azov | 35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
Size

319KB
MD5

3bde2cc715594a00c0b89a31c8adefe0
SHA1

aa6843655e1b0dde99a619e4f5236eba3af3ed8a
SHA256

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c
SHA512

9d198af4b9e06ed678245207d34908b084aaf1a2940df68d54f1bb3632dd9533d62e965ad1291038380fdc79ed2acd61a2f77dc2b62ee66f36d5f27bebc89329
SSDEEP

6144:MUU5GSs9HnItL2EtYN730QO9TBA3QvEhLlh4osp:MqSs9HnIsUKgQO9TagvEN4j

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (7405) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\I:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\K:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\O:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\P:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\W:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\L:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\M:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\T:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\V:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\A:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\E:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\N:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\S:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\U:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\B:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\G:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\H:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\J:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\R:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened (read-only)	\??\X:	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

Processes:

35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152694.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR38F.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\StatusDoNotDisturb.ico	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXC	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00915_.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\MSART6.BDR	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\THMBNAIL.PNG	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB9.BDR	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\DVD Maker\offset.ax	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0234001.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00211_.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152608.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\PREVIEW.GIF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02448_.WMF	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHLTS.DAT	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\RESTORE_FILES.txt	35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35388700978233bea737cfba9ea8699b59b3ee0571beb7aa8a280bae06b1813c_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF

Filesize
666B

MD5
8f0efb6c3a03cbcded3ea3835037535c

SHA1
2c67336c87a5a3b10b1b4a091cf57fe7f8626f98

SHA256
4158939bf2fd0fe6c71b6609ca0e2e9931cf36edc6a763ecd457dc8bf5356eee

SHA512
84f92f12785dc4a437e1cc6ecff668310df1f9a026629c5e8c6d5434b984b940140b1bde4a58402272625dcc0761c9938ce12a4c361596989258783faf09d52d

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF

Filesize
666B

MD5
a7a1d0fb558978ead2c8ced5a28a1a7d

SHA1
1183be02e62a3333c5f0ed79bd13e3e4678a61c7

SHA256
2c529ff3fc15b18ba893c7633a91bd47af8466388212771e3ba4783184c48df7

SHA512
0c556d9960ef4190718aa71bb38ec004c209db3a8d8468a297c9134a869729ecc66a22a765be5ecb636d6ec0e972f04950b212b8b043baa5771c0321a085cefd

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF

Filesize
666B

MD5
a30076f7cfc5e7b41cc91a8c4bc7e3fe

SHA1
13f93fc7c17b947a197364816530a50e6fda0889

SHA256
281a4013cc15a117f965ccf4f1cfded50f42352630ea8f2b4ad189862a7c9978

SHA512
196ea83c4925311e1057c259e3a16aa31fb5c665ea62fd98093a1be181ce9fc871d18a312c4b508267f8b72694f1eadb710afafd60e5058b79dfa448e86c857e

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF

Filesize
666B

MD5
ec03c150c752786788661e0f9a747d70

SHA1
54f6838ba49294804e7650419566cae6c4d5534a

SHA256
ef660ab61e131b31a2add7ceea6809ac2f9a451c85ece516e429f93382e227ef

SHA512
854ff9347ebce4a3e5d5242e8bde27c8a54e6d2a0a555db136a9213ce6a46e0cb150b52fac4d246e37f5c6e243bcb9fbfad602b09219cc7dc499654ac574e737

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF

Filesize
666B

MD5
d5b157d8716da6fefe91ef513f733d4a

SHA1
c0dbb0b84d7de7c9a0bfa904d0d0a6b14c7637f8

SHA256
c410d6be8b9b19414a09de41f7e399687e632051363ac9560c78042150d36e61

SHA512
8b2dd288c83bfccfec646833f73a521209b2e2dbc7076c3297bc5075db865f4bd45ab7384d9f76a7800fec896c5a4b54be986bba31a7aa880c2caebade6e1cb8

