banload | 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d

Resubmissions

19/12/2024, 22:13

241219-1472hs1nds 10

19/12/2024, 21:43

241219-1kzwss1maj 10

Analysis

max time kernel
123s
max time network
111s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/12/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Size

2.4MB
MD5

0850fb73ac5cf974c11c0a78f2cc0a80
SHA1

f05cc0495fe2a239c76625e6be51f3d52fdcdea2
SHA256

481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d
SHA512

30dae41f217a94117d67a4a8c782386cd8cb892ce4d0f05e4d9afcab1b9427d3ce3675e411fda2b032d74a38c1fa50f7659b2a8c0580fc78e3945292a3215fa9
SSDEEP

49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv3olj3:RF8QUitE4iLqaPWGnEvY

Score

10^/10

banload discovery downloader dropper evasion execution ransomware trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe

Renames multiple (564) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\gl-ES\tipresx.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\AssertSkip.ocx.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\scibxWqo = "MoQeAePwAD`fV^Pob[ZkkwH[EuctHzfH"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue\|~XwNAnW[[mPi"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\15.0.0.0\RuntimeVersion = "v2.0.50727"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\scibxWqo = "hKkNx_brjCbx{OzzHEgNTdcR[fxj{^HF"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\Assembly = "Microsoft.Vbe.Interop, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJnkXAI\\hJ[[VzWTpc\\"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\vngx = "L}N\|u\\p]yNusJKLGj"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV\x7fW"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\skkmocP = "s~OJ\x7fR\\kBy`ok^kD"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue\|\|XwNAnWiQw}t"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "sF]izQ]g\|rQbNNNF"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPBrUinxxtzLmk"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\15.0.0.0	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVgW"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPDRUinxy\x7fzNVR"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "{F]izQ]g\|rQbNNNF"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue\|~xwNAnVPIXdb"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpc\\"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\eTkDtziMmFgRe = "L^tDcfK\\zuoctaUrd\|qCPFNMgF"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\eTkDtziMmFgRe = "fZDcrzBYSMjIcQQJnJu\x7f^V@\\f\x7f"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV^G"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpZL"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue\|{XwNAnUQL}jq"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPCrUinx{vsNiP"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "wF]izQ]g\|rQbNNNF"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue\|{xwNAnT]RvOS"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPDrUinxxsdEsp"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	taskmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\skkmocP = "w~OJ\x7fR\\kBy`ok^kD"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPBRUinxyC~ZJC"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVRg"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV`g"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpi\|"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\RuntimeVersion = "v2.0.50727"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPArUinxz~\x7fkXA"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue\|}XwNAnUmHiv`"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVBW"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPABUinxyEgHlw"	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5064	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2500	msedge.exe
2500	msedge.exe
4512	msedge.exe
4512	msedge.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2580	identity_helper.exe
2580	identity_helper.exe
2824	taskmgr.exe
2824	taskmgr.exe
4320	msedge.exe
4320	msedge.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5064	explorer.exe
2824	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: 33	2568	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Token: SeIncBasePriorityPrivilege	2568	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Token: SeShutdownPrivilege	3676	control.exe
Token: SeCreatePagefilePrivilege	3676	control.exe
Token: SeDebugPrivilege	2824	taskmgr.exe
Token: SeSystemProfilePrivilege	2824	taskmgr.exe
Token: SeCreateGlobalPrivilege	2824	taskmgr.exe
Token: 33	2324	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Token: SeIncBasePriorityPrivilege	2324	481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
Token: 33	2824	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2824	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5064	explorer.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe
2824	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 2824	5064	explorer.exe	82
PID 5064 wrote to memory of 2824	5064	explorer.exe	82
PID 4512 wrote to memory of 2008	4512	msedge.exe	89
PID 4512 wrote to memory of 2008	4512	msedge.exe	89
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 5080	4512	msedge.exe	90
PID 4512 wrote to memory of 2500	4512	msedge.exe	91
PID 4512 wrote to memory of 2500	4512	msedge.exe	91
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92
PID 4512 wrote to memory of 756	4512	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2568

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2544

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /7
  2⤵
  - Checks SCSI registry key(s)
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe (32 bit)"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffc95a53cb8,0x7ffc95a53cc8,0x7ffc95a53cd8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4
1⤵
PID:5744

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\HideRegister.js"
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.exe.tmp

Filesize
5.1MB

MD5
77270e5e57f77439b9a116720df11e6f

SHA1
8d9e2659dce9a5023c6e090a5a631868a0f235f4

SHA256
171b4af0a3808081512f622e673365443f81eed74f8f912338fdfce39bcdcb6d

SHA512
d3e5f3974ea437cfc46c81530f7f3e03c885ccc04ce11129f3cb9f77a09f60653412a0592980c73e906b575e67ce270607d55280ded81b2e787e18620dd0fe25

Download Submit
C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.tmp

Filesize
2.6MB

MD5
5bb5cbdee52cd13a9ed7e369f220945c

SHA1
dc667a794f4fe5453268abc9075395d34fe1737f

SHA256
4755912435193a3f3b3695e097bb6874a99bb0025affdab3c4984798a69552e5

SHA512
e1448bf838766941d9797fe36dde1969ca2a91e698f52cdb12f0fbd310cccaeced961d88e2915f325ee1ebffd9c089df9b8c39b2457a9bf29bf30ef5ff2a06eb

