azov | 74cb24663009dd17c0ca2f8606c6d6b48ec0f68b9d147d632b2fe9fa361c4a7d

Analysis

max time kernel
125s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
Size

13.4MB
MD5

1ce3b67e179c8420bd5b31e75b4427ca
SHA1

4090622f0eadc1b420aa5d55e31ca5cd45e05f12
SHA256

df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
SHA512

c708cc271fad1ecd29fccb010a34f54ba7b885d8827351a5d8be49f4781185248e789c3e35fa1c7862fdc0bf303e1d97f2585023e0b9fd14db3181f55d276f5f
SSDEEP

98304:aRqeZPPm0Rgmt7M17Lu1zdfj7zyg5oo5AZx8U8qPoBhLTlL4DQWVYHL9fu4h84MR:aMygJ9edfbhSo5Kp8qPKlL8QgYVhqn

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (954) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2080	firefox.exe
412	firefox.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\A:	firefox.exe
File opened (read-only)	\??\I:	firefox.exe
File opened (read-only)	\??\O:	firefox.exe
File opened (read-only)	\??\Q:	firefox.exe
File opened (read-only)	\??\X:	firefox.exe
File opened (read-only)	\??\E:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\S:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\Z:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\G:	firefox.exe
File opened (read-only)	\??\R:	firefox.exe
File opened (read-only)	\??\S:	firefox.exe
File opened (read-only)	\??\L:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\G:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\M:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\H:	firefox.exe
File opened (read-only)	\??\M:	firefox.exe
File opened (read-only)	\??\V:	firefox.exe
File opened (read-only)	\??\A:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\R:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\X:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\N:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\P:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\P:	firefox.exe
File opened (read-only)	\??\T:	firefox.exe
File opened (read-only)	\??\U:	firefox.exe
File opened (read-only)	\??\H:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\K:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\O:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\U:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\B:	firefox.exe
File opened (read-only)	\??\E:	firefox.exe
File opened (read-only)	\??\J:	firefox.exe
File opened (read-only)	\??\N:	firefox.exe
File opened (read-only)	\??\I:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\W:	firefox.exe
File opened (read-only)	\??\T:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\V:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\K:	firefox.exe
File opened (read-only)	\??\Z:	firefox.exe
File opened (read-only)	\??\Q:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\W:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\Y:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened (read-only)	\??\L:	firefox.exe
File opened (read-only)	\??\Y:	firefox.exe
File opened (read-only)	\??\B:	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt.azov	firefox.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.azov	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	firefox.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado26.tlb	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt.azov	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.azov	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.azov	firefox.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\RESTORE_FILES.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.azov	firefox.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.azov	firefox.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.azov	firefox.exe
File created	C:\Program Files\Java\jdk-1.8\jre\RESTORE_FILES.txt	firefox.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\RESTORE_FILES.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\codecpacks.heif.exe	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt.azov	firefox.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\RESTORE_FILES.txt	firefox.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.exe	firefox.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties	firefox.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.azov	firefox.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	firefox.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File created	C:\Program Files\Internet Explorer\ja-JP\RESTORE_FILES.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt	firefox.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe	firefox.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\RESTORE_FILES.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt.azov	firefox.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.azov	firefox.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	firefox.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateCore.exe	firefox.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md	firefox.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\RESTORE_FILES.txt	firefox.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\RESTORE_FILES.txt	firefox.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\vi.pak.azov	firefox.exe
File created	C:\Program Files\Java\jdk-1.8\RESTORE_FILES.txt	firefox.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	firefox.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\RESTORE_FILES.txt	firefox.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md	firefox.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	firefox.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	firefox.exe
File opened for modification	C:\Program Files\ConvertToSync.emz	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat	firefox.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\RESTORE_FILES.txt	firefox.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\RESTORE_FILES.txt	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ms.pak	df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	firefox.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe	firefox.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	mspaint.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
5488	NOTEPAD.EXE
208	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
1936	mspaint.exe
1936	mspaint.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4880	mspaint.exe
4880	mspaint.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4316	taskmgr.exe
Token: SeSystemProfilePrivilege	4316	taskmgr.exe
Token: SeCreateGlobalPrivilege	4316	taskmgr.exe
Token: 33	4316	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4316	taskmgr.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe
4316	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1936	mspaint.exe
2096	OpenWith.exe
4880	mspaint.exe
4156	OpenWith.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103
PID 2080 wrote to memory of 412	2080	firefox.exe	103

C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe
"C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
PID:4520

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\TraceSearch.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:3976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Executes dropped EXE
  PID:412

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5376

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
1⤵
- Opens file in notepad (likely ransom note)
PID:5488

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\RESTORE_FILES.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:208

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\GrantGet.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm.azov

