977a88d5dfddc4f4817d27a95df
SHA1 d94515ec7b212da807b00354da22b1487d2729f8
SHA256 44de035210515f65e5eee06078c2bca85e26841ae3c933a2b03116712f08a270
SHA512 40150b9a551a6fface1132a42b9337698381f789096efc609bc7e0537a889ffebc48ce3d9c1b68076fdd78abc07bf50b41f6d7018d7b179f560ac6a2eae7a10b

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 20e6308bdd771bd00faf388ba3ecc054
SHA1 68ef76d0d737b8b0f012b8f369ea8525253aaec0
SHA256 71b5e95323631878d898e523a03b60f6e20f2ed6be2c1ff06c2ca47717e7107e
SHA512 6c2eb59f2d40e829cf1d3ec30c05f527fc94a1fa1657ebb42b7f894832b1a2568e97ed47777c5deb36dea4627e8d619a3d05403940d0aeccfa475a9e61fd6087

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 4e89d68d96848909942989354ca87d0c
SHA1 a240c31811020772a87d8b00a7152158ac77ef1c
SHA256 b58bcd727e5d2d40d064c60be2114b785c3ffb04d22d4b9549702656af083a09
SHA512 bae3aba19bc5cbe0cee3cd5a3d9719b14b403651c095cb8f7a0068e3694fc71b7a52b535e48ab6d4979df16229763530c40f4de661c113d29d27c84be0d55e7d

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 9833a85a06e2dad4cfbb8f688818416b
SHA1 507ff391c84d60e480709d66f243cde2e41f21c8
SHA256 0e89cc13c4e8eb252b777ab1a95b70c3aaffa5fdfd174d7ac617be7aa08656b0
SHA512 70bf905009dc60327e9217c50c9a97de503bda7a7ca798ee73b2932ad8b0fa798b800e579d0f1a56d49657b814147548f12c1e9124aac34bbed4bcd92d0e3aac

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 e795662ae46b0b23d0ec34ac2929f1a3
SHA1 a9f26b747d322275082375f68bb3af9c07b06a18
SHA256 2de538d789f65173dd9b4c7e69614eee1106839063b7bc122ab3cefb568bd2c6
SHA512 62663c553d4cec903a63ef7f670a44879c5c2c76b73acd991f4824a48fe17657795ab6f9366a8786945b29c5883be438ae0e033950a52c2ffdcef37bf5bac91e

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 4eecd12648f37f7bf07366cdd9c65cf8
SHA1 46405ce568e740d128c14b587b45db1f4b157b27
SHA256 50788e49be87b7edf8be4da5f1921904edb783d803844b545e60c18131379e5f
SHA512 f303d6c83a1e6c6667a6d3eb0e5918dd3c26aaca324fcb9bbdb26888df0bcd5e562394b36da2ce00026f5b2359e451f0aa62540a187f4804500685e4c9b4da99

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 aee2e2a80b843b4936b73960eb465bda
SHA1 ea8dfeea6b77ceb0fe88efe9bd6ed86286bd08cb
SHA256 08989ea306883da95e60539ae74ac0205e99ff2a9955889d3dca953b176dc392
SHA512 a8a13262cb89e2ddbadc58db8d94cbd0edddb6dfcd27618a7b1e7b2dac05d9d4e9c8b115613a7654b084e650a3ff8c1700f5cbc352eb516c9b0484ab8f383925

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 cc8743570805a28f48472630ccc4fa4e
SHA1 dae29c24b34c6d83f1b8132a7b1676e4273a5c01
SHA256 95e2fe95678f24e9f789aeb711649e3e30ac90227eb9ab04fe1c0b6999ba7255
SHA512 65268f4ae030ee274c683ff7e3708cf5ff1ff9c713fd5342882cdebda6b1a6aef9bd819727e37556d4540a07e808ee9961d4699f2c2b697ad114b023aaf0f019

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 754c31c0414b91259d26b4e8f914f1fa
SHA1 747613ddd0f865094406c0d4e0603b5d30231924
SHA256 42941193727692286815771304518db3cf14cb1fd1acd418b4abab187885db96
SHA512 397139ceabb6345a8aee28727960a03ac41f8d8de3cdee6036e92a948a6621768f540ea456f524ba45a3cc4f1b58ca209ade266f9f8387ca91fa1ae2f3c49823

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 ac1eb3c46f34b929fa3f790193a1d0b7
SHA1 506886ebba3f73621385854960d0f8366a405adf
SHA256 e34da7292b8f86e727eac498686209c7c086f23539cb011fa49d58f4fef7d3f2
SHA512 d9b962f1ec8b80fdd1e040f58b544bddefc11017ba01d6f8911f215f2c74e83b2d4aa007de602f75c6dac4e8f8815d152b82691068f8ca879bcd32cc1a6a5ace

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 526a0b4931de3685cc5db0e124de90fe
SHA1 1864dba6ef9e2d5790c8e046eccbaf17ca2351c3
SHA256 12bf136c2ca2b410aba16303bac285e3739636b3664753e3e25e513617278300
SHA512 28280d8e346515278cbcd464dd74b7ce0d71ccd8e64bbeab02dabb66312ae843622117298cce4244c46c02e93fbde70d0e50092117a4aa5b2cbec2f9e246bd99

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 22036813cf5882c9762a29177a274a7c
SHA1 9431eda21e064113582512a2c69626f9775c6de6
SHA256 5ecafa2222cb76f11d894d1bf493599a14e7c728c2e1c8a500f4f47a2781de83
SHA512 d97ce74fc28bfa5d7e71fe5bcf8c95a73be17f57d76738cea9f8ca7df74d9e5015a06098122ecd6ab71b65e41f4521bd648dbaf76d0d7ef9d25f0a01efdab614