Download Submit
C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.tmp

Filesize
2.6MB

MD5
f2586c499e0f165cff9d00e29fc5603b

SHA1
dff747e3bcc6cfcb7e26ed2392fbbc2f0325cd99

SHA256
9fe347e69df79e82bc1ff1173e96a5c473a068fb7d770bc5eba5419ed982fe25

SHA512
e1e07493876fa2c971453e6fc0cfcdcda1e16467172ebfc838364af879c834b888dd8e9fdac7e50e62cbcb4abfe619ded2fc954e06d853dc6a2aebc84ff7190f

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
2.7MB

MD5
38dca3893291d26c2f1fb7532e151e8c

SHA1
98ac9accfd63e9dd5255a94de367fa9f6555cf64

SHA256
c69f98a6c0269a6dd39dd0efa6ad76769a863e8096947975b51358169eb0ffd0

SHA512
ce69b1e49a686c61f63b5b3f399b1e9691b3cb32c201f58908f78fd7a407b69e02977256e89209ac0ddccbbb9728820121870c554a620fdd3bac8cb3276ff01f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
2.7MB

MD5
14c4a41a4b6d90a416fd5bba377f7b9d

SHA1
b17069f9331f1f1a5f1ad129bd7395bcdd9406e4

SHA256
112500ca02c3637879e0204d1188333f881d5f258ce4e7881946b45bdc49bfe1

SHA512
30f87f8773be8b5bcee359585df0e68070aabe0081aea87011f8c3ddc2b7a3a1e84efac925fd08c3adbaa92578b404945360dd4b44d391dbe42c7902ea190012

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.6MB

MD5
f5d925c6b0bae03ec9096759116f5a9c

SHA1
a3d43ec306ef38fbec36a38461a373ae0fb4ced9

SHA256
0ef58787a676190f0e765831c47f1ad3330fcf39125f17877e688c5293c2e9f3

SHA512
1ba19da961b009f9cce389a844dae41e63c06a439ed24ee04d9233c8fbf40b9a5dc94961591243c25e2320a844686ea25e8792c1888f27329a648b8514329f3f

Download Submit
C:\Program Files\7-Zip\7z.dll.exe

Filesize
4.3MB

MD5
b8205b119d7faae8f831b326a5632581

SHA1
8b788cba7fed5f529f88ef2ef3244f85155b41e6

SHA256
5489c286f713a119b9b0a77de7606d7f0a400fc3a2b507400b65a1346768b126

SHA512
ac04544cca18d5011787fb300d1732c67e70733ec66807f2389beb2605251ebd50d8b8d88416aa840b5ad617f342bd160f7b04ba7efafc3f646ac0f45052a0c3

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
3.1MB

MD5
703acaa9e3a00f23488ae53f96191214

SHA1
050a7abd0da52cdd5a131fc8971ec6055b22b24c

SHA256
fb7c4f01b734a32a659aa7a61a4f903aa58a1f288ef45d71465b44fe344833b1

SHA512
1418f575c47e3336a42de90e545300def71f61240c46bbad2fd36929b70afc48b1b43d801d0675d407ae2222efbeb3f14969507db9b28757a6291b9b06093d48

Download Submit
C:\Program Files\7-Zip\7z.sfx.exe

Filesize
2.8MB

MD5
8d0dc1a366bf429a4ce8ff68ec52a8de

SHA1
764a4742e7172c1468594f8fc50e94bdc71abea1

SHA256
3b5916b34569eaf3aed6c564c23051d29b532015f52a39bde99f0954299c599b

SHA512
4ff89d9b6fd9b13388c5dc4ed37ae8f41093917dc1d9a8a8febf6a01e7cd0437b7e8cc6b5c7f34da44a73f537583babd67f2b834d561885fe4e3e2677ff35bf6

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.exe

Filesize
2.7MB

MD5
080c66a722682eb79630ff34777933d5

SHA1
e5209ed8698437e06c34e0175b35b8d0f259c42a

SHA256
de9d010692633e4fecff31b3801a7a3bad3642cd50ae4aaf10b00caacf22629a

SHA512
bd9169aa55edef7e41c80268b7f45abbae036c17aa14eafb8a11e7498a0486d9905bbad0894f3114a4fc4cbf9777ae23934dd2126c0b4d467ba5021195eb1b42

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
3.5MB

MD5
2e08f4f565a4c8d893380cfe52768498

SHA1
332c5e64b22b97846beaa8341af341856739769a

SHA256
ea736599630b971ac3ebfbb2555d8a2079acad2e21066ad4b4b0bc04c64a842e

SHA512
58302d8d3a35b434ca05c10bb7e8cae36eedf476fb34dd97e8527a32b73bb89f9a8c3bdb4634a153ac0c4c6ce93781fff8cfa80c50d0947d1b3e6aca12c15958

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
3.2MB

MD5
f4daad7f089ab2760f57c2b956a11995

SHA1
0cd18dfe809be4e6e17a6110b46ed3d87b212f10

SHA256
db11ddc38b4fed68e3e1f4ccf5eaa5532f9b326583a54eae14c595523dc0b92a

SHA512
666a23b02ef5c0cebb7fe0658f00e3bcb2d346b4e6799d943f52a337ea709b9ca25d976bd24122079bbf07f181843dbe528db218a20d955b048ae7d2d059cd1c

Download Submit
C:\Program Files\7-Zip\History.txt.exe

Filesize
2.6MB

MD5
c09ce2f1d62d5cb4fb76e630bef52a74

SHA1
d2a5328fd6c614a7d2e5fba2980002d8e647dd06

SHA256
0ca17e949ec28e339e26df32a168b63b64a761529ba19557d10bf52e02051129

SHA512
728c74f853ef600ae09ae17572a67e707c211ae55221e54261f97b5915c200b0810879c7b6532d1491ea0f9bf0daf823f906d41beef9bf17a2cee76388427f61

