Malware Analysis Report

2024-09-23 07:02

Sample ID 240617-fapmvsyeql
Target fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a
SHA256 fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a

Threat Level: Known bad

The file fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (8249) files with added filename extension

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:40

Reported

2024-06-17 04:43

Platform

win10v2004-20240508-en

Max time kernel

140s

Max time network

60s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8249) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\release C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\main.css C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.ELM C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\1px.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_empty_state.svg C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook2x.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Call_Ringing.m4a C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x86\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldBe.snippets.ps1xml C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxSignature.p7x C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-40.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-100.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-96.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\plugin.js C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail2x.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\identity_helper.Sparse.Beta.msix C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\sr-cyrl-cs\mso.acl C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\SY______.PFM C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\networkmanifest.xml C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\PlayStore_icon.svg C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\include\jni.h C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.GRF C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.GRF\ = "GraphEdtGraph" C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\ = "Filter Graph" C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell\open\command C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell\open C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FFFCF9~1.EXE \"%1\"" C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

"C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4396-3-0x000001761E840000-0x000001761E845000-memory.dmp

memory/4396-2-0x00007FF700330000-0x00007FF70037E000-memory.dmp

memory/4396-4-0x000001761E840000-0x000001761E845000-memory.dmp

memory/4396-9-0x000001761E840000-0x000001761E845000-memory.dmp

memory/4396-10-0x000001761E850000-0x000001761E854000-memory.dmp

memory/4396-8-0x000001761E820000-0x000001761E827000-memory.dmp

memory/4396-0-0x000001761E850000-0x000001761E854000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INF

MD5 3ea52adf6fa7965abcd58c79d066f1a0
SHA1 ebc0c7f7591e08a4991abf5848393489e8c5b8e2
SHA256 1946d338f94b0a456b7dd5cb761d6cd0809d2e93ba6c47ac2204f6abbfc8363a
SHA512 70a95e4873aa4816de701558029e3520202278ab27c478e55e8165f8672490a09cefdef66d2e91352b7f65b2ac2d4c48e55f7fd9fbee021f2c2297393f9abb06

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.INF

MD5 443239a2522ac2b05d375fe7bda2e972
SHA1 114a0c9faf604e31479e0ef4d3c86bd20b0778a0
SHA256 c0de1487bae4ff2a566550ba51a23483d71b3568e36aa87f878267dbacece6dc
SHA512 c26a080ed646fc4d4739dfc895b34a4fa293bc1c095d5c769450266bd590122a33d2254cb9ad35fae9bf208848d77147103086372159f0f3aa7685466d2d675b

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.INF

MD5 75dfde55b2707ba15c477acd118eafbc
SHA1 a9da16dda5dd5fcbc0d01020893343bfe189f79e
SHA256 0d2da1e730c7dccfce799d3f48762f046f99c381841fb90f987df486de85a1b1
SHA512 48cebab167a00b21ed6e7649f59180dc9356bb70dfd4ec43b561a57b9d1fefe160efb8b9a98bf554b890b1669dd0d284a41b6cd7118a114c4799aefceb2fdf25

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INF

MD5 9e2e1368aa7fc9a5cb172ffeb1f2313d
SHA1 4cd72dd40e475ca05ce2f628d0f3b4b7298642f0
SHA256 9b1d4d4c1ef589c67b091fda72a0ea251ac4221b6db241bf8856c7bcdc372a03
SHA512 f2461efecb4a2925b88d9470aa2a949c09d5eb3f189e4962067b4315cfc369b00bba808e9daa6b3a50d31e27b2199564473f21ede7b060e5f122ed5b2564e291

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.INF

MD5 5d21a8bf0f0fe53ef3f1c08484debca7
SHA1 986e4afe8b22f03dacefd44a8b05e75ed0012648
SHA256 e9238c3459d54ca63f18b3160f8f5744fee1e07f22f5703d8e5773c51f9526b2
SHA512 82bf311da5516ba714a4567b65443d91c7c2f7a59e041c91c75772271a42aa674c690bea1d44a6de418d814d6242147496cccccc6a1195d3c62728fc5f4ce29a

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 d1c3cc3c023c65b3c67d09fe2ed2d2a5
SHA1 8d27a1e3d3aca5cf272b480e2bc2cf14bd25c9c5
SHA256 4e306d05ba327f7717b022d2fcde9148a01380bb14d3cca58bf06968799815ad
SHA512 6726dcbb80242d9cdafc75359543c6b2f1f1f6e8327c10b72545de8705c11d8711671c8d581ea1f1fb2ea7705e9d312ba312a4b8a6fd28941dd85baf9c788372

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe

MD5 070cf690b3d46c7782f776a095447c24
SHA1 8a79752e188eb69e3797b365b823aab1286672ab
SHA256 b1b72b74a4e6c823173f45085417ea6517ff0cc28662a7e640cb852bed9e8f3c
SHA512 dc956a942095fba08202ea3f24ea756a83784ef4cee1d4f50e5b6f0c434ada8e9be7f1b590c79ad8b94c07a8064e7504c3d247ce5d86d5eeed13abcf6a64acfa

