azov | fd4d46fe4c57e2962d909acacbc4b404403103aa659d91ca808845fc0436aed2

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
Size

7.0MB
MD5

c76a257c598ebd667b0087e4a9f402d2
SHA1

46fd98104fbede2ae63f29c3dbefa80f8053c35d
SHA256

fd4d46fe4c57e2962d909acacbc4b404403103aa659d91ca808845fc0436aed2
SHA512

5f8aa6e4db28faa559f40493ef426717783e6daaae414ece8b3c0098a92c17c378f5694324a7e1f5122bf53759797ecba3717bd988485cc65e9f72eef74e86ad
SSDEEP

98304:7DRzH2RG+W+5QUQ/npkWMibVb+o6LSStoY4i:7DRzH2SfDJ16uAR

Score

10^/10

azov discovery persistence ransomware spyware stealer wiper

Malware Config

Extracted

Path

C:\dfe2e59cddd00040f555dab607351a1d\RESTORE_FILES.txt

Family

azov

Ransom Note

Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Azov family
azov

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000\Control Panel\International\Geo\Nation	setup.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt	rdpclient.exe

Executes dropped EXE 7 IoCs

pid	Process
4572	rdpclient.exe
6032	identity_helper.exe
5984	identity_helper.exe
2756	setup.exe
3928	setup.exe
5976	setup.exe
1460	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\K:	rdpclient.exe
File opened (read-only)	\??\Y:	rdpclient.exe
File opened (read-only)	\??\S:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\W:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\H:	identity_helper.exe
File opened (read-only)	\??\Y:	identity_helper.exe
File opened (read-only)	\??\H:	setup.exe
File opened (read-only)	\??\S:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\I:	rdpclient.exe
File opened (read-only)	\??\U:	rdpclient.exe
File opened (read-only)	\??\L:	identity_helper.exe
File opened (read-only)	\??\K:	setup.exe
File opened (read-only)	\??\O:	setup.exe
File opened (read-only)	\??\R:	setup.exe
File opened (read-only)	\??\Q:	setup.exe
File opened (read-only)	\??\O:	setup.exe
File opened (read-only)	\??\X:	setup.exe
File opened (read-only)	\??\Z:	setup.exe
File opened (read-only)	\??\G:	setup.exe
File opened (read-only)	\??\N:	setup.exe
File opened (read-only)	\??\W:	setup.exe
File opened (read-only)	\??\W:	setup.exe
File opened (read-only)	\??\T:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\U:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\B:	rdpclient.exe
File opened (read-only)	\??\N:	rdpclient.exe
File opened (read-only)	\??\J:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\A:	setup.exe
File opened (read-only)	\??\J:	setup.exe
File opened (read-only)	\??\M:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\X:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\Z:	setup.exe
File opened (read-only)	\??\I:	setup.exe
File opened (read-only)	\??\A:	setup.exe
File opened (read-only)	\??\Y:	setup.exe
File opened (read-only)	\??\X:	setup.exe
File opened (read-only)	\??\Z:	setup.exe
File opened (read-only)	\??\Z:	rdpclient.exe
File opened (read-only)	\??\H:	rdpclient.exe
File opened (read-only)	\??\X:	rdpclient.exe
File opened (read-only)	\??\I:	setup.exe
File opened (read-only)	\??\V:	rdpclient.exe
File opened (read-only)	\??\V:	setup.exe
File opened (read-only)	\??\U:	setup.exe
File opened (read-only)	\??\S:	setup.exe
File opened (read-only)	\??\S:	setup.exe
File opened (read-only)	\??\K:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\M:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\P:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\Z:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\Q:	identity_helper.exe
File opened (read-only)	\??\N:	setup.exe
File opened (read-only)	\??\Z:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\R:	rdpclient.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\G:	setup.exe
File opened (read-only)	\??\X:	setup.exe
File opened (read-only)	\??\A:	setup.exe
File opened (read-only)	\??\U:	setup.exe
File opened (read-only)	\??\B:	setup.exe
File opened (read-only)	\??\W:	rdpclient.exe
File opened (read-only)	\??\I:	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened (read-only)	\??\N:	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml	rdpclient.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailBadge.scale-400.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-400.png	rdpclient.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	rdpclient.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\dashboard_slomo_OFF.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-20.png	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\ui-strings.js	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-125.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_4_Loud.m4a	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreMedTile.scale-200.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.7a43ec75.pri	rdpclient.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\RESTORE_FILES.txt	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-200.png	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png	rdpclient.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\AppxManifest.xml	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-150.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\music_offline_demo_page1.jpg	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\nb.pak	rdpclient.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Tongue.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxManifest.xml	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-100_contrast-white.png	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ui-strings.js	rdpclient.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\RESTORE_FILES.txt	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle	rdpclient.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	setup.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-black.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\error-icon.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\12.jpg	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Eye.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Sounds\SpeedLimitViolationAlert.wav	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-100_contrast-white.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png	rdpclient.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms	rdpclient.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_altform-unplated_contrast-white.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_whats_new_v2.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-100.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookPromoTile.scale-100.png	rdpclient.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\RESTORE_FILES.txt	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge_pwa_launcher.exe	setup.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Square310x310Logo.scale-200.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\packages.config	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-256_altform-lightunplated.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSplashScreen.scale-200.png	rdpclient.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\RESTORE_FILES.txt	rdpclient.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\RESTORE_FILES.txt	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SmallTile.scale-125.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-100.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-150.png	rdpclient.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_store.targetsize-48.png	rdpclient.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\affDescription.txt	rdpclient.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877500053299436"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{1ED31772-5D32-467D-BBA6-D81CDB55260A}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5756	svchost.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
2280	msedge.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 4500	4724	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe	93
PID 4724 wrote to memory of 4500	4724	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe	93
PID 1900 wrote to memory of 4572	1900	cmd.exe	96
PID 1900 wrote to memory of 4572	1900	cmd.exe	96
PID 4724 wrote to memory of 4644	4724	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe	97
PID 4724 wrote to memory of 4644	4724	2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe	97
PID 4644 wrote to memory of 2280	4644	msedge.exe	98
PID 4644 wrote to memory of 2280	4644	msedge.exe	98
PID 4644 wrote to memory of 2472	4644	msedge.exe	99
PID 4644 wrote to memory of 2472	4644	msedge.exe	99
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 3968	4644	msedge.exe	100
PID 4644 wrote to memory of 720	4644	msedge.exe	101
PID 4644 wrote to memory of 720	4644	msedge.exe	101
PID 4644 wrote to memory of 720	4644	msedge.exe	101

C:\Users\Admin\AppData\Local\Temp\2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Users\Admin\AppData\Local\Temp\2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe
  C:\Users\Admin\AppData\Local\Temp\2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\2025-03-29_c76a257c598ebd667b0087e4a9f402d2_black-basta_ryuk.exe --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x1f4,0x1fc,0x21c,0x1f8,0x240,0x7ff703d079a8,0x7ff703d079b4,0x7ff703d079c0
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffbee42f208,0x7ffbee42f214,0x7ffbee42f220
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1780,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=2836 /prefetch:3
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2772,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=2812 /prefetch:2
    3⤵
    PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2220,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=2844 /prefetch:8
    3⤵
    PID:720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:1976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4100,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:8
    3⤵
    PID:3032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4104,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
    3⤵
    PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4112,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:8
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4136,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
    3⤵
    PID:920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4176,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:2
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5220,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
    3⤵
    PID:1796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
    3⤵
    PID:1404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:6032
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4460,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    PID:2756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff789cb6a68,0x7ff789cb6a74,0x7ff789cb6a80
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      PID:3928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge\Application\master_preferences" --create-shortcuts=1 --install-level=0
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Enumerates connected drives
      PID:5976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff789cb6a68,0x7ff789cb6a74,0x7ff789cb6a80
        5⤵
        Executes dropped EXE
        Enumerates connected drives
        Drops file in Program Files directory
        
        PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
    3⤵
    PID:6136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:8
    3⤵
    PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4320,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6728,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
    3⤵
    PID:5516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6592,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
    3⤵
    PID:2844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:8
    3⤵
    PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:8
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,16875584887545852459,5416618030748257645,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:8
    3⤵
    PID:4336

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\rdpclient.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\ProgramData\rdpclient.exe
  C:\ProgramData\rdpclient.exe
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops file in Program Files directory
  PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1640

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 556 -p 2756 -ip 2756
1⤵
PID:5540

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
1⤵
PID:2176

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_sv_135x40.svg

Filesize
17KB

MD5
ace1b419c8869991f9cab8420df9410a

SHA1
c1c3071417fff94c44422942131e328e9bd1739a

SHA256
6ea8e5b308bde45bdaacea0b56acbbb1afe46282090df660a3f89c344ffb3d1a

SHA512
4513021990d65805959c8b5a0befd5616e67beae701f189834571519b0b74c5ff2bd2486476ef0f6f5a654d22ae59bdbff54bfdebb6e3349854dffb38398a1e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\de_get.svg

Filesize
5KB

MD5
0d46f418ace051376a441bdb918b2fea

SHA1
74048f3f7f9f48cf69f8ddf142639c33b2d03fe9

SHA256
1ac03806eb5fad6f2b0380113d82f986c4f31dff118c4ff4da885e338240980b

SHA512
e5cdd8f3ae2d581f707c894a751b1b611e460d59d7893c95f6359b082e244c901c61f3ad72b7fedbbd8b2807b6c69b9e0e46a5fb8309b81bb47c3ae5eb81015d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\id_get.svg