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
2.6MB

MD5
93c55f1da686ea6c1f81813fdf23c2c7

SHA1
8b992f13185f6a6ca8eb9e737af3b78d5d07ece4

SHA256
37437f84a1740bbb9ad4b0c17e20b7e2d2f8f8d6ca0bfe62a186b6913545627a

SHA512
f25518036c2520b3e2359679e37220bff6f6fe23da8a775a06fb5a4a843f6d6962019ff202dc549db36fb9df0321a52e87f92ba78bf6358c52570f44423b80da

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
2.6MB

MD5
d2d5682ea3ddba11d4ba1e55dc560d29

SHA1
9807a04698f67afe23ec34f4fbfe7413cf7a0671

SHA256
cc7215d0ae59040e41619a0aa1f2a7b973aac8023a916a9d798e81d0a3e7ba36

SHA512
8a3d471134f646fc92978d63fdbcf0d09ab5ed63ef765f1d3e7b7b571601ce13f551ab580548df5a2c78ca361bc779a317071a14c23a0892bcea9e7bebb5307f

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
2.6MB

MD5
9c8b178d83a2288e0371158dda32e7ef

SHA1
3f993f77d7e315270ffdf09dcdbfbc4fc24d5b5d

SHA256
be9f749349e24889cc98c727e6f71f535f6576bd2dd779ac243b738faab4d7de

SHA512
0af3780f8f9808f5a04d2cf976ad0ded7213d1bb97e6a397f07f05aa817519854daec674bfa3a87961398847b0c495844c4800ecde42cade771ffbbcad80e5f0

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.exe

Filesize
2.6MB

MD5
f8d49c8a4bc1b20e9fdb046fd3bab3eb

SHA1
17f9f1e8f5825b904844655a77019db7ee42fa96

SHA256
b7c069e43535f6ada83f419ad4e58bfe6a298bdb17de0fabffe5786f385bdb28

SHA512
0ec43fa0ebd586bfbe05e854112bc1f9d9ebf26675c2989994d260ec0838e6e9e40171a36679703cfd1410bdf0aada3e49b52bcde25356eae972246495ce46cb

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.exe

Filesize
2.6MB

MD5
3d885e500c631fa282eec9ebff831e97

SHA1
d3ddaa1f6fae2b7215cb0a90d293459284d4790f

SHA256
1f1a22d97bfee5ec34c4cbc8a90521233e9a340a319de6713ed905f9e3b59e41

SHA512
31d9bb8d76acb56e9a7e229a428d20ab58c5ea1f4846105aec94ee602c60f68648642ebe7815d2ffb15d221bca27735c06576ac2ea9994b6bef8e7cc2cf92aa5

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.exe

Filesize
2.6MB

MD5
38856547202ef3374ffe0285f3b65af3

SHA1
3c40c3f174726de7f7c6ad5d10a8acc5516eb2dc

SHA256
63e1d5abc2594fa188286556f693b56c3a8364b0a1ca97de5440b5e3f4fc149f

SHA512
96e16648cc9297a2e98c52392219dde512a1c9c05518e1addb933ad186c694a8263605de30c6e7994def8394e5fc12a00bcf068dee37303646f576d366e67532

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.exe

Filesize
2.6MB

MD5
172e1a376f2ebf301bd8c1a2c925f72e

SHA1
1999ce30a014ef1dfa50b7510ce649ded1f5cf51

SHA256
f69c74825040443acde80a6255c54692c280701ee53a14170cf7c364183505c7

SHA512
ccc787b7b5c133901024437432792d3e3d845590abe409d243018544531445a88b7fb464c0f6a640cd8ad7473a687b1b68206eb26528f102498992e16cb12a72

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.exe

Filesize
2.6MB

MD5
1393195eff2ac0b1e8d1c160ee2c4285

SHA1
b89c3db3b6fab7908b73a5a3432565f1f7696472

SHA256
e9bbe631aba14c5fa6f7fe223c5f492721d3233962291412191758257532b0d8

SHA512
8501cdbd559cd3a29497a9c88ded9bc738c8df191e4df4dbfbab0f05710cce5f5eca499ba4f8bc30b2d4086b29cb0b308ecc8abc9ab9a2985593699de9d87595

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.exe

Filesize
2.6MB

MD5
3dd45ab5e74eba736a03c129047bda21

SHA1
5578f2707428cb5c084c46572a0418932d71b280

SHA256
3274e8755cc778533b2f76e0d081f750e23ad9a17f0bfb3f77dd2a14533b2d43

SHA512
a2c90823ea94c34f1a4d99661a963ac67fe95edb19ec81a2bee93976a93ee0e2a8d26b45b8d50397d7ec49027e7ebf4491ec31605c78841cd493a3c0085cb0e9

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.exe

Filesize
2.6MB

MD5
385e24b2d7502aa9f076702d80270d5c

SHA1
3c3dbc8daf1c226b25355a7eb9dadbc66ad3a327

SHA256
86ebef47fbe8c12376836057f2f1aee12c4a589032794915f17be7b50a580fdf

SHA512
7df52a0ede19b4503195753fa0b26f020aed02d9e418eeb9832a53d7c540cf730c2f151834223784fec0d27e37a58bacb2c2ae83b34abcbb0ba57642b3570f23

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.exe

Filesize
2.6MB

MD5
8f8de27f274c6a0cc4b9bb114a923676

SHA1
3d7bcd40c339c829230a4f4d10e97461de9490e8

SHA256
85158e4336c43704df3146fe325fbe2aa2b571aa4e1a4b423d2809a32689c8c3

SHA512
cea2e3f82f1f7c3c7bd4832d53d6b669ea55eb222a4fc0e1d6d3177e3c3f1e9d1e51704119b2ba3841e7f94a202d694b9769050498621dd47be774980a284fae

