Malware Analysis Report

2025-01-22 23:08

Sample ID 241219-1472hs1nds
Target 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
SHA256 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d
Tags
banload discovery downloader dropper evasion execution ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d

Threat Level: Known bad

The file 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper evasion execution ransomware trojan

Banload family

Banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Renames multiple (564) files with added filename extension

Checks BIOS information in registry

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Unsigned PE

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-19 22:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-19 22:13

Reported

2024-12-19 22:15

Platform

win11-20241007-en

Max time kernel

123s

Max time network

111s

Command Line

"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A

Renames multiple (564) files with added filename extension

ransomware

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\gl-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\AssertSkip.ocx.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\scibxWqo = "MoQeAePwAD`fV^Pob[ZkkwH[EuctHzfH" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|~XwNAnW[[mPi" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\15.0.0.0\RuntimeVersion = "v2.0.50727" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\scibxWqo = "hKkNx_brjCbx{OzzHEgNTdcR[fxj{^HF" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\Assembly = "Microsoft.Vbe.Interop, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJnkXAI\\hJ[[VzWTpc\\" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\vngx = "L}N|u\\p]yNusJKLGj" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV\x7fW" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\skkmocP = "s~OJ\x7fR\\kBy`ok^kD" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue||XwNAnWiQw}t" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "sF]izQ]g|rQbNNNF" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPBrUinxxtzLmk" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\15.0.0.0 C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVgW" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPDRUinxy\x7fzNVR" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "{F]izQ]g|rQbNNNF" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|~xwNAnVPIXdb" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpc\\" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\eTkDtziMmFgRe = "L^tDcfK\\zuoctaUrd|qCPFNMgF" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\eTkDtziMmFgRe = "fZDcrzBYSMjIcQQJnJu\x7f^V@\\f\x7f" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV^G" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpZL" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|{XwNAnUQL}jq" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPCrUinx{vsNiP" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "wF]izQ]g|rQbNNNF" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|{xwNAnT]RvOS" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPDrUinxxsdEsp" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2} C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\skkmocP = "w~OJ\x7fR\\kBy`ok^kD" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPBRUinxyC~ZJC" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVRg" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV`g" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpi|" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\RuntimeVersion = "v2.0.50727" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPArUinxz~\x7fkXA" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|}XwNAnUmHiv`" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVBW" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPABUinxyEgHlw" C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\control.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5064 wrote to memory of 2824 N/A C:\Windows\explorer.exe C:\Windows\system32\taskmgr.exe
PID 5064 wrote to memory of 2824 N/A C:\Windows\explorer.exe C:\Windows\system32\taskmgr.exe
PID 4512 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe

"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"

C:\Windows\system32\control.exe

"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe

"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe (32 bit)"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffc95a53cb8,0x7ffc95a53cc8,0x7ffc95a53cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\HideRegister.js"

Network

Country Destination Domain Proto
GB 88.221.135.19:443 tcp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.189:443 r.bing.com tcp
US 95.100.195.189:443 r.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 95.100.195.132:443 r.bing.com tcp
US 95.100.195.177:443 th.bing.com tcp
US 95.100.195.187:443 r.bing.com tcp
US 95.100.195.187:443 r.bing.com tcp
US 95.100.195.177:443 th.bing.com tcp
US 8.8.8.8:53 187.195.100.95.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 151.101.193.140:443 alb.reddit.com tcp
US 151.101.193.140:443 alb.reddit.com tcp
US 151.101.65.140:443 alb.reddit.com tcp
US 151.101.65.140:443 alb.reddit.com tcp
US 151.101.129.140:443 alb.reddit.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 151.101.193.140:443 alb.reddit.com tcp
FR 172.217.20.164:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
NL 142.250.27.84:443 accounts.google.com udp
FR 172.217.20.164:443 www.google.com udp
FR 172.217.20.164:443 www.google.com udp
US 151.101.65.140:443 alb.reddit.com tcp

Files

memory/2568-0-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2568-2-0x0000000004240000-0x000000000444C000-memory.dmp

memory/2568-9-0x0000000004240000-0x000000000444C000-memory.dmp

memory/2568-12-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2568-13-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2568-14-0x0000000004240000-0x000000000444C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.tmp

MD5 5bb5cbdee52cd13a9ed7e369f220945c
SHA1 dc667a794f4fe5453268abc9075395d34fe1737f
SHA256 4755912435193a3f3b3695e097bb6874a99bb0025affdab3c4984798a69552e5
SHA512 e1448bf838766941d9797fe36dde1969ca2a91e698f52cdb12f0fbd310cccaeced961d88e2915f325ee1ebffd9c089df9b8c39b2457a9bf29bf30ef5ff2a06eb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 14c4a41a4b6d90a416fd5bba377f7b9d
SHA1 b17069f9331f1f1a5f1ad129bd7395bcdd9406e4
SHA256 112500ca02c3637879e0204d1188333f881d5f258ce4e7881946b45bdc49bfe1
SHA512 30f87f8773be8b5bcee359585df0e68070aabe0081aea87011f8c3ddc2b7a3a1e84efac925fd08c3adbaa92578b404945360dd4b44d391dbe42c7902ea190012

memory/2568-49-0x0000000004240000-0x000000000444C000-memory.dmp

memory/2568-48-0x0000000004240000-0x000000000444C000-memory.dmp

memory/2568-138-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2568-156-0x0000000004240000-0x000000000444C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 a01462a2438605477d84afeb5a4d883c
SHA1 340cd8f3866462ae526257cf5cae0092345fdb91
SHA256 a6469bd101c9b911c94e6abe7a266edbe78b129f43365e8154138bfd8161af4d
SHA512 0d2f8d0582a93401fe2b6d61484e6e47c4340b28a93689774d6c7051d42c59011ef747f5a9b5cae64d1a9f81cabc69e4d088c429f5fac869508d9cecbb777add

memory/2824-204-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-203-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-202-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-215-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-212-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-214-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-213-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-211-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-210-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2824-216-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp

memory/2324-361-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2324-364-0x00000000040D0000-0x00000000042DC000-memory.dmp

memory/2324-368-0x00000000040D0000-0x00000000042DC000-memory.dmp

memory/2324-373-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2324-372-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2324-374-0x00000000040D0000-0x00000000042DC000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.tmp

