Malware Analysis Report

2024-10-19 08:12

Sample ID 241014-wctmlaxfnf
Target 3fa4a10d6132b2c7234726ce029c65ebdd605335bd29befd37118f23cec1afb3.zip
SHA256 74cb24663009dd17c0ca2f8606c6d6b48ec0f68b9d147d632b2fe9fa361c4a7d
Tags
chaos mafiaware666 maui pandastealer blackcat njrat azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74cb24663009dd17c0ca2f8606c6d6b48ec0f68b9d147d632b2fe9fa361c4a7d

Threat Level: Known bad

The file 3fa4a10d6132b2c7234726ce029c65ebdd605335bd29befd37118f23cec1afb3.zip was found to be: Known bad.

Malicious Activity Summary

chaos mafiaware666 maui pandastealer blackcat njrat azov persistence ransomware spyware stealer wiper

Maui family

Azov

Njrat family

Chaos Ransomware

Blackcat family

Detect MafiaWare666 ransomware

Chaos family

Mafiaware666 family

Detect Maui ransomware

Pandastealer family

Panda Stealer payload

Renames multiple (954) files with added filename extension

Renames multiple (1380) files with added filename extension

Reads user/profile data of web browsers

Executes dropped EXE

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Opens file in notepad (likely ransom note)

Modifies registry class

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-14 17:47

Signatures

Blackcat family

blackcat

Chaos Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Chaos family

chaos

Detect MafiaWare666 ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Detect Maui ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Mafiaware666 family

mafiaware666

Maui family

maui

Njrat family

njrat

Panda Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Pandastealer family

pandastealer

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-14 17:47

Reported

2024-10-14 17:49

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (1380) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2 C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe

"C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe"

Network

N/A

Files

memory/2056-1-0x0000000000210000-0x0000000000214000-memory.dmp

memory/2056-2-0x0000000000200000-0x0000000000205000-memory.dmp

memory/2056-0-0x00000000001E0000-0x00000000001E7000-memory.dmp

memory/2056-8-0x0000000000200000-0x0000000000205000-memory.dmp

memory/2056-5-0x0000000000200000-0x0000000000205000-memory.dmp

memory/2056-10-0x0000000000200000-0x0000000000205000-memory.dmp

memory/2056-4-0x0000000140000000-0x000000014003E000-memory.dmp

memory/2056-6-0x0000000000210000-0x0000000000214000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-14 17:47

Reported

2024-10-14 17:49

Platform

win10v2004-20241007-en

Max time kernel

125s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (954) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\A: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\I: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\O: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\X: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\G: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\R: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\S: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\H: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\M: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\V: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\P: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\T: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\U: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\B: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\E: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\J: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\N: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\W: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\K: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened (read-only) \??\L: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado26.tlb C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\codecpacks.heif.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateCore.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\vi.pak.azov C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Java\jdk-1.8\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\ConvertToSync.emz C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\RESTORE_FILES.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ms.pak C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe C:\Program Files\Mozilla Firefox\firefox.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Windows\system32\mspaint.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Windows\system32\mspaint.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe

"C:\Users\Admin\AppData\Local\Temp\df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3.exe"

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\TraceSearch.jpeg" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\RESTORE_FILES.txt

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\GrantGet.jpeg" /ForceBootstrapPaint3D

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

memory/4520-3-0x0000000000830000-0x0000000000835000-memory.dmp

memory/4520-0-0x0000000000840000-0x0000000000844000-memory.dmp

memory/4520-2-0x0000000140000000-0x000000014003E000-memory.dmp

memory/4520-5-0x0000000000830000-0x0000000000835000-memory.dmp

memory/4520-4-0x0000000000800000-0x0000000000807000-memory.dmp

memory/4520-12-0x0000000000830000-0x0000000000835000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/4520-11-0x0000000000840000-0x0000000000844000-memory.dmp

memory/3976-1054-0x0000020379160000-0x0000020379170000-memory.dmp

memory/3976-1058-0x00000203791A0000-0x00000203791B0000-memory.dmp

memory/3976-1065-0x000002037DDF0000-0x000002037DDF1000-memory.dmp

memory/3976-1067-0x000002037DE70000-0x000002037DE71000-memory.dmp

memory/3976-1069-0x000002037DE70000-0x000002037DE71000-memory.dmp

memory/3976-1070-0x000002037DF00000-0x000002037DF01000-memory.dmp

memory/3976-1071-0x000002037DF00000-0x000002037DF01000-memory.dmp

memory/3976-1072-0x000002037DF10000-0x000002037DF11000-memory.dmp

memory/3976-1073-0x000002037DF10000-0x000002037DF11000-memory.dmp

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 6ac011c9fd114888afa9a6aa10fe898b
SHA1 1e0c070d8d7ce1191604266764ad330a97397f5f
SHA256 7c2707d460ffffae5afbe58b9b754b80d1ade0a82457870ad0c3f014f93c94cd
SHA512 e96fee619f3eb80c37489efdbdbd68107e659965b016de7c503649b1db9df1e04baec147cd36709c91e2972b73f3ec549843cd9425341c42590a5ff0b24cc24d