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaws.exe

MD5 e38f3cdc8ecf154717ecbf6a468099e6
SHA1 69fce203cf85f096c7292b82636d06964c767ce6
SHA256 7200b86073ed842701ea4a70c5c945b3ad51b9cae21713ac89d5a825b59c33e0
SHA512 f7a9227e4cf4e8416494e680294806f7c50537062b4a979e5ff8bec811839fbf921ac8d469f04324f97aea38628972418597a54e012b188d4ab586ffd2da0732

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaw.exe

MD5 285e4bed0e132af41f714108a1e1f982
SHA1 fd87dfefe24949a4131456136d79e68c5d8a2324
SHA256 da371d49ccf0444207c1b7a582bd88e5b186f845686a19ce8d9b75d1a91f3c05
SHA512 22108be1dea9e0165800b02347939f77bb5d0152bd825a68a5719ec72cb52da172e598b17bcc355d7fcfd8fee76df9c82ab24a3a38afd9ccf908f66d825b04fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\PlayStore_icon.svg

MD5 0d8c388e260287d2e89b79141049711d
SHA1 ac2e80bbb853d090dc1a613ed9592b8f9ee9b0cc
SHA256 db3b682a39713f49074853472e3059a030ddbb7a43b35e458a2785e3fbdf3594
SHA512 14ac5860fd542c1ac97839b535fcb5eeca2857936215cab774aafc70a444844f3a086b72c7a891cd7ebc1fe74ec0be54fcd27a0990dcb4d469897e75fd0527a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg

MD5 50800ad70098f1bbbe72352a75dd8016
SHA1 00effb754b26911a867a3a006654584f2f65b784
SHA256 bf2f38b9a5268ac016adad5bd334b8c7a9b71ab013209e7a45cde422c8e14c02
SHA512 7a3074b8a8bbc3f86632f1dea757fc2b3f131e150d68d9e7084362380b3850a9958843899b0df6fb017dc5aee3d00334945ea5c06909ca2762f4fc279f6366d6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\PlayStore_icon.svg

MD5 a753c3ec6ee737d8d6450f0a74bfd5c4
SHA1 d53ddf45492c5aff1e415f43a02f8bcd22ceef0a
SHA256 56e518a056860971a81a724dc8e94c8b0a29d19504a60d3222c2ac2c08630610
SHA512 4bf2fe9270900ab70c884761e31369a59a889a4c926ac3f7996cdfd494230c57856dda3815a9e3ca09c28efcb27403f6152504d3a6b1452151cbd3100af0c24b

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 f43d0ec2f95fb5296d9dcb1ed8c898ae
SHA1 73a6ac329919ad1e03f6ea26cbdefee6b1cb0ee1
SHA256 3cf1dc4bd9dd8ec58558cf43f3b0d4271aec637671217b353da8324f7171cc3a
SHA512 ba29555f2d79914f09a4a72b3838193819715b606d3da440776ba13897844aea4a94cd64390dc8a3660310fbc9d6f79e83abcffebed8e81a0ab00afa8be1e2b7

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

MD5 6ab494aa11c1a63e388071a4514b6444
SHA1 5fb3171dd31bbd64c41c6f333a0d86bcbe94a294
SHA256 39872b31068b38f7edfbfbd90be92d17c3bfb715c335ce18c596d0e8cd45419b
SHA512 550481906e26e8b778e8c3d4673a79fd94488da0e79377143e18cb560053a422ad69adaa267c0d361f40f456a45bae344d29fdc6a34a26cc04f0eeb989ae010e

C:\Program Files\Mozilla Firefox\updater.exe

MD5 7ca19b5dddbffb2b3f31593091c65231
SHA1 c2bebeb30300dc1e9b3918fc0e128fb6301da745
SHA256 c813343f8660a6cdc5b20db52239fde05d1d8c774c5904931ef2e61a64f6f38c
SHA512 7696fb540adeb393b2894d07beaa1ff179ba8ac6dbc9f556fe707ab78fa1abb44288667092c86094ece8eda51f938f4255d359304b959572b384d069620c1a73

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 b2db44c02f9de2e9c44f5b6234802451
SHA1 913f50be7355552ad78fa5b75827236ce5d3165d
SHA256 4e175da790164a298ffb617198a5a15f202b5a76960891534cd18348e8ed1c8a
SHA512 bc20c3385d4fe1229c22b203ce411aa390a231b623f8536be5d34ed0d242293e1f9ae3bebd42f00750dc1d1bcabaefce1535e28a5d67a9719d42a2bd7ca4d525

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 e4d37648e0de3327e61d423b0ab07b30
SHA1 ea0e2255f4542bdf9f36237714407b3cc8843dfb
SHA256 9f67244a9eead46153928bca044bd765ff774b7738ad5333f2a74d8f247c8d7b
SHA512 49210825824c6bce31081e9a58ed96a1352ae8a886a169a0fa09ab17ab16e62bbd7a8ff24628e6267c76a11097f88db152db3b2e4d040cab8d835e9e11b38254

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 b6b48fb1a5afc9a37fc03a786cb6b8f5
SHA1 d662cfce807e9b458cd64414acde0105ef0b135f
SHA256 719139a79fa4c0d683a3186be67eda72141a67c0624a5794470c389f17479075
SHA512 71588f1c5e7f783edecc2db76c49635316aa94d947108d163029748497ca9ea9a9e7f504d9516beb25d303b391889020924ed5fe51e15c0071bdd8004ed7afd6

