Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 03:26

General

  • Target

    bd68f2a334be2f5db85e0228329c4bded173948e855dbd562579ce91f67495a8.exe

  • Size

    181KB

  • MD5

    f7bb889a4a2a8bf798a4aa0c8aeef0c7

  • SHA1

    e8b51eeccc8cf1c0e6f432f9cbaa8ab1a36137f6

  • SHA256

    bd68f2a334be2f5db85e0228329c4bded173948e855dbd562579ce91f67495a8

  • SHA512

    bac61e1a72c3c84e38ca4fea68fb3495d515976a4350d862fee43c7f34b07023ef9b9edce67b72d014911c354da2bfc032b96742f0ef4442d7b92e5e72fe3f85

  • SSDEEP

    3072:6DWpwE7oL2e+efZwZ9SWu0SWu5DWpwE7oL2e+efZwZ9SWu0SWuG:dN/e+efiHSWu0SWuAN/e+efiHSWu0SWT

Score
9/10

Malware Config

Signatures

  • Renames multiple (4902) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd68f2a334be2f5db85e0228329c4bded173948e855dbd562579ce91f67495a8.exe
    "C:\Users\Admin\AppData\Local\Temp\bd68f2a334be2f5db85e0228329c4bded173948e855dbd562579ce91f67495a8.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:936
    • C:\Users\Admin\AppData\Local\Temp\_refcount.ini.exe
      "_refcount.ini.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
    Filesize

    91KB

    MD5

    a38497b38405e532993b79776a64b3f5

    SHA1

    b44a4b3e0109f225ad3e3ab0989f85d6da6ce84c

    SHA256

    e0607f0981b6a96e803bf1899cd4f89d48d2b9631adc2e9cb3a2f3b5d967c515

    SHA512

    9b055238daf110109fafb598dbb994cdca7a8aeb2afac7fac96da90639518e552db253e5eb7a68cf43d495927bfaa9902f43c1a709aa34acdbe4103302b30008

  • C:\Program Files\7-Zip\7-zip.chm.exe
    Filesize

    203KB

    MD5

    87c1a3b4bf0f2989431eae7b62445223

    SHA1

    01760c8aafa4cc7c95141e18bef23a148053118d

    SHA256

    f3cad9939303fa8011e26401237c0a4e4fe5e79081c6e6377cfae6f89e25f642

    SHA512

    2cfbf989d60aad4995d6e3b673b03380fcfec6d486d7fa6a2511df35973d74237ad92ec751ff44ee74c7691803ee43f24f8d17bee5ec2e619278873baf1b1218

  • C:\Program Files\7-Zip\7-zip32.dll.tmp
    Filesize

    155KB

    MD5

    c435cd4f3d4b388c6e95719b75b6393d

    SHA1

    62bd27dc689bfb3f013d08455c596ff9d9a7b367

    SHA256

    6fe5fdb2c0e8c0944528239046c4f1318f86808845f83ce78e2e685e2c0f63ea

    SHA512

    4bbb0d308f2be2831eac8f6e0f648f87312901a7eaf63422c8dfbbbf540c389742f80ff052e9c0b6e5ef20e2a917bf69fd97c50a90f9a5da2431d4cc5b68a691

  • C:\Program Files\7-Zip\7z.dll.tmp
    Filesize

    1.8MB

    MD5

    22fdcec375e1b33c6e0cfeac588eecb4

    SHA1

    b706e8ba91861004693e2ee938f3a9510bfd757b

    SHA256

    780f472c2db17c43f1e0e909ed39689855ce85bc51ecfa9c7ee42fed44fc3f9b

    SHA512

    38ccb0f300a128fc2457b77d39121a59337fd6cf294143b5437cda39eb881cdb501235e812aa0b8ef7723758e9c46c8640f124f65ff7f0627575e85067517f7d

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    634KB

    MD5

    9ab222d78c46c51fa677884ec3a25c2e

    SHA1

    c6d0cde66397153be24676e919c57bc93349d8bc

    SHA256

    b1537e2d8884b8fdce99f13b040741faa86da079c370dfbf325f3e68c6a03641

    SHA512

    5239434e160f18eb27603038833f43975dc26da3b96c3f3e491f575b116fec8d65665d01d76d7fb0f4ef9e28c5efab7f1766a8ddd9ce6229cf3ee6158939d212