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.exe

Filesize
2.6MB

MD5
4e434949490106fcded508f4fb6f35a7

SHA1
d79493a8ac913c12a4defefd02b9140329b23f98

SHA256
48b93a436c33b81afe0ae1152dc0c8d815ce865d83516c7e929f14164b57352c

SHA512
47020791736d7728549b32856bfce06ac1f8bace85e55c32ed65760b6efbedfcf8dc693ed76fa84d3580cfd4781991d84ee2574c10daa18bda0f21107e9faada

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.exe

Filesize
2.6MB

MD5
1f0a71e166b24b410d47a916a76bfffe

SHA1
345b971b10cd35842dfba1f1bb815dd9268b58ff

SHA256
9d9d28670d64bb2e3c4ebed9642643d5199a9df837b81bc09e4217adb9236e65

SHA512
d0b8dea899689daa5bf5db0bd9ac3a0d6d5cef42322ed08aeb929bc09b4ccdbd93e19c5d9bc15e82320092cecdf4e59e4f68cd2e53be9c71ff7c152fbc8d0037

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.exe

Filesize
2.6MB

MD5
a396bc9ee5dd81df86cc5250557a4545

SHA1
049f2edd8be5fa3a2ee7d5da84d99e6316abe247

SHA256
b1f18408a1a77d7fb83d41c2f768d3a6edcaac7bd6b683a25023e3325ee8906e

SHA512
882ca44f22f14a8a9de4c24815194b832992a35a8691d12bb05e965444074ee50fbd80aadf2a036c691124587a6e304d944d2b41e28300c06230d1dc4f370d6c

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.exe

Filesize
2.6MB

MD5
104608dae66b455f729b91335a095e57

SHA1
fe5d17b365caa9672c25f9fc06a4cd2cefc2efc9

SHA256
e794bdb29977edf80a3d64a16ade6b5ae1d7002418e0547a1772e39ce353578c

SHA512
d0f81f13b7c91387d58380d89e287476c2e7291621ca6792b24b3d1916ae30dca683cfc0f3d3415730c95ecc85b6e6ce05b52359e04fabcdf90bda4c1b3d48d5

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.exe

Filesize
2.6MB

MD5
a9950acc7f425b7f00143722f5deae77

SHA1
b66c3752415b84b37592650da898551b5503af8e

SHA256
367f2fa49b23b6cfb3141d62c1adebd3f589ffb18131b1ec1cf2a83608ea9e4a

SHA512
6f81c05a453b4e07dd2d65841863afc245abae54cd187bca123ba43f584c90efdf474d2805cc35eadb5e39ed5cf1f43e9263fa9ba8fbd5b9830ca7dbe0dff1c4

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.exe

Filesize
2.6MB

MD5
812d027faf4a6e2a8597c76486d0fdb1

SHA1
fd4698fa1d497e030447ecae9bc5702de9e7d8d7

SHA256
86b76d71566c0cd2fda596dd84cd7b621c547e84e3e13829a3e4b3fd40a48216

SHA512
972b0ceaf348822ec0d8c2b6c1ce6075f3cf970f06fe999a3da491209442c7dfa418d5325d250b60a4ece465c21a80597e16b94b3842e40e40e11729245b9168

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.exe

Filesize
2.6MB

MD5
26e74b9c6d7aee7a7e5e553b4cd63ab3

SHA1
e7be051415588e2dba02ed81229b5bf12b57320d

SHA256
d5f58fe900cc2047a7a5077af0c40b3022ee2699a7f3c0e2dab29b625ea7c8c3

SHA512
dab9420a7b1a9809c1c0fe2e30969f774cd2cf828e4c7eb5220fd3f3ecd141b0dafc02660ff05b8d65e7beadacb014414986605af4076e58c4678a39a8e14e6e

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.exe

Filesize
2.6MB

MD5
a382611f37719d07f4c0c565cb614fa3

SHA1
06aa2cdfa51f525bd030ce17c81ace0bf75648e4

SHA256
4e27825ecc38bfa69ff0aa75d38e4df4e84467bb9ada3bc52ad9966fb88f4d6a

SHA512
05faace6988b56f81c67e20b80da2bba1faa2a18bc9daa8c9d83d12ea41faecb0ca3541a1511e985f296ec2ba959ea9dad5898acc7c5cd158ab313156d6f2254

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.exe

Filesize
2.6MB

MD5
9b6bfc318a8a4ead140f4c56f2c31dc5

SHA1
ca62008533fc9515334d0f938f0c58fc0ff63796

SHA256
9cfc5ecefa0acf67ac62e4e43d3ca231592994e3b14380375b934846fc91faf8

SHA512
ae0dd8c7cd7fb553398833ba9698a5968fd4320cbc182dc954068a353e76295d7cc3d6757ef57090aecf9cf0caa0e9c8995bf7bc7b985b4bd2dd61ccaf23b416

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.exe

Filesize
2.6MB

MD5
cb62604b0863d976d2af5abb7bdee296

SHA1
f597902c30dc240ee751f821bf1babd70658ff70

SHA256
4eff1fca01602fd9af2827773e4785b9b6c9ba648cebb62a905a36730515386d

SHA512
a1d12b260cd40b1dbf20586c4759d90683612c09087c07720f1ee3482ab9519288bbb7dec34e3d24c20df0867487557976a6e9b7d31a62c0a251f966f2b22ad6