C:\Program Files\7-Zip\7-zip.chm.azov

MD5 b5e808926c3c156586732de2755d0836
SHA1 f7f4b04e794bd262c5987f68b2f620ee102d30f0
SHA256 953d22754321aacc9f167c464f42cbea6a68c75ff2d4b80b19494e1b8f62d003
SHA512 95955feca254225d7a4b5ec158bd3349b7199447b8674e1e5a98ccfdd419158087b463517e327aed1c61d854e69725e267ddde02f9a26ba9bffacea230a56a8f

C:\Program Files\7-Zip\7zG.exe

MD5 0b034584615d3d31ded195bf6cc044e3
SHA1 22276db888c973959cfdf1d6de17259fc923c701
SHA256 10a1137fa30f932458419bac56df05029e1bdbfa9ac3a63c79ac047ca07ab1ce
SHA512 e3331d6dd34bd3dd6772bdad2ee35d6ed73eb9003ec53d99605ed1f003c57eb09510b51029c3ee1e802ee0adbf1fc4911afbf393e6102fb6519408a66962a2f7

C:\Program Files\dotnet\dotnet.exe

MD5 6f3ee314a0a26e17a1dd014255ad3353
SHA1 5fa529f3f754aa5cae1b3d20e73f040607c4a55d
SHA256 d18ff4aaec0764585d90d7fd0724fb6b232ae984a44d123fc46cf3b41af1f82e
SHA512 d1309d615434b74bb7e12a343142a1120a76a125f5be73c04ff515b6c210938a77a0f87cee1032c56becbe0ea5e4438fbe81c6e0af1c7a9909c8096449bb1ab1

C:\Program Files\7-Zip\Lang\ky.txt.azov

MD5 636b1a2004a1199ce597416ef71bc832
SHA1 67cee37fb6c2e512598e503c47da6d465aa3447a
SHA256 a54388f2ee7b49786e925607e6ef836cdce1aca0e2e2f23dd0073b608f79a6e7
SHA512 793403400b1a65eceb7a37951eed9489cd0181524b66635a029f086431505a1b7524ebd3d783318dd04f4a247132d4cc31cc6fff600925185258fca7c8c73fc2

C:\Program Files\7-Zip\Lang\ku.txt.azov

MD5 5674c0d2b28a127c905ec068d5125eee
SHA1 10981df2bd9dd60b0563b21954fa37d1b95514a1
SHA256 89ad7386877748244c9b24e3dda87be71ec1ee785b0186bfcb3616b2e01b2f96
SHA512 1bf06582ddb13bb2ac6ded2577061c1ada9cdbb791d04af93eca92e2a28d2e4f2bcb37601f2b59435d8a5bbf1cbd03b0738af9d050634962767fc4f8b4a92b03

C:\Program Files\7-Zip\Lang\ku-ckb.txt.azov

MD5 5599e754c89f9b4874987eb19629987b
SHA1 552390f6390d09c808e2d44a83f58d33cf74c4e4
SHA256 62283d21e65292b7ba6dcf39a6cd2fe7df17a24f9bbea9f2efecac91fb0b99b6
SHA512 26e0820e9c06f4236d59e2db5b9ae02a1a66ba9fec51cbbb3588f4015e26ced6302612841b39c4f8d6c162057eff63b21468283c0824ec217f45c8642c56c675

C:\Program Files\7-Zip\Lang\ko.txt.azov

MD5 97cca0d48456eabaff6c2cf700247a93
SHA1 06fdc8641fba2bbad51872c0c0bdbd1b96ff905a
SHA256 98072012aa61f38718800a41589358b474f3efaa1ca2f14a4b5ac2c51fa4383c
SHA512 0664c6c6e54302c34c5bd258ef4f84748837f9aee5dbd5d72494eaa20e57efc7e5af30feeb283a121d76a96f1e221aca6c04eb0a4ffd25df391552e3c5723348

C:\Program Files\7-Zip\Lang\kk.txt.azov

MD5 3f5f944ca3bcc5fb8fa946187e0e13bd
SHA1 b2c3159f9eaced66b422a107a8517476b58d699a
SHA256 7a4cd5940a6cd7f0e705c34fac875827edd4526312195dee8179e2c5be03e9fb
SHA512 27989ac48e71e1b0f5f298ef7603ea9c5a7e0fd3754341b93ea19e2bc653c7f62eff0d2cc59813fd697116a71dddc15234794d25c9802f2766df5ad9f2474a89