MD5 f2586c499e0f165cff9d00e29fc5603b
SHA1 dff747e3bcc6cfcb7e26ed2392fbbc2f0325cd99
SHA256 9fe347e69df79e82bc1ff1173e96a5c473a068fb7d770bc5eba5419ed982fe25
SHA512 e1e07493876fa2c971453e6fc0cfcdcda1e16467172ebfc838364af879c834b888dd8e9fdac7e50e62cbcb4abfe619ded2fc954e06d853dc6a2aebc84ff7190f

C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.exe.tmp

MD5 77270e5e57f77439b9a116720df11e6f
SHA1 8d9e2659dce9a5023c6e090a5a631868a0f235f4
SHA256 171b4af0a3808081512f622e673365443f81eed74f8f912338fdfce39bcdcb6d
SHA512 d3e5f3974ea437cfc46c81530f7f3e03c885ccc04ce11129f3cb9f77a09f60653412a0592980c73e906b575e67ce270607d55280ded81b2e787e18620dd0fe25

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 38dca3893291d26c2f1fb7532e151e8c
SHA1 98ac9accfd63e9dd5255a94de367fa9f6555cf64
SHA256 c69f98a6c0269a6dd39dd0efa6ad76769a863e8096947975b51358169eb0ffd0
SHA512 ce69b1e49a686c61f63b5b3f399b1e9691b3cb32c201f58908f78fd7a407b69e02977256e89209ac0ddccbbb9728820121870c554a620fdd3bac8cb3276ff01f

C:\Program Files\7-Zip\7-zip32.dll.exe

MD5 f5d925c6b0bae03ec9096759116f5a9c
SHA1 a3d43ec306ef38fbec36a38461a373ae0fb4ced9
SHA256 0ef58787a676190f0e765831c47f1ad3330fcf39125f17877e688c5293c2e9f3
SHA512 1ba19da961b009f9cce389a844dae41e63c06a439ed24ee04d9233c8fbf40b9a5dc94961591243c25e2320a844686ea25e8792c1888f27329a648b8514329f3f

C:\Program Files\7-Zip\7z.dll.exe

MD5 b8205b119d7faae8f831b326a5632581
SHA1 8b788cba7fed5f529f88ef2ef3244f85155b41e6
SHA256 5489c286f713a119b9b0a77de7606d7f0a400fc3a2b507400b65a1346768b126
SHA512 ac04544cca18d5011787fb300d1732c67e70733ec66807f2389beb2605251ebd50d8b8d88416aa840b5ad617f342bd160f7b04ba7efafc3f646ac0f45052a0c3

C:\Program Files\7-Zip\7z.exe

MD5 703acaa9e3a00f23488ae53f96191214
SHA1 050a7abd0da52cdd5a131fc8971ec6055b22b24c
SHA256 fb7c4f01b734a32a659aa7a61a4f903aa58a1f288ef45d71465b44fe344833b1
SHA512 1418f575c47e3336a42de90e545300def71f61240c46bbad2fd36929b70afc48b1b43d801d0675d407ae2222efbeb3f14969507db9b28757a6291b9b06093d48

C:\Program Files\7-Zip\7z.sfx.exe

MD5 8d0dc1a366bf429a4ce8ff68ec52a8de
SHA1 764a4742e7172c1468594f8fc50e94bdc71abea1
SHA256 3b5916b34569eaf3aed6c564c23051d29b532015f52a39bde99f0954299c599b
SHA512 4ff89d9b6fd9b13388c5dc4ed37ae8f41093917dc1d9a8a8febf6a01e7cd0437b7e8cc6b5c7f34da44a73f537583babd67f2b834d561885fe4e3e2677ff35bf6

C:\Program Files\7-Zip\7zCon.sfx.exe

MD5 080c66a722682eb79630ff34777933d5
SHA1 e5209ed8698437e06c34e0175b35b8d0f259c42a
SHA256 de9d010692633e4fecff31b3801a7a3bad3642cd50ae4aaf10b00caacf22629a
SHA512 bd9169aa55edef7e41c80268b7f45abbae036c17aa14eafb8a11e7498a0486d9905bbad0894f3114a4fc4cbf9777ae23934dd2126c0b4d467ba5021195eb1b42

C:\Program Files\7-Zip\7zFM.exe

MD5 2e08f4f565a4c8d893380cfe52768498
SHA1 332c5e64b22b97846beaa8341af341856739769a
SHA256 ea736599630b971ac3ebfbb2555d8a2079acad2e21066ad4b4b0bc04c64a842e
SHA512 58302d8d3a35b434ca05c10bb7e8cae36eedf476fb34dd97e8527a32b73bb89f9a8c3bdb4634a153ac0c4c6ce93781fff8cfa80c50d0947d1b3e6aca12c15958

C:\Program Files\7-Zip\7zG.exe

MD5 f4daad7f089ab2760f57c2b956a11995
SHA1 0cd18dfe809be4e6e17a6110b46ed3d87b212f10
SHA256 db11ddc38b4fed68e3e1f4ccf5eaa5532f9b326583a54eae14c595523dc0b92a
SHA512 666a23b02ef5c0cebb7fe0658f00e3bcb2d346b4e6799d943f52a337ea709b9ca25d976bd24122079bbf07f181843dbe528db218a20d955b048ae7d2d059cd1c