  • C:\Program Files\7-Zip\7zFM.exe.tmp
    Filesize

    1021KB

    MD5

    b98d47fd280c86e35886b40d091de857

    SHA1

    0a40609d202f1daad0bca448088c88a2d58ed1be

    SHA256

    d9e3bdfc4df20913c1531214db2480a106e707d9ad8de15a189cc6510855ea4c

    SHA512

    ba5a4bcc9ef5cbc3946c2564192bdca70d69ecba456622880814783e50109c5d525844dfe45693f8d50053ebe7dc7535295d20c3edd782b277f9f9a91536cc3a

  • C:\Program Files\7-Zip\7zG.exe.tmp
    Filesize

    774KB

    MD5

    a439b7d78538757de6c41b3dbc93b3ed

    SHA1

    b31a3482b6eeabd63de5787366f765b2f3dfd30b

    SHA256

    7045e19267f07bc3c5d0764acd48ca7292e7b10c970b2e962f6a17047544e376

    SHA512

    5db8449664f2ebdfcb8e3c203ce6eb65b86fa1a2cb853d755b6c6402569ddcb17d57b6a2db8a0564894241a117ce88341dd000efc1ad3b2467dc11b0d31a5c14

  • C:\Program Files\7-Zip\History.txt.tmp
    Filesize

    147KB

    MD5

    613141d6728454a39b10899505f62197

    SHA1

    7d2d0a0a5c1405aa43105b94da47cd38099c240f

    SHA256

    0db2694e754d66cbd83e63c9ad5eafd73b247c2e9294e2f253417d1b2bca0767

    SHA512

    0ab717c58c9b09c38a36036d200f3882c2568b05434542d6f66266f2458c5619ac8c8726ca1d30130efee5b0b5cb309b7ed7efbda16ce0436726d89f5a4ec7de

  • C:\Program Files\7-Zip\Lang\af.txt.tmp
    Filesize

    100KB

    MD5

    4f4d83490ca88c314bfa93b97fc473a3

    SHA1

    05663194b474411b1b968421be6b0bc2902c79c7

    SHA256

    84c8ce21be0c5d1082f91c82c25510d54176700d923bf81f981395f76f55f973

    SHA512

    5ff0acd1908e10b0a41a784f023f285bf01b7dc71d88b95160cd07fb4bc2dadfad528a5a6aa0ab50e915b30976db89973491464b7a7b37c0d79af4dd5b1066e3

  • C:\Program Files\7-Zip\Lang\an.txt.tmp
    Filesize

    98KB

    MD5

    44e1d2c469940682e59b80bcd36dc704

    SHA1

    65952309c88ec0aea6504eb93f52d116bc6f701d

    SHA256

    6d7e0cf889e6981318f5fac7b7065d3acc8a8575055652548d7e3ef63c067bd6

    SHA512

    6884ab2830ddcc2e5df3724964cf66205702fc70027c604b81282d29315e8116732389ff20068abe5a19ce5598a466c1801381ab550ca9f32d1e0e8527d17bac

  • C:\Program Files\7-Zip\Lang\ar.txt.tmp
    Filesize

    103KB

    MD5

    9476aa6d64da947f23c916f585c8f880

    SHA1

    e7f0316d008882f87a4ee21cd00739ebe169e075

    SHA256

    4f3805749824736b5aab88cf6dba2743f09043acc50813ee6c11b80d18aa71c1

    SHA512

    fa0f662c31b3b7e2ab034830d5ce4cbf538654b103bbd46582b0fb83acc3b91723feb31718ee55fbf9088ed2e24fd4dce87536a7227cd5d5e305c06415ff0cae

  • C:\Program Files\7-Zip\Lang\ast.txt.tmp
    Filesize

    90KB

    MD5

    7c0d112522db955fcd03c344962e5c97

    SHA1

    dcc780026799b960aa0468cbbcffff07ec5c28f3

    SHA256

    229c9b02dc3ffa4bb724c7c6a683e0fcfb4ea26690c35072aafe0c96c8893b03

    SHA512

    699b950fe09d479b2a8372d26c4d072eb23e51106231518828f0c91f0b122f1847e9050b1aed7e36811b80ed558f43e5bd3515c263d3ff8d4ac355bdf65f602b

  • C:\Program Files\7-Zip\Lang\az.txt.tmp
    Filesize

    100KB

    MD5

    c5c2c0f8c11d1e25f523b0f01a21ac63

    SHA1

    b1ce560f62bb76acdaebce728b6c01214ed719b1

    SHA256

    08efb58f72adabeaf4dc1e1590783e2e62f9f11dcf95024d3e6b00d12f91b9db

    SHA512

    453642b859f7274f6414ad645abcc8abdfdcac03ac0eabeac85281fbf2a5973e39ae0943dbd28af79010be97d0442133e2b3fe9da25a2a1d05027e23de1959ed