C:\Program Files\7-Zip\Lang\kab.txt.azov

MD5 ca592ebddeea16536acafad41f03248e
SHA1 0e652f18b8e5aca9cef0f85558c120ee071ab923
SHA256 4e9f90f92f78bfca9b035e55c1f71f530a1d2d8aa32c5fff7b306e95e269e6dd
SHA512 aa03d98944c2519de056b0873915dbdc1ebdf09ac25127ee83576a5bf69a4e662ae402dadc8c9450bda7085e3784364daa132c1e9579f68c9a3e086634c37185

C:\Program Files\7-Zip\Lang\kaa.txt.azov

MD5 f8bc412cd011e06036f8bc95e0618db1
SHA1 ae8503e2eb8e3a6e69314c841b786bd186cf7c8f
SHA256 d4923e65adb3ff4123d9b66b318535e92cc7ee962dc4f9165adcfa04569beacd
SHA512 82cfb7228d1e0c87b62649d63e9689c9a060cc2a9f2d10b6f740f5cde3f6f27615a29447b83e6ee269262e67a556854025fe176490850c8c0da614a840c25893

C:\Program Files\7-Zip\Lang\ka.txt.azov

MD5 5cfc1848790761d7feaf5887c9e7358d
SHA1 6f17a63e4176bb4dc4994a324abfeae28f593fe5
SHA256 cb2e9595deaa9f14bf6d8e73ad46f62d2d0be9a118f9a08cd6e344de3a84adbf
SHA512 6c8ef239a40d88ba7894e76bd5bea51f072018320207bff2c090e825dd23081ef5b97499e9eaa1dba11df4d856a81ed7de5bd1b5fd1967e14dd704073a30b7ca

C:\Program Files\7-Zip\Lang\ja.txt.azov

MD5 89cc7478d94c24f009c0a33bbb7b5af1
SHA1 b2463244f5b15c4aaf69d6cff4065aca5a3e09ab
SHA256 7b95fdb974db9571dd0cea72234a36f4ec4a356d974b38009edb1ea925b7d6c6
SHA512 dd3a784ddf262fc9a07ca447ea61f68cee2ad9bbcf2127a606378b3994858cd60021af8a48e97c6da69954775cf260e0e077a970a4e8ab8579cf890bbb285079

C:\Program Files\7-Zip\Lang\it.txt.azov

MD5 0784a1cf0e15489b13f4319e53036273
SHA1 b02a5012c98aaf5488e1bf731f6bf5821a22c288
SHA256 c81a7d147d261f7c27c2fac65ab804a755a88af5b5f812ba74d6a31b6627db20
SHA512 92514d748d96845a052007c8c86cad25bb340df373da951953ed2bed2bff21fa7bc026bd23d11866d59e62e540e9de3058c535e7b358d5188ef0b78e2f7929a6

C:\Program Files\7-Zip\Lang\is.txt.azov

MD5 38a9a34b84fc3e10d67097d4a85ee790
SHA1 dad511bd958f494cfbbfbce65beb0b44b032f426
SHA256 7cbec374e9ee54a652c2b997894120dc7e79218d8e52c77e6c00621a89826c4b
SHA512 f82e30694176f730496c980265162f2928695a19d470dfdcf7c204bbe92a8a77cb2edd609d28ac914a748dcd27c173134b50c07e5a7f744f9f90c6101494fd28

C:\Program Files\7-Zip\Lang\io.txt.azov

MD5 428ee6cb3105d046289e0d5d94d860b8
SHA1 d7914a3054454c9c4859b4261a7551c28dffa18b
SHA256 a1dc7faaed51b3b91ddd7097ef38724b7babe089c075339cb6eaafb36b39cfb7
SHA512 d47012b7bd6dc2bcae49eb4e7808ad3456359b41ef7b51e6263d421b965eae49620c9600692c5b08649ccf4767a090776e5cbaf6d189508540e9d3f59cbd0b72

C:\Program Files\7-Zip\Lang\id.txt.azov

MD5 943894f6c31a92026e234c6b866935ac
SHA1 8fdc3b92eef8fd358cbf17d7b7f3d9c104f5bfa9
SHA256 93aa570fb4c3073fea348acc4fb1334ff54ba664730b2baa02fc55dea7543d95
SHA512 1fa7fcd5f0982f57644e20924ad3eae2861d1bbbac86c0fe365674459803f6514e1e7bcbf918f6dd3ff235a6ef9c92caf1c9f0b62b40b4c519054f5e1a07887b

C:\Program Files\7-Zip\Lang\hy.txt.azov

MD5 2b1bc2ba1e4525b3b2801a6d5f55c9a5
SHA1 cd521cbe8a5894b321ffa2a7f9810564e71d62e5
SHA256 82effb9a0db1122f641831fdddfea1cf9e385d3bde59f8fc46452745e6172b88
SHA512 55a6a304cc87b31038c7c8fd7d2f6dfbfaf06feed828c5afa5174f2c8784f28b24ffdafae128e911ad7b1bf2d60e96e5ad167e2b5c7bc80cf28e762ef57d2775