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 1236477ae968765109c14a20690f480a
SHA1 c60a0cbf0bc3656b3a4e7d1197da62ba1d193c4f
SHA256 307a1d4cc924912e6ff82bae1526e88559a22569c61a2b700fba17185e388cd4
SHA512 06627ddf6c93325862a8a421a14c46ba312a3ea64af848b61b62d70825f6a319bf6f8b78bb47e88e146cfe95683b98a04262e0bbe3b38bf8fed6b7da20dc3c94

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 573a28767a6684010041d354b8076fdf
SHA1 d332bb1786622e7f75f813db8c188a0ab12cc8dc
SHA256 d0bb43f79a10aff60c25606fe7614aa98408b4d8d747f6d9aee80fa5cc7a09fa
SHA512 db3313e3daf37f0143b867a02fa3cd13191b895a3a9e68809ca3b8534dfb47bd3b352a1093799aed175cb586d1bbccaa217d5353e72335c1f43843c1d544eba7

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 ea2377bd1c7f0f2cad64cdad04e51be0
SHA1 bb5b232c4213f5b78819bff8a449526819bd9679
SHA256 7d87398b12d3c6b0b89cc14dbfc67e6ce66e7d71970932db92473bb638c12119
SHA512 842fdd1f1f7e29a0ae4daf0c5acaa5c76973f689e309a276f7ab1f570c518eac3e3ec844129d609a82fd9ceb09d10dc68da50a81e38216bee4f584a41190299e

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 d0372dceb889920e4d3ebc336a1144da
SHA1 eb388a80a64404ceba3ed0f90655f185477cc339
SHA256 e7a2f803416935fefc7595c2dde0bebec5a7de8248e1606baad368463e23bff5
SHA512 371169c6a57bd0822254f9bc462ca33f327650fc8d7ccc90692ea8a9109d123fcdfa0592410e259daee58dd79b2d4195e993b192cbba4ea73721356739c275e5

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

MD5 a284cdc89f2fa27f774d80651cee9753
SHA1 0bc75a4cf5638271205a5b45c35bbb2b07fe8281
SHA256 8d346d30037ab32115ef066912a84d5cd41bac641841e3c349aa7eff08c70fd3
SHA512 ab9c52e798905414cb4c680d9346789f6d07026d90c4d9b6b5a7d7423b96bb988e3bfc9a69cb4edc4ccfcfe704c7bf1671d904c015952f5567f9ed8dd9a1b143

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

MD5 f54c1b09d78daf943c1ed5292927a3c4
SHA1 594add531cdab873fd5628129123e0e7ab5d5c58
SHA256 7b9d70af0dde934fc6e835eb6962c31e6f6d08a2fe505991fe7d752a4085c161
SHA512 52f56c403a8dcd0026ec645f41ae9e3f58f30e6c3c410433827882c8f229a172e1baef074ba03705ad7a02b3a4582fb12dc362b79ac4dd7f519a3885d3742fe9

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

MD5 190eed5d4cc14fc8726fa7098ad8fe45
SHA1 e776bc0a57b7915e7f728c9939e6dc89ef19c09c
SHA256 f60441141b1a2d1562f4edaf479b031898e3cc2e3ddd147658c8325c7ffeeba4
SHA512 1c0a684085cc38d9baa246a92c8c8f6d053c8447e4511842107e24e91298b8c04341ab38ba0e849867cb41bbc63f7783904bbccea011e565ba4edeffe95cc059

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

MD5 b9187df7e27cf5da7c4a01b7509c2568
SHA1 0ee192a396ed0eca0f6c7e94313fd9429bb8ef09
SHA256 de0029b343755464b75bc538a05daf8c548420180e1d632fc3f2d1143297713c
SHA512 cff66cce45a611675e308b07fe3726594894440d57c3a513112c4212bd9841ab478c4e800e036642d18c7b60870bdd69fcc2955eb67c8b2cc582b0bc3a2c16e2

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

MD5 620336a91357290f5aa1cfc9e3fbe800
SHA1 2f11646d527d905fd41e46e71f8051c4fb25de16
SHA256 6d9a4d87220325db6b6d9c3aa116873486fa8f2b2be6be84aefa786a86419d8b
SHA512 ec6093ffef6be864f0a1e586a3f69b369c6210c816380bffa64069e93f01121eb171200ddff363b6e49b7bee250c2be47eefd013e5605027f5bccdfb6dacf6ca

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

MD5 2646ce66662f915c799acb6bb7cbc27d
SHA1 6c235398921f9588d8d0265d80450be52dbf3134
SHA256 79e974d7f5a4115646a9f405dfcf1314d367f96f304a94ef4a054a849c0f55bb
SHA512 39f0d86f1cabe839a708fd3410258c16ecf69dedec24484afbc0e176e3821f9967d0e15bd493e3ef57834fbb59623c967e023c1c26f90fd8de6fcdb2b9a5ce15

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

MD5 7237b1a013988d828df6bba1ce316178
SHA1 e0457a33e2d05cfffb677bc6b1d0a0f3430e688b
SHA256 c7b4069aa6e3e7cfa1f62ca8d19fc255ad1fcbb7cd7c864a6be0527647b3cdf8
SHA512 649a2abbf45430e39a98ce2a0a4bfecae304db2dc4e2fcc6665aa7f882db8ceaa679c329dfe67306a071027f039db82dc132ab8207f59757fa39ba1532fac409

