Analysis Overview
SHA256
481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734d
Threat Level: Known bad
The file 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe was found to be: Known bad.
Malicious Activity Summary
Banload family
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Renames multiple (564) files with added filename extension
Checks BIOS information in registry
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: JavaScript
Unsigned PE
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-19 22:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-19 22:13
Reported
2024-12-19 22:15
Platform
win11-20241007-en
Max time kernel
123s
Max time network
111s
Command Line
Signatures
Banload
Banload family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
Renames multiple (564) files with added filename extension
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
Drops file in Program Files directory
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\scibxWqo = "MoQeAePwAD`fV^Pob[ZkkwH[EuctHzfH" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|~XwNAnW[[mPi" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\15.0.0.0\RuntimeVersion = "v2.0.50727" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\scibxWqo = "hKkNx_brjCbx{OzzHEgNTdcR[fxj{^HF" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\Assembly = "Microsoft.Vbe.Interop, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJnkXAI\\hJ[[VzWTpc\\" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\vngx = "L}N|u\\p]yNusJKLGj" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV\x7fW" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\skkmocP = "s~OJ\x7fR\\kBy`ok^kD" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue||XwNAnWiQw}t" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "sF]izQ]g|rQbNNNF" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPBrUinxxtzLmk" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\15.0.0.0 | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVgW" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPDRUinxy\x7fzNVR" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "{F]izQ]g|rQbNNNF" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|~xwNAnVPIXdb" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpc\\" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\eTkDtziMmFgRe = "L^tDcfK\\zuoctaUrd|qCPFNMgF" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\eTkDtziMmFgRe = "fZDcrzBYSMjIcQQJnJu\x7f^V@\\f\x7f" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV^G" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpZL" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|{XwNAnUQL}jq" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPCrUinx{vsNiP" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\skkmocP = "wF]izQ]g|rQbNNNF" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|{xwNAnT]RvOS" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPDrUinxxsdEsp" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2} | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\skkmocP = "w~OJ\x7fR\\kBy`ok^kD" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPBRUinxyC~ZJC" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVRg" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvV`g" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\YdfgmacjybtVx = "WEg]kfn\\BJ^kXAI\\hJk[VzWTpi|" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPArUinxz~\x7fkXA" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\mwimtxpdePQiv = "X[iiFue|}XwNAnUmHiv`" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\YdfgmacjybtVx = "w@TywKFkLTkUkxqgqIGiw\x7fTvVBW" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\{46D9FA19-BCC0-13D1-B2E4-0060975B8649}\mwimtxpdePQiv = "qPz@JvxPABUinxyEgHlw" | C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"
C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe
"C:\Users\Admin\AppData\Local\Temp\481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe 481f49f44f47d75a777518e1c5b0523e28ee7b1eae03ad284f9d68ad7164734dN.exe (32 bit)"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffc95a53cb8,0x7ffc95a53cc8,0x7ffc95a53cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,2351025393295842653,7713965384699958725,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\HideRegister.js"