  • C:\Program Files\7-Zip\Lang\ba.txt.tmp
    Filesize

    90KB

    MD5

    9416f5405ce64fc47bfd9796dd98675b

    SHA1

    c903f39922cd7a730b16b1015fef971d34870baa

    SHA256

    e397af92684bca59dc179355e3f7bc13963ea7868d4a95244c9033a9909f3e27

    SHA512

    9511f07c6aaa608676af71c353e35fe1fef5dbc3f104f2bb3f080566d67d80ca38386201122ab9e9cb9ac9529eb477c93ff646acf17cdfa4cf0d0bd59c98178a

  • C:\Program Files\7-Zip\Lang\bg.txt.tmp
    Filesize

    103KB

    MD5

    a7e4ae17ea6bbbe24f84b9b9948272d7

    SHA1

    f2c49a6b483b55b2a21c5e5bd4f4fbd94d1552f7

    SHA256

    7caab955a55801cce3db6fa6c2e3b3fc91daad2f8b1db00401fca7a226858359

    SHA512

    92c1e053e8fa60f7ada495265e098a579bb61ace5ef21b9a6ee95f081b450aba73ace1de3e4ab508f633125edc6d9025bb2dcbf12f79e99d26e26c8ab8189cf4

  • C:\Program Files\7-Zip\Lang\bn.txt.tmp
    Filesize

    105KB

    MD5

    b115435a51b72bfe7b6b83fe3a35e361

    SHA1

    b4c955a6c164b83666141306f1c4e33f0cbd3607

    SHA256

    cef273c3b0989413fc67333d0f32e7083c1e17988a5b250d28ede37c6bba6955

    SHA512

    8a5a545f1f3c7f3e0b75b5d288542ea1163d85c09037af29cebd8a2b12b76b429eafa37cb0fe5d725a436523e538796551ab24b590d9425fba171d421d4a2f37

  • C:\Program Files\7-Zip\Lang\co.txt.tmp
    Filesize

    88KB

    MD5

    ded9be22dcb3aecd6be983c09906f012

    SHA1

    6afe3e45a16c09e17579e4ebfec522af002b2f01

    SHA256

    e3a80542de8cfe2c5300510bb8c404640148f17467e421cbd6379b7b9f5171af

    SHA512

    a0eedd28fec835a690c180ea1fd37f1e733fd59866bbac814d71640f5a6d225933800d7ae6c851f1182d58cd892e6932c9035e3add8814e919b06aeb258dc6d2

  • C:\Program Files\7-Zip\Lang\cy.txt.tmp
    Filesize

    95KB

    MD5

    956d5fe0e1d8eec60054148ae7f61277

    SHA1

    bef6f7081cb7aa08ef4543036fb6086ee54bc2ec

    SHA256

    ce5f59a320b72616ed64616faff0eb6aa4057240ee2047fdee5bf6ce77a724db

    SHA512

    c55750158ca52e7193c5f17f6e6f025f95d240a62edf3a0fae66ac18b42e23bc772f763d5679c54a083bc0cf50a3b3977dde8519bfcd80d0ac3e067a3d625a73

  • C:\Program Files\7-Zip\Lang\da.txt.tmp
    Filesize

    98KB

    MD5

    fdc22856cd238d6ca635f24a489a8ef1

    SHA1

    d14cb9895b677fe62d83aaf2ede5466adcab3990

    SHA256

    78c3397c833baae6b3356900ab9f633cb864d22047da2c8b5b1030918ec3d9b1

    SHA512

    8c64872ff719dd3bb0d3826f5ca1f9a1ada1b4bf23c8230fbf8e0c79e433aea693427a44b2218c83072078c5a5a9d5bd24c0ed0873e0b89d49cb05b66d1b88f8

  • C:\Program Files\7-Zip\Lang\de.txt.tmp
    Filesize

    100KB

    MD5

    e2fe7e3b6b369a82acf94c496f25197f

    SHA1

    0d1f76ff2abd063996812c96d648a84b92f154b8

    SHA256

    bc0864afe1180ded08369531a5a119a8b59cb50811ba7b11cfa2f5b3ecc6231b

    SHA512

    706bc2afa6a79c13babaf8379180f876ee8b259e1e605c2f0c45d9bb5f11f71bdd8e7f8880987d77815f621ee08db0b8b81ef9e60888c98bdde3c6ca4698c49d