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 556e9968505bed2b4302c2441f13457b
SHA1 2d7f86dae2a2818d6eb5c87c7578a921d6901261
SHA256 be24be9fdbd02ec8984b57af17de7728fd8ce9d69925c4f18c5af7aa46653454
SHA512 ac38c9dbf4e4415b0ff27b5bf6c4f3df1bcb342c58b2d8c501bfffe37bcd379babf20372ac56f41d94b5a2434c47a63c519a0c02f045df9a9ef7665a9d76dfb8

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 351086c1b837aa00bf9a771cf9fcd31a
SHA1 ee968f3c00ffdf565418dffd842915af8572490d
SHA256 9b9f8ec6ce69ce22ef0933d84ecde833718efb8b779c861e13f25352ab459175
SHA512 d2a72e964d5520e783364ba825a04b8d22c320536294bb57610717db0e68144c3f1fc5dfa51b30f127239777f15eaa69c3cbfef2981166b769f86b4347798aa7

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 262679ebd4f6808b455cd69ca4d5d590
SHA1 7231acf3783d5845237059d927c43cb4f3fc80bc
SHA256 5455d763b5cb3ce009442572652d52e3ffbca5546751243dc6c97c416a3de78c
SHA512 36c928a68fa85d3336f97955b6be64d3b3f342df795cf299b003349cc217b9653326ac586658cc404e0f8003fcbd5cb9d5fc48ba6bfa4b0adc07df522b3588a5

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 10c28ecc214893558f85ab72c57cdb7a
SHA1 c8df31b5e64d80ec9e0cd992d6f1e05ce3b4a15b
SHA256 8ab2e455ff032f40d0907270ef3b9db4f08c80d39ce1edcdcb9fc5da4455eb1a
SHA512 f4f0464f7af9c8f61d64f9ab0c2b118d5da16ca5c3e6c760067109455bbc60e301a86f314f6e72a3e9209607a3ee03904be3141eb2786c3a6df27da2780c8098

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 c407b3f09ba1762b82baada1503a925d
SHA1 8080ae5cdb9f52bbd3ba1323bee558280484fb10
SHA256 e39b0357b3ca8981d46ba026e30bfb19db6312dd3b7bc549f403a2efbf9b379a
SHA512 1415186403967d8f6c4a4f19e78fee22962738865745949cc9b559329ef0f31bf636dbb5a32f541a2c301dc2dbeac128d8f0d10b327bedd3846e3e2e34a78761

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 2989e410d1de9f98c7a0cd0d63492766
SHA1 0dbbdfeb93cbc9a356b2abf8ba8e3cbb9be92c14
SHA256 2b8dd3c649e3a2aecb9d9fbe73c99eae32908ec016e9d2856795c9aba2d33189
SHA512 fd9a09a9927466136fdbd740c43ce67390adfbf313c401aca69ad66214ff86e1980c40e2fc38c093795b7064af4f2fc943409c251cc6db95d042d2f724b63ced

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 a27588fa310a1d512c2b4f5faadc9cf8
SHA1 c7cea5f3ffb733196e996229c94c0bd77fe8232e
SHA256 d18d71a1e02a854508b9475b2aeecc4f9d15e29764e4c25afd2577b0bc4a4a41
SHA512 329087b647fab74e4d0e26f5ce2d2112bdf598abf7162624a8fa17eb656eb39569dd441750d9dfbfe56a6148fdd47bacd72c965cde5ca251cfc5e24588e070ab

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 f68d4add2a683cecb2443ea363636c24
SHA1 edf123b17b35246b85e68b6ec124dfafba405095
SHA256 c6b6c4019b31aa1653584eec053ca445a691542f7ed9f4198e7f543c32abbef5
SHA512 e3c023b098f319dc9581e3a6427d887338b71fa08536a7f41c902f09cb41962cbc5e702894bfe134244c5a5090acc61f37fd178c4da3bd5c57a9fdb5a3185b44

C:\Program Files\7-Zip\History.txt.azov

MD5 f75a58262f40f3d702ae39e485d768c4
SHA1 114ed39e8adee75087927832cf50a7e13de16036
SHA256 012cc56b748222a6415a7ed371237e453e201d3fc4ba92bf18dab97670a6ac1f
SHA512 d1c16367004c420ff8fb5c8844f6f6c9db74e1cb37978693d26eb85ad22249cb93c696aa8a2215cc596035a859a2f6db1dfe5b563f846d2f35ec9b48d7e6e17e

C:\Program Files\7-Zip\descript.ion.azov

MD5 8e246fa5ca6b79c37d1280dce426bf14
SHA1 91a5922327c5242ded2ca47abe4322952e1cc81e
SHA256 7c492e1d3ec2557765b7b181d5461ca81a0578fd8698cb95d90cc9e04776c603
SHA512 c3ae8aaa9cf0c959afd54093635df76061792140f9d72b9f32f2f6ee6ceca3354dbdfb3e75c0ac1e079e82aeec5779ba2a34a1fa8e78e9a307c083b2b2eb50e9

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 0fc68f82939d82bef9ebd96afb18bd95
SHA1 66e0e693660fb8471e94a2e6799cd3600e92ef9a
SHA256 b76ca823e53cab16c0247c0a1f201afc013c46a7e4223c78976a92fdda4e18e4
SHA512 9eabe24d50b960eeefeb2e3db1700407861c71220444b83ac29f8d7b6f880c9c203f54d7ee5520b5f929c2e03a885a687a2bbf5f6e712956443dce0a477c1a5b