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.19:443 | tcp | |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 95.100.195.189:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 95.100.195.132:443 | r.bing.com | tcp |
| US | 95.100.195.177:443 | th.bing.com | tcp |
| US | 95.100.195.187:443 | r.bing.com | tcp |
| US | 95.100.195.187:443 | r.bing.com | tcp |
| US | 95.100.195.177:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 187.195.100.95.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
| US | 151.101.129.140:443 | alb.reddit.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
Files
memory/2568-0-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2568-2-0x0000000004240000-0x000000000444C000-memory.dmp
memory/2568-9-0x0000000004240000-0x000000000444C000-memory.dmp
memory/2568-12-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2568-13-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2568-14-0x0000000004240000-0x000000000444C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.tmp
| MD5 | 5bb5cbdee52cd13a9ed7e369f220945c |
| SHA1 | dc667a794f4fe5453268abc9075395d34fe1737f |
| SHA256 | 4755912435193a3f3b3695e097bb6874a99bb0025affdab3c4984798a69552e5 |
| SHA512 | e1448bf838766941d9797fe36dde1969ca2a91e698f52cdb12f0fbd310cccaeced961d88e2915f325ee1ebffd9c089df9b8c39b2457a9bf29bf30ef5ff2a06eb |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 14c4a41a4b6d90a416fd5bba377f7b9d |
| SHA1 | b17069f9331f1f1a5f1ad129bd7395bcdd9406e4 |
| SHA256 | 112500ca02c3637879e0204d1188333f881d5f258ce4e7881946b45bdc49bfe1 |
| SHA512 | 30f87f8773be8b5bcee359585df0e68070aabe0081aea87011f8c3ddc2b7a3a1e84efac925fd08c3adbaa92578b404945360dd4b44d391dbe42c7902ea190012 |
memory/2568-49-0x0000000004240000-0x000000000444C000-memory.dmp
memory/2568-48-0x0000000004240000-0x000000000444C000-memory.dmp
memory/2568-138-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2568-156-0x0000000004240000-0x000000000444C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | a01462a2438605477d84afeb5a4d883c |
| SHA1 | 340cd8f3866462ae526257cf5cae0092345fdb91 |
| SHA256 | a6469bd101c9b911c94e6abe7a266edbe78b129f43365e8154138bfd8161af4d |
| SHA512 | 0d2f8d0582a93401fe2b6d61484e6e47c4340b28a93689774d6c7051d42c59011ef747f5a9b5cae64d1a9f81cabc69e4d088c429f5fac869508d9cecbb777add |
memory/2824-204-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-203-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-202-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-215-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-212-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-214-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-213-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-211-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-210-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2824-216-0x000001CABD8F0000-0x000001CABD8F1000-memory.dmp
memory/2324-361-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2324-364-0x00000000040D0000-0x00000000042DC000-memory.dmp
memory/2324-368-0x00000000040D0000-0x00000000042DC000-memory.dmp
memory/2324-373-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2324-372-0x0000000000400000-0x0000000000616000-memory.dmp
memory/2324-374-0x00000000040D0000-0x00000000042DC000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.tmp
| MD5 | f2586c499e0f165cff9d00e29fc5603b |
| SHA1 | dff747e3bcc6cfcb7e26ed2392fbbc2f0325cd99 |
| SHA256 | 9fe347e69df79e82bc1ff1173e96a5c473a068fb7d770bc5eba5419ed982fe25 |
| SHA512 | e1e07493876fa2c971453e6fc0cfcdcda1e16467172ebfc838364af879c834b888dd8e9fdac7e50e62cbcb4abfe619ded2fc954e06d853dc6a2aebc84ff7190f |
C:\$Recycle.Bin\S-1-5-21-556537508-2730415644-482548075-1000\desktop.ini.exe.tmp
| MD5 | 77270e5e57f77439b9a116720df11e6f |
| SHA1 | 8d9e2659dce9a5023c6e090a5a631868a0f235f4 |
| SHA256 | 171b4af0a3808081512f622e673365443f81eed74f8f912338fdfce39bcdcb6d |
| SHA512 | d3e5f3974ea437cfc46c81530f7f3e03c885ccc04ce11129f3cb9f77a09f60653412a0592980c73e906b575e67ce270607d55280ded81b2e787e18620dd0fe25 |
C:\Program Files\7-Zip\7-zip.chm.exe
| MD5 | 38dca3893291d26c2f1fb7532e151e8c |
| SHA1 | 98ac9accfd63e9dd5255a94de367fa9f6555cf64 |
| SHA256 | c69f98a6c0269a6dd39dd0efa6ad76769a863e8096947975b51358169eb0ffd0 |