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

MD5 05af910b09f1334d4eb88974bd8ef535
SHA1 4eff875f202f64d3695044d09cb6d61442161bae
SHA256 be2a1ca4dcf5c5d1390cd4fe3964b4a91f9962876e0714ff3d7012a53bd49ebe
SHA512 de140ac2ac62af66b54addc09cc13c3db134a5f3dd57eac53b0a6e5f2d7c7a3a566969cf9226b44c3fe2ba2bab7fe593a46df71cfa75151a9babf2f931c12295

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

MD5 ecb2263fd0acd3ed786eab51ef9f3c6b
SHA1 bf3109c1748a1395a5c14dd442015bbe24d6a95d
SHA256 d41c2b0c858c9bd7bb6b5fa366eba8a865c5a62acbc792f5c5815a062fdd011a
SHA512 e60670f4f2119cfb848128a355632f187edb0bf06ac87b27c0ae601cb0452df7b300932dfc3ca4df63b58a3f59300cc618ab4d7453f43a6675a39501db94ebb4

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

MD5 3b56fd138ea8d1613492623f86abb7b5
SHA1 9efda1e47136fe7feb0de28bc766bb3a97674375
SHA256 f06701f076e33e22d5bf1e11f39147982453ef0ef409c640c47d597517484603
SHA512 d5458e7796038ec6a20a606f7ef51868ba42b39f382d8077e44c6c1efcf2d3bb9d649ab39b02a495bed7d004ba754d72102fbb73ae0a3f93f6307139e09e0669

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

MD5 34c6b381f3b5d67c7c3633e2a9774110
SHA1 71933708a2a367eb41350a3a0c2a09e72ec0adfa
SHA256 d13a5331153cbf1dce986a350449f7cfcdb814b740893476b08b050621290d22
SHA512 fa5771aa453d690be02ecddc4dcbe22bb425715c8b3dc63c06af5fd7af4370cd2c40ee1e8600eed389c9aa7bdf8208330338eff78d990c2521ed57ab3e5f96da

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

MD5 50f1b28f2639b6f608595330a92cff51
SHA1 fec9d478d28541e3a4e3c2bac1bf4452b8645760
SHA256 ab60d5c5e8092b61fe5d2a44313ff7c2a3fa8a3fae521afde12a99a0aa43388c
SHA512 2e0b95b0cd7ad3484528ad4779fcdca0fd8c756a20aee2175a9846281509b4bae77dfef3fd8a3b8db9626bca59aa2bc0baf7930d27e97cca53f31e46a2c99dea

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

MD5 99b4a4c37f073850a22d37661453619d
SHA1 cc403a035c8b35262e7ba8bd4e6fdd51d96ac7f3
SHA256 e02c3d176d87655f98ad65f94c3365c11a8a3a6014dc45b46ccd94ad5822d4b3
SHA512 cba681ba3e45e9d1cf25eb8af9e484d28a3c9d690ba7c1cdac6f8c29b2eae6f97617feac9c416aa6ccd5800c859c79b6fdee7379ac64f96b1c55536183a4a958

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

MD5 aa278644b2079ee0f59a39ef10b5a5b8
SHA1 8622ab910e94fe027c22355a45a984f73e5dd5b0
SHA256 0a26500684cbb5235c4e5e796c5c6eefb9f4bd34ab2f0be088290dad446ca3e7
SHA512 d882e4a4591c6b2e968e115d7ea54c5c751c9f4fd9b1f11493f47a7b310aa4ac8df41747ab599cb5f77edaa8165d8d3966a2578fe5296cd4699bb260603f78d3

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

MD5 fe334453db88b9c171a76a696331b4c2
SHA1 198766b5dd8c388146a4afc72372506333db5430
SHA256 2c273b88e7026c758021db3e036377c9178754e16fad62956aa8036c71dc57a9
SHA512 69934b9b6cb2cd00e5b0e18b09b098fc278a2c0816390e5f8f753f67fe8fffa706bd478d98526bfa1ecd22c3f3140c812b568951d3bec307d5eba0ee5715f512

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

MD5 5db1f745894f40cabd0ceb2c1b99459b
SHA1 e5e9b4beee817c08f0f08d8c96a31e4518ef3880
SHA256 39a185518b3cb2ef6fe13422ce3f08240a69dbdddf383558c8c152615b33cde9
SHA512 c60f7c694bb848eb9f7c1b1f42a9aa00aa628ba4838b6ec10368a92e81563d9bf437e88fcd62a38bf7842319e173b5b70990c7f825991472694e9f1e93135aee

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

MD5 162cf268fc74516f29e3e1b5ec5c0387
SHA1 154cd5d5bb81fa71646ff36226c039494fc82ef4
SHA256 918bd1c65f665f646a39a7247db4d2956d105380e3c14904fb6a3ccf3c37bee0
SHA512 1570fd24f52aafec0c53da1358d8e53b626a9c5dc999a9b120f5740271508b5da8af16cc6866e946dcf1dcd282df375f7458e34a761a0daa85187d77062e563e