Filesize
5KB

MD5
7d5ec912243ef320838af67e92d764bc

SHA1
13155d2a0a06b08272d377941c8c962cbeb41273

SHA256
8abae4f4c3d1a185185adc9f79c5af067ebdb2e3aef7394808a98430f0081657

SHA512
c295eeaac392923ea3b757c1f331344713dd897520f20e634a026b89bb0a2f795a66c39b545c10ccefb0249ea60475f0954827c98a38f3ada1c075bcaa971525

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg

Filesize
5KB

MD5
509240156abe8d69d8ba00b359ae32a8

SHA1
ce9f4c94548aefd57ac051b2aa02eb700dcd69fc

SHA256
8f844e71f0b7e7c8f1c05f6205cc9c20365e29e44ad9b0ef214d1821f58a0969

SHA512
ccec4ee430177e33654ebc81c200985602f1339cd6b9826e286bdc57aae245c6152c4a8c06fb5f90d03b7fcfddace98419b630a5ad5f5606f8e7956c336aa11e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\id_get.svg

Filesize
5KB

MD5
8a15a1d08b6cffceeff02bb188d820b8

SHA1
a5fe49a8e74c88e616c26c97c987e8290610d901

SHA256
1997c2e72ce625535259551ed4b8eb8a43fdd85a32efa3c9c674a696d8b3a512

SHA512
a76a75e73a601b32b04718ffe197cc98a46b683b5829554385f1a66323b4c9a9c4ecd1c99d9ddd9dcf9789d6dd16ceb01109864c05f02cf4b41a2513f9945764

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT

Filesize
9KB

MD5
cb3801069700ceeb05ac99dc7876a973

SHA1
649f2bc1c63da0b507312bb4921e9fbdeee1d351

SHA256
8fd693191a47533bf753f082b7fa3f46b181811f7099628dc58e23d138d864e7

SHA512
8746a201764c85907b1a7e7daa752bf2fa35d9c1dc8b4d34053313e9e6565426fa6898b6543819762cbdc47de84df33b6b921d55a042499585b460a0668ab871

Download Submit
C:\Program Files\7-Zip\7-zip.chm

Filesize
117KB

MD5
7d2c32307eba8c12e552f74e3cb64b1e

SHA1
9b518a53b3ff01877df4e487ee090be528b9e9c0

SHA256
15ac6b4b6c3a2864748561e2550f5739bffd0980e593169f44249e469aef3b89

SHA512
9fa82f7799eeb20c9a2756f39a06954c3b14f66a3204ccce5e59f49cee5a509355378258baab55b17a6bb3976ef59095e65f553906c0e7c7af250c1ae6278e35

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
671KB

MD5
9e3670903255c1df5094435d9ebcb496

SHA1
bd82af5c464e6cf56b1827f999684e05eb74e777

SHA256
52b22b39858e11fe06d0bc522b9a87440e074a0e896a0e693adb45cc11cda67a

SHA512
c71167c4b32b0bf8e608122a1eaf0100f26393c78753c33643cdffb0263d2feafd6fd53a9f0e5da999fb1cb8e7502d4f5871a34cdbf9b9a8d4cabbd5a05b2046

Download Submit
C:\Program Files\7-Zip\7z.sfx

Filesize
210KB

MD5
41856ac1a51fb7dd997cc143b3953922

SHA1
9d8dd020693be19648f64254b0519020507b95e2

SHA256
e7bf7c7d1f9efa05500965353727141314fa0a39f660f4c651163641952e7da5

SHA512
4e00488accd91db47038aacf4fc74c6412a15fe29550c8bd54a802b6090005f3598883f4a35042c89291ea1166545f843b211645be76cf58340cccc1215adb31

Download Submit
C:\Program Files\7-Zip\7zCon.sfx

Filesize
189KB

MD5
57e931faab83a937b3e5fc792b4e2a87

SHA1
7013d91d3a882b40103315055e9296ab76c6d474

SHA256
5493c4fa32ae4be0ce8485fec9bca8f5258bab2b0bad251df7df00bca535927b

SHA512
2fa06518654427c70b7d3b827d1786b17842bb3a01683516c7635dd0e91bf29afb80f2b00c195fcf6d036b9fcb027d77c5356ff4980e779ea6beb076b93f838d

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.1MB

MD5
6343db7bf9d11010365f0ea27471f088

SHA1
df6eb2bd5850fe7506e71b0a3dd84b42e67f79ae

SHA256
0db6a6534c43704cfa6f096a1ac3c30524129b11fa99b263e8cf311099be543a

SHA512
0d025db229a405efb3ea901cac06e9abd2f461387dfcc290c9f6f430e8618c949341bafe514370003fe91ea2f198dbb5310f9520ea4c7fe980bc80a9c1b2ea4d

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
840KB

MD5
873121b3aff3f23f2095a24352a2788b

SHA1
8c7aadaddca86e4330e56334e65b2898641031d8

SHA256
e65e2ced508fcaf96f820df76c96d7a1941d0ba4e7dad1d069801a335deb68ed

SHA512
70b1481d0f8337196eddbb06fac3b0dd6c7a9869563df9ec81a16b7b6dc6110798b8e2b76ce9ac4f80d2c4b176eeb70ad4f700079d918817ea033b43776079f9

Download Submit
C:\Program Files\7-Zip\History.txt

Filesize
7KB

MD5
ae2b5a48c8284d4b337ccaf9b13b066b

SHA1
98505672a4fe03058204ec7e73810fc4d34c766c

SHA256
166d369caf21d2293d245506873a82f18ab4a7e19959184687ae63dbfcdde65c

SHA512
9149695601477fc7c764f0734dd9a2b82f368dd9645b5256179bedc8bb0d99b2affe43eb1d9b901694d67ac5fd6ebbe89ef9ff1f970f902f3c8668a368272226

Download Submit
C:\Program Files\7-Zip\Lang\af.txt

Filesize
4KB

MD5
b7cc0482b5bc0f32df27c9b01edf3804

SHA1
0a82faa8dde6840878020c423d5b60a2a4db8aea

SHA256
ef7b705af5f0ed4360ff754816144b8389fcee69d2f871589ecefe593f0d1048

SHA512
a5c6ef53c4a0316aa1c5ba5c6f415310d0763b9c352e327126dae4ffd6f946d6d6bc8b9a71058dd40ff4b8731814199e0118836ad2c4adab48418f085a4bd319

Download Submit
C:\Program Files\7-Zip\Lang\an.txt

Filesize
7KB

MD5
6b1b03ecf0cb4729b504a19504e8d5e1

SHA1
63628d29f6a182347637dbd5a0f92f445666e745

SHA256
fc0b88ee0834b6e69cd98ffd598feb7e9681784bf828f15a755a7e5a615df204

SHA512
24f108e96645522be7b0c9c60fe8ad3e6eb30684cd8fb10f0cbb2a4f7fc7e310fb3071a19d9be85486d38209a68607a5522c3e89c48a9e0afde1c718b8a75ce2

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt

Filesize
12KB

MD5
4b7fe779e0b929468348b5bfb9ef488a

SHA1
d3998244995e667afe91f1452cadc5d647281cc9

SHA256
3334bdd45fb99294939c4aea9a1d171cc3bc27d21fff8c201cec4291a38e26ff

SHA512
8cb9d7c0456de736cb0d2013bd4c114e06c5859287d18335f29bd95e869a2fe5b771be0b6b5e37904ba7bbad2665c429d6961a63deb202c6bbef7a2fae843997

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt

Filesize
4KB

MD5
12f37fe7293e751eada4ae900b15a2fd

SHA1
9b660ba84735e3c844cfa99ca2fa69e89161915b

SHA256
cc4d7cd5c5e0375600e7531a60ec7d414c26516e161914a566a04ccbc24d093e

SHA512
233c1faee1b8d0725c0c7c2434a88e0e9ac02be40d18c92f4733f86442bde716418931547e2336a02e9beb8bfc31118bd4c900329be4f72b5f9a8fdd2b987946

Download Submit
C:\Program Files\7-Zip\Lang\az.txt

Filesize
10KB

MD5
7818eb1071877b7fa624018d78243913

SHA1
90ece974657f0d26037cb24c0b22bbd23c4faad6

SHA256
444712ef0eb1192c8ca3992c1124583e4e6d6ff8746a6015e51c1270de1ad6fc

SHA512
4d88a2e61687cfd142dfb85348950e93256acddc0f02395ed592318bc65b4106d343d755742bb4e2c267fdc4f9ae86e350bb4e12c424b0d40c85d6454b6021d2

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt

Filesize
11KB

MD5
1c0a86b696068892d9a92cf4f8342560

SHA1
39d503c0197ab162b871ec3f6a3b16d9cef02077

SHA256
37fab37644c0645f854f83c4eadee3741548bba5ed2014b55bed4ab721d261ae

SHA512
85a3800c14da71571b6e82c2fadd1d2e02e7b1414648dcf69b652cf800c99fa3a8b7a9a91134b100ade7a70ca34da6036fac1b28e9926677893a9acccac28cce

Download Submit
C:\Program Files\7-Zip\Lang\be.txt

Filesize
11KB

MD5
7c1472233c5e9494efab99f8581b1cc5

SHA1
ba00d2d6101e86bea5b6d8457dfb5dcba47d4ca5

SHA256
d1e60bbc312e0786e7eefc207ecc5a203bc6dd211b11eabdbf2bbc1f182f944b

SHA512
1648e6ff1ce49f3368076989e7be415b81938048f2496c0f6a2fdacc4b0c75f34ab650f1d0a328232308d2c60952fd048107344e3647569eb2cd34e7b9067fea