C:\Program Files\7-Zip\7z.sfx.azov

MD5 46ddf2ede47eed8303fe286e35b92301
SHA1 42cff12266a1e54e654156529764a8d831a61201
SHA256 dcdcc337cd2b7290cff7d59f792f973741efe8ef169e83a02c8fd23bf6fdce53
SHA512 13ad24d25de6846c6e20cfde15cba2ad596b97d3c37d95fe56e26787e3983c0a42c868be2e235f0b7bf0844bd6476ab57548ff04b2815d849cfcc45c36fb7762

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 f28a0b49aae472aa0b76cf9f49ebfcd7
SHA1 c13963054672699bb8de4f86cedb2ca858604309
SHA256 d6c5dc6f39d0f0171fb8115d2e73031dc7a2931c65009e03afabaf7769e8485a
SHA512 8831dba3ba94003cccea606de52f66b11962c26b035dac2cbc7f8401fe87bb78a8f289e6f38dd4cd3450e80bfbc9ab1eddf711f093f604dd6a0f943c9665664b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\360ee9c9-cbd4-4adb-a6d7-d2610c53ab88.dmp

MD5 cbbc2802fce69768894e01f2f357f278
SHA1 6d2be70afa37fed7c846cb653f61e6df64225c54
SHA256 4acc47c04c1eb9e1dd7daefacea81e4eaa0922a46f50ae19c37d63b0a4caf118
SHA512 e468b18301c03a609ea97d8e5dab43b66868915c15e9bd30ae1bb747b332576bb74e18727158ffbe69ef26c1d578aa249039a66e0dc0d1945fb95ee1f9d59328

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 5a2efd4395426077152d48524cf4a7b2
SHA1 94dbf1b8922e439fdb03dbf800464e26d6a6be68
SHA256 30c5d7663eeb3442f80b6e89e440de32140ba34f875a930199228f34d394dfbb
SHA512 04cd7363d255383772c658355d3dedb6e65a081a591298825f7b4474c319a77b0b2784a59d133957b89e68f2138ca038dfb91eb51577412d3ed55d0bafcf519c

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_96109\javaws.exe

MD5 ec606099fa28aa58c780236c40b786d4
SHA1 83d499a85259408fdc6547eed4e5289807413808
SHA256 961288ad285b4f2a6a74b731fe92e03efe940fc971b04d0c872f05e3ca316f55
SHA512 51a2db494e8bca5a11801916e5e94019dda145b266576f477a3a13b6ace9385dd69c64c57a2b0704e57cc9a38c2030db1897aa13315db38c32fe1917abd5dd02

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_96109\javaw.exe

MD5 1a00587ce5aafd43de5502898bf50a95
SHA1 fa796f09b8d7653a17a33ee9d23e95e8a2e2155d
SHA256 4173d146ca873155ef46751f1bb244d03cbb54787e2dcc94a0f92cb5ce363b1b
SHA512 3328e21d2f21964ffe2bd7b5f56ddcea220d6ec46ef0295373fb546b5132c8cf69d6df6d08b4d8d16d35e136c8b72de67e06187ce60dcec7867c4945fed25404

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_96109\java.exe

MD5 1e3fb7c6f5829cc8987420c650ab575e
SHA1 4d6b12ea3143948ad8a3e8a8701b8d09d68500b3
SHA256 695689194d77f98150ddd05e3d60b7017821c97f04152ac423e071e3d6c5f7ec
SHA512 5f7438bcc23f75bd51cd6393bd531f05a3d2174d6c59b55de49f67741efb8c4ce1d743d48aa28069f13e7d1a8318c59b9ab62f260ea57683975817b6735d23c7

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

MD5 ff77a33459705abaf6b6c1471ab45273
SHA1 1d4615765675a0c69bca8aba353470896909fc40
SHA256 6fdc081652c8d645ec29ac6d815085bd18178f48b209244089a42dde181c91f3
SHA512 ae10c34935f0c5199b0f2e5fc9e69bfd41c33d9b28154d8e3b5ae024e77e7628950ce03c39a87a3f8acbc53beeae07379e137282bd90df316663d55c88e5f8d3

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

MD5 9e0937ac0489e89f8699487327855427
SHA1 c6943921cad31da129694cf581177f09cffb1352
SHA256 6e32381695e0efb730e7dbf1c35fbfa9b4d26f155412e0c5f18babc97ee9b096
SHA512 a2a501725c9acbe6a2c5df2553cf376a4ce9b63a7e6fe4cbfbf4d6dd39122d40b26992cd7f161880fd2c1d67322680a94fe68e40b9ff176fc26fa67db8c7c6ba

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

MD5 a8002533aa16ca4792ec16102e0c1a16
SHA1 97906384b3226146a7df7154d8b5103d283d5ec2
SHA256 5d94c17c8a493b409240678dd46afa4c0b31a90318ca1f5974964fb99503ca51
SHA512 b37714f482702d4b4cc1ffb3948543a8c5abcbf5bfb3465ced3770f33c42b2b9c0bf0947cd4dec216725933cc9965e93fb57291bacd874db97ea03cfb1de6f9b

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

MD5 080bdc3c2bf8aebb853a362ad1d9a252
SHA1 c7d46978fd9dbc26aa8808e838654b3c3b541bf8
SHA256 46c9bd3aac5aa303b8ce6f91f0984bd9feab7ebd4ab8fa0f1aa90d7c2e4b323f
SHA512 132ddaf9ceaa7e52c83e0260d02a9f33734c0052015f1c2e786af7ace5678e2d82d67e48c7c4e02e9c5f1082fb3682adfcdb92049aca4c5d0f85c6e53a2eaa49