  • C:\Program Files\7-Zip\Lang\el.txt.tmp
    Filesize

    107KB

    MD5

    0e36a1d3093e524c247de9bf375cbcfa

    SHA1

    6399dd8ac1ba5906f37902a57b6cc220989011d0

    SHA256

    fb5fb12c76ce46e4c86f5d1c2e93c147a6d713cde606ab5798521cb708735e64

    SHA512

    2f8df4242521cb05b96e98a8ada3d28f6f23667a2cac389a7a7eea2eacafb6e80d61ae17ca0539a094503b535bb1a8089b4696adf912b213daf78aeaabd01d5e

  • C:\Program Files\7-Zip\Lang\eo.txt.tmp
    Filesize

    95KB

    MD5

    28796733a3021fc7e69bbf6704780bda

    SHA1

    e4e0f3e5ca6b08c8e91f21d987b18060e7ab1839

    SHA256

    6daf121692893e4ec93c28736343bc14131c814f0c0e181a044bb5ebec20afec

    SHA512

    c8016577ef8a2dec26c68453fd098214a245f34931dc1c64213cf2cbc0eb7be2a24122e0de02ef8c91d3dd4888636ed4a46f64bf084f5895e915e28b209cee64

  • C:\Program Files\7-Zip\Lang\es.txt.tmp
    Filesize

    100KB

    MD5

    7492618f2c5749e9d64ecf8ace54639d

    SHA1

    94d28c84d07fb91afa52d735aa20fbb920a0a897

    SHA256

    3c1a1be02e2da497a72b2125ef107c1eb315c0a9baf2d39d5871dc7cbd355769

    SHA512

    c5dc38244941e412e38e466297d133b431f600d689f29e95eee1352274972bc359b26608f0edab891e042f4470ea659e947176d08c439130b88f2a5aecf27791

  • C:\Program Files\7-Zip\Lang\et.txt.tmp
    Filesize

    97KB

    MD5

    e41b495afd9a90edea5cdde2b34b67cf

    SHA1

    49cbb62d445f3e32708889428ff70e5bb84f32f7

    SHA256

    c85c0bde5c9145d95d0bf8fd0093ae8a57092e85aa7905d2e88b40339e81a718

    SHA512

    68c33e06eff3a0eb9f5e7b81a68bc7cb65c74bae9cad303e034b257221df0a2a207baf97f02d89adfaaa70d152c5f1e3e98dfa0daf7410bc25afe44bb8798d0f

  • C:\Program Files\7-Zip\Lang\eu.txt.tmp
    Filesize

    99KB

    MD5

    b5eb4bc6b48f65c85ca52dd544be9f88

    SHA1

    8a63e79a3447b30d76dc6ca8f12e94b2bbe509a6

    SHA256

    04eaa55808eb3c3d9bd693dc0151c6b9f1eb46debf5f46b85f2f2a7637343484

    SHA512

    64baa2b007437b639ec1a00bf45d133bdaee74449b2f1dae12d798b54074e9914b6d7e56322194927c146fa93f30952347c1f2db399dbecf904326cdd9449eb5

  • C:\Program Files\7-Zip\Lang\fi.txt.tmp
    Filesize

    99KB

    MD5

    09bed6b75ff771dd3f325452aa75ed38

    SHA1

    66ce217ca8704e9e770368d0861590760163871b

    SHA256

    876750abed78d1830996ee9b6782b5a1e614c0feeb5c902fbaacf2fa0ec0fed6

    SHA512

    64d8e41b318d8dacf9025b9850351a1398a79bd00315e12faee0d9e291aecd61e31232e511d7d8d9180cce9ee0f9c32329ab60f2af54c4913d64ddab217cd192

  • C:\Program Files\7-Zip\Lang\fy.txt.tmp
    Filesize

    96KB

    MD5

    1ce3fc12f2d95a307e10b60df6976af2

    SHA1

    6b6f605d39c6489ea84a1b4315635d49da7821c6

    SHA256

    852307d2afc8c5a4fb79649bd8c0b663fa576b8cfa2e9b784bca704b90df335b

    SHA512

    12a8a84c2c95ad37c4585774b85a64e3929013feda502c20c12ce4506478727dce27f4f8827f0d6966eb0a2a65dbc5cd52b2e9f9143f56de6ae8ad2685837b81

  • C:\Program Files\7-Zip\Lang\gl.txt.tmp
    Filesize

    100KB

    MD5

    107917d5b9eeed5a2dab27ef98f78b2c

    SHA1

    7dbe4f110cc7977fc48a86ae5348d09406e8f6b3

    SHA256

    65b80e941036ec4a9304f677ba6dac657e6514df0b652874d53c5c86b45f80f1

    SHA512

    1946e792bd141329af6010bd3ac895a5178def4ead8bce31303ad3926c9c195be95cda2e4dc04a46e9e7793b23a05617f23cf1b52778ae83a1c5eabf36654bc7