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt

Filesize
17KB

MD5
e8aa416c17aaf8baa63d36208843b169

SHA1
be664f2f3e4e4d3688d244a55994b247f071a917

SHA256
44f38e225daa06e71393c5c677cf77feece6f49abe23e9d8dcb991dc09c6e589

SHA512
f4ad729b2045edf56d724127c37ba384f50352cd5083b7e3ea90e692bf204a983ac9c8bbc5755350574ca3694dc9a144691e69bc7430b6f4feee87302c4a5fbb

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt

Filesize
14KB

MD5
685e22001679de44f41c02e0eee89edf

SHA1
ff5d0a70fee501b23b00f903b4875ef956946d17

SHA256
c932239ebeff4d8e9100fa65829468837fc3a636924f3d76d31f5e5e08dddb77

SHA512
cefb5f5c7eab2185259b10d4f636bda9f12ce3a54669d7c25dbab3ea0d29e2dd960432651b5e5be58f940cdc18c4e7a1563fb6a44f3e34a440b686a22828ffa8

Download Submit
C:\Program Files\7-Zip\Lang\br.txt

Filesize
4KB

MD5
07b69f7ed4600d950a2cdcd0023f65dc

SHA1
b0080b3bdc0545622b3ff70dbea687c1fa8a098d

SHA256
4cf9c8a66c0a241e9ed6ddc9c20b0761f9af91e597ea9b055d1c4ad49709b30a

SHA512
768a019545a1ccef574de903f4a85daacfb15cd02f1e8b1e3c8b12ae8ec0c3e0ca27f64a89b2b0da95908f56c55590ae00351cbfcaee52a00a4e48c7208ec949

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt

Filesize
8KB

MD5
22d543d46548566ec0ae6160ec4b0b01

SHA1
a6f5d4eab28ca165ebf37526d3a118f5365771df

SHA256
b47e7f95cfc2bc33275a349dd27694482f5fff79f56e0a7f1ff63b2be8f7fa43

SHA512
18ac7ab846bd88e77a0cdd48c625beb51343ec11265b1c55c067e6c4a493f14f99431924a6ed45aa27d6d019666898270d3577f11902f78f36be898593f3f857

Download Submit
C:\Program Files\7-Zip\Lang\co.txt

Filesize
11KB

MD5
fda0ca8699ed02646e4e3499e272706c

SHA1
46730c190786e93bb565fdfe1bf7461a73fd0ade

SHA256
ac239c108fce2527bce6fbaf21e9da9c393ed5cc3fbb60f4f7818f49f8a05694

SHA512
e75f4e2ef5aab6598a471e932b7279220b8c7a96a2f96b7179697086e680d3f0fd4137607dcb4003e132a17cf42c19ba97ee27b5fb3a383194f640e47afae5af

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt

Filesize
9KB

MD5
bf1822b1a778d276ecf660ab6f7b41ac

SHA1
710ffb554f68a6ae74d00ae88d096c6013c36b90

SHA256
1339d64744eba1e74fc80426ee1361826b52a444ac53bf2ec61fb252a8e62765

SHA512
5edd92cdecfd0a15d5aa70287cf80c425fcd7886bc2684dcee18e6faee0586597f9a5bac4c04c615d34dfb4bbdaff2ea6b52698ba06da425ada2fccf56c9afc2

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
4KB

MD5
8e992a18c9059a426022908c037f0466

SHA1
02e671c2a0aebe2ed7b56f93152f573371b8d663

SHA256
41a0a6b11e8757fe84b72447ed6180319f12dc3702233b4a3fef0cc74044c0ef

SHA512
932720f532c8b46ddf63f4eb250f28645948d076477f8f3f61978a6148b6f50d922fd6c6f768d4ab7b2b92f61b42c4d5c1feda518630d303eebed2cab4b45311

Download Submit
C:\Program Files\7-Zip\Lang\da.txt

Filesize
7KB

MD5
c8baa26e93ad6e24035ede97da6dd8fe

SHA1
b0ed5934a18b98103c6aac5692fa85a6581efdcf

SHA256
61920254b27c3123118582774638befbb639717b09b56cabbedec0e7641b27a1

SHA512
bb8bff8cae1ec7236c8b0653c8e2095e050b28800df7f91f687aedb49a9601be11698f76f73e6c4e5b17e85cb2dd269815874fbafffd57df9ebc7ffd1ea83beb

Download Submit
C:\Program Files\7-Zip\Lang\de.txt

Filesize
9KB

MD5
d49832f3e0864e7a8f6393372b9ec391

SHA1
e20d0b254a0a2695fee6f359d3d9c4c1bdf207b0

SHA256
df1271fe2585b59465498d9d4b6f6905770958c806cd0603061edc48038308ef

SHA512
f2fa0aa5aafc5172dfb819fbc620ecee141e4ef62d24dd3aa626ab1d2588259f91bbacc462fd088720f4f7b76fab55500d2fd48fc400d60b64711de0bc69d4e6

Download Submit
C:\Program Files\7-Zip\Lang\el.txt

Filesize
17KB

MD5
c5fcfa3f9278952ec1cec5fe30da8077

SHA1
ff683c8cd88c5f3e3aabdcfc020db08e23b40b08

SHA256
eb36d4f2f1c313390d6473946b05fcffe8275d93a1249ee1d4e80fe4e53be4b8

SHA512
b44e243b047544eb6d10a2128d0765cd32f77b73d1c8901b8649534564ae331198a37429aab249c89dff8c4578a933256f5796f9589a2d7a6b93d500b1eb9efb

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt

Filesize
7KB

MD5
f92c2807511921494d98254ed07c0fb6

SHA1
b6e65ef51b25db11d7fa86f141d543721d8079ec

SHA256
90a239ba1da25d2f3c285be704b1028b625cf9ab2c0a8419fee55aaed775b2f0

SHA512
4ebf086bc19930aa5b4d7f5599403f066fc5ce7428ed5b2446feb14c77b0b312d57c182b5093a61163c428d41e76e935e0ac3e2e78bc249c8661167ba8bb370a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt

Filesize
4KB

MD5
758fd2a1542eaa24732d1accfb1ee627

SHA1
41fe45c1d170fed5c6c2ea4b956a9a5d0eba8140

SHA256
830fe9fffedefdf0933483682e0cf53ccf8e6a35e846b265c89adf7e62146500

SHA512
75c3f7db77c365c995e84157f2e98d3393ccae852fb84be571b6a9a94259069ff5771ac321f09659cb77d37546e1345f5960004e718b1ecb3eaa00c05e287de0

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
10KB

MD5
197c2c9fa36df25ddee2e577e2769be8

SHA1
9b2d21cc8082bd6b57227e7250f8f3f5abc7efa2

SHA256
11cad2b94480c18f186a481ece1058bef2dfb65f465d2d012abddaabb6409ab7

SHA512
986919e9734f2316b96fd92fd055526204a3b2927497c0736196e92dc3c15ca9659c360f9b227aed74acf816aec975e75bfb47c4c7e04e9acdf3351f92f00a13

Download Submit
C:\Program Files\7-Zip\Lang\et.txt

Filesize
7KB

MD5
b69d48cf12f940f7598fd8d926e132ae

SHA1
dd0ccfaf2a2dd45d07d32db8424032fd21f77e44

SHA256
6906d653c1c58890f7e22cf9ec9a0bb95d9652d56a066a0424b1aae02b8630b4

SHA512
5789d18aa08639061ac0a3e11019dadfd887500a04c19c54296b34d5f1ea3ec470a16c2f83b39396221d747497cd3cf63f5327470aa81f5804473a2163ace31f

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt

Filesize
8KB

MD5
a2651382dfbe86f56784245a11f906c3

SHA1
7f95e96e494bf4e304e2428922152aff4dc37319

SHA256
4af236d0d3b69b4b02dd3b34d645aeb4ddee4a946049c4ddb07eb3c22631b3c0

SHA512
1a04a5e21b7e4f055e31e6ce12e86fca4492284830aed04dc40aef3a7520f93b71aa48a9e4f0ab2e7ea81f2c84f6951cccd1aeb1a756339e67961e133f788107

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt

Filesize
7KB

MD5
3c82b6ce292499ae9763dc64501a2665

SHA1
b629a9036b58f45e92a73f9f8c97c66553719956

SHA256
70e49020e5d01c3b44f25a4ca234e983a069a4b6143b83859d65dfb801fc8bb2

SHA512
8a06aa344e47a3f62e06ef9acf35c1adc1cf12588f0768bcb5dc490400d9de0b8c89389b5aeec4ccc99ae38338cb9e61bc3d0e9882c31910742b600d8c048432

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt

Filesize
12KB

MD5
191d78e32a8e7901dc316f64b152cf23

SHA1
96fa7a0932a8f98abf3f3b715801239d2d3159d9

SHA256
3e3537fe3f255a60af4133ec79a891c40cd8a7c9d0ddd1a16d45d1128a26e9a3

SHA512
145a16ac546c9d29eac140dc4d596166d546efea2720588eb9a63d3c7ebd5a06f7aa5e27f3774320004e7411ac0f469ba9894b28a1c92f3cf59930ee5b5708e6

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt

Filesize
8KB

MD5
ba2370ef2220bbfd1909796aa6b0bbb0

SHA1
aa17fd6bcedaeda9c84587b4aa0e7edb38fd0802

SHA256
e7cc8d5d458b07e5723d637198b5dfa5316183f94403824c26decd1bcad92756

SHA512
476c62b4f65dd9752aba7d6b1e509713938abc6e6c5e0d7709b7d89393f44267968a090a56865cb0ae963e2e5f202b839f30cb7e324a109776339f3f6bad874f