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

MD5 9db26df2ffb9a7248328b7a7d9787666
SHA1 da24067ec1c3045f9ec285df2d5f9a1fb53b7033
SHA256 e21b23974fc1aea44f9a1fff1e19fe013b84956d5a5479efd27fe36ac8c2ea16
SHA512 17a54eee7f54ce658a3f112b096b3b6cd0327115e9a601f268bea49be78fefc120df0170b17afabe0db215478344d7c9b96b3c8e7aea7cc26610710b4a4d1f7e

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

MD5 358fa2a805568a36db8360d2b183454a
SHA1 4f635941f63e14da76ad2df02916b0ec50c2d26d
SHA256 828abacadcaec7067073a1c4d7d450f06f4adc20cb3f6a692d70ff685fcb650d
SHA512 990a0b9cf08e5ec7c0b1bda9bf9086d7dacae8a10f6e67a88fd6b72ef77858354d768a2f74e9fe782e51952846c106921df299aa1243680c50b2114df4b29506

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

MD5 a7a1ff849a98210df2f0d285da72ca77
SHA1 d7622929dccc686bea9774d3a1b9154d20146908
SHA256 f6437a4841120235507461b5e0a8f4986f6900f4f09681a4a708666bbdf22057
SHA512 cdf4c20614034f16324686e1a27900b6b15b3b9c2f23e2f6360fa875f6b22118cb6ff5cd4e61a5420f2ca53fcbdf2f6534dd0b65b0578f0c6d32d38631401e13

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

MD5 fef308fd2cb4c56912c37b689fdb9df4
SHA1 b2915200b30b7010bb46308b6e336e1adbceb781
SHA256 92a11877f9e138dcc48a211ecae0608a87a28dc93816c1561fa24d63e4a68655
SHA512 605ad935e240147c05776bfb42461645333a53757bf43696b3fa371cff896539df83a17bee401472559c9a133dfb6bd63675d9a74ca6376487228de7373329a0

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

MD5 639d1bcc44cc16969dc7d0259572d6ff
SHA1 f0ab90ed940f97dd7c236aa016a2b6fec50f0c8f
SHA256 69517b95c220bf6141e6f8047d7358e57b0b0e9cd05f1d341f7a5e79da77f508
SHA512 b2c0b505b71b2fffd3457f262391fd27937866c62eb6b4f83a73a91ab6da7550b91533bcce3b65d59f42d3a8e480b1fe89eec4a9d911900b025fbb4ca6b3f4b2

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

MD5 73b8bce9433cb68dd31c45783bcc7dbc
SHA1 db809107d5962165c407dc01d03ac1494d54c9e9
SHA256 516ae73765c8d57a4722278eeb3f03276ad505c2c2024714473017c186a83a6c
SHA512 66fad153d73455d0133b9518fd38b071f4473432ee5c541e80c4b88e4c6d8672021cb0eccd40a5c54eca2dfd940ad9ff1c619812aa857770bfee836a5fb6dbaf

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

MD5 eefdf27e929a5320d7c6028881518a10
SHA1 37451411aadba085d772668b47327f9e84d6c817
SHA256 40e85568ce1851e59a36c5846f59c5654adc3edba924bf4b636ceca759eb1a91
SHA512 e73d385e5356eb52751ed2344d5c62a6801b6c6c292aa297e13e203a9fb5cf77ada7ce6304816bba55198143f219b2a7b9b26ee585f5effbaf64ea746f7b5448

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

MD5 64c24088b162078bacc7b245dc29a4f3
SHA1 b6e1d614256756ed476201028d774b8e8034ee9d
SHA256 be4854493fce4bb7ce52b4a712cd15dd0ce3e87d32cbc885c1300fe3b1bba3ab
SHA512 53f3a6b69bfecebd2fa01f2855b3b91c14468368229a4c40581426f95e98ec3bcf1f6397b0fd016213298504c646b1919a26fcd6d88d21ee59e2fdde472a5812

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

MD5 d8d05701d82889d07295a9a92c446ef4
SHA1 7d1c287a4d44dc7eb4eadd9e3cd12b9d28968489
SHA256 6ec586a0ccc8a7cabfb28b3447d01d0b0d0fd46e256864be21bcf2f261480cb5
SHA512 da00ee5aa33a07f881372dc4a9b815b892f0ce311a40e97f92732840158ec46e8b05afad568a7e3d05140dd4865afe79e23bc7730b5ad9ad77a37546e59099b5

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

MD5 a3f4712fe2a8dc4a1d12d16aa17da53c
SHA1 c1d9085846836c9d45ff75f173c8b2f1b586a6c4
SHA256 d3d9e9d3227e7f12abbb6961416b915faba7138b8455486cdedab707199168e3
SHA512 5ceb512516edcf12e2fc4a7a09f8f9d7d4fbd8db95bda31d7ed74717515474709d99aab707e46451306966c79e6502d624baaa11f14a0843ee20b979679064b8

C:\Program Files\Java\jre-1.8\bin\javaws.exe

MD5 4a9ccb2fbd5a95a4138e69c83561f429
SHA1 f1794e7feee886d9348dd90d17d694feab0b03a3
SHA256 43cf8c216061792c139c728c0cfdee2d39c9fcb0de194d985fb06f47e8715e50
SHA512 00d3c8448658827b332e8bbdd8e7a7b28ffe42c175e51b1329920fdfcc81227e46dc497396f44261ad02ae8a3d7f370e057ed35144c89fbad1982c6ad9e8e41e