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

MD5 9be290bc6682362cc4f25f340513f262
SHA1 02e60caf13ae3cca49b6924645c4955b85270e81
SHA256 a8cc76fd2e243702e8737b3c038cb3317d88267703a57d7dbe067770100f7b7f
SHA512 8e52256a4bb496acf799faf4ab83879234b19eb1aa19286994c86910ff53e72b283a3c3e913a2992b298e38b59db8fb50114a10731b7c47ef355146be6fd9f38

C:\Program Files\Java\jre-1.8\bin\javaws.exe

MD5 f6907cf4cfc4f2750560e5df3c6102af
SHA1 2de5018a6bfab1d4974d647d71644012e08b2c40
SHA256 778a565fc85315efecf91c9181eb4256bab92976dd862e9151938f5c84c4179c
SHA512 19d8d47597da0be28b4b63f3446623fe20ba2d556568d5498026ad2fb0d3cdbadac40b900b4f3d6161000eb49debbfe48c9d82680452c2ecaaa1d30d5cb7c9ac

C:\Program Files\Java\jre-1.8\bin\javaw.exe

MD5 62b31bd0ea97eee5bd268981c69f9da5
SHA1 9ae385f6d6c41c410e522d94a5f66bbe51a687ba
SHA256 fd28500b40892c3dd5442deba6f6a9f5104bae5e5a446e59d7bba348f931f3da
SHA512 e064975a604b53b9c30513f20875e83f67489206f2a0d2266630cda177bb9ab25ccf6365dade3f37f8c33d056203448d564392b041da9b72a692ccb74568fc0e

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

MD5 2e292fd53a04ae73495d31ff73b12781
SHA1 9564a1ffd350f9a5506568706d50ccf4ad03d28e
SHA256 4c284cf8596995257456becd52cc842be1a39fd00434d263f133cfe7c6537f2a
SHA512 29cca4ef797392ef8647a2a16dd8427f33bc3733ce9ba8839c8dc03349bfcf600212b1935cf42595aa6793332a8f98658897d99923ce9a4de85f7ee3dbdbc936

C:\Program Files\Java\jre-1.8\bin\java.exe

MD5 d37427b3c513710be62df7b3762f8a39
SHA1 19c84e0a38f5199828befe3ba0dea903849f1a76
SHA256 01e6e01cada58b41ee0362be372e07dc00936fdf3b8dac7613c3be927f8cbbfa
SHA512 582270b1101bc7d2c9cbbd9bf4344855a66c73a3396ebf46c1fa5a033091bd7a3f38e47db1d79f3a041415321d7cd5d705c344036ec2611956dbfd672aee521d

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

MD5 e1501ba600164baa0f977029134b2feb
SHA1 8713177dee0450a614cd6d8a6da185fa0abdf422
SHA256 ac942dc0960c0454889b54f4dbc6aea402dea351a73346fcd33faba74f41ba5c
SHA512 bb88d77c9488f5eda654ebd2d02a4a79e586764cd79a9ffc5b202d5f64fe67d9a9ae73d161da432c1b7f8b94221040b5aef9a7d5f44ec8bec98d3144990f4740

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

MD5 8454b41145a6c0e143331e9c7cad6e41
SHA1 874b9f522346ad71fb5056cec6f072e9d62ab685
SHA256 9b12ff67605032095cf399131195a68248516537efc2d9e399816fdcd5298f03
SHA512 5928b684021e68d5b48cd7f6773beb78da022cb82a28309eebea6daa809be5580c5bbabb0e8515e583431bc9229e69b23c7df8dac368f25f0c657593c1373f88

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

MD5 4ccfc885f89f5e08743714f85e0add41
SHA1 e7cfbe52fee7615c511bdcdb3ddf716ef20cc9c5
SHA256 db41619c8a22aa6fa47bbc2a8c070c69b5b43f64217b08612b27399c9a3b5518
SHA512 e28fc7980d2619d96cee6e222abc1de276478b9a52ea538578b62a05099f2d1cfa23f93c36d9b5de422902c2b3b3a2b336a876d88d6e5ecbb91731bbe5df0aca

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

MD5 55ffa15e9f16be30c1fcf0f86e0c8d05
SHA1 a1c025a91aa19146055ce163d388b195d30be8ae
SHA256 81eeedd772c53c6f7d7262a4352b132a1da963ef10780fb716bbf26acdd93132
SHA512 da3d7175059702ce4b0981fc220aee1daa5e2f76eb0b94e29dbbd0afe26dc73c02b8243ef46be1c57fa2b2e3fb0315ec47bf847eef1f5118e27f1dc2bdc8f566

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

MD5 8e5c94278c717dddb63f7e37de048375
SHA1 14e704098ecd905ea620623bb40ecfa5f81167d5
SHA256 727e8e3822fbf6734f2f00ca12f60560feaa379bc55494a09eeb6278bd0ed6a8
SHA512 cc65d127743fa455ddefac706d2df51fd9b1c26df3930b73b23a947859d737e24d357248d02751ebb619076f8de6e99d4f740fc5b333d021c590780025cc43a3