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt

Filesize
11KB

MD5
0b27d49ef68d89d6ee610ac193535033

SHA1
4f9dbdb99a97c4820070de23e576c1af52e7baf5

SHA256
c062725bc6b70d16bcf1c87d14d6d08cc8134bc30726b7e3b8fd2a53e1234257

SHA512
c85e5ddf1b553ac79d8100aa30847ae5af17b0cc892d87f61602a86384eef0d359c70156ec843410dfd20a4337be342927cbc239df1dd1e356a29422d5d68b04

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt

Filesize
7KB

MD5
a1a3f459cb78620a8336b9cbe9fffeb4

SHA1
bef1f2b1e9997834f3e6b10b89ef547553f0a32d

SHA256
daf0278cc3ba2f75538709493cecddfe38ca03eaabafb7bdea81ba09fd437655

SHA512
21364cfc3ebeff62aea098af798aad91a94c580076b23b791399655533d3d2bbee52d667328b0e8e4fbcf9c8d8b0d019d1da6331c221cd6350f68ed2636b4d1e

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt

Filesize
5KB

MD5
d19305d534b4ce0d386d5181fe19fad4

SHA1
09441f86722d962d07d9f35afd7de81bf03f22af

SHA256
bb72034a089016399d20a897b3e944ed6dbf20e0ad43a5f2f5013c2d695a308e

SHA512
108e7822abad870574f9cc916963c463bc8aa469f3950ee7cb56e41c0f1a924216aacfaa2c75e6f931ba9392f42fabf479eadc076a7418f9102f01f73ef69996

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt

Filesize
7KB

MD5
a399dfd2b38df47dbbb8a55d862a7860

SHA1
25cad32ff8874930836a7d04dfc44e2351b53b0d

SHA256
de71ad369b65cbe157f14e212c05cf280e786791a5ac5ddd6cbd5e69d743154a

SHA512
e5433fc551f28786de049a955c2c88bbd50acf0b216dae09bd87e4c3b3da0f939a9721c5beccb5fe36da4def7ef3e0001a1c6f640215ee85bb9e61a4dc6bc89b

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt

Filesize
8KB

MD5
1b9e6b11903827f330b46baf60f59d0d

SHA1
fbc4e985f064f9d6749c465e3b6257bc42e7cd84

SHA256
1e21c63949a96d0f0e978c1bee9522c799d35110a15a1a89a1964fdda79acd05

SHA512
2093283e44c3b49b852b8bffa88e4a6164731e5841d9d91c8335082288e3e57965f1825dc607f97fae54b2251b34f0eba828a45b96279240391dd6ed6afebd04

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt

Filesize
17KB

MD5
f568ac69200f057c176c1d05cbea3dab

SHA1
8bbc0ca5b87083a35f7121ff362c374944e7bfef

SHA256
4b77b4d20da53fd2fb6751de2a620e833076a78ec28dbda9ab27ec575a910b4a

SHA512
ed597abd841b95347a7e9b1d06f0c45560614f8316331b07b49aea7b93a71d59117964ec64c71ff0b41f24181ed48b68f39c3ae1d706d66d29b8cdbc2a2da470

Download Submit
C:\Program Files\7-Zip\Lang\he.txt

Filesize
11KB

MD5
d67d527edb541f8f74a3efb65c5896ec

SHA1
5c8d6e520c0dc8030b6d83db996265e8b526d0ce

SHA256
14e7d78bda787f5815482bf9acae1fb4d896970f05dcf6488c936df465e1be9e

SHA512
cc876af08bcb15364d24d2487d60261fa4010396afc6475bc1ac50a14fde41067de5143c95ceef0c280aa6da331907fab9b3cb2e892d058ea79bbe301059f901

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt

Filesize
17KB

MD5
1d9d74cf2ca4538fa5c7fb923bca038c

SHA1
b5bb9f700ed8aa2b5687bece7721bd1b899afa92

SHA256
fbfaa6303d912565045590cd7a74f1538fbda3ea691d2a9e5c652b7b6a5a707e

SHA512
9c11a9d1f273e386ff5118cd6223ba127b6c28a4ec2ca3dcc382b5515f0f36da68e32541cd871f0223acbf46e3e2f4ebace61e05363c85a94d632083c900feb1

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt

Filesize
8KB

MD5
52199e77e134b77c38b16cc2254124b5

SHA1
96163a668a70d5ed3fbd736bfc5576891495ba62

SHA256
6cee822b2dcb36f7063029136eec0839db0090818b48f523a4457e5e4e2cf745

SHA512
75c9f13965f7cd75a09ed8e60b098e64d78d0233267c7adce35772a598154c149f36e5345b243af1c250a0854efbc7c7db6045d927515fa435537b9ae903ba61

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt

Filesize
10KB

MD5
baf9421d6832353873c50b8fb5795113

SHA1
9766cbe0633c1cc514daa555fc9ab26f0d5407de

SHA256
c870034466379d92d18f3ddefe2175a57ebab2c7385fabd905b4fcf849534b81

SHA512
f8f071af270cd00bab768a958412274851373cdeb88eab916a8518149cdd08111f538d01485e54da4e19ca3cb0ac8cc84403ae4b6968c3e193d4ecd44febb429

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt

Filesize
13KB

MD5
4d6188056a0cc625b857d2fa0ba5a023

SHA1
ff6eed17184bcbcd0e28de3ea8a568848b49bcb1

SHA256
9e054bf8efe655f3b5927f3d5b959c8a8ef14dea36b0ccb5c29a0ac70d5ba913

SHA512
a9e18353bb8b08bc88c223a88d72cd6201cbc7a1ea5f7a79f369afe5b6510f7dedd959d718fb5db2519d01d0358b837a5c443efaf3c12715a4df0ab599ddf5d2

Download Submit
C:\Program Files\7-Zip\Lang\id.txt

Filesize
8KB

MD5
6fa0018983dbd888a8b8acb4385b49d4

SHA1
d9d309a3eef5342b14235270798426154cb6437a

SHA256
815a4351fdaf966745e3fa7bf0944236db3df58fffb62ecc086afc41f50687d6

SHA512
e8731603191092e3488363e06c315f457135febd6ad81c0d7964e42bec688f7d9f64700f186311bfcf5464eb82c07b5244968984ab3125a1acc616bc7315713f

Download Submit
C:\Program Files\7-Zip\Lang\io.txt

Filesize
4KB

MD5
08023b8474748453aff217b2c88e9521

SHA1
130024a9c0cb9a9dc9665b1b3daf325feace6ac1

SHA256
c874bcf913c07cffbaa90aa8fdbaf4d24501e3104ca15b1453b6b300352234ba

SHA512
13c4fac5287f5080adac7af763279a3e8f04be796af5b1332e3c3f45b6342a3a2fa4a5411239ec7d1cff82feb6730ce85b410b805e284648c6f6250e9e0e8d81

Download Submit
C:\Program Files\7-Zip\Lang\is.txt

Filesize
8KB

MD5
1a8a23a3dda287d8d90efdc462cbfe30

SHA1
ab7d5deb3b146b2d8e69284aeae7d4e9369dfcaa

SHA256
3107ff0fe87bea8dc8b0863e8a95a7d26aa0a067589a00a7c947ce95a29afc8d

SHA512
ee16e67d651080150d2f5ecc427ff368d984d275271aae0a84adac5ef5d25ac678ede97185d681f00114e79f10e299c7e157f78691a7058c242dd4fbef0ebd21

Download Submit
C:\Program Files\7-Zip\Lang\it.txt

Filesize
9KB

MD5
15e1b045145158b4b2d11fe4ac370004

SHA1
0201bc4a3a062f7229dc8e1b302c595c4f368b44

SHA256
092a0a091ab154b72468143bedba0ac4f5cd6e5f6a15aabf84ab32ee49cd23dc

SHA512
6b364afa2f8d7b38030188df66711bf69e1333635428651b3e2c14be9717692a25dc0b2ee33f55abe73acd7d68f0c9d02f200c3abc33b98f47711067cc3610fa

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt

Filesize
12KB

MD5
3f7999ed97400a71de4f39dcf4315698

SHA1
b799e5f96dcca4309d4d235a33e699fd57da2522

SHA256
0abedae3ce9ceb944b3e6f04133c8369993b779757be35665dc738d0cf78f934

SHA512
c408b3bc593cbd77b6f22acdccd1e462d7694dac5ada7b8383073cea50768bebe3f943323fb6f5be552853f1bdcebba2725aa057d077de28ab5ca6c8ae67ba58

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt

Filesize
17KB

MD5
374291e70faa4d3888af3bbd78c78d78

SHA1
d0e96bc495b24be04ed5f1e9db7fe5bd281bb26d

SHA256
20ce32e257290109b46ebf2d48e50ca9b473b3d826fb82d0a12a6301bef3aa03

SHA512
ccbcf22aa1ff40291c22b883c691687afa15c0dc7b71b1f4854358a653c6fc1b499476a3ca25a86ac1733a37a4e23730ad0bf3aa9a1df9fe2740586d5b59f80d

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt

Filesize
7KB

MD5
b9b94a5503a0ce927ded0b40e7705de5

SHA1
1764eb5616576cbb024696534cfa0a8cf2c56f72

SHA256
b733a32ea7ce7b53fc1e60fe43ac29804339fb8b53c198c319eb2d219151d2d2

SHA512
91be611a5980598867db1e36c04863d4e8e6b18f3f506b0e94ff1621e402bfb94c94723600f4e72afb270deff4c265978b41a43a3bac5ad72caae3ea557d56fc