C:\Program Files\7-Zip\descript.ion.exe

MD5 5e925274af2fed49cfd8fc571bf9a5f9
SHA1 11fa7a77d5b3d0fd33ec19b657cfd65e0ab808db
SHA256 e0a38337a34194d966a94d51ede5ce28539e448b1249323d7632313505d4bdd9
SHA512 10cc3aef5ab6c0584a201a241504856fb73f50cc6f6838027ec87adbcd0ed0f15b9835b9551afa1aeb8f80f9e6f777779e108a78ef7ecb166e1abf40e8d89207

C:\Program Files\7-Zip\History.txt.exe

MD5 c09ce2f1d62d5cb4fb76e630bef52a74
SHA1 d2a5328fd6c614a7d2e5fba2980002d8e647dd06
SHA256 0ca17e949ec28e339e26df32a168b63b64a761529ba19557d10bf52e02051129
SHA512 728c74f853ef600ae09ae17572a67e707c211ae55221e54261f97b5915c200b0810879c7b6532d1491ea0f9bf0daf823f906d41beef9bf17a2cee76388427f61

C:\Program Files\7-Zip\Lang\af.txt.exe

MD5 93c55f1da686ea6c1f81813fdf23c2c7
SHA1 8b992f13185f6a6ca8eb9e737af3b78d5d07ece4
SHA256 37437f84a1740bbb9ad4b0c17e20b7e2d2f8f8d6ca0bfe62a186b6913545627a
SHA512 f25518036c2520b3e2359679e37220bff6f6fe23da8a775a06fb5a4a843f6d6962019ff202dc549db36fb9df0321a52e87f92ba78bf6358c52570f44423b80da

C:\Program Files\7-Zip\Lang\an.txt.exe

MD5 d2d5682ea3ddba11d4ba1e55dc560d29
SHA1 9807a04698f67afe23ec34f4fbfe7413cf7a0671
SHA256 cc7215d0ae59040e41619a0aa1f2a7b973aac8023a916a9d798e81d0a3e7ba36
SHA512 8a3d471134f646fc92978d63fdbcf0d09ab5ed63ef765f1d3e7b7b571601ce13f551ab580548df5a2c78ca361bc779a317071a14c23a0892bcea9e7bebb5307f

C:\Program Files\7-Zip\Lang\ar.txt.exe

MD5 9c8b178d83a2288e0371158dda32e7ef
SHA1 3f993f77d7e315270ffdf09dcdbfbc4fc24d5b5d
SHA256 be9f749349e24889cc98c727e6f71f535f6576bd2dd779ac243b738faab4d7de
SHA512 0af3780f8f9808f5a04d2cf976ad0ded7213d1bb97e6a397f07f05aa817519854daec674bfa3a87961398847b0c495844c4800ecde42cade771ffbbcad80e5f0

C:\Program Files\7-Zip\Lang\ast.txt.exe

MD5 f8d49c8a4bc1b20e9fdb046fd3bab3eb
SHA1 17f9f1e8f5825b904844655a77019db7ee42fa96
SHA256 b7c069e43535f6ada83f419ad4e58bfe6a298bdb17de0fabffe5786f385bdb28
SHA512 0ec43fa0ebd586bfbe05e854112bc1f9d9ebf26675c2989994d260ec0838e6e9e40171a36679703cfd1410bdf0aada3e49b52bcde25356eae972246495ce46cb

memory/2324-423-0x00000000040D0000-0x00000000042DC000-memory.dmp

C:\Program Files\7-Zip\Lang\az.txt.exe

MD5 3d885e500c631fa282eec9ebff831e97
SHA1 d3ddaa1f6fae2b7215cb0a90d293459284d4790f
SHA256 1f1a22d97bfee5ec34c4cbc8a90521233e9a340a319de6713ed905f9e3b59e41
SHA512 31d9bb8d76acb56e9a7e229a428d20ab58c5ea1f4846105aec94ee602c60f68648642ebe7815d2ffb15d221bca27735c06576ac2ea9994b6bef8e7cc2cf92aa5

C:\Program Files\7-Zip\Lang\ba.txt.exe

MD5 38856547202ef3374ffe0285f3b65af3
SHA1 3c40c3f174726de7f7c6ad5d10a8acc5516eb2dc
SHA256 63e1d5abc2594fa188286556f693b56c3a8364b0a1ca97de5440b5e3f4fc149f
SHA512 96e16648cc9297a2e98c52392219dde512a1c9c05518e1addb933ad186c694a8263605de30c6e7994def8394e5fc12a00bcf068dee37303646f576d366e67532

C:\Program Files\7-Zip\Lang\be.txt.exe

MD5 172e1a376f2ebf301bd8c1a2c925f72e
SHA1 1999ce30a014ef1dfa50b7510ce649ded1f5cf51
SHA256 f69c74825040443acde80a6255c54692c280701ee53a14170cf7c364183505c7
SHA512 ccc787b7b5c133901024437432792d3e3d845590abe409d243018544531445a88b7fb464c0f6a640cd8ad7473a687b1b68206eb26528f102498992e16cb12a72

C:\Program Files\7-Zip\Lang\bg.txt.exe

MD5 1393195eff2ac0b1e8d1c160ee2c4285
SHA1 b89c3db3b6fab7908b73a5a3432565f1f7696472
SHA256 e9bbe631aba14c5fa6f7fe223c5f492721d3233962291412191758257532b0d8
SHA512 8501cdbd559cd3a29497a9c88ded9bc738c8df191e4df4dbfbab0f05710cce5f5eca499ba4f8bc30b2d4086b29cb0b308ecc8abc9ab9a2985593699de9d87595