Filesize
112KB

MD5
b5e808926c3c156586732de2755d0836

SHA1
f7f4b04e794bd262c5987f68b2f620ee102d30f0

SHA256
953d22754321aacc9f167c464f42cbea6a68c75ff2d4b80b19494e1b8f62d003

SHA512
95955feca254225d7a4b5ec158bd3349b7199447b8674e1e5a98ccfdd419158087b463517e327aed1c61d854e69725e267ddde02f9a26ba9bffacea230a56a8f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
666KB

MD5
9fa1d4505f3df15569350123ba4d57ef

SHA1
97343cc85b09ac568f0e68d1be82ea6c52d36daf

SHA256
3fb875e8044da50bf9018d30c9d0be90469343d47b84eb48f2cca4bbb1f142df

SHA512
aac348518268cf7664039f4ae0df2fd1f41b16ffbc4c8b8779fdafdec57f0c5cf37c0d2e2c9445f9eb48cec29bddf975182761bbb6c49dac643abcee940dfb37

Download Submit
C:\Program Files\7-Zip\7z.sfx.azov

Filesize
210KB

MD5
fecba86fa3c724b3a63ab58fe846ae8f

SHA1
416cbe685a0a65851eb5158c7035c477c4efbbd3

SHA256
9cdc8ee86db23317b97d382477e25b5c2fae193b5358afc26e27502bebda1bfa

SHA512
de4c9480726d20bdcbf76185e17097af26597ff3004d8b57de52d5f0fa7d0946a64ba65290bfa60ebd2beaf7ba075a3b06dd07bcb23145f5dff89f8886986803

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.azov

Filesize
188KB

MD5
1e90f7046f3ce3536469168d55f4efcf

SHA1
fea107c0f9d6af192677396f6af893f0a2be8108

SHA256
88710dfa87ddd66feb5f4a3638fba65a5a079ae646dd9292e4055336a2b1b32a

SHA512
2f9c09bee525e05f36ead90c82eafad6e96ccf3e2e0e0ce8f4e0cea753750c5f080cbb81cd0e3aaab161bca681f565b3806ea57fda8f06f69d66678bd3f29191

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.1MB

MD5
6ff1f79a442f6b30df24457720da24ec

SHA1
9f2d217cf20615cd28033468ef8e241281ce4766

SHA256
c7c7333702b58521c6aae9031b35e1a3a3f059027f7669c9f15a58fa2bc15ecd

SHA512
9cf2119f261ffca927447960047e5665a195601b5fe4376bc87306ef70e8a07df4a731a1b44bb733362890e934abdac5529d0b9220518f9ace45ceb7c511657e

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
832KB

MD5
0b034584615d3d31ded195bf6cc044e3

SHA1
22276db888c973959cfdf1d6de17259fc923c701

SHA256
10a1137fa30f932458419bac56df05029e1bdbfa9ac3a63c79ac047ca07ab1ce

SHA512
e3331d6dd34bd3dd6772bdad2ee35d6ed73eb9003ec53d99605ed1f003c57eb09510b51029c3ee1e802ee0adbf1fc4911afbf393e6102fb6519408a66962a2f7

Download Submit
C:\Program Files\7-Zip\History.txt.azov

Filesize
56KB

MD5
0b929e8e2dbbe14e7ee61233e398cb2b

SHA1
33cb27ac80fc563ba64319e04ce1cc9e213b873d

SHA256
30665288c0e79a70d86b083299705179d6f6bf84f8897e2fa991c71b110e43fe

SHA512
645bb73580a427ddcedf23bdb944ed523a8a3048147ac061a5dfead16e7790c2f2e0cd2e188e05aea2f54bbb156d03ac425f65c91c8e158c10d952c3a3ab16c2

Download Submit
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.azov

Filesize
4KB

MD5
2f9c6116b5a4d7b36fa85b22ca4e64f6

SHA1
561c8330fa895cd3344b58d5fd8bce8cb4b9ef31

SHA256
000beea979c12b65fdffc06696523a63fbbc33aa16309ce3a8a05fc289c8341b

SHA512
769782317e093711054f770ad85f0fd595e45c6ae97a8f5e9fa95c0270173568661b420895fe7c92c0a1023569646e6428d812440b2ca1f25bc08621230c7328

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.azov

Filesize
7KB

MD5
ec872954f87d09665aa0d5d8add2e119

SHA1
2925b42f76d5aa879cab65ecec2ecfb2d9e5cc0b

SHA256
50e5bb7ebc503f872e307aefba2f901fab1547a25dd705cb6ac01aae585e4278

SHA512
1f6d552e01f0ff2ee890ca138049dfe693e5d0cbfd1e8985454c0d8158e3617e5ba106bb1e1c38786adb30630d8e1667b9b0af75a144759885a00d43dbfe4ee0

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.azov

Filesize
12KB

MD5
c7bfda0c261f2507adc6dce19447f85e

SHA1
895161464fbd451f4cd48892d71b5928aab21520

SHA256
9de66b143435b6590e19637dbc63ecf95660713b249515fedd4a3dfbd1da84ef

SHA512
88bab3e3ef50db6c50f9755bd6680b5deec4d741512bd1e32c13a6dbcd0b5b083ea9d0d48c46521875007ab9be03dd83b507e6720d65d314f6efedf691e66ceb