C:\Program Files\7-Zip\Lang\hu.txt.azov

MD5 79bc71d4c6055ce7034677f299e294ab
SHA1 c373c332fdf7deaacf514e2dc7d6b2fc9a663b91
SHA256 ea49a97a3c045c27db5fca8969d118e9170739b2eae414422598cf343a2dccb4
SHA512 0df4f3e29bf59bfc20cb5587f62e272cb82b21fe55287e7721e0658f3bc3f33c4d2859a9b0e1fd72d3dbd5f91c334d007e372933c177dba18a239d0da21da5d3

C:\Program Files\7-Zip\Lang\hr.txt.azov

MD5 f5ef4ec1018fee74d3a164e19ef88030
SHA1 b04e695de8e0c7b006389fcf316c3c939e1d863d
SHA256 22e413572b68a99320f3ff3457c6085ec49f039a3b7a85ed8e88aefc5abeaba0
SHA512 5573c3b2f4768e6d7be2b5650e7d0db5ae4b4c36ccf68514fc501a308f65cee6aee0bce8aa17d3dcb8ead4127205cabe96b41db023db796ef778d07afe517172

C:\Program Files\7-Zip\Lang\hi.txt.azov

MD5 1986a86fd8cf6aa155d912bef1b919d2
SHA1 8f6a868ce3ea76555c5cb4e1a18fcc1de81103ad
SHA256 dd809791f9490c1a4b9be1b8495a7dff97cdae361a76d4eeaf34aa45882430de
SHA512 bd664d918879d494af40a37f203a09138a629597dfac2f180ecb65ac48744510a98da466a15f23124ba944d476bf20a25d4794054ef7ba730b7c35a302166f3f

C:\Program Files\7-Zip\Lang\he.txt.azov

MD5 0a2aa01a6dbc03b7e56a98dfb4016244
SHA1 7fd97d6fa95d2b7a9b4a94c20ac077c66bc02e02
SHA256 62496685c4a5d595b726dce935ba25f7bff4f174e4f891fe8566d9ebd547e29f
SHA512 2b4e2b7a5fa9c6136d7d3ffddfee7d305916335e155c5601d3dfbccb22a4a2a8e242a283098b322dee14bfabbb1e3a6b8bf4d0fe6573eb76f3445706cba2f2fb

C:\Program Files\7-Zip\Lang\gu.txt.azov

MD5 7d6d979b8989c73a5865a932a7f7b01d
SHA1 593ff338ec935025e590fc945cfed344e0d8e7f9
SHA256 b4b320a635b7f2d1a033dca86302fff920c245ad2e7ddf4c85fa005055640153
SHA512 60243c6610c614a2c4ed9aa4ee76e36aa18d514a8cafcf8528314ccadda2c7761d597081217b5fcc1cc80d11107b4f295cf025aa08d9624ecbf2fa77fe0abaaa

C:\Program Files\7-Zip\Lang\gl.txt.azov

MD5 9effbaa2fcc3ec34f36b64a96cb0408d
SHA1 2865a16cd242e69a855120e4285f795b33ac353f
SHA256 67d610427f1a45739bf54475544c6d9324ece5a25f60b0c8e521a2aa847d15fd
SHA512 cb56afcd0d3b0e7471280fff85fd456e7aca9b9765d4110a90b7570359869f487a791da493f22e33af2931b7b4a9c7db2e7a45bb0b5088928718e68df0dd2718

C:\Program Files\7-Zip\Lang\ga.txt.azov

MD5 e3011085d443d4dd433dbd700b948e27
SHA1 d812aa598605be90fc512d36e4b34b72c9f0f40a
SHA256 f694abe55c5c4220165ee2026854e9ec5c54292c3eeab18ab0d8e2ec7c9782f2
SHA512 e054c1478f229d7ebc758797db8fbb2a561daf539ad823945147d39ab6dd1652a5c028519ed693066f5a786c51bd2fb306285557f3b3f895d0b324606ad26f15

C:\Program Files\7-Zip\Lang\fy.txt.azov

MD5 3c4fd2f28a11366596e9051c54f70d20
SHA1 50d35e3bcd20405e5e18110397b461d990d98406
SHA256 ea0fcc9477e2611c0d096a2200183e8f226489b7615885d1c71a5c70cbb38c6b
SHA512 5ecaa79788ce39915818126818d0e3f8fa91b57ccd4580f65b44c7706872d1df76460b722f7ff55a0b42e8907f42477517ed7f56497153bb5656e71c2056cb49

C:\Program Files\7-Zip\Lang\fur.txt.azov

MD5 74edcb94b59641f8e757a92193b06059
SHA1 499431fef17e5459978b140eed4df04f12eb360b
SHA256 7827461739b9770bea9dbe575a4e42a808b6912663dac2d249c1ddd5a65420af
SHA512 4dc93ab394cdea6b04abbf16c61feda81f66d302d1b9497d0151762eb1101c9f2bba76cd95678672a5637ac8bfc9411efb86ab3158d25c1c6a0e235b24157fc2