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.exe

Filesize
2.6MB

MD5
a8e6837d92f85ef228a7b3f98456b571

SHA1
873e7b73fa8aa219d2e90bf3709a36e0e23ae1dc

SHA256
1624adeff8d681d07b0cc74615eecf16449bb02cd2c8937935e62e9f055c13b9

SHA512
712a240c733ea39313deb32307456a721a41472bf4f48b434af2798d25d89c78ae610f5f0413a4ed7070b959e7abd9d169def28d07c94b574c33102f70ef8ede

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.exe

Filesize
2.6MB

MD5
0833c79bd43981ac520ca13830475584

SHA1
d009b8bdbbec762a2138b709ce76cf614071888d

SHA256
0f11fa2c9c08b8c9a6d9bce107576a1872c60f3c796ee3d5df0a3a234d4ce3ed

SHA512
d141b4ba45c8fb9d3c8fdab8a2ff88e02f5909212600d1538a4dedce2590aa6f872f4ddf59e577b315b3d23fa0dccc6b50fe88513f391620cf9beda0ac786a88

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.exe

Filesize
2.6MB

MD5
5badc0ccb6fe83618648eafcb96ac64a

SHA1
0019779d5722e2a2c9bd79dbe68d7e109fc44229

SHA256
c606da990c900d97da43f804017d77292452ac71ec35532089a64bcf72a3b273

SHA512
526490a2962f05cb7426c41c734927f80853a06b97cd276325410c0331c53a08ef9e2ec89209ec701520f4a3afa9ac367274dcf33d4056a3dd4733ccccad126f

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.exe

Filesize
2.6MB

MD5
30693f12c3ecbcd2b9fe1c47439a9b5a

SHA1
2e3744e2dfd81de55283d90ef651d5f283aa3489

SHA256
2e65b5e0de5ceaece461ebe8b040b89dc14c6fb9e4381fabd930bef39ce9ec1c

SHA512
a6bcc9ee515cb895fb766ec6d3df83eb9f562a5107e5429ab5a57200334ec6785566fdc83324a7f69ce0ae8e00a4212d5855d08832a21320ca39fa89aca8450d

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.exe

Filesize
2.6MB

MD5
33fa19143f34dece8ff77a95442b54fb

SHA1
dd644cbfd66a3c2162bd43bf0ec49be4603be3ca

SHA256
cfab499bb365bb4739bfbe4e111381e00c6f1d078858fd90bd1698d1e844e6ea

SHA512
d0194b7285bcd80e2318a966f58d837dccf0b07affd12ba64de5519b94d280dff6ae1ee0e470cf1ab9a888c51135a6475fdb1a657db5bdeb5db8d1130d9c71af

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.exe

Filesize
2.6MB

MD5
60173fc7176cc862cbf0381f462600d4

SHA1
c58ef1dd5d1a59dd0075339ddc24c024239b89dd

SHA256
b224b38bc8fbb29cdce33598efc062f7ac3088bd18955729872a7d00a56c8977

SHA512
1d7e3e2700aaa21efa0fc47774435eb574f93f89fb4eb29949ca6be460da0b6d24a138c226c1b3623e40ae8fb94c14bd618659b0f1d8b3a160b14edbaa3182d2

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.exe

Filesize
2.6MB

MD5
c819dcc25098c204186c0275e6872b33

SHA1
cc442a01b531dd59cff39fa2f05067ea74a6c629

SHA256
16eabadcd5c46ecaeee28862d18807ce0ccbcb6ceafdc3778a4f7b4ea0e451d1

SHA512
e3942f143ff4b14577df35aad1e091be4440397c9a3252ed5a9afef9ac1b3bf7c320ae70ffd01c11408795034f84d0e12ee62a8e3cb7fc84992a220557a7bb29

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.exe

Filesize
2.6MB

MD5
57cdbab12a218194673dd4fcb59976b1

SHA1
92c83f1a64babf244fccfa335b2b3eccb4b4b9ba

SHA256
13e2a178c2492832e12e30b88d79509c175845c5644d5399b930851ab2401a37

SHA512
6d2d2474db74ca8b468fd207b29162eaf672bf112a3ae3db62dbb5cf8c8ad3fdb4ee147308ba95da5034d27670fb8247c40adaa901c2e1113c991deeea71a405

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.exe

Filesize
2.6MB

MD5
a32b13cc75a523626eb98fb44c2a6838

SHA1
d6e68f7772c89fbc3c8f76f8fc91718d1bd9021a

SHA256
c1475beb55a1a7fceb80cf979ca4bf3b12e153e2f9e0c9e3a79d00f86af5c6bd

SHA512
5cb36adf4453901f630f38c356ab8c08e4eb6609e8a93ac11e8178807820677aa6f70e78b4aacbf697eb1ad1a9825372b82eabd39a2254651931e2c80fb018c5

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.exe

Filesize
2.6MB

MD5
0f0241ac418cc0c9d52cdd07e9b9d524

SHA1
f6f753465a58cf191157794259c531089717cd73

SHA256
f87fe216315443d36e813dd9fbd264392376e640697952cca65ec4455d3f11ab

SHA512
734ecfbfbd336c061864b5ca99b220567765c93be52293fa7d5940f2b05e5e9eaa9cc6800487ddeaed5f4f389478c968a9c7bf629a0f334f9cae3fa40bb56e7f

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.exe

Filesize
2.6MB

MD5
45804aa87a13c3d3fb5e4de3a1c26e85

SHA1
62b1e5d8f3fa366d50591488d99bea595b34b1f9

SHA256
a3b40f79941ab080064d415da58b923c0aba9482950dba03310ee99edeee8f12

SHA512
f496647199573d0723c01ebc4837697a0698318496ffe10df846288b8e986edf3ffa0b73d6de6487de2f99c7eb9d5ccc06b05e75e42e4b2d9b56283a7ee147da