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.azov

Filesize
5KB

MD5
a5917b98a648d339e8a8564f6e4987bd

SHA1
ea4f5297defc5acdef652ee007e0a0cff566d94d

SHA256
90b6ed8f24735b5abf5cfaf0b4128d79244075b4e5e0e3678ed24f4d9e5f9062

SHA512
cb55dacf03d5331dfb19f1ff669de4e00f19dbcec6a6d05022687cd0bfc9eb790c6a3c759c10faa6182829d5a2982f608540e9286a910be063e938b20403be34

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.azov

Filesize
9KB

MD5
4c22b41913e6883a27b5e98cbc1bccb9

SHA1
d88e94300b057376af4ebf3e9f4184ab238cb952

SHA256
51909ec64213505d3c2978e894979177e5ce2cd1f20eb5aec4500327ad2a7368

SHA512
5cbec0fcf4671c2c80eeb0c92e6b290c250c6b866a7daf7aefc127db03f30552dd480c74ede03b2cf630a3887f738e5d1365444b3c9b8442af78765d79299aab

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.azov

Filesize
11KB

MD5
e74b1cdcb480cfca0c8cb50feb8b477f

SHA1
c1b5f3cb3533b19909d6b545175d10d7bdbbaf2f

SHA256
80fb690c08afc516ddbf71df90fd5f88e63ef5ecd6f0f75e4d9147c294556e3d

SHA512
c1320e8c375c8f7700814e94c0f35ce01515b606180c3e1acd38dbd4eec283cfe0572dd712626d38ce609339fb075a76527b515103ac8102bfc62f173ab0111c

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.azov

Filesize
11KB

MD5
ab959c3a5c3f9066964315605ce1ad98

SHA1
d062992d68e87e824564af7b18a793f81ee74828

SHA256
d2a415730ad74105c75b0a0090fa475807595cb89ae65b582216c88b02459465

SHA512
097fb7d2102d3445da6c6fd4c6181a4bb590d02a2537b6fa6a9f46e20402edb97318d0e9fdee98d58e98f9ff4bf3b56c7fda805daf1bf810cd25b85751f22417

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.azov

Filesize
12KB

MD5
1c0c93988ce088efe84d4b7e548d578e

SHA1
b046eaa3a55865ac9de93830cd3686aaae9d3c0e

SHA256
495d5f2cb059eccfb098b9cbb3d4588a23e8f16b32f9a64cc36cbf933bf771d7

SHA512
9105915dad679d51d9155ec8bb74e1b18665201cd6d59d53bd94e7e2d013e6e57d4e9e70e6187c6f6567733f4bf8f8934b27e46e833a8847ab57b7a1685dbb9e

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.azov

Filesize
14KB

MD5
dc4ef697056397eff539bb88e3337222

SHA1
67fb21e0a561493021bb60f253d400b8406d94db

SHA256
003be18f457762327080c2a81477dffbab69c03f560c57cffe91743efa5d1e23

SHA512
7b571a5d77d1919a0aebe97adfe10a0f0c402123792dd501f351c49d0ba15874082a0e54aab0eadd18d21e6b0a602bcfff1d904b6440377622ea80b2871f69ff

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.azov

Filesize
5KB

MD5
1c3c431bd325a7d2fcba400c227fc7bf

SHA1
1bbcd19df9b299fd73445acf93a9b2ca6f359943

SHA256
8d6783191d493f06e5157556a1a71a277905135035ebb19e2351bfbe09e97062

SHA512
6788b63ddb842c054de5d7729e7f34cd6fc499d9a2d9028284926a4b1a9aeec759e6b0e67d6dacc07575922a2d04baf95ef413f68167e83b0278962e792256f5

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.azov

Filesize
9KB

MD5
62464ac39ce1ba29b18ef5307839c26b

SHA1
cdf66afd4ee091cda163cbbf2ed90ed09df12765

SHA256
437328b2c22a923463ea19cead5ed3fd5b7e70465a63aca99a8bab322f9633b5

SHA512
a701ff2b8f8c65000ac966d80dc5524504e8e97fc254780915388a430af2fae2b5fa0bcbe8b3ec98983ae62a5bd9dc148faaa3843d6fdebb9a1cba8166978184

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.azov

Filesize
11KB

MD5
c43fdd665b30f9b19cd8f37e345ce7ac

SHA1
38aaae1cecc05a10df478fde413fff91bd57f7eb

SHA256
bddbf92b91c2305a2a4a11f9337841fd711f62ee34e0cbcee9eb3bae5d39640a

SHA512
b93c4e65c8635bfbafa613a5401f8504096abfd6f9d22b366a945ef7726512e3754a54d2bf1ba1483b1029d03c827fc4c360609ea46e4b3628c294177a8fe768