| SHA512 | ce69b1e49a686c61f63b5b3f399b1e9691b3cb32c201f58908f78fd7a407b69e02977256e89209ac0ddccbbb9728820121870c554a620fdd3bac8cb3276ff01f |
C:\Program Files\7-Zip\7-zip32.dll.exe
| MD5 | f5d925c6b0bae03ec9096759116f5a9c |
| SHA1 | a3d43ec306ef38fbec36a38461a373ae0fb4ced9 |
| SHA256 | 0ef58787a676190f0e765831c47f1ad3330fcf39125f17877e688c5293c2e9f3 |
| SHA512 | 1ba19da961b009f9cce389a844dae41e63c06a439ed24ee04d9233c8fbf40b9a5dc94961591243c25e2320a844686ea25e8792c1888f27329a648b8514329f3f |
C:\Program Files\7-Zip\7z.dll.exe
| MD5 | b8205b119d7faae8f831b326a5632581 |
| SHA1 | 8b788cba7fed5f529f88ef2ef3244f85155b41e6 |
| SHA256 | 5489c286f713a119b9b0a77de7606d7f0a400fc3a2b507400b65a1346768b126 |
| SHA512 | ac04544cca18d5011787fb300d1732c67e70733ec66807f2389beb2605251ebd50d8b8d88416aa840b5ad617f342bd160f7b04ba7efafc3f646ac0f45052a0c3 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 703acaa9e3a00f23488ae53f96191214 |
| SHA1 | 050a7abd0da52cdd5a131fc8971ec6055b22b24c |
| SHA256 | fb7c4f01b734a32a659aa7a61a4f903aa58a1f288ef45d71465b44fe344833b1 |
| SHA512 | 1418f575c47e3336a42de90e545300def71f61240c46bbad2fd36929b70afc48b1b43d801d0675d407ae2222efbeb3f14969507db9b28757a6291b9b06093d48 |
C:\Program Files\7-Zip\7z.sfx.exe
| MD5 | 8d0dc1a366bf429a4ce8ff68ec52a8de |
| SHA1 | 764a4742e7172c1468594f8fc50e94bdc71abea1 |
| SHA256 | 3b5916b34569eaf3aed6c564c23051d29b532015f52a39bde99f0954299c599b |
| SHA512 | 4ff89d9b6fd9b13388c5dc4ed37ae8f41093917dc1d9a8a8febf6a01e7cd0437b7e8cc6b5c7f34da44a73f537583babd67f2b834d561885fe4e3e2677ff35bf6 |
C:\Program Files\7-Zip\7zCon.sfx.exe
| MD5 | 080c66a722682eb79630ff34777933d5 |
| SHA1 | e5209ed8698437e06c34e0175b35b8d0f259c42a |
| SHA256 | de9d010692633e4fecff31b3801a7a3bad3642cd50ae4aaf10b00caacf22629a |
| SHA512 | bd9169aa55edef7e41c80268b7f45abbae036c17aa14eafb8a11e7498a0486d9905bbad0894f3114a4fc4cbf9777ae23934dd2126c0b4d467ba5021195eb1b42 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 2e08f4f565a4c8d893380cfe52768498 |
| SHA1 | 332c5e64b22b97846beaa8341af341856739769a |
| SHA256 | ea736599630b971ac3ebfbb2555d8a2079acad2e21066ad4b4b0bc04c64a842e |
| SHA512 | 58302d8d3a35b434ca05c10bb7e8cae36eedf476fb34dd97e8527a32b73bb89f9a8c3bdb4634a153ac0c4c6ce93781fff8cfa80c50d0947d1b3e6aca12c15958 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | f4daad7f089ab2760f57c2b956a11995 |
| SHA1 | 0cd18dfe809be4e6e17a6110b46ed3d87b212f10 |
| SHA256 | db11ddc38b4fed68e3e1f4ccf5eaa5532f9b326583a54eae14c595523dc0b92a |
| SHA512 | 666a23b02ef5c0cebb7fe0658f00e3bcb2d346b4e6799d943f52a337ea709b9ca25d976bd24122079bbf07f181843dbe528db218a20d955b048ae7d2d059cd1c |
C:\Program Files\7-Zip\descript.ion.exe
| MD5 | 5e925274af2fed49cfd8fc571bf9a5f9 |
| SHA1 | 11fa7a77d5b3d0fd33ec19b657cfd65e0ab808db |
| SHA256 | e0a38337a34194d966a94d51ede5ce28539e448b1249323d7632313505d4bdd9 |
| SHA512 | 10cc3aef5ab6c0584a201a241504856fb73f50cc6f6838027ec87adbcd0ed0f15b9835b9551afa1aeb8f80f9e6f777779e108a78ef7ecb166e1abf40e8d89207 |
C:\Program Files\7-Zip\History.txt.exe
| MD5 | c09ce2f1d62d5cb4fb76e630bef52a74 |
| SHA1 | d2a5328fd6c614a7d2e5fba2980002d8e647dd06 |
| SHA256 | 0ca17e949ec28e339e26df32a168b63b64a761529ba19557d10bf52e02051129 |
| SHA512 | 728c74f853ef600ae09ae17572a67e707c211ae55221e54261f97b5915c200b0810879c7b6532d1491ea0f9bf0daf823f906d41beef9bf17a2cee76388427f61 |
C:\Program Files\7-Zip\Lang\af.txt.exe
| MD5 | 93c55f1da686ea6c1f81813fdf23c2c7 |
| SHA1 | 8b992f13185f6a6ca8eb9e737af3b78d5d07ece4 |
| SHA256 | 37437f84a1740bbb9ad4b0c17e20b7e2d2f8f8d6ca0bfe62a186b6913545627a |
| SHA512 | f25518036c2520b3e2359679e37220bff6f6fe23da8a775a06fb5a4a843f6d6962019ff202dc549db36fb9df0321a52e87f92ba78bf6358c52570f44423b80da |
C:\Program Files\7-Zip\Lang\an.txt.exe
| MD5 | d2d5682ea3ddba11d4ba1e55dc560d29 |
| SHA1 | 9807a04698f67afe23ec34f4fbfe7413cf7a0671 |
| SHA256 | cc7215d0ae59040e41619a0aa1f2a7b973aac8023a916a9d798e81d0a3e7ba36 |
| SHA512 | 8a3d471134f646fc92978d63fdbcf0d09ab5ed63ef765f1d3e7b7b571601ce13f551ab580548df5a2c78ca361bc779a317071a14c23a0892bcea9e7bebb5307f |
C:\Program Files\7-Zip\Lang\ar.txt.exe
| MD5 | 9c8b178d83a2288e0371158dda32e7ef |
| SHA1 | 3f993f77d7e315270ffdf09dcdbfbc4fc24d5b5d |
| SHA256 | be9f749349e24889cc98c727e6f71f535f6576bd2dd779ac243b738faab4d7de |