  • C:\Program Files\7-Zip\Lang\gu.txt.tmp
    Filesize

    108KB

    MD5

    f97af9f9455b2bf5d5aa70edb9bea74f

    SHA1

    78bc0f858a06fabe255f108fce90b45ee6da2288

    SHA256

    a2f1ebf83025edb30f0b0f95449286be6b64faa62ed246b4b1caf9de05a11d3d

    SHA512

    d2e12fbb6c72974474a1a4b87b0e7659e7cd389a69540664befbba71b4a3ab305f09e25ed1b7f009334ceef557cff664ec0189d5e7e2212ed96f34368816e0f1

  • C:\Program Files\7-Zip\Lang\hu.txt.tmp
    Filesize

    100KB

    MD5

    6967cee1a3da1fbae9ed3cee2b63858e

    SHA1

    c68ce5caf807e814b914918ae35cfed4f2ac948d

    SHA256

    48d30bf46a19b36a8218391248bc506bd566ffc576f68e4443365f2408159278

    SHA512

    b60d5432acdaedc963ccffc4e3b814eba2e7c7932e3c5420221426ce5bc7c785a62e44d1c71a7953eac9afd5a8db9553df8bfa7717cac6938a2d087497cc74fd

  • C:\Program Files\7-Zip\Lang\id.txt.tmp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Program Files\7-Zip\Lang\io.txt.tmp
    Filesize

    100KB

    MD5

    2086b484ee3e5615560666aaa273eadb

    SHA1

    95348edb3896a5a07fe4bee531019048a92a8162

    SHA256

    b6cae3cbaf2593ce0a1f1656a3645837b096776bda7815be525e3ad3ad39c4c7

    SHA512

    b9badbf2148ba5dbcc519ee4dbf0d292c72366cafee1560e0ff399ecc828713aa19a818debb7c7b83e01a1346545d1cd1be6b9d15cf47045f16d8809798c6f08

  • C:\Program Files\7-Zip\Lang\is.txt.tmp
    Filesize

    99KB

    MD5

    a7719e5c2843a52152b6211b6854584e

    SHA1

    431c8160026cf21b3366615efa8d907d110fdf73

    SHA256

    671980571bb835dfebbc3646a02511cc3ff8a1920ce30c4bc778046f932475fa

    SHA512

    9ad5047dc118c640c4c000f3ca6e6f97850188073c250f46142b4226449c7793c4839dcd0dfacbbbb6e60aacc32871707e226cfce556961d2bfb69c61eb06dcc

  • C:\Program Files\7-Zip\Lang\ja.txt.tmp
    Filesize

    102KB

    MD5

    e943a2dd306ad8a41f7eadfc4a747223

    SHA1

    755ba41a3d5c9b1f5917bf7f528db0726d762be8

    SHA256

    5677859d31be311ef342011c9cb9160ece8423579ecb7c4b4c8f3233629f9d03

    SHA512

    3546f5d9d616915f2e1de71d9d0a2137594a75a1f9e389898aaa90777adae24755ea9d4afaa3679be7d72fc69a35fb00dd6b81e530ba89d25759fdad03aff67b

  • C:\Program Files\7-Zip\Lang\kaa.txt.tmp
    Filesize

    98KB

    MD5

    93a4f59ac605a14080b2c0de343132f0

    SHA1

    0365d97b32bdd0b7205aabe6b5a85c77625073ef

    SHA256

    cbd6a78a78ef63325865ee1ac980c3fc7ba7bf0701b41497fbe4eeb1209f0434

    SHA512

    212d6b69934670a988429863b49cf03a0dddbb1295f2d0a1203bfc2bc1940361b95a886e9f1ec295bf7a9bfc9af72924b007c7778dceb9cf56ad7ee7fba2acf9

  • C:\Program Files\7-Zip\Lang\kab.txt.tmp
    Filesize

    99KB

    MD5

    73be50fae4a950aa922db7b9f43a12e9

    SHA1

    8e0a74005ae1a13505d87bb284ecef9f431f3422

    SHA256

    cbaf2e2b8969f7b5486d9bbb3fda069532e2d1f47df92957784e14b8dc832b20

    SHA512

    8ce423fe1f92ce8ab1a033d600f5fb82c5316b367add97e3b2704c7719399db1982239cec782fec42d548d2115e356ab826a899968b964efe76f9c477ef9ccab