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.azov

Filesize
8KB

MD5
ac700118ccd564b1b09cd577239539b0

SHA1
e910c1c7036a3809967352909f67edd778574418

SHA256
cfd279ad464189f1ec8075372cd2876f7877c310b0e7b5829cdec3ad1217b488

SHA512
50d78906580be9398a7e2cf008846a3c68e148f301d5644c92b507da549c4c7be91f2616188ccfb42476a2c15736237d0faf436dc536491f236d5fc2d903a29a

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.azov

Filesize
5KB

MD5
8f4d403b775db312b7be241cd745c11e

SHA1
a1f569bd5bac306cfb62033ce4d6cc596d79e770

SHA256
a8cd750db4bccbe6aa232732df141cfb71db064db34d06c1803ce022af3a0605

SHA512
9589346257b65245f9d9baea16609bb80829ae962d6467e4429e99a40cb32a4e8e869b84c46ba74eedcf924b435ca623cf18ff4b0ac9ec8a936a6e1fdc5413e0

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.azov

Filesize
8KB

MD5
9a160bd13b363aab0b69e8fa44db3f2e

SHA1
0809e2388f80173b9aba602c097aed8c778d7cea

SHA256
f61cda136be087c0210cc6c36694cafdb5531f9eda5a959056a1893bb954d3c5

SHA512
69e9d8408fe763ebeaab4aedfba46ed301d715ec334ac512a9fdf6f79da314cc9279b64c31a7de4d21c6604b1b7ea1526d35d8835da601b370da3ce326423740

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.azov

Filesize
9KB

MD5
386e3d0c2dc697162ca618d22777732b

SHA1
52b862203dd10f7fbe3fa87630a0856e253a0f83

SHA256
3a21e8134d3ccc919bb7ea09d0ccda767bdb4627fd3d3ef1bfbd6369ab9a24f3

SHA512
e8172b458063e27a5d144e4747d99d95f11e6f26ac325c9396c398964826ada54a0b96da2d74e67ef1ec52b87286d2a04d6d7fb72d66ebeee11f12cf856aeeb9

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.azov

Filesize
16KB

MD5
f35aef4233530cba997c7b9c1c4288d8

SHA1
643eaaf58f046ed14d53cbe7ee4d8bd5869fa786

SHA256
55819a7e627859a262280e4c2d590c7bddfc1d1b5f0de8e38709c74848639b71

SHA512
fdf66b1df7817bb174389efadc6796d2d2e1cc3c8625464ed51d48b63a66ff39057ce61d4e5b88d728f42cc19ddf5eb9060eab51b4da425e0ee6c2f63f1dd5e4

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.azov

Filesize
7KB

MD5
0a7ec78cd618c1aded3c6c459a35c0ed

SHA1
5cc0331df0c0d9baebe12b08ef2d0d8360b67db3

SHA256
a4cfde6e7a172552b5b4f4edafe0aa8769e997a5b395ace5f21fc511c5a8e202

SHA512
89556536f49d1a249d6ab2ccb79375f6b92cca8e328f95ef2a42eb28e68df6a3d9e237634656ce68da0d7e588f2e3dfaf0704ad2ab6f41d345465f605f90ad61

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.azov

Filesize
5KB

MD5
04dc2d05607f904e17fd0354fd75a407

SHA1
8a499a7976bd346864791ce5d019b5857056faa2

SHA256
6389888d29e0cf65125d71d7bbc981b31a0f892044d519ef3b1688dc98e0c1fa

SHA512
4a1c07ec4bdf0fe6e02087160a5dbbb9b6ac639218df9cf0fbbdda7f2d720650476ae6743f6ad3f28f04490e27c2142db2c1338c4a532676b27f3e18c05b2f69

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.azov

Filesize
9KB

MD5
f3d64f31f62a1f7c33da929ec809bec8

SHA1
a3395155856cf5f44fe562572dd45cb47e744100

SHA256
1bc784b9f0888f2a546faa6cdaf4732b9578bc96e3647eff53df9c2b8af4108e

SHA512
da3e1f78e9687bf9b252a2052b8e5306a19266c93c73ea0a5dd4264bde49b110e03850255051d02f0fbc5e22b20d9c7cce487a67ec8e28b694d68118e9f54516

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.azov

Filesize
7KB

MD5
dd1c13da2b3344fe326e164014353d07

SHA1
9fe0d3cf7716fbfae8c391a91703d5ea7a7a1408

SHA256
64106cc7244767b763cc6d72136b248eeeeb57713ef561e5174c0160c774880b

SHA512
e19d82e4a31e25d17a87199441640f8ea9685a954dc856229ef4948925438b41781727f936aa39f6fb51be991bee6571cefb9cb2a185685e031ee618e419e3b6

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.azov

Filesize
8KB

MD5
a1fc2600af1e8f20958f6be0f811da32

SHA1
9e6458cf3418424d9ddc635b383c89e6a2cb2d28

SHA256
1763dbbbcfbd7d5fed1d720b9c4f49300be7a4045a5eaf239d2e8a3eed763659

SHA512
89b4b27d96640550ce059b35a062ab950de11e98f8b2c8c68ef1c729c189f4b397da3c56b947798fa1cc05b65918bdaea1dd7749a8de870e2a2cde49f8bd8da3

