azov | c80fed268a0c461e382fe561fb0e94f41f4d1c4d611858bc56ea6118293e3de1

Analysis

max time kernel
1794s
max time network
1562s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Size

32KB
MD5

6468ee100d88c71d55dfdcf4e30f991e
SHA1

5c520d2d7dc4c9e5d536d3aff998185657d40ac8
SHA256

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801
SHA512

41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae
SSDEEP

768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U

Score

10^/10

azov ransomware spyware stealer wiper

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Family

azov

Ransom Note

Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov

Drops startup file 1 IoCs

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Loads dropped DLL 1 IoCs

Processes:

pid process

1232
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
1232

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File opened (read-only)	\??\R:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\G:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\I:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\K:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\M:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\O:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\P:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Q:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\A:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\N:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\T:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\X:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Y:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\B:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\E:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\J:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\L:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\S:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\U:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\V:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Z:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\H:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\W:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Drops file in Program Files directory 64 IoCs

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6B.GIF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.HTM	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0136865.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBCOLOR.SCM	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\DVD Maker\Shared\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FORM.ICO	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0195254.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00918_.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN027.XML	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152626.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL011.XML	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Manila	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00808_.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSClientManifest.man	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\STRBRST.POC	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGPUNCT.XML	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0252349.WMF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

800 NOTEPAD.EXE

pid	process
800	NOTEPAD.EXE

C:\Users\Admin\AppData\Local\Temp\b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
"C:\Users\Admin\AppData\Local\Temp\b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe"
1⤵
- Drops startup file
- Enumerates connected drives
- Drops file in Program Files directory
PID:2192

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RESTORE_FILES.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:800

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
Filesize
453KB

MD5
807659de604e5abf859bb0c7ebea1fe1

SHA1
3f5ceca4d064d82a9ccd1569c787b224e0f9ec45

SHA256
d1af5a345c99297e8b3be8cbaebfa4b2d36491c23d4205af425f18ec50fede5c

SHA512
5489973afa197041f5ce27a1d41327617c8c38b5a7b8e39524d3b0390580262d8e562557aeccb1288bed642e7f9b0e7176f82adb8f880fba5e1f39eb9b62771f

Download Submit
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01849_.WMF
Filesize
666B

MD5
e3a44be1d40d4e7208a30663979438d0

SHA1
503814a470e2bea9b02973b40e775426e206bc44

SHA256
69e48d9324766981ab1f7bb5cffa77aa44abd72cd887894f183e10417a7c8b09

SHA512
89eb6825c31c633adea90807191af909bfdae480b0b240a6ce3718d95f939fc828967bd6ed4533d69a7b9ad334271b85fb7e5fe0279a87b952315b8eba7bcddc

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF
Filesize
666B

MD5
fb139ae7751d9fe54be3960b62579dbf

SHA1
2e9ead00f9e6d3b4dbe22fd962e59e102ca8cd0e

SHA256
1ed9af3d4e2a80c179b3f507b7f967848145e63a8fa0c5e4f776afa8545ab202

SHA512
2ff7258b9d060b34909c456ecfa1eb2f9f1c4fba3f56a50872abb8a65e239fb9cfe2b56e763d39fb906c0934ee0f0f945b682fb62c493fcb33a93a0c527ba9e5

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14594_.GIF
Filesize
666B

MD5
b48c7d9c1a2b88c7c9b6403a4a258ce5

SHA1
bf9a8268efd93409492ddaddb51fb01066ff2475

SHA256
b42deff2a2969b0f69290627a0776a3908bf2dcdb61d4b2eb24505c29a23cdd9

SHA512
e7f909619f9e2383828c5d480dcdcc752db98d94310cbc918536ca7982dd1e0aef041eeb9f2acd6799f0d16932b0dac85037c6c5740ffb904bd751ecb081a69f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_F_COL.HXK
Filesize
666B

MD5
9999f46f2f75ae48da1e4d20d203bd5a

SHA1
4c46ca289ce6413b2e7be0bd5e87300b7debf8d3

SHA256
c9f444464c5c7ff0ec9f0a8cff41745971ce44d84d5851cd42b2b4746823e07f

SHA512
008980ce65f75e6f440d2df9a0968f526cb214138f7d002c016fbd1a1a6d8c0d3cac79063e419000973f0ae339a61b0cd2dde9cddf6109477c2cc67472ff9216

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\SETLANG_F_COL.HXK
Filesize
666B