| SHA512 | 0af3780f8f9808f5a04d2cf976ad0ded7213d1bb97e6a397f07f05aa817519854daec674bfa3a87961398847b0c495844c4800ecde42cade771ffbbcad80e5f0 |
C:\Program Files\7-Zip\Lang\ast.txt.exe
| MD5 | f8d49c8a4bc1b20e9fdb046fd3bab3eb |
| SHA1 | 17f9f1e8f5825b904844655a77019db7ee42fa96 |
| SHA256 | b7c069e43535f6ada83f419ad4e58bfe6a298bdb17de0fabffe5786f385bdb28 |
| SHA512 | 0ec43fa0ebd586bfbe05e854112bc1f9d9ebf26675c2989994d260ec0838e6e9e40171a36679703cfd1410bdf0aada3e49b52bcde25356eae972246495ce46cb |
memory/2324-423-0x00000000040D0000-0x00000000042DC000-memory.dmp
C:\Program Files\7-Zip\Lang\az.txt.exe
| MD5 | 3d885e500c631fa282eec9ebff831e97 |
| SHA1 | d3ddaa1f6fae2b7215cb0a90d293459284d4790f |
| SHA256 | 1f1a22d97bfee5ec34c4cbc8a90521233e9a340a319de6713ed905f9e3b59e41 |
| SHA512 | 31d9bb8d76acb56e9a7e229a428d20ab58c5ea1f4846105aec94ee602c60f68648642ebe7815d2ffb15d221bca27735c06576ac2ea9994b6bef8e7cc2cf92aa5 |
C:\Program Files\7-Zip\Lang\ba.txt.exe
| MD5 | 38856547202ef3374ffe0285f3b65af3 |
| SHA1 | 3c40c3f174726de7f7c6ad5d10a8acc5516eb2dc |
| SHA256 | 63e1d5abc2594fa188286556f693b56c3a8364b0a1ca97de5440b5e3f4fc149f |
| SHA512 | 96e16648cc9297a2e98c52392219dde512a1c9c05518e1addb933ad186c694a8263605de30c6e7994def8394e5fc12a00bcf068dee37303646f576d366e67532 |
C:\Program Files\7-Zip\Lang\be.txt.exe
| MD5 | 172e1a376f2ebf301bd8c1a2c925f72e |
| SHA1 | 1999ce30a014ef1dfa50b7510ce649ded1f5cf51 |
| SHA256 | f69c74825040443acde80a6255c54692c280701ee53a14170cf7c364183505c7 |
| SHA512 | ccc787b7b5c133901024437432792d3e3d845590abe409d243018544531445a88b7fb464c0f6a640cd8ad7473a687b1b68206eb26528f102498992e16cb12a72 |
C:\Program Files\7-Zip\Lang\bg.txt.exe
| MD5 | 1393195eff2ac0b1e8d1c160ee2c4285 |
| SHA1 | b89c3db3b6fab7908b73a5a3432565f1f7696472 |
| SHA256 | e9bbe631aba14c5fa6f7fe223c5f492721d3233962291412191758257532b0d8 |
| SHA512 | 8501cdbd559cd3a29497a9c88ded9bc738c8df191e4df4dbfbab0f05710cce5f5eca499ba4f8bc30b2d4086b29cb0b308ecc8abc9ab9a2985593699de9d87595 |
C:\Program Files\7-Zip\Lang\bn.txt.exe
| MD5 | 3dd45ab5e74eba736a03c129047bda21 |
| SHA1 | 5578f2707428cb5c084c46572a0418932d71b280 |
| SHA256 | 3274e8755cc778533b2f76e0d081f750e23ad9a17f0bfb3f77dd2a14533b2d43 |
| SHA512 | a2c90823ea94c34f1a4d99661a963ac67fe95edb19ec81a2bee93976a93ee0e2a8d26b45b8d50397d7ec49027e7ebf4491ec31605c78841cd493a3c0085cb0e9 |
C:\Program Files\7-Zip\Lang\br.txt.exe
| MD5 | 385e24b2d7502aa9f076702d80270d5c |
| SHA1 | 3c3dbc8daf1c226b25355a7eb9dadbc66ad3a327 |
| SHA256 | 86ebef47fbe8c12376836057f2f1aee12c4a589032794915f17be7b50a580fdf |
| SHA512 | 7df52a0ede19b4503195753fa0b26f020aed02d9e418eeb9832a53d7c540cf730c2f151834223784fec0d27e37a58bacb2c2ae83b34abcbb0ba57642b3570f23 |
C:\Program Files\7-Zip\Lang\ca.txt.exe
| MD5 | 8f8de27f274c6a0cc4b9bb114a923676 |
| SHA1 | 3d7bcd40c339c829230a4f4d10e97461de9490e8 |
| SHA256 | 85158e4336c43704df3146fe325fbe2aa2b571aa4e1a4b423d2809a32689c8c3 |
| SHA512 | cea2e3f82f1f7c3c7bd4832d53d6b669ea55eb222a4fc0e1d6d3177e3c3f1e9d1e51704119b2ba3841e7f94a202d694b9769050498621dd47be774980a284fae |
C:\Program Files\7-Zip\Lang\co.txt.exe
| MD5 | 4e434949490106fcded508f4fb6f35a7 |
| SHA1 | d79493a8ac913c12a4defefd02b9140329b23f98 |
| SHA256 | 48b93a436c33b81afe0ae1152dc0c8d815ce865d83516c7e929f14164b57352c |
| SHA512 | 47020791736d7728549b32856bfce06ac1f8bace85e55c32ed65760b6efbedfcf8dc693ed76fa84d3580cfd4781991d84ee2574c10daa18bda0f21107e9faada |
C:\Program Files\7-Zip\Lang\cs.txt.exe
| MD5 | 1f0a71e166b24b410d47a916a76bfffe |
| SHA1 | 345b971b10cd35842dfba1f1bb815dd9268b58ff |
| SHA256 | 9d9d28670d64bb2e3c4ebed9642643d5199a9df837b81bc09e4217adb9236e65 |
| SHA512 | d0b8dea899689daa5bf5db0bd9ac3a0d6d5cef42322ed08aeb929bc09b4ccdbd93e19c5d9bc15e82320092cecdf4e59e4f68cd2e53be9c71ff7c152fbc8d0037 |
C:\Program Files\7-Zip\Lang\cy.txt.exe
| MD5 | a396bc9ee5dd81df86cc5250557a4545 |
| SHA1 | 049f2edd8be5fa3a2ee7d5da84d99e6316abe247 |
| SHA256 | b1f18408a1a77d7fb83d41c2f768d3a6edcaac7bd6b683a25023e3325ee8906e |
| SHA512 | 882ca44f22f14a8a9de4c24815194b832992a35a8691d12bb05e965444074ee50fbd80aadf2a036c691124587a6e304d944d2b41e28300c06230d1dc4f370d6c |
C:\Program Files\7-Zip\Lang\da.txt.exe
| MD5 | 104608dae66b455f729b91335a095e57 |
| SHA1 | fe5d17b365caa9672c25f9fc06a4cd2cefc2efc9 |
| SHA256 | e794bdb29977edf80a3d64a16ade6b5ae1d7002418e0547a1772e39ce353578c |