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt

Filesize
8KB

MD5
effca3613a9d63a14d44ab738f2a5dcb

SHA1
fdfe14e02ab999fdd997b3c42202940926aae208

SHA256
d613f9f612c2839caba9766afe231d1a364a436aef369b56e6a044fc7a0df9b9

SHA512
5144db73a481f17085e2410e4f9d60ebf6b8f41cf014a688d8aa9378519af5ccb931d67c54e8bc7b016d01250b043197e2465ccea84f3e32afe45c61dbf32dcd

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt

Filesize
10KB

MD5
cf96bad17f4fd2c3b7ea0377dd659354

SHA1
9a9b024c60f75243687787b5b76e6db57726ed18

SHA256
cdb1795ecdb49eb4c504d7f03bcb8c1b56951b9f02e6026e0a28496fe3980a90

SHA512
0850a6f8f962e32b1ab371d04fda00a782ae4e9abc9a2d8ddbcbb63db72984bb84732cb7de2900599c0dc2c7b346006deb6a0ee9780574edb761e77b2e1a62d3

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt

Filesize
10KB

MD5
094d3b8ca045656acfba2624e3d6a934

SHA1
b34f5f2704cecf4f4f82885bf503ab277f9e0fda

SHA256
883a29f274c949d6b97290d01aee0ac43e70bd6ca7a0b7db23ef15bceb45441d

SHA512
8504649fb7e6389b5113b12850ceff0912dfd597ca5fac466cf4872eb070fd2f521e32796167683453b7eaa386ec30224c9d303c3231bf629246e6998a2f02a4

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt

Filesize
11KB

MD5
ff21994d124930afc5fa0ed5e062b02f

SHA1
7fda31e02d01f052e64191454e691183c5fb9f1f

SHA256
6417cc9207f3ae4cb58a55aaa64774f038d2f8ef102ea0fd5ee782ecf6f7790c

SHA512
befd6fc5e16e19d7f11d9f4ce71fcd34dba5ba8c8efa8cdab87d411dae62deaf35bde21f320cea5ee4442150372ddd13d526cd240591bddeaa7c0202cf55a207

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt

Filesize
5KB

MD5
6971746d4990cf1bbf2882fcf9aad69b

SHA1
cb441074698010b347c73061d9ece3a1a3b08c82

SHA256
0270c134b20bf304104cc0f69ce56bd2f842efe45f8c3a579b0f27302c470724

SHA512
01440b5bacf78df2553aa21f5711d63f1e14f8061f26161d888bdfde11a29361c3a9e6e9b5116001b833d0068770f38323ac6c6830cbc6be5b5754f3341a37b5

Download Submit
C:\Program Files\7-Zip\descript.ion

Filesize
666B

MD5
76b6cfb9e2c040bcf89d419c0218f1a5

SHA1
853a2208bfd6440e1e1f158be0a6ae6e1077fb8f

SHA256
3d5659e4f65fb8e39ab60c9411f0e624cbeae08cce5758b38907382b61dab951

SHA512
08ef1e0f368f64f7e2019df8ce1177f1b75c6794a27f5f7d5ae4daf3a7beb0c4ed333da3a34d4685d665fea9d358fda8c66dcd2a19d63f23f8f18b8a2981d7da

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
350KB

MD5
bdafe55f2bfe0f9223ea8ccde368b5f0

SHA1
e2d38a77889b92800114a04c1d69147697e3f476

SHA256
30333c04c7b2d18321313f6ac73bc2e7110871d81ff7c7a5f28c21e38b30aea8

SHA512
48afa12a170d153bd0c6406181abe2b502e2d93e061c5cefda9a52b3e4cdefbd48a1c14a0dad545ee4ba0728107dc878d13e30c6aa7db3c92ff4a7fe4f35cecb

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.2MB

MD5
6d4a8aa6c77ae3411130d2483e626e61

SHA1
5d8cc7325f810f7ceba7d378810e43150bfb977b

SHA256
f7b8da1343f780b48480cf4582a68fda6958e73e435a90eb0616b3b4049aaede

SHA512
47ad92d9c9659f8c563349cefa4b818603fe3059977f9ab4fa8f24b2edd3c565905a19105600a8a9cfd820ee9915c4e6bde15936a3c6655b19f981631f4562e0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.3MB

MD5
d25d7d2eb2b78e50daa7ac156c38eede

SHA1
72a4ba8c847ca6e4465e6ae5a92cfebda6dbb630

SHA256
793cbd18bf3287a4f03aac3b44a50c31089490ecaddaa23e3f88464e3bc990dd

SHA512
542e8cf5a75216f79b4ec882d8ceeda9d09b8deeeda16af1377566f2ab898b81ce7600c1e4269c9bdbd45fdcc6d8e97ca4983ecc3ef307370559a13ef54c0836

Download Submit
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml

Filesize
1KB

MD5
423e082cebf0bc75dcb653fae1ccdea4

SHA1
94f19d8d104d0f7f31ff3a72dfaa1c1362a9b0b8

SHA256
d74343447619d34218445a780d9333b4478f7d66888b6701e2615185269ae27e

SHA512
3c372e68898e494e606f7df7ce231000de306a997ea306d8854c24037812c67b9e46c32d6c14d46d4b1723c7ef5830e04746fc895deec82ca0c9489f551ac3f8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

Filesize
666B

MD5
7c2961c93127cd1e104c70ec535f7bf1

SHA1
e643f15d9a456ac7a2f39410154ab6f3042b9aad

SHA256
247e6e8f26f77b75958e5054795e88ec981ca430df9421780798096110d89dc3

SHA512
d2070a1dc7434e5d88cc8e61ba67806758254d159a4bc1b17f5e6b5824fa9fac7f4d45355ee18fb5a52320ad2055373da8832c11fc27431e9368b5be6758b65b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK

Filesize
666B

MD5
f52de69e0852417d1a3226f4918a3da3

SHA1
91b383ef064c172e5786426bd10160592905c6a4

SHA256
a647520343c8cbe3b9409b34f588689c579cd9fda43639cac33c3687080d97a2

SHA512
be45b36534d21275fa07bbef08d0263e19007d631236162f740d577ed1f20ecc306f45c7e01fe3163825499f02893532c3b120841c3bff1d98e84804f53a5257

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png

Filesize
666B

MD5
5fa314c8e1b565a9fb610023e118d968

SHA1
000e382eab661ed3f346b1f9aa6a44196eb474a4

SHA256
eab2679dae4328a820f44def0469b99b9e9eff1238c8917279b1bd493c9d4b6f

SHA512
3ab367f8c05767c7ddcedd4c1626f74f0623173769ea402d7fd7ebfe50b60bb10c31181d8c216e5910ba83dc6ea3fab8e1f8a20284e67fd53f95a18742ac1bd9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png

Filesize
666B

MD5
5e7b16af8d359c17f691afbbd6a15dd9

SHA1
31189c6ba92c6dc1a55c7f66dbdac480057b2bca

SHA256
0c306e49a13b55ec8bc79adfc0be641efc7f5951c8204b7462ed734243b4b72f

SHA512
b9d07f1aff1e137f939b1037a58c27da294e50d25fb04e9756db50faa09083a18dcae1da61d449782e27ec6984c41bfbc10927ce9acdbc899c92154a6ecc022b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png

Filesize
666B

MD5
2a89a1b5025cf1d5e635c53d53ff4f0b

SHA1
321755930e70f0b33eeb4a165a69917a56b98cb9

SHA256
11eae19e07672be906ae2eba8e5fc1c4caedc4c4d55b16d1e1753a44a5d8b484

SHA512
61981796f41337db1ede8460c00e00f1c772d798913437e5d99c42799d01a6d741c63f9e16eafe2558dd4f9eff9aac5d271623fdd4853f24510c35f00a85d175

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub

Filesize
666B

MD5
7bace349048d1aa93c9e6f19b3faeb4d

SHA1
5222b7eb05f29fce9077b84a92e0138cf8d21b5c

SHA256
9d889c7c5e314a00dd189dadddd50dc03d6e6b85d6d80fd68a7fc18b222d85e6

SHA512
6a6cf005e4dec9b23c02a109551fc1c1783a2358510207903c4d62c3af2add6688d69699d0b441829a1032bd94d79d9712741439101f19c3886c755478ede57f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
666B

MD5
a13fec92ca0553da8de7e4e6d424e1f0

SHA1
ce0d099db8a6c8455cf0fa1d7f359abfab8cd0e3

SHA256
ec754cd71640404fc11e24a6ca10eb203dba830cb079abf86ea9019c28d7c3f7

SHA512
0c4b6dab34fd9f0b3ee85dd75ae0e1492e3afe320d83a7a5d60484ec82b8224623ec0bfea2587af962e83dad5122a35971207ea4d14619658df2f9403a7fe85d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
666B

MD5
8ada9b002e3e2864ad6a4274e06d7026

SHA1
5c84f5934c88ad6c267ceffc082684b0f6d4c30b

SHA256
642392713b7079359bddcda2f13fde974d8a6f8ecc1b70e8d85911be9208c301

SHA512
955fa5f0a9be70ad8ee1b3c95a59a4145a667049d0ae81baf6b77b87390b1ac8c4aa8bd0887e0841fedea8da2f8ec65d2159b3eebe11bf9f7f0e0147f1b561f8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
666B