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF

Filesize
666B

MD5
08fef207a9f582d2d9292c68f53518ed

SHA1
6a00b5680aee8af65994ad4ec4a7de68fc96c3cb

SHA256
4f42698e031a202fe75b871ca737c3681e5c088fc108bdc71430261aef5f7121

SHA512
eb28afda82ab328c53671bb438aa606157781d55fa5bddf64bd051351487fe31e8165194876170afff6eb9ba966cf4352988ea663eccdf0475e1a2c4185eecea

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF

Filesize
666B

MD5
463ccece15f6bbc5cdf628ab9107bb55

SHA1
458df4b897b1802436da4c5aea558b521b9da12a

SHA256
cd257adf02f4d93894973caf2c8826837f0292b774e549eec82eafe204be6bbf

SHA512
4aad4896b9f37c23556bd78c58d33f6acfc10a133d89a72adbc33049cbab3f74e738080f4f4e4cd003e70212610fe29bfac377572f266d1d3d0b817a935c2911

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF

Filesize
666B

MD5
a91232111b9df55984ccda8c1080c224

SHA1
b981dfca2208d580f458dfa01fcabb65f0ecf083

SHA256
fadf2b1dfa8c545a372af9233456d7e5c795ff471b7bc194f90829dae9d9178c

SHA512
ddc81e3bd3f194393b19a84ab44e430d88d027aa8ad3453749b7998c1ecd073dc055c6cc596c2ec4a98a79eaa3a2e1a891822c7d0dfa98df185c2563e3dc8dd7

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF

Filesize
666B

MD5
0094dc406ec007253f0f2b924a0fec73

SHA1
8439e7bc60a94a7f3653b45723f2e477be3b474d

SHA256
a54e26c1faca74a41efca2db17627faae0b663f95adc459c60271d7f5dcb3d12

SHA512
c27ee973ebac469938bab210432e0db7c8e24102f6bbad75dc07cca380e0c7806ab7e5207dcd0c186318eb670361fdcad95998874a5f9aa6753bcbd1ffd2bb4f

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF

Filesize
666B

MD5
80e404aeaf920744dfc85e94536e91ea

SHA1
4f06e7a4bf72e23a1f93fa97160bf6bc3dc4204f

SHA256
f6ab4eea00b57b5040f3a6829f44ed220d9677e95bfd8268562b60900fbb2274

SHA512
142ef1ad11d5dab7a88f4e732ac4c85a61196276cfc3d501a0dbaf0859428bf0bb91618fc3ebdabaf40abd3f461dc15a2242ab577843a089f793414e7ded89d2

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF

Filesize
666B

MD5
e31dc7d4c27f820c95f049b07a579a5e

SHA1
31abd9093aaa5aa363ae4e45142c47a44893ac4b

SHA256
0c94802c0d874b4919c6517fc011d11c43a80c4f27a6b453f40ff5dda103be8b

SHA512
49b63e1277daf97cc25af7558c9756e371be765945ac302be48bbdb2495bfbcbf7d729e54f7e6a2cfdec548b4acf59207845fb383336fc5dd5533ab67090f319

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF

Filesize
666B

MD5
347273520159a79c01c0605f06727140

SHA1
ad4a5887be1093181d2c7da802eece7b756832d6

SHA256
3dbcb113b6c45b80cc102383b1482349a99dee128b6617bf910abcd67e8c3e3c

SHA512
0ae4f1cc10712eb06ba0239e9eed999b82ce0d940610ba2aca08a7498a6470df9f5368cfc5d9d1e14d87ecfef9e761f533d1b7812256d7df03d7e9e1d53e6280

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF

Filesize
666B

MD5
06d1fb52d679504287745c63d533ff70

SHA1
45658b356730d3ec404f8b3503a7b7fe9c924f71

SHA256
8a9552f600827b338081002427c4b2a8be2311838b6e5693f5260fadf055f3b0

SHA512
d54c2ce36cee2bee5cd9da2312d709ac8a3281e615abe349c2ad73868f1b791aaf4ec7244bf6a37a0ff1fc4c8e1d4a7d37d30e9caba1730533f4c473d6b9ae9f