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.azov

Filesize
7KB

MD5
c5af6fa9daeacb7cc836d973c5cc63f3

SHA1
899483113a8a8eacf7e3d9a75375de8c27e7a4a0

SHA256
51d1eb13ab34ab4a24190e65ae8bde6255d83e60542782f93001aec4d291ddd2

SHA512
0f36ed09689ea450bcbb2676618b27afc46d3572ddf82ce33f21ae69bd470add59242153d04bf82d5d111d8438f63d635b53b60a85109ac95af0e0a00b651df8

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.azov

Filesize
13KB

MD5
5d0a1c1afeefd34dedfa5abaaa257534

SHA1
58b22a217b3b4b769d69ece1de2aaa55fc88e120

SHA256
0ed89d7caad50d2287488f3712810f63165a45d84a36d12bb9d28b22de9085f9

SHA512
bb04a1879bf1d33590cac979d18f6b57e73ffa0732eaa7416b23dc9e381ad04bba9eb2465a75b48e1e57b468ecec4adde0a7bacb61e794e497b106c414da8c21

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.azov

Filesize
8KB

MD5
2f61c81d2d86a86cde18603fe3250d12

SHA1
ca12fa4b6d8df6e74ab25ba6579520e6011718eb

SHA256
70016e76d9bf264faebc8721bcf47ee7c6f5cf96786b841b2da0e17c26b580b6

SHA512
e0d034a706653fa3fb43242ce12730c4bdf214cdee818f6621562d88e01f3714185be3c84aab8249bfbde09c495eb8aa3bf04729f5c94239030d33bd70590fa7

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.azov

Filesize
9KB

MD5
6746db4e61f61f50d98644596353bda7

SHA1
e83b1bf1da2f7200f799417f34219c7f5d9cad16

SHA256
c08e483c2b70aaf1973729d42be0ca5f92104f79e39225f3a2fff52c00c1ebc6

SHA512
30396bf40d309c34946605d0621eee6cba70ad263084d8392d7629f667a6bbd63cbb8ae95761e4cfaaee72598ab5b33c69168b13503b28fb633421c0b2742d16

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.azov

Filesize
7KB

MD5
74edcb94b59641f8e757a92193b06059

SHA1
499431fef17e5459978b140eed4df04f12eb360b

SHA256
7827461739b9770bea9dbe575a4e42a808b6912663dac2d249c1ddd5a65420af

SHA512
4dc93ab394cdea6b04abbf16c61feda81f66d302d1b9497d0151762eb1101c9f2bba76cd95678672a5637ac8bfc9411efb86ab3158d25c1c6a0e235b24157fc2

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.azov

Filesize
6KB

MD5
3c4fd2f28a11366596e9051c54f70d20

SHA1
50d35e3bcd20405e5e18110397b461d990d98406

SHA256
ea0fcc9477e2611c0d096a2200183e8f226489b7615885d1c71a5c70cbb38c6b

SHA512
5ecaa79788ce39915818126818d0e3f8fa91b57ccd4580f65b44c7706872d1df76460b722f7ff55a0b42e8907f42477517ed7f56497153bb5656e71c2056cb49

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.azov

Filesize
8KB

MD5
e3011085d443d4dd433dbd700b948e27

SHA1
d812aa598605be90fc512d36e4b34b72c9f0f40a

SHA256
f694abe55c5c4220165ee2026854e9ec5c54292c3eeab18ab0d8e2ec7c9782f2

SHA512
e054c1478f229d7ebc758797db8fbb2a561daf539ad823945147d39ab6dd1652a5c028519ed693066f5a786c51bd2fb306285557f3b3f895d0b324606ad26f15

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.azov

Filesize
9KB

MD5
9effbaa2fcc3ec34f36b64a96cb0408d

SHA1
2865a16cd242e69a855120e4285f795b33ac353f

SHA256
67d610427f1a45739bf54475544c6d9324ece5a25f60b0c8e521a2aa847d15fd

SHA512
cb56afcd0d3b0e7471280fff85fd456e7aca9b9765d4110a90b7570359869f487a791da493f22e33af2931b7b4a9c7db2e7a45bb0b5088928718e68df0dd2718

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.azov

Filesize
17KB

MD5
7d6d979b8989c73a5865a932a7f7b01d

SHA1
593ff338ec935025e590fc945cfed344e0d8e7f9

SHA256
b4b320a635b7f2d1a033dca86302fff920c245ad2e7ddf4c85fa005055640153

SHA512
60243c6610c614a2c4ed9aa4ee76e36aa18d514a8cafcf8528314ccadda2c7761d597081217b5fcc1cc80d11107b4f295cf025aa08d9624ecbf2fa77fe0abaaa