| SHA512 | d0f81f13b7c91387d58380d89e287476c2e7291621ca6792b24b3d1916ae30dca683cfc0f3d3415730c95ecc85b6e6ce05b52359e04fabcdf90bda4c1b3d48d5 |
C:\Program Files\7-Zip\Lang\de.txt.exe
| MD5 | a9950acc7f425b7f00143722f5deae77 |
| SHA1 | b66c3752415b84b37592650da898551b5503af8e |
| SHA256 | 367f2fa49b23b6cfb3141d62c1adebd3f589ffb18131b1ec1cf2a83608ea9e4a |
| SHA512 | 6f81c05a453b4e07dd2d65841863afc245abae54cd187bca123ba43f584c90efdf474d2805cc35eadb5e39ed5cf1f43e9263fa9ba8fbd5b9830ca7dbe0dff1c4 |
C:\Program Files\7-Zip\Lang\el.txt.exe
| MD5 | 812d027faf4a6e2a8597c76486d0fdb1 |
| SHA1 | fd4698fa1d497e030447ecae9bc5702de9e7d8d7 |
| SHA256 | 86b76d71566c0cd2fda596dd84cd7b621c547e84e3e13829a3e4b3fd40a48216 |
| SHA512 | 972b0ceaf348822ec0d8c2b6c1ce6075f3cf970f06fe999a3da491209442c7dfa418d5325d250b60a4ece465c21a80597e16b94b3842e40e40e11729245b9168 |
C:\Program Files\7-Zip\Lang\en.ttt.exe
| MD5 | 26e74b9c6d7aee7a7e5e553b4cd63ab3 |
| SHA1 | e7be051415588e2dba02ed81229b5bf12b57320d |
| SHA256 | d5f58fe900cc2047a7a5077af0c40b3022ee2699a7f3c0e2dab29b625ea7c8c3 |
| SHA512 | dab9420a7b1a9809c1c0fe2e30969f774cd2cf828e4c7eb5220fd3f3ecd141b0dafc02660ff05b8d65e7beadacb014414986605af4076e58c4678a39a8e14e6e |
C:\Program Files\7-Zip\Lang\eo.txt.exe
| MD5 | a382611f37719d07f4c0c565cb614fa3 |
| SHA1 | 06aa2cdfa51f525bd030ce17c81ace0bf75648e4 |
| SHA256 | 4e27825ecc38bfa69ff0aa75d38e4df4e84467bb9ada3bc52ad9966fb88f4d6a |
| SHA512 | 05faace6988b56f81c67e20b80da2bba1faa2a18bc9daa8c9d83d12ea41faecb0ca3541a1511e985f296ec2ba959ea9dad5898acc7c5cd158ab313156d6f2254 |
C:\Program Files\7-Zip\Lang\es.txt.exe
| MD5 | 9b6bfc318a8a4ead140f4c56f2c31dc5 |
| SHA1 | ca62008533fc9515334d0f938f0c58fc0ff63796 |
| SHA256 | 9cfc5ecefa0acf67ac62e4e43d3ca231592994e3b14380375b934846fc91faf8 |
| SHA512 | ae0dd8c7cd7fb553398833ba9698a5968fd4320cbc182dc954068a353e76295d7cc3d6757ef57090aecf9cf0caa0e9c8995bf7bc7b985b4bd2dd61ccaf23b416 |
C:\Program Files\7-Zip\Lang\et.txt.exe
| MD5 | cb62604b0863d976d2af5abb7bdee296 |
| SHA1 | f597902c30dc240ee751f821bf1babd70658ff70 |
| SHA256 | 4eff1fca01602fd9af2827773e4785b9b6c9ba648cebb62a905a36730515386d |
| SHA512 | a1d12b260cd40b1dbf20586c4759d90683612c09087c07720f1ee3482ab9519288bbb7dec34e3d24c20df0867487557976a6e9b7d31a62c0a251f966f2b22ad6 |
C:\Program Files\7-Zip\Lang\eu.txt.exe
| MD5 | a8e6837d92f85ef228a7b3f98456b571 |
| SHA1 | 873e7b73fa8aa219d2e90bf3709a36e0e23ae1dc |
| SHA256 | 1624adeff8d681d07b0cc74615eecf16449bb02cd2c8937935e62e9f055c13b9 |
| SHA512 | 712a240c733ea39313deb32307456a721a41472bf4f48b434af2798d25d89c78ae610f5f0413a4ed7070b959e7abd9d169def28d07c94b574c33102f70ef8ede |
C:\Program Files\7-Zip\Lang\ext.txt.exe
| MD5 | 0833c79bd43981ac520ca13830475584 |
| SHA1 | d009b8bdbbec762a2138b709ce76cf614071888d |
| SHA256 | 0f11fa2c9c08b8c9a6d9bce107576a1872c60f3c796ee3d5df0a3a234d4ce3ed |
| SHA512 | d141b4ba45c8fb9d3c8fdab8a2ff88e02f5909212600d1538a4dedce2590aa6f872f4ddf59e577b315b3d23fa0dccc6b50fe88513f391620cf9beda0ac786a88 |
C:\Program Files\7-Zip\Lang\fa.txt.exe
| MD5 | 5badc0ccb6fe83618648eafcb96ac64a |
| SHA1 | 0019779d5722e2a2c9bd79dbe68d7e109fc44229 |
| SHA256 | c606da990c900d97da43f804017d77292452ac71ec35532089a64bcf72a3b273 |
| SHA512 | 526490a2962f05cb7426c41c734927f80853a06b97cd276325410c0331c53a08ef9e2ec89209ec701520f4a3afa9ac367274dcf33d4056a3dd4733ccccad126f |
C:\Program Files\7-Zip\Lang\fi.txt.exe
| MD5 | 30693f12c3ecbcd2b9fe1c47439a9b5a |
| SHA1 | 2e3744e2dfd81de55283d90ef651d5f283aa3489 |
| SHA256 | 2e65b5e0de5ceaece461ebe8b040b89dc14c6fb9e4381fabd930bef39ce9ec1c |
| SHA512 | a6bcc9ee515cb895fb766ec6d3df83eb9f562a5107e5429ab5a57200334ec6785566fdc83324a7f69ce0ae8e00a4212d5855d08832a21320ca39fa89aca8450d |
C:\Program Files\7-Zip\Lang\fr.txt.exe
| MD5 | 33fa19143f34dece8ff77a95442b54fb |
| SHA1 | dd644cbfd66a3c2162bd43bf0ec49be4603be3ca |
| SHA256 | cfab499bb365bb4739bfbe4e111381e00c6f1d078858fd90bd1698d1e844e6ea |
| SHA512 | d0194b7285bcd80e2318a966f58d837dccf0b07affd12ba64de5519b94d280dff6ae1ee0e470cf1ab9a888c51135a6475fdb1a657db5bdeb5db8d1130d9c71af |
C:\Program Files\7-Zip\Lang\fur.txt.exe
| MD5 | 60173fc7176cc862cbf0381f462600d4 |
| SHA1 | c58ef1dd5d1a59dd0075339ddc24c024239b89dd |
| SHA256 | b224b38bc8fbb29cdce33598efc062f7ac3088bd18955729872a7d00a56c8977 |