C:\Program Files\Java\jre-1.8\bin\javaw.exe

MD5 99812225158b9236270a87b89cd93598
SHA1 7ff076cde51adaea619b94f2b0ca32a868dc3fa7
SHA256 5e95a095153f428442af8fc2f3d5b4ec5cb90adde5a44f0d7896fc5d02b24de9
SHA512 b7b0f6421b0873370e4bb6178b726093d71a29620fa0c484882faaaa225d55bf15857d18ef7f1f277e1c0f845fe2da023e1bf87f520438bf8f2bd44e3bd0ef96

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

MD5 b4f104d073c4b634b895429c89010c36
SHA1 8526f74144ab163cd18d812aa68549042cffe910
SHA256 a09e6707087ee3c52d2c3c927e93d6a227f265b0737fa3c291e7571c7e61ef57
SHA512 478eafe0ccabc2ff7f959e84c4a0f2db21a26102cb20c8e55d4321dfea845c59a5fc428538417ae1d888b2afc154e1eea1b4f0d52e6550fda62ccba0bbfeae9e

C:\Program Files\Java\jre-1.8\bin\java.exe

MD5 a7506e60c9fb07a46ef92d791ab0d7e8
SHA1 c16bfb8c4ff371076fa8213b436c53dce0092486
SHA256 e83e6e88ab31d9786c662e9e557dcaaad9b2164aea7c00df67ba3f5acfc41b35
SHA512 6b7899669512474af78e7015df5f0041369ef21566b9043290e917df60a3417ca2a664adec5e55f26d86e02898b4db21506b61c43a2423eaf84ddbd004274b87

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

MD5 55edc185cdebf766877dcbd002e2482a
SHA1 5b15203cefa1e2ddc25b8e14105669f1da8c07ff
SHA256 0674c04bd49f0c68ecc1e61b3d92639e6afb8f5e79898f3c3acbc20eb0116ba4
SHA512 b8d3a29c51aa71b891f14c45d32d3c5942f272ab5571e0fd7a09851135f1c161816a39a9f207e6e41e2151827af1a2c9230307769671fc7d1740fb248d73de3f

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

MD5 b0c03790349369cdfecd79a022bd30cb
SHA1 cb7be375e44faac9ad50a9f8108c6700afbab2f7
SHA256 7ef836fe73319d32c207a1849a16d94504cf83d493273372fb59035482395548
SHA512 b2f1ad751067e90e08bb3034418a40ac8bac331c177b098dc721464fa4204c61381158a89f08d9a962cfa8e9c9344179d4bee47e5808a3389de7fff429be2dc5

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

MD5 8cc52b6c6f89b110437187ef325514ac
SHA1 d3fa64c5c9f73dccbece71a3b63f95b06b636272
SHA256 389cfd91e8a51a824790be9c65b7daf6058e29f201a062f329d865f20305e99b
SHA512 725ef0fb7d226c1ef2662bfea05844470cb0365ba6bde5cb8bb3143e16376dbfc45daa01c5a659f53ffff41862d19606f945830d1c0ebfab8917ce0aa5eff7c3

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

MD5 12c08ad755af1be344afb712f65407b6
SHA1 176ca0a6bd5fecf91470fa709b8fd35803fbc265
SHA256 6d2f1574e09e370f552dc7fb43a1e8bf4e5f4231e4755ea14d2b9630f5c674f8
SHA512 0ac5cbdd384cf097e863c0a5d1bb3423004dd1f16cf0ff04d574de715dbdeecdce1603f2d5acdf71c5a4c73e824a3257107aeada1f20333377c1589b123e2501

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

MD5 f00cc456b7da24446f37db89d1ba7217
SHA1 3134159a84672962c82ce8e2e0a28a3f5f2a41b5
SHA256 dc263a9d5df7621a3eddee8f16b0f4e6ad51ede73ad78d46ec75f2d6ab8b7fca
SHA512 e4f8c1191717436afc956074f3a78983fac2b88056afaeac14de0031d4483d6fc7b765769a87395405bbc32a10aee95f1da070ee2b74f4fc3940a150ef374299

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

MD5 081a2bff0c05debd9bbf6490dd356432
SHA1 6b1cd221a84b2b04d341248a505fbcd785694362
SHA256 7e1fbe306a1c77fabb53737fdd73a7a0e75cc8e8834983b8d12daea98c307004
SHA512 9e841d34ba6046b25e861ededb1dc47424165c5e093abfa366b2a32eeccb9225ca88294b7f7152df5f09be1c6d042c0240c40fa7ff22950cf885b92f2d2497be

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 de47eefcd83ddda4872100272801a53b
SHA1 f52dec45de23d2ebc53d6b6a64edad381447ac94
SHA256 fc7c6914e1f10e952b683144983dc1a6b97cf7de9e04408ab35834431cf50875
SHA512 a2ba96fcae398848ef0ccc1ed93bd729ce10588ef1c0858b5a18c812439fe2232f77699ecde20a94dd6cd1bae80ca81c4702db6ec0c6b4cde01531111237f61f

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 c46258bab06ccde792c7b296cce10234
SHA1 23867387be664486ce29cb5c0fd7af29da371b96
SHA256 0140ab29bf5c815d511443d21b95aaf95594772fa6b4091b95bea52fab8336f0
SHA512 9d6ea4fdd2a4a438e7af21a6c637e34426d9ec8d25902cbf3f289dec62ea1c3b939f7d8fba7c268bf6fb6a6c0d5a3952eef3df9973510f8a57948a241f1366f9