MD5
c7b107d206f01dd66b22b365bb807f59

SHA1
a2ebd9947e63103b4f11b4461f3dd3b7c62d7a3e

SHA256
6e6d233ca354c52c827bc138e8946da1d5e855d6f641d07e57f6273821f38d23

SHA512
923a883498765df7372c16148f34f8c65b1e39f6aa62c4c2406883b93f24d43a7065d3e4caa6cc479eac3fbcb0aa30a58bbd78eed959ebd23e6822e17c744e8a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png

Filesize
666B

MD5
cd2dfdac032629e1268df6974128c524

SHA1
f4e51dcc76327dbd247428c8035b5611eb960cad

SHA256
8bd16d326ebbf60d4abccf941a64bae9f90da5ed10b1c3075ab7544ce3244367

SHA512
41fc5e87493f6a3a57e303e4c69224ee2334fc16cc83c21a74183b726d9fdf24324633158d9787ff09cafce6fc0262eef49d1a25bbddd82a5c246c971f8c921c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]

Filesize
666B

MD5
9b2966b48f0582c5e71f16feb4b24675

SHA1
d3b1654e56e37947862a8987d86fb74b243f82de

SHA256
e135cf475eca81e65f79a4eee1d9842003a403b758623e11ce2e280410cfd136

SHA512
b7d7bb47702d15a3c5a8fe24b07ea4219d1fab27b05eb7a09d2ae1aa0a6ebf40b26e9b049f0634b2488041b05dd473486015b29224ee2a936ce431611f18a4df

Download Submit
C:\Program Files\Microsoft Office\root\vreg\proof.es-es.msi.16.es-es.vreg.dat

Filesize
64KB

MD5
1314d90a5cc09842dd7a1e25372427a8

SHA1
dfd7a7b537137202e02a3ed590a32bea4b95ac03

SHA256
87f3f0cba1171750f9b041ba6e8b8e2d2408b920b60df1fdd21bc55bf4c90e5f

SHA512
2619b9895bc46ae7b3ba855023d6fa8d55ca6d129ac646dfda82e7bc7d47ce5345a63465123e279595a2f707ba75ccd0bcbb30d241ddac9fea552d4dde5549ad

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
188KB

MD5
a7939d0d0324b9ed2b7b80a521ffaa2d

SHA1
a02d3a5f65733d3508c625156f2497bfa7b27de6

SHA256
0e3920c68352e81e664c418faf20132b972b1479abb674106441d62740445dbd

SHA512
227a1873411121fcd63bf0bdd718accfb67469cc299dec0deaf1efd6d39f42af2fadfb00e10d22b9109e2f1c188eb7909718aeb307794626f7be8030d948e8f3

Download Submit
C:\ProgramData\rdpclient.exe

Filesize
112KB

MD5
45a19454cc802a74ba87ff18e5fc9b99

SHA1
eb37aa72c7f3875da9ec43ff2362eea8af43d899

SHA256
1f4fa8ed1f8a57cfa410c95bf3144a58389464ae1549b0a371b04d2cb09adcaf

SHA512
115e28a87e62a00d37f4347760d6cba8c5b9d699b658ffc81221732546419795207373aae3c1f072dbeef1d23566d0b80c46ece48d99c17b7709db1931fe5c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\2601ae89-9c32-4709-b32a-3cb268a8f449.dmp

Filesize
4.1MB

MD5
7a65d449f0414f512c05e167da7a4141

SHA1
ebb6629232bfeece392d813406a61e1245d190f6

SHA256
5ac6014af60bd906c9d842026c08be2bd1ad2fdbd9a5aadfbc85bf45312fd3a2

SHA512
29a6786a898142bb0131f0b5980823ad70ca3591efde2228af8caccad88c9fad62cfa8c0ae727f1244de248b48640b49c82ad5473cbc6f672880b972e7bbe515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\73b18949-ebe8-4f8b-92f8-5a81c6ae954c.dmp

Filesize
4.1MB

MD5
c4374aedf8e9c9243eba615e375dbd79

SHA1
cf3e35d5705c3fefd4c8132cfeccce626322f016

SHA256
3ae06ed7ca9c742a25ecf7cc178005d49f0070fb588d6fd9938bc7a376e49731

SHA512
440d2b100bc13f3aa2fd060068a75a5032992fea6b6eab3542fec1c94fbc5c84daede88ea763a57f0b456c1087defb2ea3ee9fa636238be5317c71e59aae69e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7763d8ec-cc3a-403f-a253-c2ed720c9caa.dmp

Filesize
8.1MB

MD5
eab51385137eb076343eeb946e559046

SHA1
31969453aa7c5f1c90e42c8dde26b1bdcadf3f8b

SHA256
bef53b2b944e7b237b141d5a2ad23f239f3d8120acd3ab8d3cd03c23eca69012

SHA512
d4904b21334763d3970480aab10ba92cf89363b56a202367391434773286cdc79aa7b6f92b5409c3d193e80164527cf574a5e814591744fad3f2dabc35510d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8c122515-1cc6-47d1-9c58-a67f96e58c11.dmp

Filesize
4.1MB

MD5
2569131732df5906413ba72613df6fd3

SHA1
6b14781d833a2752e0d4edc023193d6ae02a5115

SHA256
d97a8e5b9478d4a05e330f7ad63128a49eb580ca82d4b9865e719db04fc2a6ec

SHA512
1870d6e32dc67bf87380e70bf4cd3c16e1855c666c0115a9c74ebc6db41e302bdbd082b3e93f251ae3d34408df620ce88f76a72289a4711eee54ea188cca925a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9bf075af-ffa3-49b2-bef0-def07e3b06df.dmp

Filesize
4.1MB

MD5
bb92ede973a179e4a97adb849a8f7c44

SHA1
0789d0bdeaa5809e6ae5237a7c5ced25f4d77ded

SHA256
aeaa56bf2ebd5971f500f58bab7ce9e287136cd4f98051e050648f9416234f5a

SHA512
1d9f0694a96ab1cc450e0686b2dc8df3b28ff592e9c3c50852947dfa5999a07d6898daec1f7f1af6e877e4add1c4f23bc0d8dee995c15c0d095f04cc834c51ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c53b5dd6-68f8-447e-93d3-f68abc353a55.dmp

Filesize
4.1MB

MD5
3721c92417b7ae47036663af4879168c

SHA1
994e291d0dad89a359868206a9553d30dce4c5c7

SHA256
f31302292bc062938f8dcb9fac7628b32e6f2a4c0dd8156a1ebbc7e6c6a1ea4b

SHA512
8a3a37378708602979a2ea1f3ada4c732ee40a156d894456dfdc1adc8641e69a5ac0a60f52339d576cf2e64c2dfb051f67f11268cc7995147acb97b1014e8f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fb3a0455a33cc7c3571b70f70640a386

SHA1
80348324b7768d0f7ee1ca504fe9d4f99b333b89

SHA256
5d223a370f537cee20c1edc8fde6efa70f67a653257ef00f5b9358602223ce7c

SHA512
dbf614e69c3b6066ceb6cdeb3c614cbf4070bb2096a5d66b69d5b142dcfd6f4fd37cfedf044031ae8a419cf4d8cc254d618a1c5f88cea62bb72138ae490bdafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8734b4a181214bb62f91cfa36c7e2c98

SHA1
9cff323f10778a23d73ac3dcffc038d3bf661b78

SHA256
e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

SHA512
e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0db1d88802048ff847bfcf47035335bd

SHA1
bb54059e5b145da464f6521ae67353889ce00771

SHA256
416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

SHA512
32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b426335aeccdd6a_0

Filesize
666B

MD5
452ddb6ef12394c3da337808aa1306ea

SHA1
c78e406b7c114fecc66df0aad9a64471aae5dcf7

SHA256
66a3bc21a074ffe0c7592d8bbb559a1af82302bf34712f794f0b664de3508d93

SHA512
894de56b4903134fae4aacbf16b5b2b9c95d0aa4238377f7203ac31600e991b48d1dea2a33bda340ac7477af78a6d47c7703e553bfc8eee6bd931c9f6eb89c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6f47068e907f17d15a1a9c79d0751fd6

SHA1
8f5ec7698ff231ba3008f77748bed68c5e2f8700

SHA256
fc047de2ee2f64fdebc6419b773c146b2206b56aff76b47543ce5029df0bf9a8

SHA512
e129b056d3df924f00a01a3fc4d2d015d4617bd3359b5c181a5176fa570ff8037451e422b453b222ad06ccc1441a920578b1979b931e428bf1f931e72257cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583738.TMP

Filesize
3KB

MD5
2fe70a194753f09a905f34b4ce3fa6b1

SHA1
3a0f95eb7bbedd4f62c0da878bef07123d1ce96c

SHA256
ff9b893b10ad6ef7657a664fb97348a0b06d40541dbf8e739ce59a10a7be85fb

SHA512
a27387d939b3953df94e43410664813b4acff192783ef4d6d94bb54051740d91cdadc209b798ff956cc6c5a43f79e3e5bd86f85e8a4d1366d070397044e69a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1a250932ff9a8dc1880d98a78d5c3ca8

SHA1
2eded1063c2c2d5be3b0eba04f9c92383e06a48b

SHA256
dccd0477b2d109efdd693d715d380f526d8f6d8dc472a0de8ddeaea2678acb21

SHA512
9a7bec15997eb2f88a4d08e4ccb70c535f647d8e0e82ea11870597a505b25110c273df7b918b442a158f89e1953fe64cf016bd83028b2af10811e4364d09b387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e07063d4d15693c2b7740a8be9b4149f