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF

Filesize
666B

MD5
845bfddc0fffe8f7bb62933ca7f99e72

SHA1
524794dced1061a8a7c60b5976e8b74efdff2759

SHA256
38a63493198feeb58e92b4ca2d5906da6923d8ba6627bc8a5f0427266a32c72a

SHA512
03b3d1c31215253a2e3bb985932fe294383ce98d34c4c8850b75063ba26d1189130777125d014b737947eb6bd23b94e7fa42040f6e29772ba5dbc9bc6c164b44

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF

Filesize
666B

MD5
910a83df397c5bcb22ae069c8070864f

SHA1
5226ce1835b678196aad6734de5d94aaff0a7a88

SHA256
c791f65433a90dd8ac9a5003f3922793a94d0835edd9a1e3de1675416fc4bb57

SHA512
5b96cb8e1145e0da69305f464d5beb552f0bea2adcf790b88371b625a67b99c417010e2ff14e297116b89c33119af8469d3302bec0aa93548198e586bf4a208c

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF

Filesize
666B

MD5
4874494e5dbf620f636f05e3c47525e7

SHA1
47fe469ba93f8cfe9d3de93eb54028081965a828

SHA256
c9082deee6b7807978fd57a2576e8bcbac0058bc8da988770b0073aee61d1996

SHA512
758a964d67d5ef9f264801509ec380a47d9380f10ae1b9dd7607b91b2e23fbd23de864ca53e773c350fb2746e4ff480e9f02634ce8a02b2be781f4e639e46ff7

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF

Filesize
666B

MD5
80cb675224f81974c3aefe38495c8d37

SHA1
9a6988a7997e98780015f35f0cbb58f62fd8a231

SHA256
a730475adea776f7339f1e8fe96241d40b3deccb41f555617e56588728edc357

SHA512
e8377ef6214841909be3d38d601906ab0d7c88b55ada096ef767d04799bcdafab242912f3fdc076d3cac7168370fcf1204b2619d4c9835c8617c380203aeea4c

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF

Filesize
666B

MD5
1571ff26b01f0126c016affa17b79a54

SHA1
1750be19e5599d42e704c3b43a611f846f367738

SHA256
b7a975ba69197442d3ee4fe569b390966fffc5ccb334ea912e03b34c0fa70e29

SHA512
6b1add7070e999ec4477f6eb3f9cde532db72c8820b37b0b30dfd676e492a4235d8b8f3487e9e5e379a6e672ba5a2b72e573147548036637e39f1f744048dcf6

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF

Filesize
666B

MD5
48dbfcb257909e06b01965a658f881b1

SHA1
0c56c6a2aa39e96552f36ba1c8fcaf4750342845

SHA256
ffa89afc0706760609f4e1f7a27a5db88297e13d1251f44ec41296a579c694df

SHA512
a1357adda70611ba2ece2f494819cbc3b65acff2327a92753136678055a6fefe4618ad7e24fdefcc8b815297398fb3221d29d7abf7f1c8cde4b4d4ab64fccd4e

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF

Filesize
666B

MD5
6ce1f600188eeba696f7aea83e9096ad

SHA1
07c053f2ba48dcfa9caf9b7b0b264301ed2a8822

SHA256
f6fe822ae04201764fd5b068367d4e4121aaa507e24daec3bf69fdd4d3485504

SHA512
4563dd315119ff3faf8a5e5a31a6dc8d38b311da3b89f93ff5e6eac9f2b19883fe91dc1e021c0d93e508efce50298c86f7a013d0f6b5083ccd17f88adc710435