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 b1314a84d15dd28dcaa4817e34de7421
SHA1 a055faadb932cf0c9b9a0474c527d81a884498b9
SHA256 b418e7ba52a2fdc8b1e83e2f186d3ecf37c9b0b30958c7e9b787fe10498c10e5
SHA512 5c569e13bffc4029c4486d52ff2c0e5eea47ef58f81b6213a3f4aa376d710ba60ff5b6e838c8f362d629cc5ef9bd3319d8287887c16c4fecafaa176c5bbf2552

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 0420c6671d937fa9d3e2dcc4d7110e3c
SHA1 e883e8dde01a7087c51dcab70444259ee10e09c6
SHA256 d7749048bcf6212b27f00f4e9befb0f59936973077be109f64ac4c418f268a7a
SHA512 29927f0f3c0de7cf8ee14e787a6698ee3d49f6df351899366522ace77fff0cd1606248876dad0a1e4eb92167c24294b072f5ff9464a492562762a32b8ea7225d

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 f8aa14752e55765cc7ee1780714a0c62
SHA1 25483d5f175eb2b17e296cb599537bfdd3b033f5
SHA256 679f466ea050ca6369adaa3cca688c0b3a9c2f5bdea03771f9c015af2ed56e48
SHA512 331a6b5b7b17a95e3e4b6859e37c8c4460a18a4ddc60eb922a797cc4e42550a53d4d66c8d99a0ec53f5ac71f881ad3def2fd4b2e39903ff4518d67727ee0ac43

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

MD5 3814713059058b508e88cf3be1cbefb9
SHA1 7b6e2a1d283b682911f35119e8f9673882b0b35a
SHA256 9a943576899660e27bffe9eda3f855cda0df4af38425b53e3b047c60515d650d
SHA512 a8f265271fe7b2108345f668d83e3a8b68e5ec3213dea78c0f7a2d08149b5a6ccae1549eb8a462b3296edd997ee777c0c0246dc4cebfbfbe36b8d70c2d162b2c

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

MD5 f2fc1799df0d7ae44f0126bf82329ba4
SHA1 62a49c1af083c2fcf6f98cf917a3bd47c25db987
SHA256 a4f37545e7faf38f0fb38e88d64506111b6b846c7b250944c195f26a49dc649b
SHA512 e373373e49c5db57e6ef2e3df59bee902711da320350c1d52b46d8c06bbe88f3e5dcb9bfa2acd30d83deee7d4be29eb2e49b616d5b3cfe22e2aa8a2091692c1a

C:\Program Files\Mozilla Firefox\updater.exe

MD5 eb34965c812e1209d4412fa7d704cd2d
SHA1 8fd2052f9b0b3b47a98df8e1793d4f503e72d154
SHA256 b73be2e5dc8e675748cd6daca3194f1787deb6042c33982d7317067b3d676675
SHA512 bbbde60f544b92d901a9de97008dd370afefae659698a62efb91348734cb63c755fea3e89bc03b43037629076de7a6e3e5424394823d3b3fcb461a75db7e06eb

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 8302dbc7e5715ea804097514ff41f7c2
SHA1 47f0f45ba7ec9fa5dd2d6004aef9ddcad3e8088a
SHA256 a77edeeabfd55160315d943b10dd730aecb573aff7e6162937f034ceeccae2cc
SHA512 781cc5aaa52e00190ff4b03bba365197125d7b5aa48236565780e8039dd835019d57831d2ebf56a4232c8c4ca8652a89ef3ac89fd7c914dc12066fee6705aa05

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 34864b4167f2fee7ad3039eab53f04e7
SHA1 6d90702a36a6b1722c0bb30d79ec1c347329926f
SHA256 e4c63dae8fa1250affefd968d034609c9609b8711ecb9dbda0a40982b5c3f83b
SHA512 83596e9c2d55cc400b34de42d34f23ad534ce7da6bb409d59e5011f0cb4599f2cca5c7e66f85211e0a1d432b8c6408b0ebdaded88ac78cdd4d7139aa0d7069bf

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 3a3d09eae10f3e277cfd0bd5f6b30348
SHA1 c549884bfc79a46b2e9a409bd334123f408f6ae2
SHA256 863f132c490b364898774b350b25cfdfc662f638e509ed71318c4390d6a3e9cf
SHA512 1ecb1ea4ad3712b43f7403a0c4bb105e9e0493403d21c2157f342223f8e15242a32b457b6d9669a42e5ac37aa8fbb9c31a0b6ca02e499357a49cfce98acb1d3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

MD5 167cca8b791afbe3760c5f4af43d210b
SHA1 e676a904d0dbebc84100e71408711ad77dc26492
SHA256 08f2f395e42a0e27a3ff72caa7117f7bda52f95d575e6dfa59371615870335d0
SHA512 e169b3b91ae0af8102a8842043ad5869948cfa83fbb224ce74a6b3272a7c28e5d0c8f56584b2804413b296ada8f15c72049db19685c386be229cb8fd4ebb99c2

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 21aa12bb4f02550a948b5f83252a94bd
SHA1 47bcefff745f74449476d774405017028a7587ad
SHA256 faaa7742ff761cbb2c7d19d7627b0d9fc414777650551b9a8f1bf7d9f28ae39b
SHA512 fad7f4f74d34062069c1d48b92cd9c30bba206e8d01aba09a596bf2eab86d6c51688764b50fb41be3f1c77040c2c75bbe70364595a488b7f40c45cfad943fb09