SHA1
c786d00d8499146ed21e78d445ee0daa6984a4c9

SHA256
793b9580b83988655db20e48822aad840edc55cc967ef9da60fa9a86d03fa0da

SHA512
929e26abce02dca826255b902968885acdc9a0dbeb4e9d631c4783f6529ef23bc97a0f5eb36f56286e3ec4898c9bdb1017abe1625b16b3722ecf68f133b3acf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
93f85717d1a3d14b0a9b623a3916d302

SHA1
6bce63498b72e154b6d853d54e222aa46379075f

SHA256
be25bd6c98f806b4ef4f6bb862722f41d4c5b7a89784db5c38d603224935853a

SHA512
3ad65650f08274cf17e57f542baa8a43129098153b5e4f24b327892f6857c4f771220ff02573d8f15e35b8b5517f09cf430939ac1efc274e84dda550f34c9462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
27KB

MD5
5fd03b17641ed7e847f8df53cdabf9cc

SHA1
8613bbaa05fcf119fc2c7605d8bad09368b56f1c

SHA256
d90ee713676b3803106417ec1321ccea0d19139366eb7a045d9274183f53d727

SHA512
db5d3bd6c5f9d34ac620df68659ca66c4d76bb8f7ea1057c00aa76b30c108a9e19592857e923c3e2b7bd25d558315644928c90cbecdd3a981c42dbd76a62dbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
31KB

MD5
35094709c6857b19c2cc3cee67507c73

SHA1
fbc60cc87e22afd018576b1e84c90563175ff0c3

SHA256
93edbdf2a7a68ad0dcf19ed955cfde56a3a459e6113f2117b5dfcca076d36ba0

SHA512
c9f5af409b7048a678ea842de469035a2bc723eccbd92666520fd4f4b51a719b52cc638f9265dfcc1e035fca2c5c05b09818e2b907181acc36141facff6f23b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a28510ad-0cb5-46a6-9c6f-aa4da4147d82\index-dir\the-real-index

Filesize
648B

MD5
c4849141637b88c9df4b2aedcc8b8867

SHA1
b91eb85fb1f6c01edd5dcca6da7d62809d04c6c6

SHA256
58838bff068b39e4d119bc390dd1fb8bf291aced00766200cb0e15b3cea2d7fc

SHA512
2eb0c8656d4950c56c11743e8d02683d68399b0eddcb4fd10378502f31e210b2114c80475b7ee69ed277f1e3f62ca2dab125598e56d08ccb850d2c9e73faca2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a28510ad-0cb5-46a6-9c6f-aa4da4147d82\index-dir\the-real-index

Filesize
2KB

MD5
99c7533ac7a3c540a739c9251204d6ee

SHA1
f03bccbf575d3c9bdef9e8d5a61e3a07172dac42

SHA256
340dfbaf1e1f50b07a671d48700b16a75d10eab51feb7d3c066ee9da0a493fb0

SHA512
9efe3aab3fc25f894324365ab8f0c4723fbbc5b042f0e34c840e9b9a843a6e740ba18862e5176aac83f882e88f71158937551161183fbff7f621943323a99400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a28510ad-0cb5-46a6-9c6f-aa4da4147d82\index-dir\the-real-index~RFe57b016.TMP

Filesize
648B

MD5
381f9e0b819f1b6af9ac5810a0694796

SHA1
ce8f647679d79fa7bcbdb8f8b8d231f988201265

SHA256
ad036a3080f45655bae74aaaf2f45fa37d3f1785589a3a9ff33b3972ddfcc624

SHA512
55f2f0ab41e59818efe151e03ef55667ad7554d0320400d0d796a5cf1ac8c32dc9c873bc3c30a974c4e781308d14b457d55650394f9c7979819c6ce43b06504d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc781fac-f06f-4898-a533-8ddb02e4678e\index-dir\the-real-index

Filesize
72B

MD5
7704005b80a12e438069218977e842d3

SHA1
ff638128221b4b849b48e68307c972357b115d89

SHA256
86ffcc4a2b32df04e4350ef9ee78f6a3d3d790b4f75f616cdc0b1c295fe54f52

SHA512
113a61dcc14325bfc379e2dd300013977fdb10db4c4f65d0decd58bb6b8f91789de603d46826d5f71836f101e1a35a013d5b9b3e7c6092d177117562218c65e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc781fac-f06f-4898-a533-8ddb02e4678e\index-dir\the-real-index

Filesize
72B

MD5
54a2f5324236f7d3de6f653821c66089

SHA1
badef0b2b4e4fa1f5df063e700598dc7a40db169

SHA256
8e45718f4999a119317337898ffea5fcd6e34d3192708b71e89dda0d2195e50f

SHA512
8bcef9b061b6a31d634f418c79fc86673968bcb115d8456b5e8a12fa70c03b7c1a7ed37cf81e42364cc789836d77919e8d3f97d41589a4bdaa7eb497be59deaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
18c8008e9f5c9b6a5c99055c1cff56b6

SHA1
c413c0e8b6acfb6a7587ca78665b0d80550f622e

SHA256
13321ab8c04e51858e55725c39c36a610e0a61c774aa7b0e77c7a6aa73dcee86

SHA512
29a5046ab327163e76a79bd1e4aa34cf37425edb226393c7fd38250786db36a405f93d7513a24f5ce49be6c4af96aae74c12b47a10e36a3044ac8c055a681516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0b3305842d66e7abb02a4e719d80216f

SHA1
262e1f03fbd307b17541e4345a80c96e2393027c

SHA256
fa378f64953f1fb61ea00ea39876148d4824e0ca8c0c802f9a8070ab078dc32d

SHA512
ac586a332da8f140605ea976bff4542c16005319922ad2957b6108e724508ad5790d88c4d73620b3e23d7f6a72ac2c190869a34672791b777836d4d3b838531f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580d3a.TMP

Filesize
48B

MD5
f1ba4dea23ffd1038917aeacaba3899f

SHA1
28999be2e23aee7c30aee3976da5317d9d9e24a0

SHA256
1f7932db5532f7f8402ef13d02134370cfce2c43c93b632bbb7112294a7d9204

SHA512
4def6e6b85e28e4db8b56222115d6a880ce3c203edd17ce97091cdc0e2ba9102c485d0cc0c8b45e0f8ddfdd4936379aa25914c7b0c7304a69b7782be277a0210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
67aad788e699c40cf989bf76fd6a8abb

SHA1
5c804af123cceda7f6d04bd4364200cd9dc96173

SHA256
d2af58dc90187dadad875500de347ce986b2c781ccb23d2408c83a131e813b28

SHA512
d39989320616e61f5bb63243ec7f843314c242422e538a5679f4068cc9996d78b6d92371bb73eb1dbf5a62aa58003585b92de59d99a7de7eba35c43efe03fd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\6fdb87a3-9e34-432e-ae65-94f99a5f2a5d.tmp

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
1dafa5305040b8e74ae77e22ca0b7fa6

SHA1
9c693dee558e90811a6ec3e9e2f560ad5142862c

SHA256
782182889ad3f69a103a30b8e5548f5ed2f1230687a7f95174b8233850b98e8d

SHA512
e92ba93034a586177eada00522efc2ceaf2724aeb342832da3d54839aea1cd51e53a7282ec6498550b04ed2947a0b2ebfbb7a4bc043e3431d00b709a45a900b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
481a7d0ac5a0a09351ecab5eabf89104

SHA1
b118758d6ed8aca9758fc6828bd63a2a11d3a9a2

SHA256
e839f1570f3c7682b8151836cf65194f1871800e5bab62f2a0d200c2feba4e3a

SHA512
dbdec4d4adf643076ac195caccb2a63f524140c871d517a841077e6619547468a1c0d9d0f91a7c2eee2f91fcc9161cd53f5af4ce5e4a2ce7b61e9bc7d1cfea2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5891db.TMP

Filesize
467B

MD5
bd2d5e6fa67d530e8829678f047155b4

SHA1
a69808ab026c57b477df1b651920ea8bbbba9ea4

SHA256
139fb079f41cf38454a45d4d2c0fcd9b4bcc9f26399a4ddbffcc2941075445f7

SHA512
e33f1b35eb795da8f742b45ebb8c75b7d276c6dd1fd2d5dab6e3154bee2bd1b6aa2469a881fbb0666737fa845be859d773bc7e90e34f10536bd4b052bfd0fd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
99f805013399949454839f9c3c6e7627

SHA1
b28f26945336ee2c17ec2571e2e74189312c9ff0

SHA256
6769c47532cf7e427180c3e33d0cf4b411830500b6925f67e837d074b13cad2d

SHA512
31ee26a03b442e85f09f87e0bf66e08c4b33eec29c4397a2517fa993294f3f1f3de69a0b41b95e57fb25b23e23bc4b032d2433204f44732b71a11f1560eafced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c0f7218ab660a39ef105103b86beddc

SHA1
215913d9afb65dfdfa736e820eb018aecefb91df

SHA256
b7faf30faa5c0f63b6b1e9865890e729fdd05ef774bc073118a475df0d5f01ea

SHA512
2e40ebe742cd0be819527b11ed6e7559dca30ff0668f47de2e04e47964f2d931c24f4672bc5fb6330ac81546271d4aaf20d89337e8fb2f217a35b2ed8a06ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
19KB

MD5
adf75c5e028b25bdbceddfbb4e6f9c00

SHA1
47ddaaf6be5c481f798468f4493ac17fcd5920eb

SHA256
d6cda76dafce0da72da99cb9bccc877242003a31532c0dcde795eb9fd30db577

SHA512
008337908a66898dbdf5bb0e768a1e849687407a09b04d7366741d60d4625c70bedeb80d6d87397966d1cf9a09334aa95f324b6fe54fcd1d1e13841ceb2dd181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
85214db9ea18e6111abc25ee8a714be7