C:\Program Files\7-Zip\Lang\bn.txt.exe

MD5 3dd45ab5e74eba736a03c129047bda21
SHA1 5578f2707428cb5c084c46572a0418932d71b280
SHA256 3274e8755cc778533b2f76e0d081f750e23ad9a17f0bfb3f77dd2a14533b2d43
SHA512 a2c90823ea94c34f1a4d99661a963ac67fe95edb19ec81a2bee93976a93ee0e2a8d26b45b8d50397d7ec49027e7ebf4491ec31605c78841cd493a3c0085cb0e9

C:\Program Files\7-Zip\Lang\br.txt.exe

MD5 385e24b2d7502aa9f076702d80270d5c
SHA1 3c3dbc8daf1c226b25355a7eb9dadbc66ad3a327
SHA256 86ebef47fbe8c12376836057f2f1aee12c4a589032794915f17be7b50a580fdf
SHA512 7df52a0ede19b4503195753fa0b26f020aed02d9e418eeb9832a53d7c540cf730c2f151834223784fec0d27e37a58bacb2c2ae83b34abcbb0ba57642b3570f23

C:\Program Files\7-Zip\Lang\ca.txt.exe

MD5 8f8de27f274c6a0cc4b9bb114a923676
SHA1 3d7bcd40c339c829230a4f4d10e97461de9490e8
SHA256 85158e4336c43704df3146fe325fbe2aa2b571aa4e1a4b423d2809a32689c8c3
SHA512 cea2e3f82f1f7c3c7bd4832d53d6b669ea55eb222a4fc0e1d6d3177e3c3f1e9d1e51704119b2ba3841e7f94a202d694b9769050498621dd47be774980a284fae

C:\Program Files\7-Zip\Lang\co.txt.exe

MD5 4e434949490106fcded508f4fb6f35a7
SHA1 d79493a8ac913c12a4defefd02b9140329b23f98
SHA256 48b93a436c33b81afe0ae1152dc0c8d815ce865d83516c7e929f14164b57352c
SHA512 47020791736d7728549b32856bfce06ac1f8bace85e55c32ed65760b6efbedfcf8dc693ed76fa84d3580cfd4781991d84ee2574c10daa18bda0f21107e9faada

C:\Program Files\7-Zip\Lang\cs.txt.exe

MD5 1f0a71e166b24b410d47a916a76bfffe
SHA1 345b971b10cd35842dfba1f1bb815dd9268b58ff
SHA256 9d9d28670d64bb2e3c4ebed9642643d5199a9df837b81bc09e4217adb9236e65
SHA512 d0b8dea899689daa5bf5db0bd9ac3a0d6d5cef42322ed08aeb929bc09b4ccdbd93e19c5d9bc15e82320092cecdf4e59e4f68cd2e53be9c71ff7c152fbc8d0037

C:\Program Files\7-Zip\Lang\cy.txt.exe

MD5 a396bc9ee5dd81df86cc5250557a4545
SHA1 049f2edd8be5fa3a2ee7d5da84d99e6316abe247
SHA256 b1f18408a1a77d7fb83d41c2f768d3a6edcaac7bd6b683a25023e3325ee8906e
SHA512 882ca44f22f14a8a9de4c24815194b832992a35a8691d12bb05e965444074ee50fbd80aadf2a036c691124587a6e304d944d2b41e28300c06230d1dc4f370d6c

C:\Program Files\7-Zip\Lang\da.txt.exe

MD5 104608dae66b455f729b91335a095e57
SHA1 fe5d17b365caa9672c25f9fc06a4cd2cefc2efc9
SHA256 e794bdb29977edf80a3d64a16ade6b5ae1d7002418e0547a1772e39ce353578c
SHA512 d0f81f13b7c91387d58380d89e287476c2e7291621ca6792b24b3d1916ae30dca683cfc0f3d3415730c95ecc85b6e6ce05b52359e04fabcdf90bda4c1b3d48d5

C:\Program Files\7-Zip\Lang\de.txt.exe

MD5 a9950acc7f425b7f00143722f5deae77
SHA1 b66c3752415b84b37592650da898551b5503af8e
SHA256 367f2fa49b23b6cfb3141d62c1adebd3f589ffb18131b1ec1cf2a83608ea9e4a
SHA512 6f81c05a453b4e07dd2d65841863afc245abae54cd187bca123ba43f584c90efdf474d2805cc35eadb5e39ed5cf1f43e9263fa9ba8fbd5b9830ca7dbe0dff1c4

C:\Program Files\7-Zip\Lang\el.txt.exe

MD5 812d027faf4a6e2a8597c76486d0fdb1
SHA1 fd4698fa1d497e030447ecae9bc5702de9e7d8d7
SHA256 86b76d71566c0cd2fda596dd84cd7b621c547e84e3e13829a3e4b3fd40a48216
SHA512 972b0ceaf348822ec0d8c2b6c1ce6075f3cf970f06fe999a3da491209442c7dfa418d5325d250b60a4ece465c21a80597e16b94b3842e40e40e11729245b9168

C:\Program Files\7-Zip\Lang\en.ttt.exe

MD5 26e74b9c6d7aee7a7e5e553b4cd63ab3
SHA1 e7be051415588e2dba02ed81229b5bf12b57320d
SHA256 d5f58fe900cc2047a7a5077af0c40b3022ee2699a7f3c0e2dab29b625ea7c8c3
SHA512 dab9420a7b1a9809c1c0fe2e30969f774cd2cf828e4c7eb5220fd3f3ecd141b0dafc02660ff05b8d65e7beadacb014414986605af4076e58c4678a39a8e14e6e

C:\Program Files\7-Zip\Lang\eo.txt.exe

MD5 a382611f37719d07f4c0c565cb614fa3
SHA1 06aa2cdfa51f525bd030ce17c81ace0bf75648e4
SHA256 4e27825ecc38bfa69ff0aa75d38e4df4e84467bb9ada3bc52ad9966fb88f4d6a
SHA512 05faace6988b56f81c67e20b80da2bba1faa2a18bc9daa8c9d83d12ea41faecb0ca3541a1511e985f296ec2ba959ea9dad5898acc7c5cd158ab313156d6f2254