C:\Program Files\7-Zip\Lang\fr.txt.azov

MD5 6746db4e61f61f50d98644596353bda7
SHA1 e83b1bf1da2f7200f799417f34219c7f5d9cad16
SHA256 c08e483c2b70aaf1973729d42be0ca5f92104f79e39225f3a2fff52c00c1ebc6
SHA512 30396bf40d309c34946605d0621eee6cba70ad263084d8392d7629f667a6bbd63cbb8ae95761e4cfaaee72598ab5b33c69168b13503b28fb633421c0b2742d16

C:\Program Files\7-Zip\Lang\fi.txt.azov

MD5 2f61c81d2d86a86cde18603fe3250d12
SHA1 ca12fa4b6d8df6e74ab25ba6579520e6011718eb
SHA256 70016e76d9bf264faebc8721bcf47ee7c6f5cf96786b841b2da0e17c26b580b6
SHA512 e0d034a706653fa3fb43242ce12730c4bdf214cdee818f6621562d88e01f3714185be3c84aab8249bfbde09c495eb8aa3bf04729f5c94239030d33bd70590fa7

C:\Program Files\7-Zip\Lang\fa.txt.azov

MD5 5d0a1c1afeefd34dedfa5abaaa257534
SHA1 58b22a217b3b4b769d69ece1de2aaa55fc88e120
SHA256 0ed89d7caad50d2287488f3712810f63165a45d84a36d12bb9d28b22de9085f9
SHA512 bb04a1879bf1d33590cac979d18f6b57e73ffa0732eaa7416b23dc9e381ad04bba9eb2465a75b48e1e57b468ecec4adde0a7bacb61e794e497b106c414da8c21

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 eda8cf449b9ee40b6cef6410fa234a46
SHA1 39d62698b5bfd547bb82c70a48d9da9d790ec2b9
SHA256 6d38827d564b51f6a3abb23705986a41e83bc4e198c10d2e40ba833970d21e0a
SHA512 b491b2358dee0b4ecb4924b67ddbfd643b74661849c87008fc0e4fae105be8ffb8a9db1362f38de058dd70ef2b93781b6e30880de2b569d81cd43013b9461083

C:\Program Files\7-Zip\Lang\ext.txt.azov

MD5 c5af6fa9daeacb7cc836d973c5cc63f3
SHA1 899483113a8a8eacf7e3d9a75375de8c27e7a4a0
SHA256 51d1eb13ab34ab4a24190e65ae8bde6255d83e60542782f93001aec4d291ddd2
SHA512 0f36ed09689ea450bcbb2676618b27afc46d3572ddf82ce33f21ae69bd470add59242153d04bf82d5d111d8438f63d635b53b60a85109ac95af0e0a00b651df8

C:\Program Files\7-Zip\Lang\eu.txt.azov

MD5 a1fc2600af1e8f20958f6be0f811da32
SHA1 9e6458cf3418424d9ddc635b383c89e6a2cb2d28
SHA256 1763dbbbcfbd7d5fed1d720b9c4f49300be7a4045a5eaf239d2e8a3eed763659
SHA512 89b4b27d96640550ce059b35a062ab950de11e98f8b2c8c68ef1c729c189f4b397da3c56b947798fa1cc05b65918bdaea1dd7749a8de870e2a2cde49f8bd8da3

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 b388c180cb7049a23a0f13a343d08798
SHA1 aeb150f0c6e3f561d3c228fbf2f2a917775f7cab
SHA256 64a2c5e7a2b2c8310ccb784be2ffb98318dc341cbb2ad27738f3ebeeb8691a16
SHA512 065dc865a62d6f0cb3686c5d7be0df281d7084f52e63320fe626d189a32b0977878ecbb5644b0aa27b568a529a21be96acebc95a17d3c8b0687b6cec88cb3caa

C:\Program Files\7-Zip\Lang\et.txt.azov

MD5 dd1c13da2b3344fe326e164014353d07
SHA1 9fe0d3cf7716fbfae8c391a91703d5ea7a7a1408
SHA256 64106cc7244767b763cc6d72136b248eeeeb57713ef561e5174c0160c774880b
SHA512 e19d82e4a31e25d17a87199441640f8ea9685a954dc856229ef4948925438b41781727f936aa39f6fb51be991bee6571cefb9cb2a185685e031ee618e419e3b6

C:\Program Files\7-Zip\Lang\es.txt.azov

MD5 f3d64f31f62a1f7c33da929ec809bec8
SHA1 a3395155856cf5f44fe562572dd45cb47e744100
SHA256 1bc784b9f0888f2a546faa6cdaf4732b9578bc96e3647eff53df9c2b8af4108e
SHA512 da3e1f78e9687bf9b252a2052b8e5306a19266c93c73ea0a5dd4264bde49b110e03850255051d02f0fbc5e22b20d9c7cce487a67ec8e28b694d68118e9f54516