  • C:\Program Files\7-Zip\Lang\kk.txt.tmp
    Filesize

    101KB

    MD5

    923813d729e435df1b659e43385dd5f0

    SHA1

    a4effcc5b18b891df4fbcf4190b2dba787b347b4

    SHA256

    b622d43c3a71b697e536b57352e08be772308408b353c24ade9f343c7d8eb6b7

    SHA512

    cc52bf84f172ac4d5dde070f92bc71c15a196b67cf34b042ada9e7f47b70af8a7bd206f225e9f790c6964cabb199b19f179fbf3967d1dbeab65af36795e8993e

  • C:\Program Files\7-Zip\Lang\ko.txt.tmp
    Filesize

    100KB

    MD5

    528a3bbded072089701d4dbcdb2b038e

    SHA1

    07f7fc2191f2be7ce95d46e68157525addd41f15

    SHA256

    b24996a13a292fc76b7e25a2c72f0244ecfa0c128cb18d6e6a69f842e54cf645

    SHA512

    fd8d94d22884f592a1c80d3919545f1f9e401bcdc31ae7644664d58fbb01479fa4020af61c3af6dade21bfa5d09b6f68c2c395dd6c882fc58af502464f608d10

  • C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp
    Filesize

    102KB

    MD5

    6cfecb03ec8963ea465959581158e1dd

    SHA1

    7a7a0b902e1dfbc3aba73de9d88b2d5fa6ceff52

    SHA256

    49f551d06c2cb77b0c3b2111294db6891cffd9c23735dc772878d8f983f0dce6

    SHA512

    921cff078c01260de64928ecd6710d81e09ae583b36470e074f167d77823316012fbe06c67cd1dced47dfeb02e72843a3ab306c8ecab229e9b5e407f849f9907

  • C:\Program Files\7-Zip\Lang\ku.txt.tmp
    Filesize

    96KB

    MD5

    6dcb486d3a920535cda845cdcc3c7e91

    SHA1

    3bc7877bb951958848994cae17636bea87ee39a9

    SHA256

    7d0e461fd7b62c65e3a549dba7fbe4d98005567ca28eaf7114fdcd6dd0ab952e

    SHA512

    f78ca503119bd1396d25a551a48e43ffbc5390b3f260b3e73fb437306831911270358719abd21ed8269023cc4873c31a268f3d9f9f174f4c5fec04449e202113

  • C:\Program Files\7-Zip\Lang\ky.txt.tmp
    Filesize

    102KB

    MD5

    354a634403ad3bbc454348791149cd99

    SHA1

    93fa7ec40203a82d667de2451e1cceea38d8d75b

    SHA256

    7f99bdfdebe143b8ab69e635474e5eba586431fa5d3ed467205ee0ff91387044

    SHA512

    1ac2b2bd4cf307d6a7b2f83c2e1215c15399a6895bd9e5ca536f723a7628b75cb4493d941d61b979809db8f7927ea0801c5891802b64aabe5569973991289c52

  • C:\Program Files\7-Zip\Lang\lij.txt.tmp
    Filesize

    98KB

    MD5

    d230cf04bec5776ac551e9732263f1b0

    SHA1

    a66af50172a67774e6faf1edecabbf9725edff26

    SHA256

    f7f67dd21c345a174297484d60096d051b20cb16383b17df076d6d4c65f76c54

    SHA512

    def9407bfa580d236f5ea21d59bbba2ff70f7b13e6bb02a61fb9ade28ffb6cd3ec4fe1e7cacc67645285ae00651c0a40f188932a7db589d80358fe0591d119ee

  • C:\Program Files\7-Zip\Lang\lt.txt.tmp
    Filesize

    99KB

    MD5

    2d6a7c85ea3aec7e0f8dbbc5d9257ca7

    SHA1

    915b88a6663bc50948a13fb3c3e29baa01c5dad0

    SHA256

    dd3dd714c9281b620ea8772dca4816663e4aa036b03da652cbeaa439249fd584

    SHA512

    2fd6bfec8d8eb6f09a005d103b802e02293659c484afc300cf494d4a0ea04ae69675156419ae9699c95a5484600365be2f043987a310a4e159cf608fb6fcd091

  • C:\Program Files\7-Zip\Lang\lv.txt.tmp
    Filesize

    95KB

    MD5

    586875b977564c96eee8e43aeb852d5c

    SHA1

    af05c556e5feb9f21120ed1c7874e7cd92b53a2c

    SHA256

    eaa14c5e5bf5eabaecf5b7b25374c4a32c46a55b2bc1976c9359f3370fe3f63a

    SHA512

    4b76006cedb823a7a75bcc4c9bc7baa4d7b3b17042f408ccf9b96197b4dc355b65196fc56c7050eb6d680c81b1ff126f31284f78e72d627a85f58a2acce404db