C:\Program Files\7-Zip\Lang\es.txt.exe

MD5 9b6bfc318a8a4ead140f4c56f2c31dc5
SHA1 ca62008533fc9515334d0f938f0c58fc0ff63796
SHA256 9cfc5ecefa0acf67ac62e4e43d3ca231592994e3b14380375b934846fc91faf8
SHA512 ae0dd8c7cd7fb553398833ba9698a5968fd4320cbc182dc954068a353e76295d7cc3d6757ef57090aecf9cf0caa0e9c8995bf7bc7b985b4bd2dd61ccaf23b416

C:\Program Files\7-Zip\Lang\et.txt.exe

MD5 cb62604b0863d976d2af5abb7bdee296
SHA1 f597902c30dc240ee751f821bf1babd70658ff70
SHA256 4eff1fca01602fd9af2827773e4785b9b6c9ba648cebb62a905a36730515386d
SHA512 a1d12b260cd40b1dbf20586c4759d90683612c09087c07720f1ee3482ab9519288bbb7dec34e3d24c20df0867487557976a6e9b7d31a62c0a251f966f2b22ad6

C:\Program Files\7-Zip\Lang\eu.txt.exe

MD5 a8e6837d92f85ef228a7b3f98456b571
SHA1 873e7b73fa8aa219d2e90bf3709a36e0e23ae1dc
SHA256 1624adeff8d681d07b0cc74615eecf16449bb02cd2c8937935e62e9f055c13b9
SHA512 712a240c733ea39313deb32307456a721a41472bf4f48b434af2798d25d89c78ae610f5f0413a4ed7070b959e7abd9d169def28d07c94b574c33102f70ef8ede

C:\Program Files\7-Zip\Lang\ext.txt.exe

MD5 0833c79bd43981ac520ca13830475584
SHA1 d009b8bdbbec762a2138b709ce76cf614071888d
SHA256 0f11fa2c9c08b8c9a6d9bce107576a1872c60f3c796ee3d5df0a3a234d4ce3ed
SHA512 d141b4ba45c8fb9d3c8fdab8a2ff88e02f5909212600d1538a4dedce2590aa6f872f4ddf59e577b315b3d23fa0dccc6b50fe88513f391620cf9beda0ac786a88

C:\Program Files\7-Zip\Lang\fa.txt.exe

MD5 5badc0ccb6fe83618648eafcb96ac64a
SHA1 0019779d5722e2a2c9bd79dbe68d7e109fc44229
SHA256 c606da990c900d97da43f804017d77292452ac71ec35532089a64bcf72a3b273
SHA512 526490a2962f05cb7426c41c734927f80853a06b97cd276325410c0331c53a08ef9e2ec89209ec701520f4a3afa9ac367274dcf33d4056a3dd4733ccccad126f

C:\Program Files\7-Zip\Lang\fi.txt.exe

MD5 30693f12c3ecbcd2b9fe1c47439a9b5a
SHA1 2e3744e2dfd81de55283d90ef651d5f283aa3489
SHA256 2e65b5e0de5ceaece461ebe8b040b89dc14c6fb9e4381fabd930bef39ce9ec1c
SHA512 a6bcc9ee515cb895fb766ec6d3df83eb9f562a5107e5429ab5a57200334ec6785566fdc83324a7f69ce0ae8e00a4212d5855d08832a21320ca39fa89aca8450d

C:\Program Files\7-Zip\Lang\fr.txt.exe

MD5 33fa19143f34dece8ff77a95442b54fb
SHA1 dd644cbfd66a3c2162bd43bf0ec49be4603be3ca
SHA256 cfab499bb365bb4739bfbe4e111381e00c6f1d078858fd90bd1698d1e844e6ea
SHA512 d0194b7285bcd80e2318a966f58d837dccf0b07affd12ba64de5519b94d280dff6ae1ee0e470cf1ab9a888c51135a6475fdb1a657db5bdeb5db8d1130d9c71af

C:\Program Files\7-Zip\Lang\fur.txt.exe

MD5 60173fc7176cc862cbf0381f462600d4
SHA1 c58ef1dd5d1a59dd0075339ddc24c024239b89dd
SHA256 b224b38bc8fbb29cdce33598efc062f7ac3088bd18955729872a7d00a56c8977
SHA512 1d7e3e2700aaa21efa0fc47774435eb574f93f89fb4eb29949ca6be460da0b6d24a138c226c1b3623e40ae8fb94c14bd618659b0f1d8b3a160b14edbaa3182d2

C:\Program Files\7-Zip\Lang\fy.txt.exe

MD5 c819dcc25098c204186c0275e6872b33
SHA1 cc442a01b531dd59cff39fa2f05067ea74a6c629
SHA256 16eabadcd5c46ecaeee28862d18807ce0ccbcb6ceafdc3778a4f7b4ea0e451d1
SHA512 e3942f143ff4b14577df35aad1e091be4440397c9a3252ed5a9afef9ac1b3bf7c320ae70ffd01c11408795034f84d0e12ee62a8e3cb7fc84992a220557a7bb29

C:\Program Files\7-Zip\Lang\ga.txt.exe

MD5 57cdbab12a218194673dd4fcb59976b1
SHA1 92c83f1a64babf244fccfa335b2b3eccb4b4b9ba
SHA256 13e2a178c2492832e12e30b88d79509c175845c5644d5399b930851ab2401a37
SHA512 6d2d2474db74ca8b468fd207b29162eaf672bf112a3ae3db62dbb5cf8c8ad3fdb4ee147308ba95da5034d27670fb8247c40adaa901c2e1113c991deeea71a405