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF

Filesize
666B

MD5
a67fca222c58401aaa5419b4e1ffc721

SHA1
910bf6bde5670caca00f988397399023bc3d3d14

SHA256
3854fff6fb8cc9d5638bd08896f79d0d4715212b7a421be9475b70ca65c533a1

SHA512
8896ff784e02e815b94e3ec1aeadf818fab466184f8d6d7e13c22c7d1b9aeb98525e82baa61d273b4d2c21a7c6c5e19a4601c7fe43c5ff147f7e9e9890e37434

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF

Filesize
666B

MD5
84562fa4015bb8e002c115a6609e9efd

SHA1
2488c31f464764de001c0bce80c7cf09d8bb7012

SHA256
a82c539958057b30957fca51ee4baf9efba354b8cc939650f9afe96e0dcdb5e5

SHA512
bdf68544b1a25691ecb05688dc7441a55202bddef3ed6da3c79fa3ec6ec1ce13337014fc801971c834d25152a7c28b7d3a09e50e1b27d3d823f901a7cbb1569b

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF

Filesize
666B

MD5
3a62fcad11556dd4266670dce82b75cc

SHA1
9b926616020752295741351f1b257f0e1a1055a7

SHA256
c63f8710c37b371f8334d973d2a8ded75aec664dca0e74c0f396dd0b6ec56ee1

SHA512
1d833d4323aa5d763cd68e42582d22936abd822085a4552251324fe74adcfb589124bf5a91405aa28ec84c08cdccfedbc7d8542c2e52df58f33e7d1f6a2d7d42

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF

Filesize
666B

MD5
6dbdca6d785c128fbbef6c417d5d7625

SHA1
8023b6b84eb16274deffb1d9674fb938119a7e46

SHA256
e1b36305cd1f3402be77d8b392ad6dc6393c0a4551d1184cfa40093b0e950363

SHA512
754c8b37999cc1be05c62d78e29ab9c67d9f212bf26520ce7327b00ad4fdd3e8a1e8cde94fdf4c4a7ffe59555121fc1969837f5a8473a670c6ee652dc68cc435

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF

Filesize
666B

MD5
5dbc555f91a9aa5e2feedeac0f5dd556

SHA1
73831ecb8d271d147c5ba78834ac0bbdbac82a76

SHA256
5e1d289face5b727747341377b3f6e1b3d16dca10c2c0da614ee4df9043b0b07

SHA512
3ea3484e9da6624c36ee032d6da7af6245268f89863d75380a81036d6786f0c8b7245385c1093d21a3bd3193f4a0270ee4c24a7d9f1b2f108a5d27768b7fcbb0

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF

Filesize
666B

MD5
b3e29bbe92d0bc7bfa313127dcc932f1

SHA1
267e72781d0db8656e8c8af233cef4657eacc105

SHA256
6cf5e9a6235d8205856e3dc58d7b473660e9546ad29ce5a5e851f81d1c6555e3

SHA512
1a8f0bc829ad7c345e2e28c5204863e54b83112879864e56ea271946461ad9f506222c403c424d6db8b3db2d37efb1049c3b2b7dd25174c486265e37049f3e01

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF

Filesize
666B

MD5
4e4bfb26ff695d130d4064bc286c4426

SHA1
919e8ebd726a75d34f995fcd41920dbd6043d75d

SHA256
799b20789366d36d5ad95032c9fcaf6f047890ffaa2052c63abeb72e869cc908

SHA512
3f066288dd2d9c793db14e4f492db8fb40dd0ad7da3817905b534650d5c5cb01de70b3398d35f87a83d127b4d6b1f6e26f74153893f5c4a4c553b1e2a4a5ba99

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF

Filesize
666B

MD5
db0d8ef641c2520352f73b2fe73aabbf

SHA1
20bcc577b8f3e784eb6f2f8f6d08bcd4009a6733

SHA256
334645f336546259556b43a3f9db82c3b409f1e5b012519217407fba9746a711

SHA512
b83c62962b97e7354bf894391e6cea0a3b281dcf4ced8ad46788883ae10c44cc01f8a08a59a47fea54a78f012b29125691d40f5b0ef2ced0ff98a2a2fabc0bc0