MD5
d817ff494403d356addebc6522cbd105

SHA1
09f2ec11f7029f8815b5b76340be64e2cc96f6eb

SHA256
a6f18a0604b512acdf1e2825fa71abd006f31120ff0686505fece49332cca429

SHA512
2db624434ff18d1910259754782832b8c537819afa3a72de4751975d22acc5cc2bd0037003fae2e3daa6c8ef9cd65ce6a0b57094edf4f7bd7264aa39a894ed0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.PH.XML
Filesize
812B

MD5
65bde523e702c879e8f8bcd784e7effc

SHA1
28892dd6eb2773719c7b07c0be68052bfc641aac

SHA256
7ac5e1afe0e172dc41c78f220e4e943389997e61b0c4e4777dde13de0d1c9460

SHA512
b597fead08b54e9def628b0c97dd5414deee04874d5a71311eedfc0d02e80f555048f31bf73729c9f6479e6fa09c5173df840b2cb335cbc263adda43c53b3c03

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.PL.XML
Filesize
806B

MD5
39441f986322eaa84a18b6a4d7615990

SHA1
e7b70feee0b3043a8f9d2d1b7e2d4a01e04fb864

SHA256
e1c9a65398d0bdf89bbed8af8a24c912e0e41af940171f707c52b8e3802d2650

SHA512
2295576d8eb14428147278777c718d7dc441c89024ddf7c8f52d442ccc746799bc819c1e856b9acf5efee76e41f2f167d597199cc16bb9584d1e4bcda18c51eb

Download Submit
C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.HTM
Filesize
666B

MD5
ac1804438884a30542c5a07f0fbd26d9

SHA1
6bedac530f6decc0077b7cf51449fbf2eba711ff

SHA256
d38579f7aa4c761f7a100dbf167d4b2fb313c1d827633a29eea76d07eb369634

SHA512
5fabdaa658cafddf16bf4ffc4da636d02eec9e1d6454eecfe5dddb39a81422b1d3460caffe419326fe1289e8adba96d60939e413380d0e8d71066452665ea9a9

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Filesize
284KB

MD5
0cb9fb34e16c39ba3e92b2a8d6682ef8

SHA1
fc0a50aea60099d7c95ff8618b3f0c1dde337780

SHA256
6e14fe3a28edac33262a9c7168ce928791fb03b3c4d667fd0ea63749daa4a5ab

SHA512
bdfae5263d049fb20693518a485706d25a60bfad9c488032fd58e23a7c930cc09c51b8000c76078b668e1045369855978c9af15f97a4ae668598f9b5339659ba

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
666KB

MD5
d3ffa149c5acdc2004f9f4b158105136

SHA1
029c74dd9aaaf715eab6c58d54540b1626b7db3f

SHA256
ffe1e638bcbc0d7a805fe9cdd2f08a6a7550cd1068400627627a7b0942e0e30a

SHA512
a0be3097fe99d09bc5b49cc7642966a392ac8889e556e77c741ee4cce3a7fb5834d485254fe31e2171159f787545ab8d55063d818c06844f2217080bf97c4e3b

Download Submit
C:\Program Files\7-Zip\7zFM.exe
Filesize
1.1MB

MD5
efedc5c64ff86e8af1b25be24f5e89c4

SHA1
ab96bce787dc7d6cc8c977742a589cffe52ff43a

SHA256
c2639b028ac6c07b1345d9263c7b25897d728ddd8692d25a128223d6404ee055

SHA512
21aab09d499f03fda743fc41f5d712d68597e3b5d333424a087227a914d7dc99d56a928ae31b6a4155190a02c229d446e43f8a2b965e95f6bc1d57f86e5b1666

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
832KB

MD5
06c5c71b7a2e3a46985418e83e0cce62

SHA1
8aa1c82b9c4aeee4dd8a68931c6d95160ac4aba5

SHA256
7ed9d60aee32f821448afac388db581bdc51babaa5c278abe4d486b7924619f6

SHA512
47c34d0bb5abc1ef0018535b296e5ae35f884aa154992392fbdb8d5206b40cb14718f6b308e5af620e6447a9398c89787fdb4f299a9adc6ee9c4026a45258d71

Download Submit
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
Filesize
3KB