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 fd085bee0e7cbe68bfd5c35a17afd11a
SHA1 33b41f97d8347482d3bfd34f03eb2ab05cf725cf
SHA256 977e049e251a84c69d061396b6f30575bfcb092bb461b0c887121a10b2d045f9
SHA512 d072f291f7c02cc882aeec0b87002c07b738f9d6108840e03113d6f9ccc75171d353470f27db28843575ae263101b67f740426de5151651307e47aeb8afdf3c7

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 f61e126a519e14e66d738d08f7cb52bd
SHA1 f6d67fedc56e74ec0bb13b13c22fa18bd0ec9458
SHA256 31e6436307ee9665d4c7534b25895e63920ff2c4a5b10c6e9e31b936c271b6ce
SHA512 bb5bc38a07cfa592452a3869532635814ebc4879f2aa9e7939d5818563d2f185b87dca8f3e8d4aee5ea63b76a5ec093f834e27b076a1448733688cb60a2a244b

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 c3aec3da568d2313788f64a3d76ab2e2
SHA1 4d49a4c38b4b5a70a23c331ea23b217c93ea9fd8
SHA256 99b0918bb812470475484ace43cefaff2050ceb8a71d76ece5652348ddb66333
SHA512 3f8c9956b25b77ca878503fab46f5959d0c427f81a86351512ea654193418f6f4a6b49cb98aa24b0ffb5b20f9e867d532004a3cdd782fb66260e698bee2f8db4

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

MD5 5b8331e59c7474621e4a63bfaa20ca9a
SHA1 866f52c72d0375a9a37848301a89f30c87d01a6c
SHA256 b00d87ab766e652133ffdc525dc60d9431f19fa512167ca9bd127f911852301d
SHA512 9c5079f8e9e786d9da1bd3ff92e2a070505555916c15dda0f2d5fe7c8fa35a046f28bb9cca19ed12dfbc0a678395bd47f04e8ab594c767f5ab98dcd69a146502

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

MD5 f9a819c0aa2dcc3a8998965b146943d4
SHA1 cc85474c73ceae6ec6efa1b3bfe26c79fb23fe51
SHA256 95c503ed60c0d86b662ee5204b00b2985e505d2060fb19990de638a691831219
SHA512 c3a19f275e6f5c42ea1100145606eb9379e97f75f05f1deed7f6ed2eb5542123d39c7d6749f3462a7d05a4a1b2e7ad28c63a23a60abb6eb9b4c6f7ddb1183ad8

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

MD5 2b67f520bae1abe29cb4551737a98f45
SHA1 bb67454395f9e6d520668dad1ec8e1315775ef6c
SHA256 1265cf5737dfd128bc6b2cdb6dd9df6e6c958986f3780edb21407bf6e8cff3af
SHA512 03ee343c51624da4338f15dfdca8f9b1e72b6faca9e4e94aa55d2bee4c17176f73c194c43200f87d8758fd7ef60c612065b67c5916073225b3e2f17ae660cfb1

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 0e9248dc98b5349d6ce9914480e9aa13
SHA1 6a43abf758926bdaf730cd2468c0887d5f461a82
SHA256 56327d89c257d1e023a429faa0c15bf1c57e71f82e2e50821e4d6c9d33bd4059
SHA512 6ed7ceb0b86fcac6a8ae3d5d2e0bb9c7758d87e531033ee74479075fa297aef3c4c8494fe603d1a1ff2a0f774394a65c1a24d0e7fc6012fcd2d5c1af07c3d619

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 2053bffcd011c4aae1b12d3f9abe9750
SHA1 5c617efc793ee1c03a8eac7982035f13f2f3165d
SHA256 ef305f4ed38f8b8096a8dce376a3c51f1c7228d5600f698bddd9a61f6cac03ab
SHA512 1299bfb6279f6ced207ee6828b8898e681243fe0a61690ef0b8255977708d149d39e029d6ea5097c4f3ad53bff0bf18987442ae78aff73b082b367b925e6c799

C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

MD5 aa3569443d1cdfcba221d3da50313476
SHA1 098436a5d3bf18b5fdfbc7a993ef425603737c84
SHA256 48b4a3d5ceefbab75c7dea86bcfe748525587788efd836d530a171f541303a09
SHA512 f325c813b990a937069a8c1cce9f104a70dc753aa72e2e81c7389b382008ceaf1a25022a420348d25cb67ae4982ea273877feb807d24533566006d1915854c71

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

MD5 7354bc0b1af3acc88e5225dbde95738e
SHA1 99f0e84a9f17e93ac1d725433328c185385a4564
SHA256 d490e138662920cbacaabba6987cb43ee64a9cd9b0a9ea0538e44865a65c77aa
SHA512 9bae6a6e03ab17130a1299352a44c927e410fb78d151df7b67f99f7c0fd4a89db9740d9212b7f3f3582014e80b31860f997c95fee4a6b94b7bcfa20ae07ed5c7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 3114e419f5f588edc5a976ef5be16570
SHA1 d04fa56842798b361ca88a992e3f73425394a818
SHA256 5d03c9574d2bc6e2eb54f4b3b9ce8aaf0c67f56bc6c08c68728e9ab03d54184b
SHA512 071ff92e5c0089bb7e29cd19c2ebfc7c0082db620c80ba5f2ec5dbf9d785d812f32cc27bc48b71b7891f17de88acdb54e81c33e37dde76be652e239fa43c8821

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe

MD5 4d50cb8ff595017ce86595c56ce91108
SHA1 fd6397e7ce105807455a41b9faebec63b547b104
SHA256 1638bbe8ae04977fcba2818cbb4fefe06eb7aaff9037f237c5a10158753deb8a
SHA512 35af14d67b40405eabf195869b8214dffbd6197a7c1618469035dfdfbd82922194f30ad50a61a60181d1a6f07084c2ed269ed4bb6c946bb94b117f64bd2cebfd