| SHA512 | 1d7e3e2700aaa21efa0fc47774435eb574f93f89fb4eb29949ca6be460da0b6d24a138c226c1b3623e40ae8fb94c14bd618659b0f1d8b3a160b14edbaa3182d2 |
C:\Program Files\7-Zip\Lang\fy.txt.exe
| MD5 | c819dcc25098c204186c0275e6872b33 |
| SHA1 | cc442a01b531dd59cff39fa2f05067ea74a6c629 |
| SHA256 | 16eabadcd5c46ecaeee28862d18807ce0ccbcb6ceafdc3778a4f7b4ea0e451d1 |
| SHA512 | e3942f143ff4b14577df35aad1e091be4440397c9a3252ed5a9afef9ac1b3bf7c320ae70ffd01c11408795034f84d0e12ee62a8e3cb7fc84992a220557a7bb29 |
C:\Program Files\7-Zip\Lang\ga.txt.exe
| MD5 | 57cdbab12a218194673dd4fcb59976b1 |
| SHA1 | 92c83f1a64babf244fccfa335b2b3eccb4b4b9ba |
| SHA256 | 13e2a178c2492832e12e30b88d79509c175845c5644d5399b930851ab2401a37 |
| SHA512 | 6d2d2474db74ca8b468fd207b29162eaf672bf112a3ae3db62dbb5cf8c8ad3fdb4ee147308ba95da5034d27670fb8247c40adaa901c2e1113c991deeea71a405 |
C:\Program Files\7-Zip\Lang\gl.txt.exe
| MD5 | a32b13cc75a523626eb98fb44c2a6838 |
| SHA1 | d6e68f7772c89fbc3c8f76f8fc91718d1bd9021a |
| SHA256 | c1475beb55a1a7fceb80cf979ca4bf3b12e153e2f9e0c9e3a79d00f86af5c6bd |
| SHA512 | 5cb36adf4453901f630f38c356ab8c08e4eb6609e8a93ac11e8178807820677aa6f70e78b4aacbf697eb1ad1a9825372b82eabd39a2254651931e2c80fb018c5 |
C:\Program Files\7-Zip\Lang\gu.txt.exe
| MD5 | 0f0241ac418cc0c9d52cdd07e9b9d524 |
| SHA1 | f6f753465a58cf191157794259c531089717cd73 |
| SHA256 | f87fe216315443d36e813dd9fbd264392376e640697952cca65ec4455d3f11ab |
| SHA512 | 734ecfbfbd336c061864b5ca99b220567765c93be52293fa7d5940f2b05e5e9eaa9cc6800487ddeaed5f4f389478c968a9c7bf629a0f334f9cae3fa40bb56e7f |
C:\Program Files\7-Zip\Lang\he.txt.exe
| MD5 | 45804aa87a13c3d3fb5e4de3a1c26e85 |
| SHA1 | 62b1e5d8f3fa366d50591488d99bea595b34b1f9 |
| SHA256 | a3b40f79941ab080064d415da58b923c0aba9482950dba03310ee99edeee8f12 |
| SHA512 | f496647199573d0723c01ebc4837697a0698318496ffe10df846288b8e986edf3ffa0b73d6de6487de2f99c7eb9d5ccc06b05e75e42e4b2d9b56283a7ee147da |
C:\Program Files\7-Zip\Lang\hi.txt.exe
| MD5 | 6bdb26cd5e170eff6d5fb32d9e3ac481 |
| SHA1 | 43868999877944d172efc6582685a5df45a33c57 |
| SHA256 | 086229cb0d98b8d8e9963b3a854fe011c7c729ca705df666ae1f2cf7f49b09cc |
| SHA512 | 0b08eeba74784c75beb17ec275387cca9ec49b22ca18e16c8fa3f028cfa5b6817b62261b6e988186c1cacbc46036f2bc5f1c0961382e9cf5e6586fefe4b1a50d |
C:\Program Files\7-Zip\Lang\hr.txt.exe
| MD5 | ee94498bb0f86c6251c99d325205113d |
| SHA1 | 6892cb07b3e91d6b89bf0970a25ced9b331a8ac9 |
| SHA256 | 32d30f4d61035767b5857e4ef69692645221b0073bc8b93d989e611ac5282f5d |
| SHA512 | a7e0aa6804395fde148336011c7e318b29b0f7798ce03026f0a1677cd8588537831aa7600485340b47ade78a082299a614a0b436fe58885ec536d3eecec55014 |
C:\Program Files\7-Zip\Lang\hu.txt.exe
| MD5 | b1a885c4069e346176d14aea98960a2e |
| SHA1 | 376880c7db4a66cadadc2f1568163d194b2b5278 |
| SHA256 | 064f9b97d0e977c06ac673a34009f875acfb4e7ce5afede93960a976be5b4135 |
| SHA512 | 3b2a4ea412295118aab1b5b8f6e26517cf59b9af6e1ed6f6f9ae1b625f52268fac34a8ae6ac393c0a6ddc6ee97e5564db110922d0e948908a483c7b0b94413bd |
C:\Program Files\7-Zip\Lang\hy.txt.exe
| MD5 | 434b0ed49a668b84f140d3bd8528fdde |
| SHA1 | c00b94a55a85cf4699bf825792e8b84cd56bb5ff |
| SHA256 | 90c0475595dc174b95149337f7d82eccb2a657815378ffceaf6da3eeea801675 |
| SHA512 | b6f6c0f1cb1e96fcc9356b189ca12afd8651b327dafd2097f759fc44852577b6893c43a24c224f52d3101cce31697f2496b14e8183f54155b59db6c18c5385f0 |
C:\Program Files\7-Zip\Lang\id.txt.exe
| MD5 | 74b2513e8ff44df35971224c3b59bafb |
| SHA1 | 6a2e6e9d5e5c6a61426b4aaf99f483a8db8afb2a |
| SHA256 | 2e053586c170f32aa70b5ec821897e5f6246c207e3c7e828043ffacd12a36b40 |
| SHA512 | 7c041d06911cd3eb47f061f448cf1c4543d9f08caa693c0cad870c4d6973253be0e8d6feca2c36d0068450abb90cfe94132b359122749be9712de25bb374c571 |
C:\Program Files\7-Zip\Lang\io.txt.exe
| MD5 | e0935c172262d7e01185a4bf298b9ce3 |
| SHA1 | 5cfa9bf451df516510bea3f95688b1927edd6d2d |
| SHA256 | c1f2f513250361178e11a350e74dbbdd3e139d69cac5d8301f1a43c1b741de92 |
| SHA512 | 02d1b0ebc023116749b7068a4f84104f2b83dee7a3981e707da6702ecf2deaa0956c671d5ab5cac22be2a5dd2e58956fc5946b840109ba639de8f7b509580d48 |
C:\Program Files\7-Zip\Lang\is.txt.exe
| MD5 | 98a583fb505ff662b2a361738150a854 |
| SHA1 | f49d9dc139e51faad53a9d9c56c3e4e38f793c58 |
| SHA256 | 536601ecc89d4e9c413209e0a99c3ea395888933afab2ed8e2ea6a71ec0fb12b |