MD5
4f3332a48d767cc5bdfdab755d84a450

SHA1
d7d583c08e82f39637d8209447c2c9cad1478f01

SHA256
a04e8cc0ea5f7e143eba012c2bc470161f1faf9c904eb233f777ced8e6e706ad

SHA512
0f60de7622aa69ae0b209a1ed54ec7ba0f6b81b597565e64d41845bec8c471a768ca8622964260c448530f637492aac31a4fc5ec95de147ef2c0d89149c2a66f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
Filesize
4.5MB

MD5
93c27915a8a33b0c8515919c2cd7ab50

SHA1
46aeb5fcb6522c1670fcbf905e0ca4e5de9cb71d

SHA256
c9195f3b3bd76c790152a701e2d4f8224e176b8a6d006a17679692e2c50214ad

SHA512
7b86ee04fd042296ce09b23971a463623e859ef8dc22b800637f03eadcfab310b6bf1431241b091fab3e6b6632c72f0c07c3adf6d826cd8d39d4e89790234b3f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
Filesize
1.8MB

MD5
f37184cfe00206d78f57f953ac6db351

SHA1
9eeae6e0840345ac299175e14c6fa03acc3917f0

SHA256
854571fcbdfa06c5a8346ce6693809c05f25b2d4d3f7c49d9c98efd55fba652c

SHA512
a0d2f51e9ac9ef5085cb2286e86c2cf31fbd1a6570a86a6dcb98192963e4ce247437fb981e75b68d5d0c995eeaaa615c3f6bb097aa1d2081b3f195a3604ccc3f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
Filesize
1.8MB

MD5
aa4b92cf9e793e07c2107f49261e482a

SHA1
ad8bc1d2626dc1001e826144442df356befe5082

SHA256
bd783260bf8a6490878144d07c4fb7d9c63e9f895345b48d10bb6eae93e27af6

SHA512
3ade5450de416cb0fd72e52c1d88317a971e14310bfd32a0c749527541a6c0cad5835fe17acf44ba2a4630ead24a0542357bb7f6ed5dd927470b204b589fe8b4

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
Filesize
1.4MB

MD5
95043612180e35cf3e4d71b3875c6824

SHA1
8d3ae48c119d19d88543c5f7a7b9d36228cedd2b

SHA256
d7c4c95897d896fdf27ef0924d268c83606ff0d51edaaf926c7d3fecb4d16128

SHA512
6042c4b473234c774601c5e04fef27de12e39c55ea30ddc57f8cba632be83e4e5a524fe471ef3f8108ab369a076957c7cbfc4a2f4326b70937131cdf129d41c4

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe
Filesize
2.9MB

MD5
8f0e2c6026bab868a22029723205aaf8

SHA1
7032221be7b9ed1f5eb075563b738371048eb1e6

SHA256
7b8f276f429ccb4ffe8c65a5f0836a6c3a4d6ff67ac0d167d434752138c1e00e

SHA512
12f4e879ece29db5ee414a451b41810a5734181e3e5aadbf19e71ceb58a00824d54ca6bcd473b14e31a6d90da07569fb53efb4e6dac6f53c2aa0aff521bbce14

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
Filesize
1.2MB

MD5
c25b4a962b3661d634ef44e855ba6224

SHA1
781bfa962a4a4068d36e2cd541a0053c84703c91

SHA256
1febbc3f849916a5381cdf8f7e10b98fca2dbd7e90452c919a11956afd6297c0

SHA512
756ee4299d04708f3352321d85e87261c66609b9c7af2b1d5851f466c4403bc5358922abac19d8eea21d087c27fb4f159166f4ae0c0675c9e23329a362b00760

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\java.exe
Filesize
226KB

MD5
487764a0dbb7440b2d339d74b276c326

SHA1
67dfef18c575833e7243d77fa95597886bd2152b

SHA256
1a6e78c9b46b40e301ed0e8533252f9a93aa2d77e37e8a1dbe446ae1f762c1b3

SHA512
35156658f5806f0ddb3382bc712a4b4b0babee931311012fd689ad16a2a507d1d61d5959f1487865332105aa3a585c3bbbe15fb38ab63618d94b5bf8708f16b1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe
Filesize
226KB

MD5
6bbfb823926e1c847dad984d9340cfb9

SHA1
2f1ec5a23382668a92b02cfd3ed89ebfabe8e101

SHA256
26d36d324e177c2cde9f6a1248721de66ec762b844543b57148f92e1a05ac4e4

SHA512
4a13a2134022da107afe7f50bb6141185eed5fe941d876e362ffe14e633d7f5484d871b52e39b5597746243d9efd39cc4db0a85ac52b36807976f1c1ec434d31