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe

MD5 83cc1695e0834f1fc856f3b217aeb4fd
SHA1 02956f43dd1726871b5525baebeb271ba746f7a9
SHA256 b2a0241fa4e79b2ddcbdc003200ba30492f80330181005fe9c5189c6eb97618e
SHA512 cde3bd5c459c42c58d96d67586600d1cd6e490765dc75a8d3a6b748bf9b68145f7e53d9cf14f5221320cede6a5be76d88f073ff71002effaf51cd5fb9b62f0a7

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe

MD5 02acf124311dbfc009c2f4e610a98134
SHA1 13fd7a8a1813f78494fffcdad807dff79aeec517
SHA256 891967f308094fbfc56acb2922905f6d33602ec2ab27ac9e6df863de839a97dd
SHA512 2390e1dd1c0e953d69fd04ee28f7c66ae93037cd8dd1d130dba890f8f5baa65e90bd529561960eac19697d5b222db2b262d2b114bb8d608b42b0644a281ef732

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe

MD5 b41328e21f1341793a7c7c8309b9dd22
SHA1 b9098edc33d1081c231362b3bf3422f418ce9a60
SHA256 ced9d0600359d64fb3a1e3b84239f1420c1b8b8eca61bd57ff271969497125f8
SHA512 d57534d048f39981eeb747d2d1b84e471b774dc9d7dfe92ee44f7bf393873d1b2c074a09e6b52fd32f94ee926def337900559f3b7803234f925653834992fcfc

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe

MD5 90a6c9ad0fa24061058a607f38cf9a15
SHA1 9ebeec2801d47bfa85cacc9176dd4d22d25f25c1
SHA256 39468116900beb533cc40394954e5228f7e2965ece987021ec575e614585746d
SHA512 568b0e1e9cd325a76633b1f8ac402663403af1502c2cf64a3c40fd4a0ae8bc712ec726797606ea5802b88a91f850716ed20dea4c6d42b83f95e24d0c78c4c321

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe

MD5 9040e06ea2f507a0a8714fc98ef03977
SHA1 c2b71209571e224ac9edd58270aa4d716eae3bd6
SHA256 7b3c3dfff00316dac986ca901aab975df16a67b65d8b46e84e61e0bc4347bf15
SHA512 ce05cbec2f0ba5761b170f99f1ec45c2f9c9b06e8848d9e6ae37680a200b3750d753d9ccfdef1700901e22f1b9342ff1c41a9b1868b5e4dceae288c8022e8e18

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

MD5 875109b228a204fd20f09c178f434a02
SHA1 3f8ac43c9a1c065254594a9dc09610e20b5147cc
SHA256 66c9a8d242f1e6d1659c7b7067350c9bf314931fbeeb72afa3c63a343427ae2f
SHA512 c3fcf642724331024517fd473a36f03f7793bb2d36e6c5fdf51c9abcb27541d553b883c9e9d267322c374bf9f812f7c99e9238ae9f314fff7404deeac1d65a60

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

MD5 1dd091ae25aa40ec396827623063d23f
SHA1 af0240da26280284c7ac4b12aa98535ff0c9f567
SHA256 0a217cf22574175797dd80eb8d161c16c1b85cf0f0b624551cab13b2e5b1374e
SHA512 51a0159cd260024dab54ac73cacb2e9824bb311cefa5b100624d56abeb0cdca8f9a12792bf5fb59094776a449a21f788b9912b870bf0e450bcb08d18fcfaff0b

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 0ac7f5439eb3201888aa5f2502288426
SHA1 54d6aa0aef4cce669fbdd5d8e2e89cd10d630812
SHA256 545a22ee24027824befac4b1ea2da6ca897ba9ebaf258692d89e9733399d250e
SHA512 5eeb2290c43f7ac399fd5e2a6c695e6c5dd4ef9824d0ebc22eb656132e9257553a6b53e59f2f3d856473a52f987a2df260b87b129220218a51399764c1c9f8b2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

MD5 8be757955e3eaf10fec78c4be5c3360f
SHA1 25813145d8c188906dda1fa30ef4febab147fbf6
SHA256 32b38f01d00185971df881836e46747d7df5984de290b9c6e0f12b96b4cd8a2f
SHA512 97847f76277e769dc22184d18a5f6311073199ffed94c234691d1b633bf6f77509fbe32ff278eb6daeac4b61bbb22b8e635b0141306e00e4aca254cc118ca73b

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 91887167b9183f29ea6ad74ea6890551
SHA1 b87f88586e2bc19abf6db8e245de18a7a25cddd8
SHA256 45c7a081e74118a668e793c078182483ba291de246cec0f6b012ee4b041103ac
SHA512 5ab84b582d87879528bfc72e7d26b7580463bcc8a484a84d3172c19fab62a98f44887ef4123751eefd5cbcb6c9e4f4bd14a82facf5d4bd427230835f5dba1767

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 6e07cfd70b44d170be6d2b1a564c1529
SHA1 74e6c445127d3c8363b56a722877b718f36da46f
SHA256 7411dbe9116e3c6fadbfd48f5bddccbba7f224fdd0a0c94d543688e4e585916e
SHA512 639ca435115656c12701987dd552fd8a638e11b45fa2642abd29d2a87561b9a8f601675035a2fcc0214032ce26d46e015a0a9f750a220a9a6499f3aa939f53fd