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF

Filesize
666B

MD5
abab9ef595d22f9e54fe88f73f4f23e5

SHA1
4072e6826fdaa03e3f0dac2fe0b85da568896749

SHA256
9f4253e42c919f9df20bad07b4bf8c067065c9e45f17e2c91170bbf8ada9a850

SHA512
9ecb21e68fa3572bcd22c7adda1eeb57e3556aea06600a70db9ed40beb1f2b01ee978b5c488e30d98c31f9def2eace46ae50f7cdc9e7a48b182601bd3119795c

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF

Filesize
666B

MD5
d25084328e7660874618e87567e27e7d

SHA1
8b244d2a1eafc7c0760f38c3025a89fdbe81a7da

SHA256
0dfd2c0df6d0ee26584a9186f3fe3a0b654b85e553223b95a49c9c9095479f65

SHA512
830f600c1458992b7e42b42f4c3b3cf74931c60f3f842211a413c1d84e4cdea88ffb2cdee0aaddf9936fbc55cb7b13c7a5c2a8807b95ae2943b0a675fe469cd4

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF

Filesize
666B

MD5
40a0ffe3375279978e3c9d416d995306

SHA1
e4fe9e8565f96efbed1fe94f777aa0674b057c08

SHA256
8f65c54f22be8fc5dfa3386a234348bc89ca867edef1ac54ab9efb716ab6eb79

SHA512
4a0e5d6f28b5389505c6b0875537e9931bbb9c59afd4bca17cb44be3f39aa913d180dbecabfa89eb5b725e0e62fd60195758d1e03ceee8daafaef3638fd71053

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF

Filesize
666B

MD5
ed2bd4b293860d6a21488b75da39d3ac

SHA1
57fb3388fefd426700f5243ea2caecdcffe903d4

SHA256
ca9594bb33ae76f91b6d3607869603b4e5a38e221608bd1036b5942535121a26

SHA512
3117c73ddb7f3ed87ba003185ac7bbbd86220ef555b3d0d32202f64a590903d46bf995f1e67ed640ef18df8160befb391e8b246f9a0e3ce80310b4fd867d5cc1

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF

Filesize
666B

MD5
2953280c0bb296035b130d87f4424600

SHA1
3acd11a028158330242c2c1f2a920c97ed5c8270

SHA256
8e6f22398c202bc461570ba7a299d7049c227f8b39dce1814ba7c3900db09c9d

SHA512
17bfd8f8ecd97b936c663b75f7e8f8ae140bb5e7d6f89b993e23d0a151ac661a9b87f430e60eee012392218464b6ffd1bf4593aea698a178dff9e4b8d83c2b31

Download Submit
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF

Filesize
666B

MD5
9d42088fd671de283f14335a25f5ce75

SHA1
47554c3a3d2fe1af34a3c9fd340514cae5536309

SHA256
69c21f91ebedbe6ccb3f71388c4ed63abeb1b9ac486985b4be4997075b536953

SHA512
123753fb331f13e2b6db50b6dd86af03503d51110717573d6d0767302c8632971de9a0d98c987b92eb986bc7297747fd0de34e74727e1e5d4465cf2b74eaeb38

Download Submit
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
memory/1916-0-0x0000000000120000-0x0000000000124000-memory.dmp

Filesize
16KB

Download
memory/1916-14-0x0000000000110000-0x0000000000115000-memory.dmp

Filesize
20KB

Download
memory/1916-4-0x00000000000E0000-0x00000000000E7000-memory.dmp

Filesize
28KB

Download
memory/1916-5-0x0000000000110000-0x0000000000115000-memory.dmp

Filesize
20KB

Download
memory/1916-10-0x0000000000120000-0x0000000000124000-memory.dmp

Filesize
16KB

Download
memory/1916-2-0x000000013F170000-0x000000013F1B7000-memory.dmp

Filesize
284KB

Download
memory/1916-3-0x0000000000110000-0x0000000000115000-memory.dmp

Filesize
20KB

Download