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.exe

Filesize
2.6MB

MD5
6bdb26cd5e170eff6d5fb32d9e3ac481

SHA1
43868999877944d172efc6582685a5df45a33c57

SHA256
086229cb0d98b8d8e9963b3a854fe011c7c729ca705df666ae1f2cf7f49b09cc

SHA512
0b08eeba74784c75beb17ec275387cca9ec49b22ca18e16c8fa3f028cfa5b6817b62261b6e988186c1cacbc46036f2bc5f1c0961382e9cf5e6586fefe4b1a50d

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.exe

Filesize
2.6MB

MD5
ee94498bb0f86c6251c99d325205113d

SHA1
6892cb07b3e91d6b89bf0970a25ced9b331a8ac9

SHA256
32d30f4d61035767b5857e4ef69692645221b0073bc8b93d989e611ac5282f5d

SHA512
a7e0aa6804395fde148336011c7e318b29b0f7798ce03026f0a1677cd8588537831aa7600485340b47ade78a082299a614a0b436fe58885ec536d3eecec55014

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.exe

Filesize
2.6MB

MD5
b1a885c4069e346176d14aea98960a2e

SHA1
376880c7db4a66cadadc2f1568163d194b2b5278

SHA256
064f9b97d0e977c06ac673a34009f875acfb4e7ce5afede93960a976be5b4135

SHA512
3b2a4ea412295118aab1b5b8f6e26517cf59b9af6e1ed6f6f9ae1b625f52268fac34a8ae6ac393c0a6ddc6ee97e5564db110922d0e948908a483c7b0b94413bd

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.exe

Filesize
2.6MB

MD5
434b0ed49a668b84f140d3bd8528fdde

SHA1
c00b94a55a85cf4699bf825792e8b84cd56bb5ff

SHA256
90c0475595dc174b95149337f7d82eccb2a657815378ffceaf6da3eeea801675

SHA512
b6f6c0f1cb1e96fcc9356b189ca12afd8651b327dafd2097f759fc44852577b6893c43a24c224f52d3101cce31697f2496b14e8183f54155b59db6c18c5385f0

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.exe

Filesize
2.6MB

MD5
74b2513e8ff44df35971224c3b59bafb

SHA1
6a2e6e9d5e5c6a61426b4aaf99f483a8db8afb2a

SHA256
2e053586c170f32aa70b5ec821897e5f6246c207e3c7e828043ffacd12a36b40

SHA512
7c041d06911cd3eb47f061f448cf1c4543d9f08caa693c0cad870c4d6973253be0e8d6feca2c36d0068450abb90cfe94132b359122749be9712de25bb374c571

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.exe

Filesize
2.6MB

MD5
e0935c172262d7e01185a4bf298b9ce3

SHA1
5cfa9bf451df516510bea3f95688b1927edd6d2d

SHA256
c1f2f513250361178e11a350e74dbbdd3e139d69cac5d8301f1a43c1b741de92

SHA512
02d1b0ebc023116749b7068a4f84104f2b83dee7a3981e707da6702ecf2deaa0956c671d5ab5cac22be2a5dd2e58956fc5946b840109ba639de8f7b509580d48

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.exe

Filesize
2.6MB

MD5
98a583fb505ff662b2a361738150a854

SHA1
f49d9dc139e51faad53a9d9c56c3e4e38f793c58

SHA256
536601ecc89d4e9c413209e0a99c3ea395888933afab2ed8e2ea6a71ec0fb12b

SHA512
0005971da983256fb8b9cced211e1fb9f6c2ed799c467b49500426572045b03d39992601c39909f7d0af1b3a92b29402da436b533e16e95721a026e9dd80d0a2

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.exe

Filesize
2.6MB

MD5
38fef120a214562d4db8c1530d5af469

SHA1
c0c01df976515f385bc70cf77fa87f79a0befed9

SHA256
aff348ff1bd9e1b731ff4014436befe28795f30b3056d8f174772be573a0113a

SHA512
679d572f3ed07e1a3b4a50e2ef111d825c833df06bd96a4bb98302e9ba9aab63aba59db19ce11de48c43791e1ea963b066eb85cf361525c2014d3af742264b8c

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.exe

Filesize
2.6MB

MD5
cc7abfe6d803adbf2bc19fc5d06dde7c

SHA1
2fb1fcbf6de6c78f7791a82a14ab0cacf3817a3d

SHA256
9a3a7f80b60f95ab0d281c03b635c91cd1aa147854d4e9aad7de6483908a08e4

SHA512
6552e9a3d5b7554e2f243accf2aa43f60be9a2eb5ec6bff0d1d0c739e3cfc517c1578acc4df76e3bbfe345d07e427e0df51b7bcf1766df13642f83f0b71f6f95

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.exe

Filesize
2.6MB

MD5
99f736eaa85563b9c21de3e24cccb897

SHA1
a42388180a2969c293e5b7997ea89f60dec523c1

SHA256
7ca0af8acf7e10dc8961c3fb113f211191c6acafbd11fb98d328ac7d4c6f1c41

SHA512
046692a341431b02ec2175ac6fbff98c6b01bb7d9c8d5f571a140ba73e6f12a88f9dbe4213bd4f7a9e307d9ca28969f3cf56b9cfb7c1bb9d6c3ca2270158d557

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.exe

Filesize
2.6MB

MD5
5c066d6ebcaea1d7d19b5831043eb00b

SHA1
31fa4c7ebd39cd1e0e5153ba80d90899c0bf10f2

SHA256
0bbed03132c145aa3143e9772c67fb5af9eaeded6667b8736cd1d4d616c39ecc

SHA512
1f3cc2e3e40e7bb60d1852250d928881a1ab47b9bcc19bcb057abc60522556fd0c975c7242f42926a5feba9d71507be865f0d6300e5b69d1c4c1d34f61dd1b40