C:\Program Files\7-Zip\Lang\gl.txt.exe

MD5 a32b13cc75a523626eb98fb44c2a6838
SHA1 d6e68f7772c89fbc3c8f76f8fc91718d1bd9021a
SHA256 c1475beb55a1a7fceb80cf979ca4bf3b12e153e2f9e0c9e3a79d00f86af5c6bd
SHA512 5cb36adf4453901f630f38c356ab8c08e4eb6609e8a93ac11e8178807820677aa6f70e78b4aacbf697eb1ad1a9825372b82eabd39a2254651931e2c80fb018c5

C:\Program Files\7-Zip\Lang\gu.txt.exe

MD5 0f0241ac418cc0c9d52cdd07e9b9d524
SHA1 f6f753465a58cf191157794259c531089717cd73
SHA256 f87fe216315443d36e813dd9fbd264392376e640697952cca65ec4455d3f11ab
SHA512 734ecfbfbd336c061864b5ca99b220567765c93be52293fa7d5940f2b05e5e9eaa9cc6800487ddeaed5f4f389478c968a9c7bf629a0f334f9cae3fa40bb56e7f

C:\Program Files\7-Zip\Lang\he.txt.exe

MD5 45804aa87a13c3d3fb5e4de3a1c26e85
SHA1 62b1e5d8f3fa366d50591488d99bea595b34b1f9
SHA256 a3b40f79941ab080064d415da58b923c0aba9482950dba03310ee99edeee8f12
SHA512 f496647199573d0723c01ebc4837697a0698318496ffe10df846288b8e986edf3ffa0b73d6de6487de2f99c7eb9d5ccc06b05e75e42e4b2d9b56283a7ee147da

C:\Program Files\7-Zip\Lang\hi.txt.exe

MD5 6bdb26cd5e170eff6d5fb32d9e3ac481
SHA1 43868999877944d172efc6582685a5df45a33c57
SHA256 086229cb0d98b8d8e9963b3a854fe011c7c729ca705df666ae1f2cf7f49b09cc
SHA512 0b08eeba74784c75beb17ec275387cca9ec49b22ca18e16c8fa3f028cfa5b6817b62261b6e988186c1cacbc46036f2bc5f1c0961382e9cf5e6586fefe4b1a50d

C:\Program Files\7-Zip\Lang\hr.txt.exe

MD5 ee94498bb0f86c6251c99d325205113d
SHA1 6892cb07b3e91d6b89bf0970a25ced9b331a8ac9
SHA256 32d30f4d61035767b5857e4ef69692645221b0073bc8b93d989e611ac5282f5d
SHA512 a7e0aa6804395fde148336011c7e318b29b0f7798ce03026f0a1677cd8588537831aa7600485340b47ade78a082299a614a0b436fe58885ec536d3eecec55014

C:\Program Files\7-Zip\Lang\hu.txt.exe

MD5 b1a885c4069e346176d14aea98960a2e
SHA1 376880c7db4a66cadadc2f1568163d194b2b5278
SHA256 064f9b97d0e977c06ac673a34009f875acfb4e7ce5afede93960a976be5b4135
SHA512 3b2a4ea412295118aab1b5b8f6e26517cf59b9af6e1ed6f6f9ae1b625f52268fac34a8ae6ac393c0a6ddc6ee97e5564db110922d0e948908a483c7b0b94413bd

C:\Program Files\7-Zip\Lang\hy.txt.exe

MD5 434b0ed49a668b84f140d3bd8528fdde
SHA1 c00b94a55a85cf4699bf825792e8b84cd56bb5ff
SHA256 90c0475595dc174b95149337f7d82eccb2a657815378ffceaf6da3eeea801675
SHA512 b6f6c0f1cb1e96fcc9356b189ca12afd8651b327dafd2097f759fc44852577b6893c43a24c224f52d3101cce31697f2496b14e8183f54155b59db6c18c5385f0

C:\Program Files\7-Zip\Lang\id.txt.exe

MD5 74b2513e8ff44df35971224c3b59bafb
SHA1 6a2e6e9d5e5c6a61426b4aaf99f483a8db8afb2a
SHA256 2e053586c170f32aa70b5ec821897e5f6246c207e3c7e828043ffacd12a36b40
SHA512 7c041d06911cd3eb47f061f448cf1c4543d9f08caa693c0cad870c4d6973253be0e8d6feca2c36d0068450abb90cfe94132b359122749be9712de25bb374c571

C:\Program Files\7-Zip\Lang\io.txt.exe

MD5 e0935c172262d7e01185a4bf298b9ce3
SHA1 5cfa9bf451df516510bea3f95688b1927edd6d2d
SHA256 c1f2f513250361178e11a350e74dbbdd3e139d69cac5d8301f1a43c1b741de92
SHA512 02d1b0ebc023116749b7068a4f84104f2b83dee7a3981e707da6702ecf2deaa0956c671d5ab5cac22be2a5dd2e58956fc5946b840109ba639de8f7b509580d48

C:\Program Files\7-Zip\Lang\is.txt.exe

MD5 98a583fb505ff662b2a361738150a854
SHA1 f49d9dc139e51faad53a9d9c56c3e4e38f793c58
SHA256 536601ecc89d4e9c413209e0a99c3ea395888933afab2ed8e2ea6a71ec0fb12b
SHA512 0005971da983256fb8b9cced211e1fb9f6c2ed799c467b49500426572045b03d39992601c39909f7d0af1b3a92b29402da436b533e16e95721a026e9dd80d0a2

C:\Program Files\7-Zip\Lang\it.txt.exe

MD5 38fef120a214562d4db8c1530d5af469
SHA1 c0c01df976515f385bc70cf77fa87f79a0befed9
SHA256 aff348ff1bd9e1b731ff4014436befe28795f30b3056d8f174772be573a0113a
SHA512 679d572f3ed07e1a3b4a50e2ef111d825c833df06bd96a4bb98302e9ba9aab63aba59db19ce11de48c43791e1ea963b066eb85cf361525c2014d3af742264b8c