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe
Filesize
390KB

MD5
e70b797ddebdd32c7b82c02c528ac335

SHA1
85146ff318880beb914f1e64d937a8a1dc541337

SHA256
5691094043d5e2130558376877844abed6eef83e1d19bdcdf0e864d3802d1e17

SHA512
1bb3547acf74adac9d33a80f37eb01551d3601ac2995807a46bdbf5b2470b7a696037ae168d8ce5682311f787041593d2b5a4daf951b43eef868168a119f9322

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe
Filesize
338KB

MD5
a1c93e1a687533a48e1d1abc2e8c5984

SHA1
1947a99b56c1f29abc536a38aa048eeb81677b51

SHA256
f9393d3659ed152d863c65144d7281855eadf9f5eaeaabc780d55f0607f3e779

SHA512
6635a3726faa0d8463073d1da1daceaa99618138280c90e9fefa19081ea5f4fea25b1fe0ac8128f65daea2a0d1777f1e1e3b53c257d2b892e520d1a4ec4b6d1e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe
Filesize
226KB

MD5
bb64b65f45f2e66240be6d6aab95780b

SHA1
97d27913a088cecc3c108a8a7610d9edf1e0be33

SHA256
c9115f295decc80b5775150683d918ad04ffc38cb971d2628db8364425e35073

SHA512
68ae1c415c06686935b4c0cc1b0e990282cde26c9e7e195d08682fee96a5ecda6f6d9e9a57ab251c3a2a204b96216065fd506c0ae29eeed616ddc82db28dc3cc

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe
Filesize
226KB

MD5
5d96b357e5fff8df1592c59b5203913b

SHA1
0e5d92ebc8073862ed169ddb472092eb0f3deafe

SHA256
ba826e6f9310b9bb29672b2a0c5a4b148cc5b6b91273f344b6eee73091054151

SHA512
f2fe3b15bdc170443525bfc2d4fde348286306afb18c731e0e8844425fb7d21518e8e937f34600a5c8c44fef835151838430df91e5967a9a416e60097793c7f5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe
Filesize
390KB

MD5
64f86461f7607e6495cd0640789b4e6f

SHA1
471e79ab483ed376c8f4bd600d1c004190048278

SHA256
347a8513dee692b98c752ac1d4be1c330a1cf4abd6f67d0402d038b8ec409eda

SHA512
e1e70c68a62e7e3797291b88911558c3fd979f5931b9e668dab504dac423c5590ff37c7c4c4993257836abda371e40d2c41789b908bccc8cb87b7fb84d511e6b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe
Filesize
147KB

MD5
806a89daa2339fa5294f52e2b108651f

SHA1
1529cc61a8e7ab23bb9ffa9611cae9fa4bf31ee0

SHA256
3e3c9091b515e950077c65555cfa38a8f38c4105554d01cc2b6f81310a04cf89

SHA512
ae3afe0726c1a642d65f31c3275493e2d890c23f9b31160c6f083875fba03c694fcfa70e3333cc4de4f9829d384376e014af42e19951b1be962e987f0bdbf308

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe
Filesize
104KB

MD5
2bcec07ce477a17042b436294f0aa0f3

SHA1
64ada19dffe7317571a8872e14c1a18ade638706

SHA256
db717ccbe7bd14c19e4306d6c2253992f7bc78761d50643763790e94005b90d7

SHA512
de8ae1cb2efdbad40b96c6982dde1c65796931b775815c815df01e4111b6b57a66e2ea56253981973d0e21d5a05fbaf5acfe5cbeb379698bc6c7c4d76eef3fc0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe
Filesize
338KB

MD5
651a9f2eff65935c77129b5affdd410e

SHA1
c3f9d50a9ed7271f27df8670d3e2eed5ffb6a99a

SHA256
87948a62a3be6c7f1a1151135a5bb6761e22b7165fbc1fae3b6e2851d25a374e

SHA512
473b61bc8af2772201474646fb935eff5cecbe50fe684e0364aaf98c13be1410ccdeb155ac0e1696539813634011b729085652eb7e24a5ae0b1313306d254e01