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.exe

Filesize
2.6MB

MD5
133c84d8df365e7f249e2dca0becb873

SHA1
6f6511b774ca0396a69e95a0b0e3af1817a15a5e

SHA256
2047bddbc63195a48f609547208c9dc6efb7e817dfebac589d2dc6f44d954417

SHA512
80edca3e0874b95f1bff9976d2009c4c57cb8751b6387fd7a757e66f2c79738de597619f53abb982e13572cb5921aad692b4179b168df6f770b0910fc64ae805

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.exe

Filesize
2.6MB

MD5
0cd8a79cba9802567e7b24477c4af09f

SHA1
7716f4c90b73828a5992385d8149a98bd0737578

SHA256
5081c10263d3fce91de8bacdb1d6394debf16257fa0570dd26eb5ee4bf55dde0

SHA512
1eb5bd812db5d249d18690534d13ea0f72ce50fa5c1f07e8344fe8c74af6d7e5ad27a855c094c29c7ed3645e9cbcf7620d61acfe95e42668f222aead5a58a5d7

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.exe

Filesize
2.6MB

MD5
8a7d517b2458192c0f8bd9c6c5829036

SHA1
f0c4c90888ae106f71bfb613b7f8df739580f3e6

SHA256
8f35836ca45aef94a87ec4925fe25d925801b1ea56373470eee3df95ca0ce999

SHA512
8450ecc99dd006ad789dbd1b872833efcc2d7db8774c11327895acb867f9f819625430f7d040b422ff5a5791f749c07e01b1253671c73775f64b1334328cde78

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.exe

Filesize
2.6MB

MD5
f22c3590fa0f4c199379191364b06213

SHA1
fe90323b8263675e15dd5c37e15c6e47c7b69b03

SHA256
1b2531b0f7b6976264983ff334accf13a28ebd3655fc9225313c7cd1e714a49a

SHA512
81cc77562b260ed0d1ee829894806902f6fd3841651e7d033164cd156837c5f25695ae459e552b233277c2a26d722ced1434fb92a7d42a4d471ad4910ae62a90

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.exe

Filesize
2.6MB

MD5
8ab4b391e5dae34d70515b9e30cdb76a

SHA1
bc08447f7ae618a6706e7e5a6eadc00341f7fb9d

SHA256
0565b63afcce14be3f1a2716d9edcccd010dc9e32deb28fefa03482095b17a58

SHA512
0d6d70aa2c9e6d300ac9c24ab636f0bb6a0f136a9e0dd712e70be2345502c82db3a86911390e66284d570f3d9892a77f70bc57d130b7dbb3dfa4a4faf0ba4922

Download Submit
C:\Program Files\7-Zip\descript.ion.exe

Filesize
2.6MB

MD5
5e925274af2fed49cfd8fc571bf9a5f9

SHA1
11fa7a77d5b3d0fd33ec19b657cfd65e0ab808db

SHA256
e0a38337a34194d966a94d51ede5ce28539e448b1249323d7632313505d4bdd9

SHA512
10cc3aef5ab6c0584a201a241504856fb73f50cc6f6838027ec87adbcd0ed0f15b9835b9551afa1aeb8f80f9e6f777779e108a78ef7ecb166e1abf40e8d89207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
346KB

MD5
5ef333743c6c699fe5ab1affc600e211

SHA1
db545d4dcb6a8ac9d44d316c9c3f347feae37ed2

SHA256
a90ebb50b5576edffead07defe10ee70bb5e88f2b9e5f85f821ae5d2f079fd8e

SHA512
27df80ae7e2904009f50e7262f0def5bbdbec2e3e132e28c39aae4f7f1a5771da3ce5c13b3214bd029d71c30cdaaaae9fd37910536ef78dcb799f6b67b9396cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9029c262cf1663e33cdd42c9cf978593

SHA1
9227fb21120686e756e23df7c360fd24e259abf0

SHA256
a50aa9f86463869ed625220017d29028671902193fe290adb54cfecc537650d9

SHA512
0ddfde4687db1ae809cb99da8352c5744b50e3ddeb09362667a95d362f5279eeb952825626a42264c1123e62e2f82ee9f7c3d715b7aaff5ab03934f87550d270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c4f5f1c7e0630b07ac86c703923c2332

SHA1
25be62393cbcb06698c6fcb8a926d43a25e85549

SHA256
65ba6b857bd174b939cb04d79c6debc3d19d9acd838ef948b5b4e71235d88170

SHA512
ff540944387b42503a05e80f112e061bea8c687338c902e5c2de75779f20ae4dbd9b3d5b9d6be260822fc728b8d802756133c41e063f2e373c0cd475d0f172c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93f2da2b1a018ab9dbb129763d22b040

SHA1
bf9c7e8092931eddc81a9b3ae7140d5b857c838b

SHA256
d0ef0c5326374681c1df145772ffe734e6b0c7d1db621af0e5bed9bfd83c6e9b

SHA512
f06914ba892eb23b2c80aea9e7cda5a64fda4d3b0f199c75cd845bbe5972e26e9696ac57c6bf60aa61f4b172b4170e56c135fb56d1851449f62b595c3a9f4ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b98ffef0ce8dff53b9525ff6082675be