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

MD5 2d0b159dac1e1b3954d31777eb2ed124
SHA1 a1e83e9a5b872f5a8f3e26bb1958da6c3772af32
SHA256 0edcdced09381cc6e48165499a9e2acf0eaae2ef4d0218d8dd9308445bb618df
SHA512 560a6378a406a437d5a1835cb05c018d4684dc5d25c1393bfcbf97c1de9787a27875d02004d4ee180903d37165f7d3d786621c3ec82dc8b5c050048b6c33bb4f

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 3306f6424bae7c665387aaf6ea23fcd6
SHA1 ffc5c89ca4f83e5b2054947ff6fcbaf707862c6a
SHA256 74c904cf293e9ecdb63449dcfdbdc7e07a47ffce664fa235815d7712fd0e67fb
SHA512 fcf7069c39a07248a14ab60b7d2733e15d8d7d1133cef498975fc68abb25521df4f9e3f1f5dd83285f5e5f9c369184c096bc83d16b2994733b1896a17f6189d6

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 d2f17110b452af4451fa31b4c6cd52f3
SHA1 9e108ddac054f71c33adbcf038867741a68e417b
SHA256 39148731fcbfe6be68608cd316793a1be6e73e7d9548493b281d63c7600f98e2
SHA512 0f9dfd051ffdc12c42488551072a85435a8cb37c2170d124f211884d3b7c8c62f9339ff9e310b877b940be20977558fb2a8e4513315841b74fb2e7b0bf7e0ee1

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 19de1fe61f6603734e7a9ca0601d761d
SHA1 71bbc83ea1184e7c860bc382202fc093e1dbf485
SHA256 9f5371d30063d180a87ecf02db346fbe500b2fab9745579b02e72706b9cb571d
SHA512 553c1cc00ae526dff52062bfb81613ad4d69ee66526c5b42065fa0128381bfa65cb84a5d91377be95776be0b1c78473a1e37cc3811748de6ebda6a571961a1a9

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 6e4fce0977cc48e1c2d7b1f303e1d9c8
SHA1 b5dc2d759c85f84eadcefa7fcd03eea43fc6f28b
SHA256 ae72f9b7999713237be7f632313de02a4e0ce07db906f3899f3d9ff38816b7f0
SHA512 1697cb0af484ebec98839bbf67d1b6a75398f1ef1b1b96725b508856a821ff3d8f197dc5c0d5521b4b82230f3cfccb661f2960ffbbac23190065a38d967a2d87

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 7d9d06d6666de8f08f384fcb1fa09866
SHA1 5f17ccf4f7e6f9573a2f1f0b4419b7775e555ba3
SHA256 d365829aac96375bd39499808e85498338b00b1ba3e111e17d57c09616bc0bd2
SHA512 024126a4f9c6fe2cfedafd49015d3a76d0f845a06fd01875aeaf0489d54bfaf8ae82e5434a00e6f96fd71f63c308a93325dd867af2c049d90fa26e4029e30ea0

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 6c4678300c855cdc9a61f3aefb82a744
SHA1 d595e5e0ecd5fcc4eb02934666c6af7e4e56f3af
SHA256 53086e222ec826d3fa7c5c2925dfec7bbb3613a62f1afd9bb7d5c55aed4c6beb
SHA512 166a51263f1b91d7026020089beb3271b38700cbdf41c9b27adda6408b3070a0b5d0ab1f06f50bb7fb770122b0d3491576278a4541503740fb63f3926b8a748e

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 7b4f1a2784c3fede0f020e7fea596646
SHA1 579f8b1de428373e934987acdbb3cfe8e0aae033
SHA256 47ae2f63229807cd322e49c478eba750e73b63093034ed041f7c031b39d7bb42
SHA512 5995f789134608e7b0c5f92b8fb52146d53ac31fe1edaa92ace9c84c1401607f44dda190e2a159a839ecef129e01f912a39de52a773d9dbbd3cc1def9e2a2acd

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 4ef83e739c25eecffe98576a20bf9b18
SHA1 f66eff1ff545cffd9fbd2f93a21f33cece8c0d0a
SHA256 90b4e34564661356b5eaeb6c673332e9dba8e918006166cfdaea50214353a19d
SHA512 5bca3d4f8406ce056109e106ff52c561ce9f64aba0ddcd5f21bac89f2d5468d34cfb5668b0d95524d67acf6a80a54b245e446ed81963eb7c1bb9d9ccd71248d7

C:\Program Files\dotnet\dotnet.exe

MD5 d7501ccef74313b07fb5f3fe5cab0c80
SHA1 4eb2c017ba7939385d34f75dad5b0727114218ea
SHA256 a645c1db391d791a13c7949b8e807f735c6891206bbfa8924e8058a58cc8434a
SHA512 259bfb39a4b2ed5ae979742f6d1958298efbb8c2bd9e98d40e5fa3b34420897184d651a92d03cba7cce0db6cd229b12d0303074c2e0f70ff6e9773ca29fa6602

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 819800498080ed511763c37ad8cf733b
SHA1 98af84f143a1beb2c606380f396188aaf65f2d0f
SHA256 5fc09b1ce8441c203e52466c4878d0ca18f406fae2df2f3c3de04b24a4fae343
SHA512 215423e8b63feb6788681f177f04fc95f6f95c8a65794f9c373a3d875f6bbbd20abd1b438adf1257d71eab2fa544a3cc6a4a0e563359ca896d097c1eace830c5