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.azov

Filesize
11KB

MD5
0a2aa01a6dbc03b7e56a98dfb4016244

SHA1
7fd97d6fa95d2b7a9b4a94c20ac077c66bc02e02

SHA256
62496685c4a5d595b726dce935ba25f7bff4f174e4f891fe8566d9ebd547e29f

SHA512
2b4e2b7a5fa9c6136d7d3ffddfee7d305916335e155c5601d3dfbccb22a4a2a8e242a283098b322dee14bfabbb1e3a6b8bf4d0fe6573eb76f3445706cba2f2fb

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.azov

Filesize
17KB

MD5
1986a86fd8cf6aa155d912bef1b919d2

SHA1
8f6a868ce3ea76555c5cb4e1a18fcc1de81103ad

SHA256
dd809791f9490c1a4b9be1b8495a7dff97cdae361a76d4eeaf34aa45882430de

SHA512
bd664d918879d494af40a37f203a09138a629597dfac2f180ecb65ac48744510a98da466a15f23124ba944d476bf20a25d4794054ef7ba730b7c35a302166f3f

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.azov

Filesize
8KB

MD5
f5ef4ec1018fee74d3a164e19ef88030

SHA1
b04e695de8e0c7b006389fcf316c3c939e1d863d

SHA256
22e413572b68a99320f3ff3457c6085ec49f039a3b7a85ed8e88aefc5abeaba0

SHA512
5573c3b2f4768e6d7be2b5650e7d0db5ae4b4c36ccf68514fc501a308f65cee6aee0bce8aa17d3dcb8ead4127205cabe96b41db023db796ef778d07afe517172

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.azov

Filesize
9KB

MD5
79bc71d4c6055ce7034677f299e294ab

SHA1
c373c332fdf7deaacf514e2dc7d6b2fc9a663b91

SHA256
ea49a97a3c045c27db5fca8969d118e9170739b2eae414422598cf343a2dccb4

SHA512
0df4f3e29bf59bfc20cb5587f62e272cb82b21fe55287e7721e0658f3bc3f33c4d2859a9b0e1fd72d3dbd5f91c334d007e372933c177dba18a239d0da21da5d3

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.azov

Filesize
13KB

MD5
2b1bc2ba1e4525b3b2801a6d5f55c9a5

SHA1
cd521cbe8a5894b321ffa2a7f9810564e71d62e5

SHA256
82effb9a0db1122f641831fdddfea1cf9e385d3bde59f8fc46452745e6172b88

SHA512
55a6a304cc87b31038c7c8fd7d2f6dfbfaf06feed828c5afa5174f2c8784f28b24ffdafae128e911ad7b1bf2d60e96e5ad167e2b5c7bc80cf28e762ef57d2775

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.azov

Filesize
8KB

MD5
943894f6c31a92026e234c6b866935ac

SHA1
8fdc3b92eef8fd358cbf17d7b7f3d9c104f5bfa9

SHA256
93aa570fb4c3073fea348acc4fb1334ff54ba664730b2baa02fc55dea7543d95

SHA512
1fa7fcd5f0982f57644e20924ad3eae2861d1bbbac86c0fe365674459803f6514e1e7bcbf918f6dd3ff235a6ef9c92caf1c9f0b62b40b4c519054f5e1a07887b

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.azov

Filesize
4KB

MD5
428ee6cb3105d046289e0d5d94d860b8

SHA1
d7914a3054454c9c4859b4261a7551c28dffa18b

SHA256
a1dc7faaed51b3b91ddd7097ef38724b7babe089c075339cb6eaafb36b39cfb7

SHA512
d47012b7bd6dc2bcae49eb4e7808ad3456359b41ef7b51e6263d421b965eae49620c9600692c5b08649ccf4767a090776e5cbaf6d189508540e9d3f59cbd0b72

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.azov

Filesize
8KB

MD5
38a9a34b84fc3e10d67097d4a85ee790

SHA1
dad511bd958f494cfbbfbce65beb0b44b032f426

SHA256
7cbec374e9ee54a652c2b997894120dc7e79218d8e52c77e6c00621a89826c4b

SHA512
f82e30694176f730496c980265162f2928695a19d470dfdcf7c204bbe92a8a77cb2edd609d28ac914a748dcd27c173134b50c07e5a7f744f9f90c6101494fd28

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.azov

Filesize
9KB

MD5
0784a1cf0e15489b13f4319e53036273

SHA1
b02a5012c98aaf5488e1bf731f6bf5821a22c288

SHA256
c81a7d147d261f7c27c2fac65ab804a755a88af5b5f812ba74d6a31b6627db20

SHA512
92514d748d96845a052007c8c86cad25bb340df373da951953ed2bed2bff21fa7bc026bd23d11866d59e62e540e9de3058c535e7b358d5188ef0b78e2f7929a6