| SHA512 | 0005971da983256fb8b9cced211e1fb9f6c2ed799c467b49500426572045b03d39992601c39909f7d0af1b3a92b29402da436b533e16e95721a026e9dd80d0a2 |
C:\Program Files\7-Zip\Lang\it.txt.exe
| MD5 | 38fef120a214562d4db8c1530d5af469 |
| SHA1 | c0c01df976515f385bc70cf77fa87f79a0befed9 |
| SHA256 | aff348ff1bd9e1b731ff4014436befe28795f30b3056d8f174772be573a0113a |
| SHA512 | 679d572f3ed07e1a3b4a50e2ef111d825c833df06bd96a4bb98302e9ba9aab63aba59db19ce11de48c43791e1ea963b066eb85cf361525c2014d3af742264b8c |
C:\Program Files\7-Zip\Lang\ja.txt.exe
| MD5 | cc7abfe6d803adbf2bc19fc5d06dde7c |
| SHA1 | 2fb1fcbf6de6c78f7791a82a14ab0cacf3817a3d |
| SHA256 | 9a3a7f80b60f95ab0d281c03b635c91cd1aa147854d4e9aad7de6483908a08e4 |
| SHA512 | 6552e9a3d5b7554e2f243accf2aa43f60be9a2eb5ec6bff0d1d0c739e3cfc517c1578acc4df76e3bbfe345d07e427e0df51b7bcf1766df13642f83f0b71f6f95 |
C:\Program Files\7-Zip\Lang\ka.txt.exe
| MD5 | 99f736eaa85563b9c21de3e24cccb897 |
| SHA1 | a42388180a2969c293e5b7997ea89f60dec523c1 |
| SHA256 | 7ca0af8acf7e10dc8961c3fb113f211191c6acafbd11fb98d328ac7d4c6f1c41 |
| SHA512 | 046692a341431b02ec2175ac6fbff98c6b01bb7d9c8d5f571a140ba73e6f12a88f9dbe4213bd4f7a9e307d9ca28969f3cf56b9cfb7c1bb9d6c3ca2270158d557 |
C:\Program Files\7-Zip\Lang\kaa.txt.exe
| MD5 | 5c066d6ebcaea1d7d19b5831043eb00b |
| SHA1 | 31fa4c7ebd39cd1e0e5153ba80d90899c0bf10f2 |
| SHA256 | 0bbed03132c145aa3143e9772c67fb5af9eaeded6667b8736cd1d4d616c39ecc |
| SHA512 | 1f3cc2e3e40e7bb60d1852250d928881a1ab47b9bcc19bcb057abc60522556fd0c975c7242f42926a5feba9d71507be865f0d6300e5b69d1c4c1d34f61dd1b40 |
C:\Program Files\7-Zip\Lang\kab.txt.exe
| MD5 | 133c84d8df365e7f249e2dca0becb873 |
| SHA1 | 6f6511b774ca0396a69e95a0b0e3af1817a15a5e |
| SHA256 | 2047bddbc63195a48f609547208c9dc6efb7e817dfebac589d2dc6f44d954417 |
| SHA512 | 80edca3e0874b95f1bff9976d2009c4c57cb8751b6387fd7a757e66f2c79738de597619f53abb982e13572cb5921aad692b4179b168df6f770b0910fc64ae805 |
C:\Program Files\7-Zip\Lang\kk.txt.exe
| MD5 | 0cd8a79cba9802567e7b24477c4af09f |
| SHA1 | 7716f4c90b73828a5992385d8149a98bd0737578 |
| SHA256 | 5081c10263d3fce91de8bacdb1d6394debf16257fa0570dd26eb5ee4bf55dde0 |
| SHA512 | 1eb5bd812db5d249d18690534d13ea0f72ce50fa5c1f07e8344fe8c74af6d7e5ad27a855c094c29c7ed3645e9cbcf7620d61acfe95e42668f222aead5a58a5d7 |
C:\Program Files\7-Zip\Lang\ko.txt.exe
| MD5 | 8a7d517b2458192c0f8bd9c6c5829036 |
| SHA1 | f0c4c90888ae106f71bfb613b7f8df739580f3e6 |
| SHA256 | 8f35836ca45aef94a87ec4925fe25d925801b1ea56373470eee3df95ca0ce999 |
| SHA512 | 8450ecc99dd006ad789dbd1b872833efcc2d7db8774c11327895acb867f9f819625430f7d040b422ff5a5791f749c07e01b1253671c73775f64b1334328cde78 |
C:\Program Files\7-Zip\Lang\ku-ckb.txt.exe
| MD5 | f22c3590fa0f4c199379191364b06213 |
| SHA1 | fe90323b8263675e15dd5c37e15c6e47c7b69b03 |
| SHA256 | 1b2531b0f7b6976264983ff334accf13a28ebd3655fc9225313c7cd1e714a49a |
| SHA512 | 81cc77562b260ed0d1ee829894806902f6fd3841651e7d033164cd156837c5f25695ae459e552b233277c2a26d722ced1434fb92a7d42a4d471ad4910ae62a90 |
C:\Program Files\7-Zip\Lang\ku.txt.exe
| MD5 | 8ab4b391e5dae34d70515b9e30cdb76a |
| SHA1 | bc08447f7ae618a6706e7e5a6eadc00341f7fb9d |
| SHA256 | 0565b63afcce14be3f1a2716d9edcccd010dc9e32deb28fefa03482095b17a58 |
| SHA512 | 0d6d70aa2c9e6d300ac9c24ab636f0bb6a0f136a9e0dd712e70be2345502c82db3a86911390e66284d570f3d9892a77f70bc57d130b7dbb3dfa4a4faf0ba4922 |
memory/2324-539-0x0000000000400000-0x0000000000616000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a28bb0d36049e72d00393056dce10a26 |
| SHA1 | c753387b64cc15c0efc80084da393acdb4fc01d0 |
| SHA256 | 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1 |
| SHA512 | 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 554d6d27186fa7d6762d95dde7a17584 |
| SHA1 | 93ea7b20b8fae384cf0be0d65e4295097112fdca |
| SHA256 | 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb |
| SHA512 | 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78665a4b6be9be8d93e6c3990049a08c |
| SHA1 | df4d0c5ff5a46b1cfe6e71b3fe7f3763b4319ed2 |
| SHA256 | 81a86085a1cb137709fca6e41c45b44d02c42c9cdc5926846f08a9804efce7f7 |
| SHA512 | a74fcb0358ffafd4d5f7a467f662ac36cafaf2a80f60a43f989a85436ecf2018ab448d508e43057727c00d454257d6f3830527f53b80a19ed4c2eb4dd0177b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ccff13ec21b3fbfc12be0083316c24a |
| SHA1 | 3920fc326356bb2f20bb62e936b1c10572fc036c |