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 b9009f15e5048fce64c8f36e20cb56f2
SHA1 66a945cbdc18b8d32dd012a0fe6f630c79ed4870
SHA256 757f369a3423caf5de18a9bd125afb28784b32a24279b7d361ee28f694c45e61
SHA512 c7aa6ce34c8bd225127ce86c73d34e0434ee800eb565f32cc3720b22377be1ff13ed85bd1f5a93b0cf8b5ad220533a19b5c3065643ddf1979954a3eb5f2fb399

C:\Program Files\7-Zip\7zG.exe

MD5 7afe76b45cced121537a84f3d5980edb
SHA1 a649fe16e8d9cabe77c1dcadaff4e00851c77926
SHA256 f66c3ba21116990142d984bc9011be78b2b40f7d429b71beb9cdfa9b9ef9d0dd
SHA512 27a5ed8f161d71e0259c63412da506f84cecf2827c20e567bf8d625800fae87cd9a6569c76a951ea4f8e023fd065e7087bd1c2d2b964cdc4e5bac39057c54c5a

C:\Program Files\7-Zip\7zFM.exe

MD5 1645703aac3808c7a830894d092d0532
SHA1 93e1fee1de2f12c999436b81266b99053e16b863
SHA256 6f068b0c0e3f3893738977bfb3c7ccfb837fcf704a21aae1c08394718e95c638
SHA512 95c2059e56e453f3604a6b3dd7e535fa418f27edb759f62a86a240a00ea9b0cb2a064a38fbb99e8e31a67cc3f5349b80f9fcfa7f2574080a9045c20def01cad6

C:\Program Files\7-Zip\7z.exe

MD5 03721d813c9fd6a8663743d55352b25d
SHA1 d611a5f9a5a8abed078f9b36c70c4db99854a2da
SHA256 18d3157f41e91febe010eebd09f0f045aca326f1a26aa2da53d0e45845b79b8c
SHA512 06b4f378576f44fd1677eb555f12ed19190e6fd91200e1af93c87b086756707d84c27e4e86aa04d49343b587de4f20d3a6f89fb92a0165d9928acada5e7e0d2a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

MD5 ba72a0b4771de423114d9845dac5309f
SHA1 1d3761c463b51b2ae4730dbed2fea2d6f2317bfc
SHA256 050105c7ff3fd47d1a84fd33b83adda49049d8b72e47ce81a327a9ba94688415
SHA512 29d3ef36304a264ed914b17a0a392d5f998f154928ee859c1f68b5490e32d52e64150b15d2fedc7c91221138a6eadac0824296a09ff58f870c26c053e38e2e18

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 a4653faf030a589e4dcc710a8bcfd85d
SHA1 e190acb2eb38d2587d03822b98964c362f979e0d
SHA256 be1a63ef46ae45ad98d0b5d3221c850ec2720f2063ae5de36028848271d53e1f
SHA512 1bca22bb02e6eb0c24ebce5b82431c190962413177927c181ba56336f6c8cc7edc8015a2bea53af3f164d9d515c846d224a47b6e60ed0a3aa5d05383d255d212

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 6fa4a0e94d93741e40635ab5b3b79108
SHA1 b031cc9b1e254fa22473f8a8b3469549f8314f21
SHA256 a41ee2f9f34f815c03ba524df0698dd2b1e86a78cd42a16f0ded8bc8135c0aca
SHA512 5eee3a7a7d2009f07bbd0ae87e0bd1326141d7ebdaef5c1df019e678b71f776b036d90ec9108431253113f792481bfd7fec45ac37a5aac84cb5029de8b4474b4

C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

MD5 a1b69139957651f633209aa8796c9139
SHA1 4f533e67768ea8442065df4bba2faafa66ddea97
SHA256 d90ae7a757726f37c7a5f8ed5bec4b310fea7eeff390ccd4761fcef2966cddd6
SHA512 be5e7175fe2aa8f897c750b4558158959babbdf5032bb3f1fc7b43bfb295223e6ce4abec20a2135d2256581e7daf7c06e9033bc68438e848d101729a4f72b2df

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

MD5 c1253d15c94784a0ca5d0b83dad803ea
SHA1 c549f885528e232c28b9a865b6d400b111974aa3
SHA256 69e56622ee833c25448d6f04bd92095e0e5392fda94150e8a6f51415ecda44c1
SHA512 80203a79fcc2eb46ed807298e9bf5cb91f5919e1bb8f1375486f3bc471b3a6ec4ff9177590254829d17a1d82dd7e0e150b244ca20e5eab395b9538877fa6fd86

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe

MD5 283a813032bc61dfea3acf240fe3487f
SHA1 882bc22f3e7e8678196e234756b9da083cd9c627
SHA256 4f8e4c3a7392dc0b8ebc1b2bf968e540061700d6326cf2a825b58ffce6ad7124
SHA512 ed6d5224ede841c49f7922d4921920dfdffa3b25d97d5b76c567f747c481a0d13e1427c7219878704f13b86a16e34bfd079a982f58f518d7eb5bb28e746a3aa5