C:\Program Files\7-Zip\Lang\ja.txt.exe

MD5 cc7abfe6d803adbf2bc19fc5d06dde7c
SHA1 2fb1fcbf6de6c78f7791a82a14ab0cacf3817a3d
SHA256 9a3a7f80b60f95ab0d281c03b635c91cd1aa147854d4e9aad7de6483908a08e4
SHA512 6552e9a3d5b7554e2f243accf2aa43f60be9a2eb5ec6bff0d1d0c739e3cfc517c1578acc4df76e3bbfe345d07e427e0df51b7bcf1766df13642f83f0b71f6f95

C:\Program Files\7-Zip\Lang\ka.txt.exe

MD5 99f736eaa85563b9c21de3e24cccb897
SHA1 a42388180a2969c293e5b7997ea89f60dec523c1
SHA256 7ca0af8acf7e10dc8961c3fb113f211191c6acafbd11fb98d328ac7d4c6f1c41
SHA512 046692a341431b02ec2175ac6fbff98c6b01bb7d9c8d5f571a140ba73e6f12a88f9dbe4213bd4f7a9e307d9ca28969f3cf56b9cfb7c1bb9d6c3ca2270158d557

C:\Program Files\7-Zip\Lang\kaa.txt.exe

MD5 5c066d6ebcaea1d7d19b5831043eb00b
SHA1 31fa4c7ebd39cd1e0e5153ba80d90899c0bf10f2
SHA256 0bbed03132c145aa3143e9772c67fb5af9eaeded6667b8736cd1d4d616c39ecc
SHA512 1f3cc2e3e40e7bb60d1852250d928881a1ab47b9bcc19bcb057abc60522556fd0c975c7242f42926a5feba9d71507be865f0d6300e5b69d1c4c1d34f61dd1b40

C:\Program Files\7-Zip\Lang\kab.txt.exe

MD5 133c84d8df365e7f249e2dca0becb873
SHA1 6f6511b774ca0396a69e95a0b0e3af1817a15a5e
SHA256 2047bddbc63195a48f609547208c9dc6efb7e817dfebac589d2dc6f44d954417
SHA512 80edca3e0874b95f1bff9976d2009c4c57cb8751b6387fd7a757e66f2c79738de597619f53abb982e13572cb5921aad692b4179b168df6f770b0910fc64ae805

C:\Program Files\7-Zip\Lang\kk.txt.exe

MD5 0cd8a79cba9802567e7b24477c4af09f
SHA1 7716f4c90b73828a5992385d8149a98bd0737578
SHA256 5081c10263d3fce91de8bacdb1d6394debf16257fa0570dd26eb5ee4bf55dde0
SHA512 1eb5bd812db5d249d18690534d13ea0f72ce50fa5c1f07e8344fe8c74af6d7e5ad27a855c094c29c7ed3645e9cbcf7620d61acfe95e42668f222aead5a58a5d7

C:\Program Files\7-Zip\Lang\ko.txt.exe

MD5 8a7d517b2458192c0f8bd9c6c5829036
SHA1 f0c4c90888ae106f71bfb613b7f8df739580f3e6
SHA256 8f35836ca45aef94a87ec4925fe25d925801b1ea56373470eee3df95ca0ce999
SHA512 8450ecc99dd006ad789dbd1b872833efcc2d7db8774c11327895acb867f9f819625430f7d040b422ff5a5791f749c07e01b1253671c73775f64b1334328cde78

C:\Program Files\7-Zip\Lang\ku-ckb.txt.exe

MD5 f22c3590fa0f4c199379191364b06213
SHA1 fe90323b8263675e15dd5c37e15c6e47c7b69b03
SHA256 1b2531b0f7b6976264983ff334accf13a28ebd3655fc9225313c7cd1e714a49a
SHA512 81cc77562b260ed0d1ee829894806902f6fd3841651e7d033164cd156837c5f25695ae459e552b233277c2a26d722ced1434fb92a7d42a4d471ad4910ae62a90

C:\Program Files\7-Zip\Lang\ku.txt.exe

MD5 8ab4b391e5dae34d70515b9e30cdb76a
SHA1 bc08447f7ae618a6706e7e5a6eadc00341f7fb9d
SHA256 0565b63afcce14be3f1a2716d9edcccd010dc9e32deb28fefa03482095b17a58
SHA512 0d6d70aa2c9e6d300ac9c24ab636f0bb6a0f136a9e0dd712e70be2345502c82db3a86911390e66284d570f3d9892a77f70bc57d130b7dbb3dfa4a4faf0ba4922