| SHA256 | 5c2599d3407ebded5430118ffc37395033dd5e69b7809e37e7006520d8c5a7f0 |
| SHA512 | 6ae1a74bad7066e7666eda02ae075d0e2001f25332be3d9878270f48f3c61db34ccc6ac5e4aba3857c0567be4e647e10982f02d57afcaedbfa736cacac9f8dd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bae75528620c75bb6195833b95a377cb |
| SHA1 | 5b8d349280301f93a47e45e2125c36760220c0e3 |
| SHA256 | af2a57d42d10142c86d641b4dc3383d1017e5aa092f5065bcbb95290bc8c2b15 |
| SHA512 | b48e1e618631c58310b2c7fed83ab280c23f25fca9f6631ac5898937f6808ae4af998a32f5d05acfa57a1e21ae9a67c4e58c38be4428fd749453db97c329770d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6303ce1a55ba1158b5dfefd619e4717 |
| SHA1 | 6ed433e005f335892efdbd7e23afcc537e307da4 |
| SHA256 | 1ba4fa1eadd9f0e70dfedad100ad458c272da85725c77d778ee3fbc1f47a2858 |
| SHA512 | 26e30a6769efebe0a13e162e025c09fb358f2e8e11d1bbaa2f40f567be6ab2342053efa8826391eed231c0014ddcf8b0f9e8ea5a47d2cb89c801641fd549ea8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a505.TMP
| MD5 | 333b924d12c2d704eb500b1746b1fd4a |
| SHA1 | e4b293be89cdf1ee8c8c7de415cd789796073750 |
| SHA256 | 71e83e6d8acb682fe42825bfa177dc8e971f00cc3267d61eb64e94475a0a3c03 |
| SHA512 | 2f988fe766e9369f3dc9755a4ce47d25f28ab0209d3277566875193f0bceaa7b00fdc160c7b0e2e8a656fc861b88bdebf80c65ef1c6ada5c0f051c4e0e290690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93f2da2b1a018ab9dbb129763d22b040 |
| SHA1 | bf9c7e8092931eddc81a9b3ae7140d5b857c838b |
| SHA256 | d0ef0c5326374681c1df145772ffe734e6b0c7d1db621af0e5bed9bfd83c6e9b |
| SHA512 | f06914ba892eb23b2c80aea9e7cda5a64fda4d3b0f199c75cd845bbe5972e26e9696ac57c6bf60aa61f4b172b4170e56c135fb56d1851449f62b595c3a9f4ade |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 5ef333743c6c699fe5ab1affc600e211 |
| SHA1 | db545d4dcb6a8ac9d44d316c9c3f347feae37ed2 |
| SHA256 | a90ebb50b5576edffead07defe10ee70bb5e88f2b9e5f85f821ae5d2f079fd8e |
| SHA512 | 27df80ae7e2904009f50e7262f0def5bbdbec2e3e132e28c39aae4f7f1a5771da3ce5c13b3214bd029d71c30cdaaaae9fd37910536ef78dcb799f6b67b9396cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06982e351288bc46a6a67c4f7cc0dcbb |
| SHA1 | de2ca9e613692a6fca71da3deb937b585982b233 |
| SHA256 | 75e3f85d0ab6941d8ca3f8809555aca97a9a79bae59e6d74403457f7dc12a182 |
| SHA512 | cc400e7cf79723a36e102c9199f516e08aa3a9e48a711a8f9eecc2ab716a9b2eec55fd320dab71417b98531e770c6be9e1f3aeb2c57b17928cbb0e1890528ff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b5ee072f78773e318d142979a726692 |
| SHA1 | 8a8c3fb45c04e10743371198a719ca1ad5712d82 |
| SHA256 | a0be4f2b8d4b184b051e09c55c36b1d8c8873a2b6dc6ac4edae9f187f68b9d96 |
| SHA512 | 190073d6200a93bcbafd231cb24b9314bff61c83255245a58b479873e4726abb5c4f02566e3e6524b11a171c736a728b73aba1fa600a4b48ddce6aecc51edbce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9029c262cf1663e33cdd42c9cf978593 |
| SHA1 | 9227fb21120686e756e23df7c360fd24e259abf0 |
| SHA256 | a50aa9f86463869ed625220017d29028671902193fe290adb54cfecc537650d9 |
| SHA512 | 0ddfde4687db1ae809cb99da8352c5744b50e3ddeb09362667a95d362f5279eeb952825626a42264c1123e62e2f82ee9f7c3d715b7aaff5ab03934f87550d270 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b98ffef0ce8dff53b9525ff6082675be |
| SHA1 | 14cda12cf9d40b39cd44c8a8307471e364b915ca |
| SHA256 | 7f7a245db925f828e1b338e9382d468aa39fc9a15fb690edec4ba9271bc692ea |
| SHA512 | 5667ebefbcb99a998f154d5e42b714d0d55140d2741e84ba5c0645ded1e372eaa690f553d3db0fbf2d32054b58f0a375c826a6eaf1b5b021efa5c20d87e9fd00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6af65862410c421ca47e65f81364f416 |
| SHA1 | 2b871c9d320782afce90031b0ef9f3f764a61579 |
| SHA256 | 28767628f22043c92f4a26120e372eee0d7cf8964d6a2a1cd772e85b2a6e0c04 |
| SHA512 | 6d074c0f56fdb14b63213268af101b6c3405f70ee1edaa57d6c2392af8b17681ffa71da51951761f863537cfb1a2d25b5fef0d18992dc4a2e226659815ce3001 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c4f5f1c7e0630b07ac86c703923c2332 |
| SHA1 | 25be62393cbcb06698c6fcb8a926d43a25e85549 |
| SHA256 | 65ba6b857bd174b939cb04d79c6debc3d19d9acd838ef948b5b4e71235d88170 |
| SHA512 | ff540944387b42503a05e80f112e061bea8c687338c902e5c2de75779f20ae4dbd9b3d5b9d6be260822fc728b8d802756133c41e063f2e373c0cd475d0f172c7 |
memory/2568-2956-0x0000000004240000-0x000000000444C000-memory.dmp
memory/2324-2995-0x00000000040D0000-0x00000000042DC000-memory.dmp