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.azov

Filesize
12KB

MD5
89cc7478d94c24f009c0a33bbb7b5af1

SHA1
b2463244f5b15c4aaf69d6cff4065aca5a3e09ab

SHA256
7b95fdb974db9571dd0cea72234a36f4ec4a356d974b38009edb1ea925b7d6c6

SHA512
dd3a784ddf262fc9a07ca447ea61f68cee2ad9bbcf2127a606378b3994858cd60021af8a48e97c6da69954775cf260e0e077a970a4e8ab8579cf890bbb285079

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.azov

Filesize
17KB

MD5
5cfc1848790761d7feaf5887c9e7358d

SHA1
6f17a63e4176bb4dc4994a324abfeae28f593fe5

SHA256
cb2e9595deaa9f14bf6d8e73ad46f62d2d0be9a118f9a08cd6e344de3a84adbf

SHA512
6c8ef239a40d88ba7894e76bd5bea51f072018320207bff2c090e825dd23081ef5b97499e9eaa1dba11df4d856a81ed7de5bd1b5fd1967e14dd704073a30b7ca

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.azov

Filesize
8KB

MD5
f8bc412cd011e06036f8bc95e0618db1

SHA1
ae8503e2eb8e3a6e69314c841b786bd186cf7c8f

SHA256
d4923e65adb3ff4123d9b66b318535e92cc7ee962dc4f9165adcfa04569beacd

SHA512
82cfb7228d1e0c87b62649d63e9689c9a060cc2a9f2d10b6f740f5cde3f6f27615a29447b83e6ee269262e67a556854025fe176490850c8c0da614a840c25893

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.azov

Filesize
8KB

MD5
ca592ebddeea16536acafad41f03248e

SHA1
0e652f18b8e5aca9cef0f85558c120ee071ab923

SHA256
4e9f90f92f78bfca9b035e55c1f71f530a1d2d8aa32c5fff7b306e95e269e6dd

SHA512
aa03d98944c2519de056b0873915dbdc1ebdf09ac25127ee83576a5bf69a4e662ae402dadc8c9450bda7085e3784364daa132c1e9579f68c9a3e086634c37185

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.azov

Filesize
11KB

MD5
3f5f944ca3bcc5fb8fa946187e0e13bd

SHA1
b2c3159f9eaced66b422a107a8517476b58d699a

SHA256
7a4cd5940a6cd7f0e705c34fac875827edd4526312195dee8179e2c5be03e9fb

SHA512
27989ac48e71e1b0f5f298ef7603ea9c5a7e0fd3754341b93ea19e2bc653c7f62eff0d2cc59813fd697116a71dddc15234794d25c9802f2766df5ad9f2474a89

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.azov

Filesize
10KB

MD5
97cca0d48456eabaff6c2cf700247a93

SHA1
06fdc8641fba2bbad51872c0c0bdbd1b96ff905a

SHA256
98072012aa61f38718800a41589358b474f3efaa1ca2f14a4b5ac2c51fa4383c

SHA512
0664c6c6e54302c34c5bd258ef4f84748837f9aee5dbd5d72494eaa20e57efc7e5af30feeb283a121d76a96f1e221aca6c04eb0a4ffd25df391552e3c5723348

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.azov

Filesize
12KB

MD5
5599e754c89f9b4874987eb19629987b

SHA1
552390f6390d09c808e2d44a83f58d33cf74c4e4

SHA256
62283d21e65292b7ba6dcf39a6cd2fe7df17a24f9bbea9f2efecac91fb0b99b6

SHA512
26e0820e9c06f4236d59e2db5b9ae02a1a66ba9fec51cbbb3588f4015e26ced6302612841b39c4f8d6c162057eff63b21468283c0824ec217f45c8642c56c675

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.azov

Filesize
5KB

MD5
5674c0d2b28a127c905ec068d5125eee

SHA1
10981df2bd9dd60b0563b21954fa37d1b95514a1

SHA256
89ad7386877748244c9b24e3dda87be71ec1ee785b0186bfcb3616b2e01b2f96

SHA512
1bf06582ddb13bb2ac6ded2577061c1ada9cdbb791d04af93eca92e2a28d2e4f2bcb37601f2b59435d8a5bbf1cbd03b0738af9d050634962767fc4f8b4a92b03

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.azov

Filesize
12KB

MD5
636b1a2004a1199ce597416ef71bc832

SHA1
67cee37fb6c2e512598e503c47da6d465aa3447a

SHA256
a54388f2ee7b49786e925607e6ef836cdce1aca0e2e2f23dd0073b608f79a6e7

SHA512
793403400b1a65eceb7a37951eed9489cd0181524b66635a029f086431505a1b7524ebd3d783318dd04f4a247132d4cc31cc6fff600925185258fca7c8c73fc2

Download Submit
C:\Program Files\7-Zip\descript.ion.azov

Filesize
666B

MD5
f8f47814befc938900becc5b7ef343a5

SHA1
6e23eadb859d0d8213bbead1d23549edc7cb8911

SHA256
0d46f237262d2da993946714de1ba6520bdf4d6d6591d6973a8a177d45166c32

SHA512
ba305b4e6410949d60be089981ca57b4cdf3ba282be3617694b8bdc3756108c5a759f4f3865bfc5931722b17bb1b045e1e53727806f7657d21919e9b7f7fb377