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml
Filesize
666B

MD5
74075fb3c2a5ff56e8f70b1bed2b5977

SHA1
83795d4d81d335881388d101ccbe1d03ce2bcc80

SHA256
df0b45a810bfce726b316234febdaa1a0baf4b62c86b1f748f404f2e1587c581

SHA512
d927c92e5b3ffe65733921d655677c2850c313e50423fd62e4f0cd05e92f22e820b0d0ecf3946ffbaacfb952be5b67a8ce81a0570e4d3d5886212f589e8bcef8

Download Submit
C:\Program Files\Java\jre7\bin\java.exe
Filesize
226KB

MD5
69d9e54d3761d51dc558abb615379f6e

SHA1
5c86aa89abc47726768c64c72155616aaa41265b

SHA256
e6318466947b4ea362592339793790231ff792265917494990964880d0b18b32

SHA512
ca38de586e82096f39419464f2609565e2a51be0b6e71eff2ddd66a6425c682e362df3a015b79bedb83513f73116ddaf081d0e50ad3385dd27af95066cf7fe07

Download Submit
C:\Program Files\Java\jre7\bin\javaw.exe
Filesize
226KB

MD5
8a68c2484273ee77c9b229175c250493

SHA1
b9b5b363b3106850a056affcf9d505d45bc3c997

SHA256
5e57daaa24fd23362d100ef66d17b517aac646bb311699be7c6a2da99bdfb446

SHA512
8c220eafb0c175361969277fcb0ef0dc2799a4852850fdf129949fdbd7d2d09389d8083fd1801e103bbc08afbf40c8cc647984f2597f773b8f1cfa9dfbead04a

Download Submit
C:\Program Files\Java\jre7\bin\javaws.exe
Filesize
390KB

MD5
04cb10aa1be369546a4297aaf21571c9

SHA1
760f9a223bcbdce9364efd6a721499d4a5f13bc9

SHA256
2760be92057a28ed04e84abd5ae55e36e61b3138f6ce4ddab477e635b6ed0418

SHA512
3fe4a090ed4174750e64ef4be808783f3c7f45449cc29c96e03af1a2ec4e8a2dab857a78b7ce89a442f3b472425d5eebafed812dbfdd671d2a943954d3691247

Download Submit
C:\Program Files\Java\jre7\bin\jp2launcher.exe
Filesize
147KB

MD5
bb24ed5e6faaf5f5bcb4995d854941b6

SHA1
5a9f3a26c8078ea557e0b6fd8a49be83a9f291eb

SHA256
6daea4f9d29a34b8bd28315fb8e3c284d10d41767cdafc90c9d6c9574e7506de

SHA512
c51746a535607d61874af0430a200af661f06563984bbbbf0121f82b6e200566f2753fe738a02127c76cd2990d1097dc5c5f4c64c5c32e2e668f3920006a9f39

Download Submit
C:\Program Files\Java\jre7\bin\ssvagent.exe
Filesize
104KB

MD5
bc4e5ddcc253b6d766a4f631d422258d

SHA1
e4b44e332391c38109b8ad6f0f78d31014fca58a

SHA256
75f061157266726546b527b85ae6f0462cde01e3d830d19cb869a55d882c8d1c

SHA512
cedd342bed5e3b5670712e36aef28e4d9b7931e53666e4d172f783f48519ee9be5e36ff9aed4aeda405bfea791f4edc68fa415607b669a05363590cea2656b34

Download Submit
C:\Program Files\Java\jre7\bin\unpack200.exe
Filesize
338KB

MD5
12fdb7f13b054d9245af593c5362e739

SHA1
3a29ca344c0bdaf710007413cc28f58bd7bdcf60

SHA256
6e53012515d1e817708f6e5c3d47b3472b7b28f3f881c0a0444dc64acf66336f

SHA512
7d594bd7c7098e2c1c7f31f3e1932938f026dec7e4fe81168bcb61dcfea6de623f95be986d3ae34b0127dc445145c1da50d5f23ff0bdc650db6d9f18bdb3c98f

Download Submit
C:\Program Files\Microsoft Games\Chess\Chess.exe
Filesize
3.2MB

MD5
1ca07b136c4db932dc28772247b8a494

SHA1
0cb0edd63e3e89e9bcd2d832dad58bfbc20a4ea9

SHA256
30c9ba2c55d20cc2724ad027a38e65af7c37eb0d8198ec80128d4a3db9940b81

SHA512
ce1e556bab849a677133ac47f287656539cd9f6199f14b66ad1f1c56d92062dcf6e8b10571663f99e6da2d6002c33a068f51cab1c5a06df4971d5efd674a3aa2