C:\Program Files\7-Zip\Lang\eo.txt.azov

MD5 04dc2d05607f904e17fd0354fd75a407
SHA1 8a499a7976bd346864791ce5d019b5857056faa2
SHA256 6389888d29e0cf65125d71d7bbc981b31a0f892044d519ef3b1688dc98e0c1fa
SHA512 4a1c07ec4bdf0fe6e02087160a5dbbb9b6ac639218df9cf0fbbdda7f2d720650476ae6743f6ad3f28f04490e27c2142db2c1338c4a532676b27f3e18c05b2f69

C:\Program Files\7-Zip\Lang\en.ttt.azov

MD5 0a7ec78cd618c1aded3c6c459a35c0ed
SHA1 5cc0331df0c0d9baebe12b08ef2d0d8360b67db3
SHA256 a4cfde6e7a172552b5b4f4edafe0aa8769e997a5b395ace5f21fc511c5a8e202
SHA512 89556536f49d1a249d6ab2ccb79375f6b92cca8e328f95ef2a42eb28e68df6a3d9e237634656ce68da0d7e588f2e3dfaf0704ad2ab6f41d345465f605f90ad61

C:\Program Files\7-Zip\Lang\el.txt.azov

MD5 f35aef4233530cba997c7b9c1c4288d8
SHA1 643eaaf58f046ed14d53cbe7ee4d8bd5869fa786
SHA256 55819a7e627859a262280e4c2d590c7bddfc1d1b5f0de8e38709c74848639b71
SHA512 fdf66b1df7817bb174389efadc6796d2d2e1cc3c8625464ed51d48b63a66ff39057ce61d4e5b88d728f42cc19ddf5eb9060eab51b4da425e0ee6c2f63f1dd5e4

C:\Program Files\7-Zip\Lang\de.txt.azov

MD5 386e3d0c2dc697162ca618d22777732b
SHA1 52b862203dd10f7fbe3fa87630a0856e253a0f83
SHA256 3a21e8134d3ccc919bb7ea09d0ccda767bdb4627fd3d3ef1bfbd6369ab9a24f3
SHA512 e8172b458063e27a5d144e4747d99d95f11e6f26ac325c9396c398964826ada54a0b96da2d74e67ef1ec52b87286d2a04d6d7fb72d66ebeee11f12cf856aeeb9

C:\Program Files\7-Zip\Lang\da.txt.azov

MD5 9a160bd13b363aab0b69e8fa44db3f2e
SHA1 0809e2388f80173b9aba602c097aed8c778d7cea
SHA256 f61cda136be087c0210cc6c36694cafdb5531f9eda5a959056a1893bb954d3c5
SHA512 69e9d8408fe763ebeaab4aedfba46ed301d715ec334ac512a9fdf6f79da314cc9279b64c31a7de4d21c6604b1b7ea1526d35d8835da601b370da3ce326423740

C:\Program Files\7-Zip\Lang\cy.txt.azov

MD5 8f4d403b775db312b7be241cd745c11e
SHA1 a1f569bd5bac306cfb62033ce4d6cc596d79e770
SHA256 a8cd750db4bccbe6aa232732df141cfb71db064db34d06c1803ce022af3a0605
SHA512 9589346257b65245f9d9baea16609bb80829ae962d6467e4429e99a40cb32a4e8e869b84c46ba74eedcf924b435ca623cf18ff4b0ac9ec8a936a6e1fdc5413e0

C:\Program Files\7-Zip\Lang\cs.txt.azov

MD5 ac700118ccd564b1b09cd577239539b0
SHA1 e910c1c7036a3809967352909f67edd778574418
SHA256 cfd279ad464189f1ec8075372cd2876f7877c310b0e7b5829cdec3ad1217b488
SHA512 50d78906580be9398a7e2cf008846a3c68e148f301d5644c92b507da549c4c7be91f2616188ccfb42476a2c15736237d0faf436dc536491f236d5fc2d903a29a

C:\Program Files\7-Zip\Lang\co.txt.azov

MD5 c43fdd665b30f9b19cd8f37e345ce7ac
SHA1 38aaae1cecc05a10df478fde413fff91bd57f7eb
SHA256 bddbf92b91c2305a2a4a11f9337841fd711f62ee34e0cbcee9eb3bae5d39640a
SHA512 b93c4e65c8635bfbafa613a5401f8504096abfd6f9d22b366a945ef7726512e3754a54d2bf1ba1483b1029d03c827fc4c360609ea46e4b3628c294177a8fe768

C:\Program Files\7-Zip\Lang\ca.txt.azov

MD5 62464ac39ce1ba29b18ef5307839c26b
SHA1 cdf66afd4ee091cda163cbbf2ed90ed09df12765
SHA256 437328b2c22a923463ea19cead5ed3fd5b7e70465a63aca99a8bab322f9633b5
SHA512 a701ff2b8f8c65000ac966d80dc5524504e8e97fc254780915388a430af2fae2b5fa0bcbe8b3ec98983ae62a5bd9dc148faaa3843d6fdebb9a1cba8166978184

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 f3297a3921ccb23187bdf244f8fc2087
SHA1 7f8f7b9bbd795b9b3a4e511fd535c27eb394217a
SHA256 10f1b4ec5a2e74c401e97fb81d49ca387f85e48bbeeacbed9b07180f11e034e8
SHA512 ef0ea80cba7951984a9abccaab54b94b527b81bc50b9a4ea3b1e11dda48f3004e89606e2e9e1d0ee6aba11d01843d70eec3eef2abcd79e32385137a27b43407c

C:\Program Files\7-Zip\Lang\br.txt.azov

MD5 1c3c431bd325a7d2fcba400c227fc7bf
SHA1 1bbcd19df9b299fd73445acf93a9b2ca6f359943
SHA256 8d6783191d493f06e5157556a1a71a277905135035ebb19e2351bfbe09e97062
SHA512 6788b63ddb842c054de5d7729e7f34cd6fc499d9a2d9028284926a4b1a9aeec759e6b0e67d6dacc07575922a2d04baf95ef413f68167e83b0278962e792256f5

C:\Program Files\7-Zip\7zFM.exe

MD5 6ff1f79a442f6b30df24457720da24ec
SHA1 9f2d217cf20615cd28033468ef8e241281ce4766
SHA256 c7c7333702b58521c6aae9031b35e1a3a3f059027f7669c9f15a58fa2bc15ecd
SHA512 9cf2119f261ffca927447960047e5665a195601b5fe4376bc87306ef70e8a07df4a731a1b44bb733362890e934abdac5529d0b9220518f9ace45ceb7c511657e

C:\Program Files\7-Zip\7z.exe

MD5 9fa1d4505f3df15569350123ba4d57ef
SHA1 97343cc85b09ac568f0e68d1be82ea6c52d36daf
SHA256 3fb875e8044da50bf9018d30c9d0be90469343d47b84eb48f2cca4bbb1f142df
SHA512 aac348518268cf7664039f4ae0df2fd1f41b16ffbc4c8b8779fdafdec57f0c5cf37c0d2e2c9445f9eb48cec29bddf975182761bbb6c49dac643abcee940dfb37

C:\Program Files\7-Zip\Lang\bn.txt.azov

MD5 dc4ef697056397eff539bb88e3337222
SHA1 67fb21e0a561493021bb60f253d400b8406d94db
SHA256 003be18f457762327080c2a81477dffbab69c03f560c57cffe91743efa5d1e23
SHA512 7b571a5d77d1919a0aebe97adfe10a0f0c402123792dd501f351c49d0ba15874082a0e54aab0eadd18d21e6b0a602bcfff1d904b6440377622ea80b2871f69ff

C:\Program Files\7-Zip\Lang\bg.txt.azov

MD5 1c0c93988ce088efe84d4b7e548d578e
SHA1 b046eaa3a55865ac9de93830cd3686aaae9d3c0e
SHA256 495d5f2cb059eccfb098b9cbb3d4588a23e8f16b32f9a64cc36cbf933bf771d7
SHA512 9105915dad679d51d9155ec8bb74e1b18665201cd6d59d53bd94e7e2d013e6e57d4e9e70e6187c6f6567733f4bf8f8934b27e46e833a8847ab57b7a1685dbb9e

C:\Program Files\7-Zip\Lang\be.txt.azov

MD5 ab959c3a5c3f9066964315605ce1ad98
SHA1 d062992d68e87e824564af7b18a793f81ee74828
SHA256 d2a415730ad74105c75b0a0090fa475807595cb89ae65b582216c88b02459465
SHA512 097fb7d2102d3445da6c6fd4c6181a4bb590d02a2537b6fa6a9f46e20402edb97318d0e9fdee98d58e98f9ff4bf3b56c7fda805daf1bf810cd25b85751f22417

C:\Program Files\7-Zip\Lang\ba.txt.azov

MD5 e74b1cdcb480cfca0c8cb50feb8b477f
SHA1 c1b5f3cb3533b19909d6b545175d10d7bdbbaf2f
SHA256 80fb690c08afc516ddbf71df90fd5f88e63ef5ecd6f0f75e4d9147c294556e3d
SHA512 c1320e8c375c8f7700814e94c0f35ce01515b606180c3e1acd38dbd4eec283cfe0572dd712626d38ce609339fb075a76527b515103ac8102bfc62f173ab0111c

C:\Program Files\7-Zip\Lang\az.txt.azov

MD5 4c22b41913e6883a27b5e98cbc1bccb9
SHA1 d88e94300b057376af4ebf3e9f4184ab238cb952
SHA256 51909ec64213505d3c2978e894979177e5ce2cd1f20eb5aec4500327ad2a7368
SHA512 5cbec0fcf4671c2c80eeb0c92e6b290c250c6b866a7daf7aefc127db03f30552dd480c74ede03b2cf630a3887f738e5d1365444b3c9b8442af78765d79299aab