  • C:\Program Files\7-Zip\Lang\mn.txt.tmp
    Filesize

    99KB

    MD5

    054426488fe4bb9caefc742e64221758

    SHA1

    cfee611f842174094a409c1c922de934c913b7f1

    SHA256

    38242c01043cbba8c344e08d5a4784e1350a8585bee449c9cacd277a8071a099

    SHA512

    2ce0b55a8800b50b1817d4285fd900835ac1e2daadf87e09b6c33874a72b91e38b090f5b8064ad989d475ff34640c89e11dd55581953eb76e6706e336a592525

  • C:\Program Files\7-Zip\Lang\mng.txt.tmp
    Filesize

    110KB

    MD5

    631af023de8248056c3e0d5a1148a5ec

    SHA1

    b4fe6e7e924602ec8cc9d79dfbaee692b9b47a46

    SHA256

    cab79b3518eae2faf7e52274d106daf04a7a5ff4d0b6bae7ff812058288778ee

    SHA512

    c5f76871b11996d91053e5fef4f37233855e266c26a2337fb2732d19e1475c807100e75f53f52481165c82cea9edfefd137de7ba82998e0286d10c40b72b6b00

  • C:\Program Files\7-Zip\Lang\nb.txt.tmp
    Filesize

    96KB

    MD5

    3aa616bbbba9955347963c0ccad680bb

    SHA1

    c34b39342e2b7335f941b327e01ce707285aeae7

    SHA256

    bd1aec1aa462b2e7ae9303c66d7417c61252e0c9c264f9f7cf04395609492bf5

    SHA512

    c25c86eab3f51d0ff48341da9e455f8747ae071238994fa6c29a400bbad89283fdf5634685a501eae1a2d8127dfafbc601343704eb1c2009162f6200b81e3ef0

  • C:\Program Files\7-Zip\Lang\nl.txt.tmp
    Filesize

    100KB

    MD5

    18411d6437e815fea61a50e9fc0d02ed

    SHA1

    35c5d5b6588d6e3f3337a15883573087e851dc63

    SHA256

    ad4b4872b32e5a8d5cc0564df079697f03753475adcc374a6ae328a33893d10b

    SHA512

    393d704953253ef5606dffca4e6fb334c857968768b292b60e29e77adc6203d9dcaa827e04c798363bfbd46fbc5936aaaadc6e051a988cb0ed0719701a2fd914

  • C:\Program Files\7-Zip\Lang\nn.txt.tmp
    Filesize

    96KB

    MD5

    cbeafcbe5405ebaf7ff803f59d160646

    SHA1

    80ec96bbc949ffa9dfdcf694b50abe9b81de0c79

    SHA256

    4639e77600bad7548bcf3d756859bc8545edca92b13cdb8def9f070b17fd24b9

    SHA512

    5e8a9ca328f822cbe476651ca40be29e66574807bc17e582a70466bb8dd1628584c6c54672086262220b0fa9bbaaa188e61a5f1805c8c9c5568c343dbb8953fe

  • C:\Program Files\7-Zip\Lang\pa-in.txt.tmp
    Filesize

    105KB

    MD5

    c839dc041fb9b26ebe746b1dc552fd3b

    SHA1

    00b518bfd2fa7c4e245cda71d064742d8ac2ab91

    SHA256

    e72e60712c9a7981b579250ebb1448ac4102f37c108e01d8f277ef2197c562c1

    SHA512

    6ee51cfe895f86f00c6d0f5000e7633d3e14e08e9c0f30505900c6d1921204de28d40c93f050275f1a1283b4b82b55a91c2ef31afade2077e31acf732cac2ee4

  • C:\Program Files\7-Zip\Lang\pl.txt.tmp
    Filesize

    100KB

    MD5

    69205cc458c65d2763d48cd965ac8296

    SHA1

    83f89cb49f449916f67169b597a0940193f09e8f

    SHA256

    349d012c8627acd6531eb305472c84dc75f30b7f5057d3b4a92c80a743edf6ef

    SHA512

    0d4150012b4f3b3a4fee5ef014ba2789d0d0c1aba0d98fcb2441e4c8f25444ccc3e88c893922bb4f456edcb51aa0bb17c47adba9dea0a609d4f6177f2e41ba41