Download Submit
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
Filesize
968KB

MD5
324347ea90d3630115198a6cc787a178

SHA1
97d643d8695b265aabdcf7342044f0d36f70b2dc

SHA256
a410eeb3b5ac4d25135361c3312ef04a073abe5e1922fb8ed99716ed356351e9

SHA512
b830c3e48b6d4f6c7abdc421c9055693716e39eecffe4d8cbd445427ccc530c2e0b2c67f9194b902e7f43e13cf7b74d6f30f3fec3826598c552069215356e2b4

Download Submit
C:\Program Files\Microsoft Games\Hearts\Hearts.exe
Filesize
788KB

MD5
6fde0f116eb66813d5f0d30a14fb8dd2

SHA1
1f2f5995c2ba451880992ba5f543c9bb1d600516

SHA256
fcbf954edb2aac3d45579f706f314a85b567a8f60c2cb918cbb71af17e402b1d

SHA512
a89d932b0342ef6816cc6c7fb4c62c6eec50b4ec7aac07353ecd09c289da8491420d26407abb20e6ddf31953cba6918c94f550d8f90f360d6c602dfe21875cf6

Download Submit
C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
Filesize
950KB

MD5
cda3390fea3cf6540955d58556a076e7

SHA1
bd4b4317bff2934a209318cda984946d3ac8b30e

SHA256
462699d86cd5021afffec84644e50cfcb630908d0acfaa96019eee6413faecee

SHA512
f2216fe3f9cad4a6f6180b4468506e3cfcf6f3e23bd77bb975726ab721ac8f60a78107b4654a5ed40b14202f37adbb721ee1b9ed18a5e4850413313e717dbbde

Download Submit
C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
Filesize
999KB

MD5
11c51f0276039ec34d0e9da0f22def39

SHA1
a70375e7dd4f444e151d7cd28e1219e1bcdf1540

SHA256
42c2cb070549967d174ec00c2c5b2b2772936936f50a3bd1cf82f90f5fa4641b

SHA512
49e2085deb39792549d509f15a6dffd4fc9ec0a25c0bb372c42e7a54a97fe8bcb20b2fe7ddc677b4fbc5214d917ec141f870798ccf206727af163dd43d6c4cec

Download Submit
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
Filesize
1.4MB

MD5
4cf2a422b50f35faef64d5d3933d97bc

SHA1
70ad3ad60e5133d702f13524c39ab2832b5fa7e3

SHA256
5f75148c9a1e949df6ebb89a4014c827741613a59c8429a01219cdab3a2afcd4

SHA512
42ed9968277eabf4913ce87136f2f95ab41b5dd257b055a19c8ea859076d71378141a5929eddf8ec8a38df5659bb663da8c91e4bba398bf6f1ee792fa60c7665

Download Submit
C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
Filesize
990KB

MD5
49de35a8c36c7be6605bc93a880bcdc8

SHA1
eb4dd0631953719e42f6c47a1023517f61465a08

SHA256
9816fa5a05ba9f83ce7e70f7ac6b737f64804f902951909c6b43960055e1cecc

SHA512
86b97ba2310b192cfab12675472579cd2e80a533a695bc101043dbbcc19c8aef663f3a28ad7f7448767e29ef7b15ce96bad56de8808a2ba26c833889a87777d4

Download Submit
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
Filesize
990KB

MD5
1639fa91534bb5fffcdca1fd4a98be5a

SHA1
897af132e18705b235226d0572174566824bb26a

SHA256
1b9c94945c85fee5076aaba7bf47ec383de510cb1e0b46467eefd2e04995f006

SHA512
4869bb308e5682788d8e54716b1b759c5799c8e659fa4301946ac9a6bf4814ab0567062f48c26f8c6df7ba74314420e0c98eab216a2067486ce5affd2a7613d8

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe
Filesize
328KB

MD5
b129bd0f4a1a88374cc3948f8606949e

SHA1
16d611398fc29a1e0ebee006158cd2778150ecfe

SHA256
6b8913517ecf2023c0015da7c7800a21f26b90c015434fc3f3737938349f9561

SHA512
17d2f0b07694ebe86f7b01dc571d82ae8c5521889bcb3da06f7a3438e95b4bb9bb7525c894d6d0b5792fed4b499e4334d056c1abc4f6757ec03b3bcbd34810ba