SHA1
b2e792df3acdbc5057dfeb8174781539955331e7

SHA256
02ead22c9a6a4ab5436af5266df0e80b479c1a7e490521e6c79dab0be7038ccf

SHA512
fc6b528b5742696c0af0a3669e50aaa0edcd0a39e267e2d119734bcb6da31cb415fffa95af7817fd1cfd006aa9d91d6d5f811eb4ab8eca4143d51db9fa548a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
59cd8e12d3c06d4ad44f985a9768baa1

SHA1
3aa1c1a1e93d96d2dfd43b56d5ace1e5dc9fa95a

SHA256
01a15bd624326f46736302da328e9493cb64deb1e9258f88729e74da29b3209d

SHA512
cf6cbb59977903b66dc5f5d3c28b9d54099f932b5602db8878e94e614cd810226cb1d24a600d4841ba48725858522df9dcbac07ed9055759f28732c4a63ee15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
cac3f974ed932e7e186f65908251f9a6

SHA1
6eb88569ea118abdefd84ac60f506fa98acb6f62

SHA256
55394cbc15b52e3da588cc74f9459599dcab9ed210ca98bb10ad77548759edbd

SHA512
ee43a1be5a85659cc84705293eee4ecfc0d3f7df15638c23cc17ae33e201ebc31857a4228a9d9e585fc32abd8c07f1e84a6c30eab36ba8ad7f708bf4053f99c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png

Filesize
666B

MD5
99f3177944d1a8974879d4c18909adb9

SHA1
85b48687d8f9b737c1d428e6d8a028966ea26ef9

SHA256
579e8620a62da935a21c52796ff9bfe680f64ba581d38381ac3ee348b290082e

SHA512
f76f71484849058be05910aa480fb243063aa306bf94456ee29fc729dd8a54f3e6474e4ed31e1a76456061451ae5ad5e2d68d23cfb2f8e016d56475b461f56b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
c79b97e83221b44c12f1fe8044d4e871

SHA1
51ae9a6d80e8dfe16a5473c46ce36fe478a6013b

SHA256
01ebdec47cdffe04ba6daf35257c6999568dd53928b2d9c643a7a1824ab62bfd

SHA512
7b8450b6ce3d67120ec4c20e976278b1e33fafb12ea52f80788f39a1471cd8e2d518332703bd1e73b7121e58957be6ad650a52d5f3cfa7dce633d058fff48051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db

Filesize
666B

MD5
a9d2e3d6fb15a28f70d16cd9e24b0590

SHA1
0e0bc7ec14aa3c6e0cfa986adc8c4229eb659d44

SHA256
4bf5ea6d70f6c8f30cd39ed94b146fea6a7beebd4db1166ae5c18be2632b3157

SHA512
3369b06aee68c38095227a5ac256c2d5e9939bd592991398556fd67ee1cd864408cf7ffa427321ab07722ea164cbf2659ba53820d4363efd9a01f9819024ab46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VU6DIVIW\Windows[5].json

Filesize
916B

MD5
bcc709ce81f6d260ce400fd6cbfeee17

SHA1
9a9f20729444c3bdd3db5114bde644e998a8eaf6

SHA256
c11ae946d01c2e02f8a77c63e3c41cac948b9a004eb4ad1baf36543a896e1bb3

SHA512
c44ab39258291338237f537e2979f35eb68eaf3ec000380d82b509491733956d6ee466d1d9dbd6f7c8763eb20e29fdc945ebf738c649ab96f30b59395fb2653a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\46f7da9c-4a35-40fc-8362-982862f5ee9d.up_meta_secure

Filesize
666B

MD5
6c01a819099e3d74a5ac537d5de74258

SHA1
92aa181901586ba3a62b3f250877dea50742fb0f

SHA256
3262cdcc83cc7843ba4a08afc80c1e11fd92e9dae12f1c885e5a7a390e9989f1

SHA512
7bf3096ea44122d263876c56e4891ad1002e53cf8652a06dff0d43cfb96af1287a7580be5d29e6db82187dd8f98710595e09b1fd3d736f8dcc1b7ec6266d1d8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864073776083019.txt

Filesize
52KB

MD5
df6ee7d1eef954456354c1676e3b9e2d

SHA1
28ab09d4ddce296ef84c0cd1ac14eeb71fa79318

SHA256
9a3390dc8dd53ba109dd6691687b1bceafccb985d42e225c602498a292818ef0

SHA512
6f4d42a9aade099e17421485b10c85254e43197a70983267b76af3c4cb825b964f22a6bd98a0c478f91d06d22a1c577a1f5a83c941b51db79e770210fd371643

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864082190732418.txt

Filesize
66KB

MD5
f62ff896cfb173b500ed53e8cb164635

SHA1
ac5e92a59e9d321acbbc0750354a639c2344c800

SHA256
1d538b9efda804cbb0d9b0153e54aa2fcbf517e44d73464faa767b33ae07c61c

SHA512
68c140467578e38a5f5f1623273c69d47b433d88628ba2b69237435c3c62f444285cb8dd707f7739cd425b5e0f3eb1307217f66d661083170e6c0e275a8aad04

Download Submit
C:\Users\Admin\AppData\Local\Temp\0b25a32f-de87-427c-ba20-02b00ec61c7f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc04cdbf-b959-48ff-b2d8-512c7234a026.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4644_2015071308\c0de1f60-7001-4dd9-ad92-96d96e078360.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\d9c22b4eaa3c0b9c12c7\2010_x64.log.html

Filesize
85KB

MD5
5201b8a96bbfcec1cc97f2b7f2940ff8

SHA1
4ed1657c352349a3d8ba4bca224026e8f9cd0c3e

SHA256
8c03df6b88d547fa9e696eef5e38a3437fb08b00fcfc10ab112dafbf0b1053aa

SHA512
d27aa625f8f7fe7b48289489f91145a62c5adf4b1d6fbbe39088b71a9211942cba55a2854b06f396b100e957d60de85ee91817feecbe43267c362694c77ad5a5

Download Submit
C:\dfe2e59cddd00040f555dab607351a1d\2010_x86.log.html

Filesize
81KB

MD5
fbc9ce585bdb5db30d48d8d9f7a865a1

SHA1
cff12e4621c6a113c19bc427d14e1f366bd71297

SHA256
ec035c02f074d0d6b27449576f9552715f32993b26ed207c93a246744aecda95

SHA512
e81043b84984ce6c06c7a4da7117190fb911b37569af2d9c1389a27a30d1140356597e3d99da5db4966cc44e344b46e906fe4e4c74fabdd6fb12083136dabfd4

Download Submit
C:\dfe2e59cddd00040f555dab607351a1d\RESTORE_FILES.txt

Filesize
3KB

MD5
4f3332a48d767cc5bdfdab755d84a450

SHA1
d7d583c08e82f39637d8209447c2c9cad1478f01

SHA256
a04e8cc0ea5f7e143eba012c2bc470161f1faf9c904eb233f777ced8e6e706ad

SHA512
0f60de7622aa69ae0b209a1ed54ec7ba0f6b81b597565e64d41845bec8c471a768ca8622964260c448530f637492aac31a4fc5ec95de147ef2c0d89149c2a66f

Download Submit
memory/4500-355-0x000001E4FAB70000-0x000001E4FAB75000-memory.dmp

Filesize
20KB

Download
memory/4500-354-0x000001E4FAB70000-0x000001E4FAB75000-memory.dmp

Filesize
20KB

Download
memory/4500-360-0x000001E4FAB70000-0x000001E4FAB75000-memory.dmp

Filesize
20KB

Download
memory/4500-359-0x000001E4FABB0000-0x000001E4FABB4000-memory.dmp

Filesize
16KB

Download
memory/4572-266-0x00000192EFC20000-0x00000192EFC24000-memory.dmp

Filesize
16KB

Download
memory/4572-260-0x00000192EFC10000-0x00000192EFC15000-memory.dmp

Filesize
20KB

Download
memory/4572-261-0x00000192EFC10000-0x00000192EFC15000-memory.dmp

Filesize
20KB

Download
memory/4572-253-0x00007FF75D300000-0x00007FF75D317000-memory.dmp

Filesize
92KB

Download
memory/4572-259-0x00000192EF9A0000-0x00000192EF9A6000-memory.dmp

Filesize
24KB

Download
memory/4724-0-0x00000178F8610000-0x00000178F8616000-memory.dmp

Filesize
24KB

Download
memory/4724-6-0x00000178F8630000-0x00000178F8635000-memory.dmp

Filesize
20KB

Download
memory/4724-10-0x00000178F8630000-0x00000178F8635000-memory.dmp

Filesize
20KB

Download
memory/4724-9-0x00000178F9E10000-0x00000178F9E14000-memory.dmp

Filesize
16KB

Download
memory/4724-14-0x00000178F8630000-0x00000178F8635000-memory.dmp

Filesize
20KB

Download
memory/4724-2-0x00000178F9E10000-0x00000178F9E14000-memory.dmp

Filesize
16KB

Download
memory/4724-1-0x00000178F8630000-0x00000178F8635000-memory.dmp

Filesize
20KB

Download
memory/5984-1797-0x00000292E5D40000-0x00000292E5D45000-memory.dmp

Filesize
20KB

Download
memory/5984-1795-0x00000292E5D40000-0x00000292E5D45000-memory.dmp

Filesize
20KB

Download
memory/5984-1788-0x00000292E5D40000-0x00000292E5D45000-memory.dmp

Filesize
20KB

Download