memory/2324-539-0x0000000000400000-0x0000000000616000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a28bb0d36049e72d00393056dce10a26
SHA1 c753387b64cc15c0efc80084da393acdb4fc01d0
SHA256 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1
SHA512 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 554d6d27186fa7d6762d95dde7a17584
SHA1 93ea7b20b8fae384cf0be0d65e4295097112fdca
SHA256 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb
SHA512 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78665a4b6be9be8d93e6c3990049a08c
SHA1 df4d0c5ff5a46b1cfe6e71b3fe7f3763b4319ed2
SHA256 81a86085a1cb137709fca6e41c45b44d02c42c9cdc5926846f08a9804efce7f7
SHA512 a74fcb0358ffafd4d5f7a467f662ac36cafaf2a80f60a43f989a85436ecf2018ab448d508e43057727c00d454257d6f3830527f53b80a19ed4c2eb4dd0177b40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ccff13ec21b3fbfc12be0083316c24a
SHA1 3920fc326356bb2f20bb62e936b1c10572fc036c
SHA256 5c2599d3407ebded5430118ffc37395033dd5e69b7809e37e7006520d8c5a7f0
SHA512 6ae1a74bad7066e7666eda02ae075d0e2001f25332be3d9878270f48f3c61db34ccc6ac5e4aba3857c0567be4e647e10982f02d57afcaedbfa736cacac9f8dd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bae75528620c75bb6195833b95a377cb
SHA1 5b8d349280301f93a47e45e2125c36760220c0e3
SHA256 af2a57d42d10142c86d641b4dc3383d1017e5aa092f5065bcbb95290bc8c2b15
SHA512 b48e1e618631c58310b2c7fed83ab280c23f25fca9f6631ac5898937f6808ae4af998a32f5d05acfa57a1e21ae9a67c4e58c38be4428fd749453db97c329770d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a6303ce1a55ba1158b5dfefd619e4717
SHA1 6ed433e005f335892efdbd7e23afcc537e307da4
SHA256 1ba4fa1eadd9f0e70dfedad100ad458c272da85725c77d778ee3fbc1f47a2858
SHA512 26e30a6769efebe0a13e162e025c09fb358f2e8e11d1bbaa2f40f567be6ab2342053efa8826391eed231c0014ddcf8b0f9e8ea5a47d2cb89c801641fd549ea8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a505.TMP

MD5 333b924d12c2d704eb500b1746b1fd4a
SHA1 e4b293be89cdf1ee8c8c7de415cd789796073750
SHA256 71e83e6d8acb682fe42825bfa177dc8e971f00cc3267d61eb64e94475a0a3c03
SHA512 2f988fe766e9369f3dc9755a4ce47d25f28ab0209d3277566875193f0bceaa7b00fdc160c7b0e2e8a656fc861b88bdebf80c65ef1c6ada5c0f051c4e0e290690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93f2da2b1a018ab9dbb129763d22b040
SHA1 bf9c7e8092931eddc81a9b3ae7140d5b857c838b
SHA256 d0ef0c5326374681c1df145772ffe734e6b0c7d1db621af0e5bed9bfd83c6e9b
SHA512 f06914ba892eb23b2c80aea9e7cda5a64fda4d3b0f199c75cd845bbe5972e26e9696ac57c6bf60aa61f4b172b4170e56c135fb56d1851449f62b595c3a9f4ade

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 5ef333743c6c699fe5ab1affc600e211
SHA1 db545d4dcb6a8ac9d44d316c9c3f347feae37ed2
SHA256 a90ebb50b5576edffead07defe10ee70bb5e88f2b9e5f85f821ae5d2f079fd8e
SHA512 27df80ae7e2904009f50e7262f0def5bbdbec2e3e132e28c39aae4f7f1a5771da3ce5c13b3214bd029d71c30cdaaaae9fd37910536ef78dcb799f6b67b9396cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 06982e351288bc46a6a67c4f7cc0dcbb
SHA1 de2ca9e613692a6fca71da3deb937b585982b233
SHA256 75e3f85d0ab6941d8ca3f8809555aca97a9a79bae59e6d74403457f7dc12a182
SHA512 cc400e7cf79723a36e102c9199f516e08aa3a9e48a711a8f9eecc2ab716a9b2eec55fd320dab71417b98531e770c6be9e1f3aeb2c57b17928cbb0e1890528ff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b5ee072f78773e318d142979a726692
SHA1 8a8c3fb45c04e10743371198a719ca1ad5712d82
SHA256 a0be4f2b8d4b184b051e09c55c36b1d8c8873a2b6dc6ac4edae9f187f68b9d96
SHA512 190073d6200a93bcbafd231cb24b9314bff61c83255245a58b479873e4726abb5c4f02566e3e6524b11a171c736a728b73aba1fa600a4b48ddce6aecc51edbce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9029c262cf1663e33cdd42c9cf978593
SHA1 9227fb21120686e756e23df7c360fd24e259abf0
SHA256 a50aa9f86463869ed625220017d29028671902193fe290adb54cfecc537650d9
SHA512 0ddfde4687db1ae809cb99da8352c5744b50e3ddeb09362667a95d362f5279eeb952825626a42264c1123e62e2f82ee9f7c3d715b7aaff5ab03934f87550d270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b98ffef0ce8dff53b9525ff6082675be
SHA1 14cda12cf9d40b39cd44c8a8307471e364b915ca
SHA256 7f7a245db925f828e1b338e9382d468aa39fc9a15fb690edec4ba9271bc692ea
SHA512 5667ebefbcb99a998f154d5e42b714d0d55140d2741e84ba5c0645ded1e372eaa690f553d3db0fbf2d32054b58f0a375c826a6eaf1b5b021efa5c20d87e9fd00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6af65862410c421ca47e65f81364f416
SHA1 2b871c9d320782afce90031b0ef9f3f764a61579
SHA256 28767628f22043c92f4a26120e372eee0d7cf8964d6a2a1cd772e85b2a6e0c04
SHA512 6d074c0f56fdb14b63213268af101b6c3405f70ee1edaa57d6c2392af8b17681ffa71da51951761f863537cfb1a2d25b5fef0d18992dc4a2e226659815ce3001

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c4f5f1c7e0630b07ac86c703923c2332
SHA1 25be62393cbcb06698c6fcb8a926d43a25e85549
SHA256 65ba6b857bd174b939cb04d79c6debc3d19d9acd838ef948b5b4e71235d88170
SHA512 ff540944387b42503a05e80f112e061bea8c687338c902e5c2de75779f20ae4dbd9b3d5b9d6be260822fc728b8d802756133c41e063f2e373c0cd475d0f172c7

memory/2568-2956-0x0000000004240000-0x000000000444C000-memory.dmp

memory/2324-2995-0x00000000040D0000-0x00000000042DC000-memory.dmp