  • C:\Program Files\7-Zip\Lang\ps.txt.tmp
    Filesize

    90KB

    MD5

    96cba57873b1c7c50ad5fa7fd43fd305

    SHA1

    63d70dc258f8522a317b8bad784a45d5705c056b

    SHA256

    1d28d756424362d76f0fa5fcc7e38884cf3322fd0b5c09e86c1357715e9355a4

    SHA512

    f62a3c712d538244ae931bef82caf8de43cb6cbee9ad883d1767342874d0304d2ab7159faea873b48124334662eed460300b25390ca998f7ecd2c5136160fdb7

  • C:\Program Files\7-Zip\Lang\pt-br.txt.tmp
    Filesize

    100KB

    MD5

    1e2dce46379c57a7a21b72931a805bd5

    SHA1

    1be3e5ddf73d7a5bfe5185a104356327e0895229

    SHA256

    bc70e09c494e3ef6ee6bc550de8b97ce2799ded43b020380a2fd9fa84b3ec6d4

    SHA512

    88e64ed8233e62848ee925eae79d12b4d86433dc889848a11c14a0fcc0355d5bc3f16f9f118515e9b97b37fae5fee9f05ffa3031475567d9f2eca931965f521c

  • C:\Program Files\7-Zip\Lang\pt.txt.tmp
    Filesize

    100KB

    MD5

    377e204c2f32348d750f6cce15fd47e2

    SHA1

    c1c69d4651b4bb748f261f450288804bd7a6c8c3

    SHA256

    b1d3e37a18e0809e609d684335aa5ba2d8f4fd00b0d9cf9c2da8d42d1ea9257a

    SHA512

    7c616474cdadcbefb3e9d1842750cdb8dbd9571d81b0dbb6c94b7574c8cd69368c9b5777a536fa5abdb947a94328c1a268523394b606a3c7b202bc7f3f319c0a

  • C:\Program Files\7-Zip\Lang\ru.txt.tmp
    Filesize

    105KB

    MD5

    c77a6389a2bb9830966da22fb4992c6f

    SHA1

    742a860542c2588f9266fa0fe8550d6a440c986b

    SHA256

    6c68d660aa66798ee72e18d3dce346cdc8ef98732d4623192e0a60f12262e04e

    SHA512

    25c737fbbcf057b066b8915a394ffc49e0f319485d6c1d4d0e4d603abb9e3f6306de2787055bb1a74bc2122a74016f3497bc01ae66f4b65fa3dfe4e17277b882

  • C:\Program Files\7-Zip\descript.ion.tmp
    Filesize

    91KB

    MD5

    5ca7bc4afe77fe0eb07b8e5f4a1a67da

    SHA1

    34aa17846ff3708f33193af0fccbf0baa823e210

    SHA256

    36d448df8b2c1e971f24d6418af34647c4f5a801ac8a48ff54bd6d15087cb4ca

    SHA512

    dbf67b288596bccc861ddae2bb13f1a3e1f9fb544742e5222b99b3335a557f165d83b96a55c3b50464db8d01ea0c247f733415dd3fea5b9eea0d8b4cf329e70d

  • C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp
    Filesize

    101KB

    MD5

    a9170a36f29a65df12b5347799e8c42b

    SHA1

    55423434f65855d167b0149acfdca62d74d5cae1

    SHA256

    7eafba54a98acff19e896855d545df3e007dc96cb639c9f76bd518e012f79175

    SHA512

    c8cb48cbbdd381071243f66318c8f94558409aeb3ac9b5413e2ad89b51cd852b71278c411e8a710cf18e164f62dbd7f768b397979acd98904d35b98bd94a7028

  • C:\Users\Admin\AppData\Local\Temp\_refcount.ini.exe
    Filesize

    90KB

    MD5

    a05af6e8b8ec320a2d09bed5c6e05910

    SHA1

    6ff5c813a743863474ae94c719b27a001842a585

    SHA256

    59ecd0497895e00effcfc4e8e2186d0d455ee1d7fd439513092a9ac643705044

    SHA512

    46736e6109ca9181637cdf5086672307d23166ce2b7728461df5e31a1c25f4d9afd8a113d83a38da333f54a5e70b762156227f43676d4f7987236c1a82392629

  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    90KB

    MD5

    5b0fa9c004f65c51d3b0309ae4e60f13

    SHA1

    98b17add102ace5f1d3615343f447c790963a328

    SHA256

    44766dbcd37a6996f37a83990caab45e1e9a4881fe9b66215a0713035ad92be6

    SHA512

    8424bd7c2838496b4f010d1b5547f486c680d059362e53095d15c21a401abc20db4de38778f941bf4f7f7a2e3d0cde784baa77a6ba4a9b4b6121d7dbf99fb1fb