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe

MD5 94a55ced608341ba3667c218f85cfdb5
SHA1 6671ed9426cd7d9540b7dbd845400fa37300effc
SHA256 ba9d66bdf99173475fcbb2396a29bc1fd84737bfc5651042a5a4f5907827ca91
SHA512 c90b8cd864737c3a744c808124289d015321e30093b19968687b908a2a8f660ef0f11431b07695058fd429cda194b364e1a58ebbdecf428c8dfec2499e1b2da9

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe

MD5 ebf6b1eafce8fbb3f88e0e9033c02ec7
SHA1 335ea93b05d7d31f28a2908f61e1fb448909f3e5
SHA256 800e7d2cf4fa4124df2938f1e04a4330ee822856df2737f493a8b0ef3b7669d5
SHA512 325f3a05bc65c51bb827dd1a90af18c16c6f74b39fb3c0d6db233f00ababa75da8f62b0df9b9804d4ce0a3a5cadcb2f399a1274406db1f5e12d55689f5d65970

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe

MD5 9670440929417dedea1bbe2f2efb0154
SHA1 b339d78274cb1da2ae39a91d90b180b6342840a0
SHA256 620ea480cc9582abdafc4e7d61692833eb76ad3867fed7e54d20053b41d89164
SHA512 063851c1aac421f649f298e03040a6e453da74383fc96052c49c0f281248fc7f584d991e69fed1c0448ebd3b79099feee91698b7e325dc0b958ba5ab143bb186

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe

MD5 c51c34be25c698966cdeaeb2d013c9ae
SHA1 e66a8d85a7b62c6cb92a445f928a7af3c8df0192
SHA256 787f94c861bc5057d25261c9619880f54962f2edd103486b937787479b9d5686
SHA512 0b55ed31ee522d22266a45e513a2fa5e3f5056a548d7c978239304fb8ade4e10f68d64c7fbd7f5bf9beb77a7d754f5725dd1c276a1784dc93562caa2a44a101f

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe

MD5 40794049be900a4956748f12115dc8fb
SHA1 8884f343917300864aef3de3f8d71fa755be9438
SHA256 ecb6c66fbf4a6f2ae27e828b92c131cb1802e09f18b6485b5e1965ac17727126
SHA512 d4c9cd57a9ad2d0e3f2c978dc2cd1bb14fc56014e77ddf14b61e00727ab35a9f2ee1cc080ade754110ef94a078785c53f867e12b8ab7316f3e6793d144f48630

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

MD5 65d2901a42d4cf0244a04c64ffda6256
SHA1 6c67cd94923b6160db686e453ebe48d8da4f9813
SHA256 593afbb82b0891025bab1a4facb27571c9c00b489e4a872d3eabb4007f5d5db5
SHA512 81e416dd342fcd557d532884ce8094532589767e381ae3047c4243aabc6c9b65c7a65fbe51c275fbc96dd8bb4cb257af26b4985fa9608da7d6e38dd7f8290e47

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

MD5 7399a4ced31b9b728d67b53e578ff450
SHA1 fe7eea25b8bff7c07b8b281ff67c01479a3e8804
SHA256 deac7f5688c36b2d2bcc18cb7224e7bf34f82a258141a7a5696ae780a2db5dfb
SHA512 0ac1c1c3bb42af93326b432f45070d032ab215583c61863e6abab8ea14818355934d741824c81f800eb8bf66dd70f2c220ea4fd93bd7f94ffef540862861a868

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 a61ee2df205860b7875c875c514dc23a
SHA1 230d5f903d6ef323a85f54b7f7ab19461e8f0c4d
SHA256 4d109b73841e5df5f26fd0c8887e878dd08a4eda4882873a040b8603699ae97a
SHA512 f21b34a87cc552a573b2f3a0d1d6af8f73c6ea635c9a8a32deb1f6f5ea5d5ebd7d67cf413c523d3e21c5563265b64377cf7d04878a8cc1818b564bf3563c52e8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

MD5 56cca67206d71b1320c8ea11c5a554fc
SHA1 2ad6d9172886439b148b13b96f3e95a9644e6f6e
SHA256 5924c5978800ddda626aae42a1b478784327ac99352f22de8427dac28b97b0c1
SHA512 bda71c10167667600d876d6cbf4a251a1caf21001de6039b58340ecc9a3ae8eec5e180260fa223755454b324e72f4199602c9421c7ad9297a9b3e567fcef173a

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 8fe2988ebaaed4b99e532274c9278179
SHA1 f95fd030a1a0af19a41849b1fba7ae141cdbb767
SHA256 2e9b498af37634abef877aa8f4c57be94a92645a724546ccb4aeee64e74a321e
SHA512 caa45cba9eea38eae9e72e4c15f5ee62ae8fe402b3aca041f2e78c3166c7063a877cf71e8c53aa29d11e88eca95ba844add50c911b092f09e5033f50f1920c3f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 17cec3187ad66f56239fc44bf1989ad6
SHA1 162a02133b05219e59c9dce6653379818e87836d
SHA256 b6fbd14a647ddc679cc6c577a2884c497e9411691aad0a4f1ca15aefe6ac9f72
SHA512 d5b79e22a16359ecca69c52aa5f913f91fb9175b6f0c94953056bd0e66ee9cfd5cd3f8772a309b74269207aacdfe82d41947af9c497a6e4b7e718359dffcd010