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
350KB

MD5
b388c180cb7049a23a0f13a343d08798

SHA1
aeb150f0c6e3f561d3c228fbf2f2a917775f7cab

SHA256
64a2c5e7a2b2c8310ccb784be2ffb98318dc341cbb2ad27738f3ebeeb8691a16

SHA512
065dc865a62d6f0cb3686c5d7be0df281d7084f52e63320fe626d189a32b0977878ecbb5644b0aa27b568a529a21be96acebc95a17d3c8b0687b6cec88cb3caa

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.3MB

MD5
eda8cf449b9ee40b6cef6410fa234a46

SHA1
39d62698b5bfd547bb82c70a48d9da9d790ec2b9

SHA256
6d38827d564b51f6a3abb23705986a41e83bc4e198c10d2e40ba833970d21e0a

SHA512
b491b2358dee0b4ecb4924b67ddbfd643b74661849c87008fc0e4fae105be8ffb8a9db1362f38de058dd70ef2b93781b6e30880de2b569d81cd43013b9461083

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.3MB

MD5
f3297a3921ccb23187bdf244f8fc2087

SHA1
7f8f7b9bbd795b9b3a4e511fd535c27eb394217a

SHA256
10f1b4ec5a2e74c401e97fb81d49ca387f85e48bbeeacbed9b07180f11e034e8

SHA512
ef0ea80cba7951984a9abccaab54b94b527b81bc50b9a4ea3b1e11dda48f3004e89606e2e9e1d0ee6aba11d01843d70eec3eef2abcd79e32385137a27b43407c

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe

Filesize
759KB

MD5
6ac011c9fd114888afa9a6aa10fe898b

SHA1
1e0c070d8d7ce1191604266764ad330a97397f5f

SHA256
7c2707d460ffffae5afbe58b9b754b80d1ade0a82457870ad0c3f014f93c94cd

SHA512
e96fee619f3eb80c37489efdbdbd68107e659965b016de7c503649b1db9df1e04baec147cd36709c91e2972b73f3ec549843cd9425341c42590a5ff0b24cc24d

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
189KB

MD5
6f3ee314a0a26e17a1dd014255ad3353

SHA1
5fa529f3f754aa5cae1b3d20e73f040607c4a55d

SHA256
d18ff4aaec0764585d90d7fd0724fb6b232ae984a44d123fc46cf3b41af1f82e

SHA512
d1309d615434b74bb7e12a343142a1120a76a125f5be73c04ff515b6c210938a77a0f87cee1032c56becbe0ea5e4438fbe81c6e0af1c7a9909c8096449bb1ab1

Download Submit
memory/3976-1073-0x000002037DF10000-0x000002037DF11000-memory.dmp

Filesize
4KB

Download
memory/3976-1072-0x000002037DF10000-0x000002037DF11000-memory.dmp

Filesize
4KB

Download
memory/3976-1071-0x000002037DF00000-0x000002037DF01000-memory.dmp

Filesize
4KB

Download
memory/3976-1070-0x000002037DF00000-0x000002037DF01000-memory.dmp

Filesize
4KB

Download
memory/3976-1069-0x000002037DE70000-0x000002037DE71000-memory.dmp

Filesize
4KB

Download
memory/3976-1067-0x000002037DE70000-0x000002037DE71000-memory.dmp

Filesize
4KB

Download
memory/3976-1065-0x000002037DDF0000-0x000002037DDF1000-memory.dmp

Filesize
4KB

Download
memory/3976-1058-0x00000203791A0000-0x00000203791B0000-memory.dmp

Filesize
64KB

Download
memory/3976-1054-0x0000020379160000-0x0000020379170000-memory.dmp

Filesize
64KB

Download
memory/4316-2254-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2263-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2260-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2259-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2262-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2264-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2265-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2253-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2261-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4316-2255-0x0000023945750000-0x0000023945751000-memory.dmp

Filesize
4KB

Download
memory/4520-11-0x0000000000840000-0x0000000000844000-memory.dmp

Filesize
16KB

Download
memory/4520-0-0x0000000000840000-0x0000000000844000-memory.dmp

Filesize
16KB

Download
memory/4520-2-0x0000000140000000-0x000000014003E000-memory.dmp

Filesize
248KB

Download
memory/4520-12-0x0000000000830000-0x0000000000835000-memory.dmp

Filesize
20KB

Download
memory/4520-3-0x0000000000830000-0x0000000000835000-memory.dmp

Filesize
20KB

Download
memory/4520-5-0x0000000000830000-0x0000000000835000-memory.dmp

Filesize
20KB

Download
memory/4520-4-0x0000000000800000-0x0000000000807000-memory.dmp

Filesize
28KB

Download