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Filesize
804KB

MD5
cfbd307378172e73b16efe9d96cbdb3b

SHA1
87817efa13379468288e24ba61be57d9414e35e4

SHA256
7711c2d4b72e7b45bcf6987cf86afa507567724a36058e8d7d948227bc1b6c40

SHA512
67b95e1a4979ba2404b83e34d20dfcbfe6ecea57eb0a96a5116ec8da87af85fb9b9661178ef527afbdf55e3af73675a6baa1ef4ba9d85d3513103476e15bf477

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize
774KB

MD5
d0508319f43d297c039ec1f89c444894

SHA1
2c8e855c8d8f9f888d95bdd56c173e00dafa754d

SHA256
b8f522a9026f22d9fb6b6f4d6e67208e903717027b662185a2bd24d0789dc684

SHA512
62ce5285208f20ba746f2090998bf487b5966cf01fc3cbde68abc7c01916ea0646fd34b2348c97759b3575f8ea70a17b90fc8ecacf42a8296592a6d4b1445e28

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
Filesize
284KB

MD5
29262e0964cea658ac652aef345884e1

SHA1
7d704dd17f5958a952eb3b77ad60a947145a1f3f

SHA256
3d91694324607e8016690770697dca0d3da98c93538036a88956576dfb109190

SHA512
90fe59092cd757392c8c290ed138893c24b5248d095d5104300321d93e98f1ce63a6535286c4748e3da234adc7abd2239be4b19a431a43b7672efa566323a21b

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
Filesize
839KB

MD5
8979a287b05610093946939f2b7bafee

SHA1
5067d2769633d117c7910acb7a3f61d105ba0b88

SHA256
e4f04f0e8eebe94810d2f56fb448453d80b0225add9ec9b90852d0d266b1db56

SHA512
166b409b18ac608102fad565ce1a5ddfba3a981eb68445f43200e769419bcbf78740d647b50cad0abfcd0587146f73675ceeb1f4130e2f828242134e113f9c23

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe
Filesize
123KB

MD5
93090e8b7996589c11c1211f0097d642

SHA1
8684d59a5ec316fb21257f202300bafa2debec0d

SHA256
937c6d299ca2a41f8f10826e74e114304f531fd19af83bb51a277211f98fbea0

SHA512
59be31ce3c1157cd0b1289f35858a0e52f4b8be6dfe4bb64725739e5e5e16549063884109d56295cb59152175cf618ea994c95479a30e0428b2dddc8c6017285

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe
Filesize
401KB

MD5
b93f44e4d1e25244b9ce253a4306b0c5

SHA1
60997df46a1f2ea470388fc38778380114f45679

SHA256
af27531c8b796cc79cf4dbf7ee072bf36f0755e45e1329894b433b3e885a780e

SHA512
7b13e10184c2cda3c6de70a3903ac60afe65d38daf7a29bda7d003033c35f24b8304c97c01cd31ee7a134ac482e510d03c20ea230424b0b4f557af7c1151c036

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe
Filesize
454KB

MD5
419b94f11fddd4f6d75006fb0d2f6861

SHA1
40a709854567a808d8f760bec35abe97dd169385

SHA256
c4245a0aa99338f56dce9d290b429a166b8b8221fa7c1918f647f04ab4458bd1

SHA512
002d1e91f8c597447f91860764430fb9cf89caa772495f8ce47ec62c2794a3af1fa9ebbf207612eeb3d90276d402127fb75806dc55c3d47cf04f16869e095682

Download Submit
\Program Files\VideoLAN\VLC\vlc.exe
Filesize
962KB

MD5
6794bc365a5f13c3ecd104cc7947716d

SHA1
ed3d9b8f11b624d930dc33f7653d30e0c63c66b3

SHA256
f2efe28873a596b0916edea1ee49add13de0905c1cf8db6c3c937f3be515b5bb

SHA512
4e2295d650eb306f0f6e86399f936131b79b8c7a081a921a7008e383cf0fa7a847c4cbfbc8d7ff3a3fce44bbd913f2bc3782aa00bb86ed2e8e4bcbe89b9065c2

Download Submit
memory/2192-0-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download
memory/2192-8-0x0000000000120000-0x0000000000125000-memory.dmp

Filesize
20KB

Download
memory/2192-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2192-2-0x0000000000120000-0x0000000000125000-memory.dmp

Filesize
20KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads