hxxps://www[.]google[.]com/url?sa=i&url=https%3A%2F%2Finstall-game[.]com%2Fparasite-in-city-screenshots-4%2F&psig=AOvVaw2w53023Xv4VvTj4KsIZwO_&ust=1664284463835000&source=images&cd=vfe&ved=0CAoQjhxqFwoTCLDYyfbEsvoCFQAAAAAdAAAAABAI

Analysis

max time kernel
950s
max time network
952s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
26-09-2022 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/url?sa=i&url=https%3A%2F%2Finstall-game.com%2Fparasite-in-city-screenshots-4%2F&psig=AOvVaw2w53023Xv4VvTj4KsIZwO_&ust=1664284463835000&source=images&cd=vfe&ved=0CAoQjhxqFwoTCLDYyfbEsvoCFQAAAAAdAAAAABAI

Score

10^/10

discovery persistence ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\History.txt

Ransom Note

HISTORY of the 7-Zip -------------------- 22.01 2022-07-15 ------------------------- - UDF support was improved to UDF version 2.60. - HFS and APFS support was improved. 22.00 2022-06-15 ------------------------- - 7-Zip now can extract APFS (Apple File System) images that can be used in DMG files. - 7-Zip now can create TAR archives in POSIX (pax) tar format with the switches -ttar -mm=pax or -ttar -mm=posix - 7-Zip now can store additional file timestamps with high precision (1 ns in Linux) in tar/pax archives with the following switches: -ttar -mm=pax -mtp=3 -mtc -mta - New switches for Linux version for TAR archives: -snoi : store owner/group ids in archive or set owner/group ids from archive to extracted files. -snon : store owner/group names in archive - New -snz switch to propagate Zone.Identifier stream to extracted files (Windows). - New option "Propagate Zone.Id stream" in Tools/Options/7-Zip menu. - New "Options" window in "Add to archive" allows to select what metadata must be included to archive. Also it allows to select new option "Do not change source files last access time". - Some bugs were fixed. 21.07 2021-12-26 ------------------------- - 7-Zip now can extract VHDX disk images (Microsoft Hyper-V Virtual Hard Disk v2 format). - New switches: -spm and -im!{file_path} to exclude directories from processing for specified paths that don't contain path separator character at the end of path. - In the "Add to Archive" window, now it is allowed to use -m prefix for "Parameters" field as in command line: -mparam. - The sorting order of files in archives was slightly changed to be more consistent for cases where the name of some directory is the same as the prefix part of the name of another directory or file. - TAR archives created by 7-Zip now are more consistent with archives created by GNU TAR program. 21.06 2021-11-24 ------------------------- - The window "Add to Archive" now allows to set a limit on memory usage (RAM) that will be used for compressing. - New switch -mmemuse={N}g / -mmemuse=p{N} to set a limit on memory usage (RAM) for compressing and decompressing. - Bug in versions 21.00-21.05 was fixed: 7-Zip didn't set attributes of directories during archive extracting. - Some bugs were fixed. 21.04 beta 2021-11-02 ------------------------- - 7-Zip now reduces the number of working CPU threads for compression, if RAM size is not enough for compression with big LZMA2 dictionary. - 7-Zip now can create and check "file.sha256" text files that contain the list of file names and SHA-256 checksums in format compatible with sha256sum program. 7-Zip can work with such checksum files as with archives, but these files don't contain real file data. The context menu commands to create and test "sha256" files: 7-Zip / CRC SHA / SHA-256 -> file.sha256 7-Zip / CRC SHA / Test Archive : Checksum The commands for command line version: 7z a -thash file.sha256 *.txt 7z t -thash file.sha256 7z t -thash -shd. file.sha256 New -shd{dir_path} switch to set the directory that is used to check files referenced by "file.sha256" file for "Test" operation. If -shd{dir_path} is not specified, 7-Zip uses the directory where "file.sha256" is stored. - New -xtd switch to exclude directory metadata records from processing. 21.03 beta 2021-07-20 ------------------------- - The maximum dictionary size for LZMA/LZMA2 compressing was increased to 4 GB (3840 MiB). - Minor speed optimizations in LZMA/LZMA2 compressing. 21.02 alpha 2021-05-06 ------------------------- - 7-Zip now writes additional field for filename in UTF-8 encoding to zip archives. It allows to extract correct file name from zip archives on different systems. - The command line version of 7-Zip for macOS was released. - The speed for LZMA and LZMA2 decompression in arm64 versions for macOS and Linux was increased by 20%-60%. - Some changes and improvements in ZIP, TAR and NSIS code. 21.01 alpha 2021-03-09 ------------------------- - The command line version of 7-Zip for Linux was released. - The improvements for speed of ARM64 version using hardware CPU instructions for AES, CRC-32, SHA-1 and SHA-256. - The bug in versions 18.02 - 21.00 was fixed: 7-Zip could not correctly extract some ZIP archives created with xz compression method. - Some bugs were fixed. 21.00 alpha 2021-01-19 ------------------------- - Some internal changes in code. - Some bugs were fixed. - New localizations: Tajik, Uzbek (Cyrillic) 20.02 alpha 2020-08-08 ------------------------- - The default number of LZMA2 chunks per solid block in 7z archive was increased to 64. It allows to increase the compression speed for big 7z archives, if there is a big number of CPU cores and threads. - The speed of PPMd compressing/decompressing was increased for 7z/ZIP/RAR archives. - The new -ssp switch. If the switch -ssp is specified, 7-Zip doesn't allow the system to modify "Last Access Time" property of source files for archiving and hashing operations. - Some bugs were fixed. - New localization: Swahili. 20.00 alpha 2020-02-06 ------------------------- - 7-Zip now supports new optional match finders for LZMA/LZMA2 compression: bt5 and hc5, that can work faster than bt4 and hc4 match finders for the data with big redundancy. - The compression ratio was improved for Fast and Fastest compression levels with the following default settings: - Fastest level (-mx1) : hc5 match finder with 256 KB dictionary. - Fast level (-mx3) : hc5 match finder with 4 MB dictionary. - Minor speed optimizations in multithreaded LZMA/LZMA2 compression for Normal/Maximum/Ultra compression levels. - bzip2 decoding code was updated to support bzip2 archives, created by lbzip2 program. - Some bugs were fixed. - New localization: Turkmen. 19.02 alpha 2019-09-05 ------------------------- - 7-Zip now can unpack files encoded with Base64 encoding (b64 filename extension). - 7-Zip now can use new x86/x64 hardware instructions for SHA-1 and SHA-256, supported by AMD Ryzen and latest Intel CPUs: Ice Lake and Goldmont. It increases - the speed of SHA-1/SHA-256 hash value calculation, - the speed of encryption/decryption in zip AES, - the speed of key derivation for encryption/decryption in 7z/zip/rar archives. - The speed of zip AES encryption and 7z/zip/rar AES decryption was increased with the following improvements: - 7-Zip now can use new x86/x64 VAES (AVX Vector AES) instructions, supported by Intel Ice Lake CPU. - The existing code of x86/x64 AES-NI was improved also. - There is 2% speed optimization in 7-Zip benchmark's decompression. - Some bugs were fixed. 19.00 2019-02-21 ------------------------- - Encryption strength for 7z archives was increased: the size of random initialization vector was increased from 64-bit to 128-bit, and the pseudo-random number generator was improved. - Some bugs were fixed. 18.06 2018-12-30 ------------------------- - The speed for LZMA/LZMA2 compressing was increased by 3-10%, and there are minor changes in compression ratio. - Some bugs were fixed. - The bug in 7-Zip 18.02-18.05 was fixed: there was memory leak in xz decoder. - 7-Zip 18.02-18.05 used only one CPU thread for bz2 archive creation. 18.05 2018-04-30 ------------------------- - The speed for LZMA/LZMA2 compressing was increased by 8% for fastest/fast compression levels and by 3% for normal/maximum compression levels. - 7-Zip now shows Properties (Info) window and CRC/SHA results window as "list view" window instead of "message box" window. - Some improvements in zip, hfs and dmg code. - Previous versions of 7-Zip could work incorrectly in "Large memory pages" mode in Windows 10 because of some BUG with "Large Pages" in Windows 10. Now 7-Zip doesn't use "Large Pages" on Windows 10 up to revision 1709 (16299). - The vulnerability in RAR unpacking code was fixed (CVE-2018-10115). - Some bugs were fixed. 18.03 beta 2018-03-04 ------------------------- - The speed for single-thread LZMA/LZMA2 decoding was increased by 30% in x64 version and by 3% in x86 version. - 7-Zip now can use multi-threading for 7z/LZMA2 decoding, if there are multiple independent data chunks in LZMA2 stream. - 7-Zip now can use multi-threading for xz decoding, if there are multiple blocks in xz stream. - New localization: Kabyle. - Some bugs were fixed. 18.01 2018-01-28 ------------------------- - 7-Zip now can unpack DMG archives that use LZFSE compression method. - 7-Zip now doesn't allow update operation for archives that have read-only attribute. - The BUG was fixed: extracting from tar with -si switch didn't set timestamps for directories. - Some bugs were fixed. 18.00 beta 2018-01-10 ------------------------- - 7-Zip now can unpack OBJ/COFF files. - new -sse switch to stop archive creating, if 7-Zip can't open some input file. - Some bugs were fixed. 17.01 beta 2017-08-28 ------------------------- - Minor speed optimization for LZMA2 (xz and 7z) multi-threading compression. 7-Zip now uses additional memory buffers for multi-block LZMA2 compression. CPU utilization was slightly improved. - 7-zip now creates multi-block xz archives by default. Block size can be specified with -ms[Size]{m|g} switch. - xz decoder now can unpack random block from multi-block xz archives. 7-Zip File Manager now can open nested multi-block xz archives (for example, image.iso.xz) without full unpacking of xz archive. - 7-Zip now can create zip archives from stdin to stdout. - 7-Zip command line: @listfile now doesn't work after -- switch. Use -i@listfile before -- switch instead. - The BUGs were fixed: 7-Zip could add unrequired alternate file streams to WIM archives, for commands that contain filename wildcards and -sns switch. 7-Zip 17.00 beta crashed for commands that write anti-item to 7z archive. 7-Zip 17.00 beta ignored "Use large memory pages" option. 17.00 beta 2017-04-29 ------------------------- - ZIP unpacking code was improved. - 7-Zip now reserves file space before writing to file (for extraction from archive). It can reduce file fragmentation. - Some bugs were fixed. 7-Zip could crash in some cases. - Internal changes in code. 16.04 2016-10-04 ------------------------- - The bug was fixed: 7-Zip 16.03 exe installer under Vista didn't create links in Start / Programs menu. - Some bugs were fixed in RAR code. 16.03 2016-09-28 ------------------------- - Installer and SFX modules now use some protection against DLL preloading attack. - Some bugs were fixed in 7z, NSIS, SquashFS, RAR5 and another code. 16.02 2016-05-21 ------------------------- - 7-Zip now can extract multivolume ZIP archives (z01, z02, ... , zip). - Some bugs were fixed. 15.14 2015-12-31 ------------------------- - 7-Zip File Manager: - The code for "Open file from archive" operation was improved. - The code for "Tools/Options" window was improved. - The BUG was fixed: there was incorrect mouse cursor capture for drag-and-drop operations from open archive to Explorer window. - Some bugs were fixed. - New localization: Yoruba. 15.12 2015-11-19 ------------------------- - The release version. 15.11 beta 2015-11-14 ------------------------- - Some bugs were fixed. 15.10 beta 2015-11-01 ------------------------- - The BUG in 9.21 - 15.09 was fixed: 7-Zip could ignore some parameters, specified for archive creation operation for gzip and bzip2 formats in "Add to Archive" window and in command line version (-m switch). - Some bugs were fixed. 15.09 beta 2015-10-16 ------------------------- - 7-Zip now can extract ext2 and multivolume VMDK images. - Some bugs were fixed. 15.08 beta 2015-10-01 ------------------------- - 7-Zip now can extract ext3 and ext4 (Linux file system) images. - Some bugs were fixed. 15.07 beta 2015-09-17 ------------------------- - 7-Zip now can extract GPT images and single file QCOW2, VMDK, VDI images. - 7-Zip now can extract solid WIM archives with LZMS compression. - Some bugs were fixed. 15.06 beta 2015-08-09 ------------------------- - 7-Zip now can extract RAR5 archives. - 7-Zip now doesn't sort files by type while adding to solid 7z archive. - new -mqs switch to sort files by type while adding to solid 7z archive. - The BUG in 7-Zip File Manager was fixed: The "Move" operation to open 7z archive didn't delete empty files. - The BUG in 15.05 was fixed: console version added some text to the end of stdout stream, is -so switch was used. - The BUG in 9.30 - 15.05 was fixed: 7-Zip could not open multivolume sfx RAR archive. - Some bugs were fixed. 15.05 beta 2015-06-14 ------------------------- - 7-Zip now uses new installer. - 7-Zip now can create 7z, xz and zip archives with 1536 MB dictionary for LZMA/LZMA2. - 7-Zip File Manager now can operate with alternate file streams at NTFS volumes via "File / Alternate Streams" menu command. - 7-Zip now can extract .zipx (WinZip) archives that use xz compression. - new optional "section size" parameter for BCJ2 filter for compression ratio improving. Example: -mf=BCJ2:d9M, if largest executable section in files is smaller than 9 MB. - Speed optimizations for BCJ2 filter and SHA-1 and SHA-256 calculation. - Console version now uses stderr stream for error messages. - Console version now shows names of processed files only in progress line by default. - new -bb[0-3] switch to set output log level. -bb1 shows names of processed files in log. - new -bs[o|e|p][0|1|2] switch to set stream for output messages; o: output, e: error, p: progress line; 0: disable, 1: stdout, 2: stderr. - new -bt switch to show execution time statistics. - new -myx[0-9] switch to set level of file analysis. - new -mmtf- switch to set single thread mode for filters. - The BUG was fixed: 7-Zip didn't restore NTFS permissions for folders during extracting from WIM archives. - The BUG was fixed: The command line version: if the command "rn" (Rename) was called with more than one pair of paths, 7-Zip used only first rename pair. - The BUG was fixed: 7-Zip crashed for ZIP/LZMA/AES/AES-NI. - The BUG in 15.01-15.02 was fixed: 7-Zip created incorrect ZIP archives, if ZipCrypto encryption was used. 7-Zip 9.20 can extract such incorrect ZIP archives. - Some bugs were fixed. 9.38 beta 2015-01-03 ------------------------- - Some bugs were fixed. 9.36 beta 2014-12-26 ------------------------- - The BUG in command line version was fixed: 7-Zip created temporary archive in current folder during update archive operation, if -w{Path} switch was not specified. The fixed 7-Zip creates temporary archive in folder that contains updated archive. - The BUG in 9.33-9.35 was fixed: 7-Zip silently ignored file reading errors during 7z or gz archive creation, and the created archive contained only part of file that was read before error. The fixed 7-Zip stops archive creation and it reports about error. - Some bugs were fixed. 9.35 beta 2014-12-07 ------------------------- - The BUG was fixed: 7-Zip crashed during ZIP archive creation, if the number of CPU threads was more than 64. - The BUG in 9.31-9.34 was fixed: 7-Zip could not correctly extract ISO archives that are larger than 4 GiB. - The BUG in 9.33-9.34 was fixed: The option "Compress shared files" and -ssw switch didn't work. - The BUG in 9.26-9.34 was fixed: 7-Zip File Manager could crash for some archives open in "Flat View" mode. - Some bugs were fixed. 9.34 alpha 2014-06-22 ------------------------- - The BUG in 9.33 was fixed: Command line version of 7-Zip could work incorrectly, if there is relative path in exclude filename optiton (-x) an

Signatures

Downloads MZ/PE file

Executes dropped EXE 17 IoCs

Processes:

7z2201-x64.exe7z2201-x64.exe7z2201-x64.exe7z2201-x64(1).exe7z.exe7z.exe7z.exe7z2201-x64(3).exe7z2201-x64(4).exe7z2201-x64(4).exe7zG.exe7zFM.exe7z.exe7z.exe7zFM.exeparasite_in_city.exeparasite_in_city.exe

pid	process
2552	7z2201-x64.exe
4744	7z2201-x64.exe
60	7z2201-x64.exe
436	7z2201-x64(1).exe
2984	7z.exe
2564	7z.exe
924	7z.exe
644	7z2201-x64(3).exe
3292	7z2201-x64(4).exe
652	7z2201-x64(4).exe
4828	7zG.exe
4796	7zFM.exe
27408	7z.exe
27544	7z.exe
5924	7zFM.exe
6108	parasite_in_city.exe
568	parasite_in_city.exe

Registers COM server for autorun 1 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

7z2201-x64.exe7z2201-x64(1).exe7z2201-x64(3).exe7z2201-x64(4).exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201-x64(1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201-x64(3).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\7-Zip\\7-zip.dll"	7z2201-x64(4).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201-x64(4).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2201-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201-x64(1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\7-Zip\\7-zip.dll"	7z2201-x64(1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\7-Zip\\7-zip.dll"	7z2201-x64(3).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201-x64(3).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201-x64(4).exe

Loads dropped DLL 5 IoCs

Processes:

7zFM.exeparasite_in_city.exe

pid process

2444
2444
5924 7zFM.exe
5924 7zFM.exe
568 parasite_in_city.exe

pid	process
2444
2444
5924	7zFM.exe
5924	7zFM.exe
568	parasite_in_city.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

parasite_in_city.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	parasite_in_city.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	parasite_in_city.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

7z2201-x64.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2201-x64.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2201-x64.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2201-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2201-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 64 IoCs

Processes:

OpenWith.exe7z2201-x64.exe7z2201-x64(1).exe7z2201-x64(4).exeOpenWith.exe7z2201-x64(3).exeOpenWith.exeOpenWith.exe7z2201-x64(4).exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2201-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	7z2201-x64(1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2201-x64(4).exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2201-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201-x64(3).exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64(1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2201-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2201-x64(4).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201-x64(4).exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64(1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\7-Zip\\7-zip.dll"	7z2201-x64(3).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2201-x64(4).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64(4).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2201-x64(1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2201-x64(3).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64(3).exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Applications\7z.exe\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2201-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2201-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2201-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Applications\7zFM.exe	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2201-x64(1).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	7z2201-x64(4).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\7-Zip\\7-zip32.dll"	7z2201-x64(4).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201-x64(4).exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201-x64(1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2201-x64(1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201-x64(3).exe

NTFS ADS 7 IoCs

Processes:

firefox.exe7zFM.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\7z2201-x64(1).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2201-x64(2).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2201-x64(3).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2201-x64(4).exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Parasite in City 1.03.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO427348E1\parasite_in_city.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\Downloads\7z2201-x64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

7zFM.exe

pid process

5924 7zFM.exe
5924 7zFM.exe

pid	process
5924	7zFM.exe
5924	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 9 IoCs

Processes:

7z2201-x64(1).exe7z2201-x64(4).exe7zFM.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exe7zFM.exeparasite_in_city.exe

pid	process
436	7z2201-x64(1).exe
3292	7z2201-x64(4).exe
4796	7zFM.exe
5824	OpenWith.exe
27208	OpenWith.exe
27472	OpenWith.exe
27600	OpenWith.exe
5924	7zFM.exe
568	parasite_in_city.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

Processes:

firefox.exeAUDIODG.EXE7zFM.exe7z.exe7z.exe7zFM.exe

description	pid	process
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: 33	4628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4628	AUDIODG.EXE
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeRestorePrivilege	4796	7zFM.exe
Token: 35	4796	7zFM.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeRestorePrivilege	27408	7z.exe
Token: 35	27408	7z.exe
Token: SeDebugPrivilege	4856	firefox.exe
Token: SeRestorePrivilege	27544	7z.exe
Token: 35	27544	7z.exe
Token: SeRestorePrivilege	5924	7zFM.exe
Token: 35	5924	7zFM.exe
Token: SeSecurityPrivilege	5924	7zFM.exe
Token: SeDebugPrivilege	4856	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

firefox.exe7zFM.exe

pid process

4856 firefox.exe
4856 firefox.exe
4856 firefox.exe
4856 firefox.exe
5924 7zFM.exe
5924 7zFM.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4856 firefox.exe
4856 firefox.exe
4856 firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

firefox.exe7z2201-x64.exe7z2201-x64.exe7z2201-x64.exe7z2201-x64(1).exe7z2201-x64(3).exe7z2201-x64(4).exe7z2201-x64(4).exe

pid	process
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
2552	7z2201-x64.exe
4744	7z2201-x64.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
60	7z2201-x64.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
436	7z2201-x64(1).exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
644	7z2201-x64(3).exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
3292	7z2201-x64(4).exe
4856	firefox.exe
4856	firefox.exe
4856	firefox.exe
652	7z2201-x64(4).exe
4856	firefox.exe
4856	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 2668 wrote to memory of 4856	2668	firefox.exe	firefox.exe
PID 4856 wrote to memory of 1768	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 1768	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 944	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe
PID 4856 wrote to memory of 4108	4856	firefox.exe	firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/url?sa=i&url=https%3A%2F%2Finstall-game.com%2Fparasite-in-city-screenshots-4%2F&psig=AOvVaw2w53023Xv4VvTj4KsIZwO_&ust=1664284463835000&source=images&cd=vfe&ved=0CAoQjhxqFwoTCLDYyfbEsvoCFQAAAAAdAAAAABAI
1⤵
- Suspicious use of WriteProcessMemory
PID:2668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/url?sa=i&url=https%3A%2F%2Finstall-game.com%2Fparasite-in-city-screenshots-4%2F&psig=AOvVaw2w53023Xv4VvTj4KsIZwO_&ust=1664284463835000&source=images&cd=vfe&ved=0CAoQjhxqFwoTCLDYyfbEsvoCFQAAAAAdAAAAABAI
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4856.0.793247707\848556083" -parentBuildID 20200403170909 -prefsHandle 1532 -prefMapHandle 1524 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4856 "\\.\pipe\gecko-crash-server-pipe.4856" 1620 gpu
3⤵
PID:1768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4856.3.1756007355\1319059771" -childID 1 -isForBrowser -prefsHandle 1440 -prefMapHandle 1412 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4856 "\\.\pipe\gecko-crash-server-pipe.4856" 2240 tab
3⤵
PID:944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4856.13.1552661890\1598716052" -childID 2 -isForBrowser -prefsHandle 3368 -prefMapHandle 3364 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4856 "\\.\pipe\gecko-crash-server-pipe.4856" 3380 tab
3⤵
PID:4108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4628

C:\Users\Admin\Downloads\7z2201-x64.exe
"C:\Users\Admin\Downloads\7z2201-x64.exe"
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2980

C:\Users\Admin\Downloads\7z2201-x64.exe
"C:\Users\Admin\Downloads\7z2201-x64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4744

C:\Users\Admin\Downloads\7z2201-x64.exe
"C:\Users\Admin\Downloads\7z2201-x64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:60

C:\Users\Admin\Downloads\7z2201-x64(1).exe
"C:\Users\Admin\Downloads\7z2201-x64(1).exe"
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:436

C:\7-Zip\7z.exe
"C:\7-Zip\7z.exe"
1⤵
- Executes dropped EXE
PID:2984

C:\7-Zip\7z.exe
"C:\7-Zip\7z.exe"
1⤵
- Executes dropped EXE
PID:2564

C:\7-Zip\7z.exe
"C:\7-Zip\7z.exe"
1⤵
- Executes dropped EXE
PID:924

C:\Users\Admin\Downloads\7z2201-x64(3).exe
"C:\Users\Admin\Downloads\7z2201-x64(3).exe"
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:644

C:\Users\Admin\Downloads\7z2201-x64(4).exe
"C:\Users\Admin\Downloads\7z2201-x64(4).exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3292

C:\Users\Admin\Downloads\7z2201-x64(4).exe
"C:\Users\Admin\Downloads\7z2201-x64(4).exe"
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:652

C:\7-Zip\7zG.exe
"C:\7-Zip\7zG.exe"
1⤵
- Executes dropped EXE
PID:4828

C:\7-Zip\7zFM.exe
"C:\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:27208

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Parasite in City 1.03.rar"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:27408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:27472

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Parasite in City 1.03.rar"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:27544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:27600

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Parasite in City 1.03.rar"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5924

C:\Users\Admin\AppData\Local\Temp\7zO427348E1\parasite_in_city.exe
"C:\Users\Admin\AppData\Local\Temp\7zO427348E1\parasite_in_city.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:6108

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\parasite_in_city.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\parasite_in_city.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\7-Zip\7-zip.chm
Filesize
111KB

MD5
34208890a28244903621cd32cc3fbdfc

SHA1
15fe9d3706366011749707f2b4868bcf2f77c6cb

SHA256
4b6939646570c9ddb5bfd39b8503eed99d8c64337e72f6dd4f9ddcfb4ac76703

SHA512
25239239bc7e134dcc371d420d34a3f10f83f239fcd1e73d7de8123fc24c6cd8acaf17c5bee456a15dcf296dc1dcbb7fa1e4df505614bde676661789dc63048d

Download Submit
C:\7-Zip\7z.exe
Filesize
532KB

MD5
fe522d8659618e3a50aafd8ac1518638

SHA1
7d1b392121da91393f69d124928f9fe50d62f785

SHA256
254cf6411d38903b2440819f7e0a847f0cfee7f8096cfad9e90fea62f42b0c23

SHA512
fbbcb853b77ac038e4b7f7668e9fefdc7ba3592c6899cddfd72125d68d0b2d6b858baa3987907d58a5333ea9a4d5eb0ab8b7535a6263738f96212a6146c49b81

Download Submit
C:\7-Zip\7z.exe
Filesize
532KB

MD5
fe522d8659618e3a50aafd8ac1518638

SHA1
7d1b392121da91393f69d124928f9fe50d62f785

SHA256
254cf6411d38903b2440819f7e0a847f0cfee7f8096cfad9e90fea62f42b0c23

SHA512
fbbcb853b77ac038e4b7f7668e9fefdc7ba3592c6899cddfd72125d68d0b2d6b858baa3987907d58a5333ea9a4d5eb0ab8b7535a6263738f96212a6146c49b81

Download Submit
C:\7-Zip\7z.exe
Filesize
532KB

MD5
fe522d8659618e3a50aafd8ac1518638

SHA1
7d1b392121da91393f69d124928f9fe50d62f785

SHA256
254cf6411d38903b2440819f7e0a847f0cfee7f8096cfad9e90fea62f42b0c23

SHA512
fbbcb853b77ac038e4b7f7668e9fefdc7ba3592c6899cddfd72125d68d0b2d6b858baa3987907d58a5333ea9a4d5eb0ab8b7535a6263738f96212a6146c49b81

Download Submit
C:\7-Zip\History.txt
Filesize
54KB

MD5
b1206a5abf93bc64601a3caa2dff47d4

SHA1
8f3ec5931b77f0841522324fb1202599b396e45a

SHA256
24a8a7c00f0bb8ac3096f58f53bd47fa392b8d220c1c43d372100bd692c68e5f

SHA512
6b13003fe209885f377ed93340a2472b936bc5699ed9e645f40a9dacc647d9aa280f78c991805b9646861fa4ca1e85e9799c3868daead643e21a9b351b2663f9

Download Submit
C:\7-Zip\Lang\af.txt
Filesize
5KB

MD5
fbbe51acb879b525cc6b19d386697924

SHA1
a030539bfe976e02f9540993e746c35e288834cd

SHA256
3793fb69ee9fd958cf15a272b1ed54e4b3d75592836ebcd085dc0e7b1400d1cb

SHA512
3fee44a909cad9b620fdd850a31d70e762a834524d8ed61490e243c8df40eaebd5b8e0ee5243efd924714e49376eaa024b8ed4bc70b1b7d50d5c6695b03f12be

Download Submit
C:\7-Zip\Lang\an.txt
Filesize
7KB

MD5
bf8564b2dad5d2506887f87aee169a0a

SHA1
e2d6b4cf90b90e7e1c779dd16cbef4c787cbd7cf

SHA256
0e8dd119dfa6c6c1b3aca993715092cdf1560947871092876d309dbc1940a14a

SHA512
d3924c9397dc998577dd8cb18cc3ea37360257d4f62dd0c1d25b4d4bf817e229768e351d7be0831c53c6c9c56593546e21fd044cf7988e762fb0a04cd2d4ec81

Download Submit
C:\7-Zip\Lang\ar.txt
Filesize
12KB

MD5
1c45e6a6ecb3b71a7316c466b6a77c1c

SHA1
04bf837911fa31ffca8e034158714b47f6489d38

SHA256
972261b53289de2bd8a65e787a6e7cd6defc2b5f7e344128f2fe0492ed30ccf1

SHA512
5358bb2346c9f23318492b5e7d208e37a703c70d62014426eadd2dd8cda0b91c9d9c2a62eafe0137faefb38bf727fd4d5d8dc18394784ccae75ae9550558e193

Download Submit
C:\7-Zip\Lang\ast.txt
Filesize
5KB

MD5
1f86ae235bc747a279c9e9ec72675ce4

SHA1
4a67757fa535978021d794d8d2392d3028350686

SHA256
8fcd1b8ce6fed05f406c4b81aea821132800bc494d3fd6f42a4258a81f8998ec

SHA512
216500b5451b84a4882729307b6ea952688550e109a0afbb0d67db0f882f642e5d9e8dd2fc86591c4b2d49658fc7434294cadcd1d2322119fbd1f46190efb7e5

Download Submit
C:\7-Zip\Lang\az.txt
Filesize
9KB

MD5
81b732a8b4206fb747bfbfe524dde192

SHA1
4d596b597cf25ff8d8b43708e148db188af18ef9

SHA256
caec460e73bd0403c2bcde7e773459bea9112d1bfacbe413d4f21e51a5762ba6

SHA512
8667bff18a26fe5b892ecfdc8d9c78ecc5659b42c482e1f9e6eb09f7cf5e825584851cd4e9a00f5c62d3096d24cc9664f8223c036a4f2f6e9c568269b2fbb956

Download Submit
C:\7-Zip\Lang\ba.txt
Filesize
10KB

MD5
d83b65ac086da0c94d6eb57bee669c2b

SHA1
6210f62d41d44cc280f44b39accf10da28424b75

SHA256
2901b54f7621c95429658cb4edb28abd0cb5b6e257c7d9a364fc468a8b86baae

SHA512
56c7ecb4223103d81ffd11c214cceac20e7770b82fbc78a5e82e6dd9d589cc319d4689bb6d9027e5d272097e1b33ddba27a8414fcbc29f9ef68329e343004222

Download Submit
C:\7-Zip\Lang\be.txt
Filesize
11KB

MD5
3c21135144ac7452e7db66f0214f9d68

SHA1
b1ec0589d769eab5e4e8f0f8c21b157ef5ebb47d

SHA256
d095879b8bbc67a1c9875c5e9896942bacf730bd76155c06105544408068c59e

SHA512
0446a0e2570a1f360fd8700fd4c869c7e2dbb9476bbdec2526a53844074c79691542b91455343c50941b8a6d5e02a58ee6aa539cc4c4ae9cf000b4034ef663e2

Download Submit
C:\7-Zip\Lang\bg.txt
Filesize
12KB

MD5
833afb4f88fdb5f48245c9b65577dc19

SHA1
1a6e013226be42cd2d2872b1e6e5747fab65fe8a

SHA256
4dcabcc8ab8069db79143e4c62b6b76d2cf42666a09389eacfc35074b61779e3

SHA512
05bbc7abcfd0a0b7c3305c860b6372871cf3927bbe1790351485a315166e4cbdf8d38d63e01b677bdba251ce52da655f20b2d44b997d116a1794c7b3eb61ef31

Download Submit
C:\7-Zip\Lang\bn.txt
Filesize
14KB

MD5
d0e788f64268d15b4391f052b1f4b18a

SHA1
2fd8e0a9dd22a729d578536d560354c944c7c93e

SHA256
216cc780e371dc318c8b15b84de8a5ec0e28f712b3109a991c8a09cddaa2a81a

SHA512
d50ea673018472c17db44b315f4c343a2924a2eaa95c668d1160aa3830533ca37cc13c2067911a0756f1be8c41df45669abe083759dcb9436f98e90cbb6ac8bf

Download Submit
C:\7-Zip\Lang\br.txt
Filesize
5KB

MD5
c2eb67d788756be5ecaa0a8cfb3d1e0b

SHA1
0636e7fba4ec0fd12f93347451b5690c7b0bf788

SHA256
0f6bf6749c42c844980db32ee56cadc987ce245ef650bc7d626d56468a7cbe6a

SHA512
0f98317078723d35553f8252ff9e37a997c90276fbb18359247aa257fc7630b7f6a0c6f6b02ac0a06afd33cca56c77a01494e04fc1a4ce43ded0d40f9f18dd42

Download Submit
C:\7-Zip\Lang\ca.txt
Filesize
9KB

MD5
1657720023a267b5b625de17bf292299

SHA1
0045dfafafb9c9058f7d0d6a6c382959c5a67fe0

SHA256
ed8748da8fa99db775ff621d3e801e2830e6c04da42c0b701095580191a700a6

SHA512
e7998f6484370e53db9cdc80cd55070e408aa93161fa59e48c6e2b26462d6d3eb774c011212840ef1eb821a5ba067b6706cd4ca2be00619aecd24a11e6ca136f

Download Submit
C:\7-Zip\Lang\co.txt
Filesize
11KB

MD5
8e9eba50a1fd7469d183a3cf4e806bb3

SHA1
8e050793f37b367551632f8c41486fd39beb8ad0

SHA256
0f485681c606f422f6eb7311a1f151873b47eed2832a129c2550b868e6610cd9

SHA512
182a10522bc4702361b2cd6f84b305b1f5d95e1788fda8eaf0e20f3d0d217f9afd7c6a1892ff60584eefde217d93fc87a03e52450e02ab770ffa29151c48462e

Download Submit
C:\7-Zip\Lang\cs.txt
Filesize
8KB

MD5
641b90f9aedfc68486d0d20b40f7eca6

SHA1
0a683dd844534905336784fadd80498afe26f6fa

SHA256
87a4b9369fd51d76c9032c0e65c3c6221659e086798829072785be589e55b839

SHA512
567cb9f6c31d196a171e5a9c2726a39a9b3d351ac92d4acf8624213a68c9033acc31afaaad82aa9f5359f32d3a0ca40522e151b8370d553a41abeb6a6e097078

Download Submit
C:\7-Zip\Lang\cy.txt
Filesize
5KB

MD5
0f5662a68805d859f871edc07e766a57

SHA1
aa4c9c1271fd5ffdc6076ddfe157d9fb8e0018b8

SHA256
931de741a6c8f1348a946623776fe36c55dd2fc384c7b1478225f7467853199e

SHA512
cb8c072a8f6c782b678845e156493ac3b2e29a0821e2939aa5119f28289c0e70dd70eb3f7e4832bdb5e8ac1f486a3d7900ec013a637ed117320b96740f37a8f1

Download Submit
C:\7-Zip\Lang\da.txt
Filesize
8KB

MD5
d8aba2da47c1031832957b75a6524737

SHA1
b83069ef9f7a08f18804ae966b8d18657e2907cd

SHA256
f65026ae33d4302a7ef06a856f6f062c9730100f5a87d5c00fb3feaf5fcd5805

SHA512
82b5f4ab8e3e2310a98be87b5cf2cbf04b7aeae1798cd69529325ee74add40bdca38eda865a821f66436906d4f3224004f690cf406b532e116475d2b2424b570

Download Submit
C:\7-Zip\Lang\de.txt
Filesize
9KB

MD5
40ae22f5bcbeab6f622771562d584f2b

SHA1
4eaa551055ccfa0076766b7bdf111de9dbcc1c82

SHA256
06e5265a2b30807296480dc0b0d3a27e41f1381d61229e4eb239c4930d14a43e

SHA512
581a94dc12fe48aebfd88453351697aed9de5b1decf4c5dd53cf4db38d50727d3b887498f0bee6bd532cfbdc8af7bc01fc8d58ce0c3f6fac235bc6ff3f843125

Download Submit
C:\7-Zip\Lang\el.txt
Filesize
16KB

MD5
812df218dae08f9f883a7455015707b2

SHA1
6e7d7d1c8e783b9b913f44df515f4d376d3502c4

SHA256
cf90a21c69a13e0d674b6b74e2904f7d9d3bee594d89862155d94105311f47a7

SHA512
51c3c6151b47fa5e3968604cc2385c5d0984ccb96b8f92982bd28440786e1b99826aa70ae1232465a3469ddb6c50d13a241b6a979387eb47bff013953db1ed07

Download Submit
C:\7-Zip\Lang\en.ttt
Filesize
7KB

MD5
72ea78fc93365651aa4222b6ebf31bf9

SHA1
9a2a5a2879e30dde4571f75eb00f95f58226c768

SHA256
4d6405dc6f93c00fa7eff8bbcac256d079ff56c5d0edaac41bb1a80c0ab2fecd

SHA512
61d5a60b26162ea6218a256e7f5c31d2aba4c24563d0a075cff280e683b6be61209042bd5f85e02ee6c4b5156d7f894934b6755f17594aede5199edb01f63fd2

Download Submit
C:\7-Zip\Lang\eo.txt
Filesize
5KB

MD5
53bc9385d0ea9e7e601bbe9b2cd5e3cf

SHA1
2ad5323c3f8340027a19ca63c46072cff56505f2

SHA256
d598733b1dd7fa37fd156348bc2bae5549dbd6c709125d1d40f43eff6bec2445

SHA512
354c841c73662b2529fba4f10b802102b9f2d87446c7e68f02c96a19265621c250fc0fbf27ca746d27da7d06d56e1d6f2a7ff6f990680afd5290778d7ea28ab4

Download Submit
C:\7-Zip\Lang\es.txt
Filesize
9KB

MD5
5a449308a0176d6401181bef4af13765

SHA1
9d8bc3e801bcfb43c7dbfab94ab91a4079a2070f

SHA256
7dddae25296f14c1f45ac032d9c950c3a8d39a41489f9d2b06000edcfa7a6660

SHA512
2aebd25219b12d88bdf7a4a1b90b6b13b4ed5d4215e15d2316494c56b7d696eeb3252478200bcf0d84160d11979f5a71c72ca110dd3e28e901cfdb13255c45b0

Download Submit
C:\7-Zip\Lang\et.txt
Filesize
7KB

MD5
54d610c174514d0f60b382249885963c

SHA1
4d2c22ba3da557a3e8641f8d5388123d96c8259f

SHA256
d3fc7e1dd6f0486c99997b75d9d8c5592da6cfb9b89c3ec4f59e7bc5826b3456

SHA512
80d51ce4dafa9967ddfa7a8bdf4f62351fa085a7059bc63f9427e0a5e70dc21cb917057f1a41b5e1a218138141dedcadf02e18a0f028ebee8316aaf4ad280d59

Download Submit
C:\7-Zip\Lang\eu.txt
Filesize
8KB

MD5
29ec04893f6b2c9058a8f1e0beaf9081

SHA1
8e7b5a0ec24153aa7be02f0395c003df02cf6a09

SHA256
536d93ca6d7c96d203b51333c4e78de2429f78d32cc321461589626759c84127

SHA512
b84e6606a5f58392de5c5f8113db10b8212a82bb93367469284ad2dd9a961bf381e3d230179ec19a32cae7a266cdde7290d95a262dea247b267fdce905f89972

Download Submit
C:\7-Zip\Lang\ext.txt
Filesize
7KB

MD5
f048977cdc74ff4d1f045fb3fd5d0118

SHA1
4d44f8644a0d41fdde9f7d7732b197a4ebb65dae

SHA256
3cd8b8633fbc076ee07bf58da6e01ab692df461381a2bad4ef5512c653da46e4

SHA512
48011fbffa45f8809fc6e7d1e8899ee29d4cc6be2cde36484301e71a3c3ffb85cca6cca6a9e9e79af5355b1309834f67d62100ad09aec852d152aca3688d129b

Download Submit
C:\7-Zip\Lang\fa.txt
Filesize
13KB

MD5
6948e051256dcb49dd6e977a30c53881

SHA1
c9c65393ddac81447743d1348a0f45db88a8ded8

SHA256
1a368671bca4ebd97b9edeb84976ec208ceff1c251b93870ebcc9d35936faa06

SHA512
4e580b070a1ca26b1243c3c2b99bf14756ac59d1ca0f152f0e1f61feff35a8e7164029a387c069812c2959f69c2f11736902dd33e7254569603ad403b8d7c1e8

Download Submit
C:\7-Zip\Lang\fi.txt
Filesize
8KB

MD5
7ac9d88f81aacef8759e510e9601a4b9

SHA1
249fe906a2d5a8e084cad76e3e67dad26c77bdb1

SHA256
24d66c5733314f3f72b7ca0f5ceb5a3246726dddefcf2f033715188edb062db5

SHA512
00b67a09cc101c557b7c9a5ea623e654407a953fe87ebb5786a7a2e8ba1944130ba4026a64bf83952a14e7a7c719f81351d8a84fe0b3fe9ba553e4796e7a7ec1

Download Submit
C:\7-Zip\Lang\fr.txt
Filesize
9KB

MD5
b1b6e1c3cf5247ec1618a88f9853d54d

SHA1
0671cb77ad76f9e27237aa538f8efa6bccc40de3

SHA256
cc283e9b0c1822f757372c21f179710c4592a2f7755e706c48065bcfe70bba5b

SHA512
045422d358b3348a1e52cced12d70757a7e6026801113eb68f07a399acc75b6ecc9a1a4401cb7a65506c6f61d4fbb348765b0c80080072bfe06e0500cf31b0ac

Download Submit
C:\7-Zip\Lang\fur.txt
Filesize
7KB

MD5
dfd698a0f6ed7bf405a8fdd6f33b2315

SHA1
a8cdbc14ad118c61d484cd62e8c4e7d1141fbb4e

SHA256
fc944eaa7883341372ebd5ef0e2f236ca248b2996a902240a75218541b600e72

SHA512
07c5cd9ededc00fc28f878d83d327d91a91edc236b51d05cd8171e43bb175072fe9bf0a4c89d09e21441d8192b08e5c3e5e156fa132b1c657715a5b7cb0488a6

Download Submit
C:\7-Zip\Lang\fy.txt
Filesize
6KB

MD5
0111890c0137974fce2d79b6d22e5686

SHA1
98ab055fa8bf5f410cad55627424d6512338a4a1

SHA256
9fe460264af4abd9ff23eab79387ebb52b4498758645cd5721e75fd7b747e536

SHA512
86acdb4d62bf9c784bf21999cba5fa3674e70fe5647fdf1dc6a9c5b3cf9c182a18272d9c8400d997bb09e12c908e08a87a951c3d0156a134802e00f70dd1ad90

Download Submit
C:\7-Zip\Lang\ga.txt
Filesize
8KB

MD5
b4295e254b9dfc90e0093188257c007c

SHA1
6ae9b959a752c32fab8407b3aa277f300165a579

SHA256
406669ecbdf562e773b9cdf831cf5f63c3dd1a012c3521a41227c9141511d959

SHA512
cc4671a9312b7f41ddecd2e02d038affd58bbc62363b811f15f10002c82ae826e060f5ad6e2b1fd75557b3dc3bbf12b6e6900b398623cf547e3727ccaa6bf8e1

Download Submit
C:\7-Zip\Lang\gl.txt
Filesize
9KB

MD5
492e51b4b5b287fe2b90a5f0bd433847

SHA1
f7e1eba770d3d07d0e8c2bd61d556508ef0578b8

SHA256
54f676333ce58af67b839b0f0470f99f405b5ce7fdb9c345a19d00b6423277e5

SHA512
0aa1df55256324b24b495543e4abbefd776108bdd90d3155d02b1c10f018bdbd1700c4430848dfbd5073a374715f8510efb17ae1812a9aa44b65e50edb23de59

Download Submit
C:\7-Zip\Lang\gu.txt
Filesize
17KB

MD5
410c8a33c66b4b2bc707e113d9c76914

SHA1
81a9f3618168dbecf309907ee74591ac3b1297b6

SHA256
9025d8a58e0c76b186c943ef8a73a1bba6c08945e346de14d3c255ccfa3a10e6

SHA512
a520cf2dc7e9f653bb08c93c657cb8e2d1142e86c3e0bacc44457cba5ede044e91ff01f55139c5aeb7b3f26e51724931ea2b2bb20a058c4b9d888a3ae8766021

Download Submit
C:\7-Zip\Lang\he.txt
Filesize
11KB

MD5
1b53819f8d58fd734b5fd985756b557c

SHA1
8759783adbd62c6f32511313babb9d138fa0a150

SHA256
dcd061a0a7b29f55fa28d4396f60881836c2df07cd936412c476a7f149540cc4

SHA512
b7f0a16d9d02434e7d1c619768dc1d67c163ad6630c19630c405b5934311c41b65918c61dd5f27555cf5cf629411d57fe2ce04fc6c99a2272d4689b69a078e73

Download Submit
C:\7-Zip\Lang\hi.txt
Filesize
17KB

MD5
a0fc3c3d880a54918d86b40ffda12f23

SHA1
34fb9f1b5a6731100466f66e193ab5028b3ec1be

SHA256
8cce5e5a846196dac3649483290160177f47d88a7dcf0e85acfd3131856a266a

SHA512
bd1f17d76699f177ce6df4b69f82dfa777a0ae20e243d5fed0605fe951a79d8ae54371b07eb30f075161c108f46be1ce21b162b66cc099c02adb6eb6d5e8f158

Download Submit
C:\7-Zip\Lang\hr.txt
Filesize
8KB

MD5
a0a8a75560efcf15801c96e6d71becc3

SHA1
b3f7b92d2a13151a14b493108a50a8365c46f6a0

SHA256
a72f01215eba3be3af6659129dd20f7a42d74f1da08658a9c8ce8e303c3e8f64

SHA512
d730c0dc30a299b6bab1b8cfae64d8d4bdea121e651641f578b0947bf5f67669f342ce20198b26fe7881ec99baf290695bc460828198a997b4e59ec91396c217

Download Submit
C:\7-Zip\Lang\hu.txt
Filesize
9KB

MD5
eebea9c4e71a5d2820f5e8972822800f

SHA1
e9f5e741995bf92266e5b6d6891896e5b9cc1f42

SHA256
ef79e98fc911e0d0d16bd061a65f50f5e50caa011699852e1608a2629b8ba37d

SHA512
01b4bd586a1b2629b94dab877510110e6fa1286eb9cdf7882539d42466609d830489ba450e7e7cc41958f463227f5376151f912591aa88c7866182374ed574a5

Download Submit
C:\7-Zip\Lang\hy.txt
Filesize
13KB

MD5
1362c3c286cff992117d5466bbe284f6

SHA1
faf50ecdb6db6cd6ba9e0ae18e7fad64511048c7

SHA256
d8f60bf92541d20d01f6ddd56d49f25519303fd16e285e18080be6815b74b8a8

SHA512
1834fe901b1182b793872e2a822801966abdf312873e15877e589b9c6a58d04e06a2c60b26d2209fe7048f7ea9befe0f6b39630eb4c5578a54735b6840677205

Download Submit
C:\7-Zip\Lang\id.txt
Filesize
8KB

MD5
73b9f189f0c37d7cf37df8db89fb52af

SHA1
060ad5b22f8dd408260b7210392c0a6f6271fbff

SHA256
18c4531e9fc00ed242f1c0526dbcd0a3d1ada9bcfee651ae950328ac872a216f

SHA512
f8dca8e9aecbaa7fd596535fb792314253814098c1089262ed36e78960ffebe377c6436354228a9b4e17bb87fa6e1833110fd843c63bbce3294262b623df86e0

Download Submit
C:\7-Zip\Lang\io.txt
Filesize
4KB

MD5
df8bd55b7a296da48c8705e1d00bad7e

SHA1
a77adf8befce2ab506c2fc728df2d0725983af95

SHA256
60eda200d8d995626fdfb1d523f02a9aa538ce5e8ee5028b41293f615a9d451a

SHA512
c3abbc52ed7b331681e2ca1ea260dc54ed93854799839ec5e724439368e970f09a145bcdb0b638099fa3c8dbedb21b2ef69196b35565a597e45606491b5d5642

Download Submit
C:\7-Zip\Lang\is.txt
Filesize
8KB

MD5
f361950b7d1bb073ef48ca729b7ed5ea

SHA1
8c5d3fb8e09c9682c6256f05f82ca67c58f0ff2b

SHA256
f4f9d6dfd36512f027452499b083ad0656df6503ce03e4e4cc45b925f1f1d678

SHA512
6163fb77d3155525a563ad907cdf48fa18a6ce019a073c7d9dc2438927217d0d8534ada7fc444114f14ac216c89d12e83f5b582021be693baec80bd69199909e

Download Submit
C:\7-Zip\Lang\it.txt
Filesize
9KB

MD5
9a932d9f4fe81f10bae4f9647896c814

SHA1
82bc53850f22e65bdab370b9c09d6f59850233e1

SHA256
b844b4690421478cfb218a32a28665470d1505a65c724ca3f0d40e8ca313ecb5

SHA512
db41cfd6d3b559d187edbca4c5343c706e91fa73a43e00d9c56c975211f7615a284ac6f2c7e69fcffb790c6e9c02d34356afaba895f88cc785605727d6578cf4

Download Submit
C:\7-Zip\Lang\ja.txt
Filesize
11KB

MD5
1e121ab29c3388a0629568d98c25e9e8

SHA1
cb45ca908d31a2373d2a45ecafa758befdbbc363

SHA256
d86a3453713fbea8f8d1077589404ff4792362fc1999a2d4b1bd3392180fb7d1

SHA512
897d04f659d691646791911bf1694ef531f1e90a995ac844fbcddd81e2b3bd73d32b53c5b4427c2b506f6790a4807ea042e85f0e13f810ffd415dd0a519d40e9

Download Submit
C:\7-Zip\Lang\ka.txt
Filesize
17KB

MD5
eb2af4dc4c28275ae1876523944d708e

SHA1
bfb87569112a081a99ecd5bfdcc6f2aead07f67b

SHA256
b78defec49d07120b74c2172f3e07540314771b16729c6bbfc3a1902ece2eda0

SHA512
e04680a6050fc6b3d0bf50a092f5fe2049bedf705f479fb5c45852e4cc19d1b735b85166da15ea67dbeb3aacf39dbe6c80eda9d4c180805d87762468875ab49a

Download Submit
C:\7-Zip\Lang\kaa.txt
Filesize
7KB

MD5
dfba5c2185e113eef167a5e21c32df76

SHA1
e36703d7d1954e3f1729a0497674ec15c41a2f76

SHA256
4d631602ce3d0c4d9162af6bf56a90c8eef75a24d556b729191b62f79aba0681

SHA512
3271b66114bd6f145693258c5e84a175acb3db865169734a9beb5de7f9aefd06b4144650dc0e98fd47dd38ad3cabd26415640cddc8ac611c23d14487e975fb70

Download Submit
C:\7-Zip\Lang\kab.txt
Filesize
8KB

MD5
c6ac7aad8bce83ac69f197db9d4529f8

SHA1
5fa31ccfa23b753cee7aee7ee65915aaa94f9b01

SHA256
b8a7a5182dfdacc9baccb412e161c60864d3b5d30038935122c736ae4f4ebc22

SHA512
a643e38a5801a50fd318fefeb0245b8935c818737b860839c15fa09b0cc0e9ef55eb455e3ceaf8b2263ae23b5befd1e6013ba63c4abd1b89627905498ff026be

Download Submit
C:\7-Zip\descript.ion
Filesize
366B

MD5
eb7e322bdc62614e49ded60e0fb23845

SHA1
1bb477811ecdb01457790c46217b61cb53153b75

SHA256
1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f

SHA512
8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
Filesize
601B

MD5
3204b65ef5e61a87e01eacc74c0c1fe9

SHA1
c7813913a03642d74a978a29f08ee475bc497b05

SHA256
9a0b053f7f4bbfd70c6792f9c04b892f378ef96ea70af135a868c681964d7f60

SHA512
64844afe974df250886e8daa9ef9e661d1272630d648ce9d0d24b17c4b45440022723d2d8b9f11d3d483091d1b471ced42bf32ddbb40647f8950781385efab33

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk
Filesize
606B

MD5
3bdcb6441046659353d9be651d3160b2

SHA1
709a5ad4ccfc36170016dcab169a93a2317f7cde

SHA256
a09ccb531588a00a0029c14419f2edd61547f5dc0655553429f576d673999644

SHA512
cf9115e16511fbe8d696c45ec2925036ee9e27a15d95394e76b2b9b29d0b6744f383b5969349f37662ac353888bc17ee9669a788b5602ecdea174875b43d794a

Download Submit
C:\Users\Admin\Downloads\7z2201-x64(1).exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64(1).exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64(3).exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64(3).exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.exe
Filesize
1.5MB

MD5
a6a0f7c173094f8dafef996157751ecf

SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580

SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

Download Submit
\7-Zip\7-zip.dll
Filesize
92KB

MD5
c3af132ea025d289ab4841fc00bb74af

SHA1
0a9973d5234cc55b8b97bbb82c722b910c71cbaf

SHA256
56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52

SHA512
707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

Download Submit
\Program Files\7-Zip\7-zip.dll
Filesize
92KB

MD5
c3af132ea025d289ab4841fc00bb74af

SHA1
0a9973d5234cc55b8b97bbb82c722b910c71cbaf

SHA256
56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52

SHA512
707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

Download Submit
memory/568-699-0x0000000000000000-mapping.dmp

Download
memory/2552-157-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-159-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-118-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-119-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-120-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-121-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-122-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-123-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-124-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-126-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-127-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-128-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-130-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-133-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-136-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-168-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-167-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-166-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-165-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-164-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-163-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-162-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-129-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-131-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-132-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-134-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-135-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-137-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-139-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-141-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-143-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-144-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-147-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-138-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-160-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-150-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-158-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-155-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-154-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-161-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-156-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-152-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-153-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-151-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-148-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-149-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-146-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-145-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-142-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/2552-140-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-178-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-172-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-180-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-181-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-174-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-175-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-176-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-177-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-182-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-171-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-173-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-183-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-179-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/4744-184-0x0000000077C70000-0x0000000077DFE000-memory.dmp

Filesize
1.6MB

Download
memory/5924-650-0x0000000000000000-mapping.dmp

Download
memory/6108-651-0x0000000000000000-mapping.dmp

Download
memory/27408-648-0x0000000000000000-mapping.dmp

Download
memory/27544-649-0x0000000000000000-mapping.dmp

Download