C:\Program Files\7-Zip\Lang\ast.txt.azov

MD5 a5917b98a648d339e8a8564f6e4987bd
SHA1 ea4f5297defc5acdef652ee007e0a0cff566d94d
SHA256 90b6ed8f24735b5abf5cfaf0b4128d79244075b4e5e0e3678ed24f4d9e5f9062
SHA512 cb55dacf03d5331dfb19f1ff669de4e00f19dbcec6a6d05022687cd0bfc9eb790c6a3c759c10faa6182829d5a2982f608540e9286a910be063e938b20403be34

C:\Program Files\7-Zip\Lang\ar.txt.azov

MD5 c7bfda0c261f2507adc6dce19447f85e
SHA1 895161464fbd451f4cd48892d71b5928aab21520
SHA256 9de66b143435b6590e19637dbc63ecf95660713b249515fedd4a3dfbd1da84ef
SHA512 88bab3e3ef50db6c50f9755bd6680b5deec4d741512bd1e32c13a6dbcd0b5b083ea9d0d48c46521875007ab9be03dd83b507e6720d65d314f6efedf691e66ceb

C:\Program Files\7-Zip\Lang\an.txt.azov

MD5 ec872954f87d09665aa0d5d8add2e119
SHA1 2925b42f76d5aa879cab65ecec2ecfb2d9e5cc0b
SHA256 50e5bb7ebc503f872e307aefba2f901fab1547a25dd705cb6ac01aae585e4278
SHA512 1f6d552e01f0ff2ee890ca138049dfe693e5d0cbfd1e8985454c0d8158e3617e5ba106bb1e1c38786adb30630d8e1667b9b0af75a144759885a00d43dbfe4ee0

C:\Program Files\7-Zip\Lang\af.txt.azov

MD5 2f9c6116b5a4d7b36fa85b22ca4e64f6
SHA1 561c8330fa895cd3344b58d5fd8bce8cb4b9ef31
SHA256 000beea979c12b65fdffc06696523a63fbbc33aa16309ce3a8a05fc289c8341b
SHA512 769782317e093711054f770ad85f0fd595e45c6ae97a8f5e9fa95c0270173568661b420895fe7c92c0a1023569646e6428d812440b2ca1f25bc08621230c7328

C:\Program Files\7-Zip\History.txt.azov

MD5 0b929e8e2dbbe14e7ee61233e398cb2b
SHA1 33cb27ac80fc563ba64319e04ce1cc9e213b873d
SHA256 30665288c0e79a70d86b083299705179d6f6bf84f8897e2fa991c71b110e43fe
SHA512 645bb73580a427ddcedf23bdb944ed523a8a3048147ac061a5dfead16e7790c2f2e0cd2e188e05aea2f54bbb156d03ac425f65c91c8e158c10d952c3a3ab16c2

C:\Program Files\7-Zip\descript.ion.azov

MD5 f8f47814befc938900becc5b7ef343a5
SHA1 6e23eadb859d0d8213bbead1d23549edc7cb8911
SHA256 0d46f237262d2da993946714de1ba6520bdf4d6d6591d6973a8a177d45166c32
SHA512 ba305b4e6410949d60be089981ca57b4cdf3ba282be3617694b8bdc3756108c5a759f4f3865bfc5931722b17bb1b045e1e53727806f7657d21919e9b7f7fb377

C:\Program Files\7-Zip\7zCon.sfx.azov

MD5 1e90f7046f3ce3536469168d55f4efcf
SHA1 fea107c0f9d6af192677396f6af893f0a2be8108
SHA256 88710dfa87ddd66feb5f4a3638fba65a5a079ae646dd9292e4055336a2b1b32a
SHA512 2f9c09bee525e05f36ead90c82eafad6e96ccf3e2e0e0ce8f4e0cea753750c5f080cbb81cd0e3aaab161bca681f565b3806ea57fda8f06f69d66678bd3f29191

C:\Program Files\7-Zip\7z.sfx.azov

MD5 fecba86fa3c724b3a63ab58fe846ae8f
SHA1 416cbe685a0a65851eb5158c7035c477c4efbbd3
SHA256 9cdc8ee86db23317b97d382477e25b5c2fae193b5358afc26e27502bebda1bfa
SHA512 de4c9480726d20bdcbf76185e17097af26597ff3004d8b57de52d5f0fa7d0946a64ba65290bfa60ebd2beaf7ba075a3b06dd07bcb23145f5dff89f8886986803

memory/4316-2253-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2254-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2255-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2261-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2265-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2264-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2263-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2262-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2259-0x0000023945750000-0x0000023945751000-memory.dmp

memory/4316-2260-0x0000023945750000-0x0000023945751000-memory.dmp