SHA1
14cda12cf9d40b39cd44c8a8307471e364b915ca

SHA256
7f7a245db925f828e1b338e9382d468aa39fc9a15fb690edec4ba9271bc692ea

SHA512
5667ebefbcb99a998f154d5e42b714d0d55140d2741e84ba5c0645ded1e372eaa690f553d3db0fbf2d32054b58f0a375c826a6eaf1b5b021efa5c20d87e9fd00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78665a4b6be9be8d93e6c3990049a08c

SHA1
df4d0c5ff5a46b1cfe6e71b3fe7f3763b4319ed2

SHA256
81a86085a1cb137709fca6e41c45b44d02c42c9cdc5926846f08a9804efce7f7

SHA512
a74fcb0358ffafd4d5f7a467f662ac36cafaf2a80f60a43f989a85436ecf2018ab448d508e43057727c00d454257d6f3830527f53b80a19ed4c2eb4dd0177b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bae75528620c75bb6195833b95a377cb

SHA1
5b8d349280301f93a47e45e2125c36760220c0e3

SHA256
af2a57d42d10142c86d641b4dc3383d1017e5aa092f5065bcbb95290bc8c2b15

SHA512
b48e1e618631c58310b2c7fed83ab280c23f25fca9f6631ac5898937f6808ae4af998a32f5d05acfa57a1e21ae9a67c4e58c38be4428fd749453db97c329770d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06982e351288bc46a6a67c4f7cc0dcbb

SHA1
de2ca9e613692a6fca71da3deb937b585982b233

SHA256
75e3f85d0ab6941d8ca3f8809555aca97a9a79bae59e6d74403457f7dc12a182

SHA512
cc400e7cf79723a36e102c9199f516e08aa3a9e48a711a8f9eecc2ab716a9b2eec55fd320dab71417b98531e770c6be9e1f3aeb2c57b17928cbb0e1890528ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b5ee072f78773e318d142979a726692

SHA1
8a8c3fb45c04e10743371198a719ca1ad5712d82

SHA256
a0be4f2b8d4b184b051e09c55c36b1d8c8873a2b6dc6ac4edae9f187f68b9d96

SHA512
190073d6200a93bcbafd231cb24b9314bff61c83255245a58b479873e4726abb5c4f02566e3e6524b11a171c736a728b73aba1fa600a4b48ddce6aecc51edbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6303ce1a55ba1158b5dfefd619e4717

SHA1
6ed433e005f335892efdbd7e23afcc537e307da4

SHA256
1ba4fa1eadd9f0e70dfedad100ad458c272da85725c77d778ee3fbc1f47a2858

SHA512
26e30a6769efebe0a13e162e025c09fb358f2e8e11d1bbaa2f40f567be6ab2342053efa8826391eed231c0014ddcf8b0f9e8ea5a47d2cb89c801641fd549ea8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a505.TMP

Filesize
538B

MD5
333b924d12c2d704eb500b1746b1fd4a

SHA1
e4b293be89cdf1ee8c8c7de415cd789796073750

SHA256
71e83e6d8acb682fe42825bfa177dc8e971f00cc3267d61eb64e94475a0a3c03

SHA512
2f988fe766e9369f3dc9755a4ce47d25f28ab0209d3277566875193f0bceaa7b00fdc160c7b0e2e8a656fc861b88bdebf80c65ef1c6ada5c0f051c4e0e290690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6af65862410c421ca47e65f81364f416

SHA1
2b871c9d320782afce90031b0ef9f3f764a61579

SHA256
28767628f22043c92f4a26120e372eee0d7cf8964d6a2a1cd772e85b2a6e0c04

SHA512
6d074c0f56fdb14b63213268af101b6c3405f70ee1edaa57d6c2392af8b17681ffa71da51951761f863537cfb1a2d25b5fef0d18992dc4a2e226659815ce3001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6ccff13ec21b3fbfc12be0083316c24a

SHA1
3920fc326356bb2f20bb62e936b1c10572fc036c

SHA256
5c2599d3407ebded5430118ffc37395033dd5e69b7809e37e7006520d8c5a7f0

SHA512
6ae1a74bad7066e7666eda02ae075d0e2001f25332be3d9878270f48f3c61db34ccc6ac5e4aba3857c0567be4e647e10982f02d57afcaedbfa736cacac9f8dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
a01462a2438605477d84afeb5a4d883c

SHA1
340cd8f3866462ae526257cf5cae0092345fdb91

SHA256
a6469bd101c9b911c94e6abe7a266edbe78b129f43365e8154138bfd8161af4d

SHA512
0d2f8d0582a93401fe2b6d61484e6e47c4340b28a93689774d6c7051d42c59011ef747f5a9b5cae64d1a9f81cabc69e4d088c429f5fac869508d9cecbb777add

Download Submit
memory/2324-423-0x00000000040D0000-0x00000000042DC000-memory.dmp

Filesize
2.0MB

Download
memory/2324-539-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2324-2995-0x00000000040D0000-0x00000000042DC000-memory.dmp

Filesize
2.0MB

Download
memory/2324-361-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2324-364-0x00000000040D0000-0x00000000042DC000-memory.dmp

Filesize
2.0MB

Download
memory/2324-368-0x00000000040D0000-0x00000000042DC000-memory.dmp

Filesize
2.0MB

Download
memory/2324-373-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2324-372-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2324-374-0x00000000040D0000-0x00000000042DC000-memory.dmp

Filesize
2.0MB

Download
memory/2568-2-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2568-0-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2568-9-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2568-12-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2568-13-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2568-14-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2568-49-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2568-48-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2568-138-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2568-156-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2568-2956-0x0000000004240000-0x000000000444C000-memory.dmp

Filesize
2.0MB

Download
memory/2824-203-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-202-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-215-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-212-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-214-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-213-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-211-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-210-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-204-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download
memory/2824-216-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

Filesize
4KB

Download