0f6adb912a7f0b16a406a6dc84cbc23f92234f8a7790a09661e19da1bcb46e85

Analysis

max time kernel
119s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82710994bd87faf9a11a402b22145510N.exe
Size

95KB
MD5

82710994bd87faf9a11a402b22145510
SHA1

a52a4311899a2d1b8719707483d0d5609733d787
SHA256

0f6adb912a7f0b16a406a6dc84cbc23f92234f8a7790a09661e19da1bcb46e85
SHA512

8d90ad95921864245cfcf0f7f4e8dba4ac2524f6700106e6e828a9767eaeeba634b949dece0d46184573e2b678a45807ab601687b4cae85a578b8c8aeef96b30
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxTTWn1++PJHJXA/OsIZfzc3/Q8zxzU6:KQSoSQSoI

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4826) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4264	Zombie.exe
1512	_README.md.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0008000000023437-7.dat	upx
behavioral2/files/0x000700000002343b-10.dat	upx
behavioral2/memory/4264-11-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000700000002343c-12.dat	upx
behavioral2/files/0x000200000001e5e5-16.dat	upx
behavioral2/files/0x001400000002291a-22.dat	upx
behavioral2/files/0x00030000000229a5-28.dat	upx
behavioral2/files/0x00030000000229a6-31.dat	upx
behavioral2/files/0x00030000000229a7-32.dat	upx
behavioral2/files/0x00030000000229a8-39.dat	upx
behavioral2/files/0x00030000000229a9-43.dat	upx
behavioral2/files/0x0003000000022922-53.dat	upx
behavioral2/files/0x0003000000022942-68.dat	upx
behavioral2/files/0x0005000000022944-76.dat	upx
behavioral2/files/0x0003000000022945-77.dat	upx
behavioral2/files/0x0006000000022945-95.dat	upx
behavioral2/files/0x0005000000022948-102.dat	upx
behavioral2/files/0x000300000002294b-109.dat	upx
behavioral2/files/0x000300000002294c-111.dat	upx
behavioral2/files/0x000400000002294c-114.dat	upx
behavioral2/files/0x000300000002294d-118.dat	upx
behavioral2/files/0x000500000002294c-122.dat	upx
behavioral2/files/0x000300000002294f-127.dat	upx
behavioral2/files/0x0003000000022951-132.dat	upx
behavioral2/files/0x000400000002294f-136.dat	upx
behavioral2/files/0x0003000000022952-140.dat	upx
behavioral2/files/0x0004000000022952-148.dat	upx
behavioral2/files/0x0003000000022955-152.dat	upx
behavioral2/files/0x0005000000022952-156.dat	upx
behavioral2/files/0x0003000000022956-160.dat	upx
behavioral2/files/0x0004000000022955-164.dat	upx
behavioral2/files/0x0004000000022955-167.dat	upx
behavioral2/files/0x0004000000022956-168.dat	upx
behavioral2/files/0x0003000000022957-173.dat	upx
behavioral2/files/0x0005000000022956-176.dat	upx
behavioral2/files/0x0003000000022958-180.dat	upx
behavioral2/files/0x0006000000022956-184.dat	upx
behavioral2/files/0x0004000000022958-188.dat	upx
behavioral2/files/0x0004000000022958-193.dat	upx
behavioral2/files/0x0005000000022958-198.dat	upx
behavioral2/files/0x0003000000022959-194.dat	upx
behavioral2/files/0x000300000002295b-204.dat	upx
behavioral2/files/0x000300000002295c-209.dat	upx
behavioral2/files/0x000300000002295d-215.dat	upx
behavioral2/files/0x000300000002295e-216.dat	upx
behavioral2/files/0x000300000002295f-222.dat	upx
behavioral2/files/0x0003000000022960-224.dat	upx
behavioral2/files/0x0006000000022960-236.dat	upx
behavioral2/files/0x0006000000022960-239.dat	upx
behavioral2/files/0x0003000000022962-240.dat	upx
behavioral2/files/0x0003000000022963-244.dat	upx
behavioral2/files/0x0003000000022964-248.dat	upx
behavioral2/files/0x0004000000022963-254.dat	upx
behavioral2/files/0x0004000000022964-258.dat	upx
behavioral2/files/0x0005000000022963-262.dat	upx
behavioral2/files/0x0006000000022963-266.dat	upx
behavioral2/files/0x000a00000001ec52-2150.dat	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	82710994bd87faf9a11a402b22145510N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	82710994bd87faf9a11a402b22145510N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp	_README.md.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	_README.md.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	_README.md.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	_README.md.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	_README.md.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	_README.md.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	_README.md.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	_README.md.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	_README.md.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	_README.md.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	_README.md.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp	_README.md.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	_README.md.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	_README.md.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\uk.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	_README.md.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	_README.md.exe
File opened for modification	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	_README.md.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	_README.md.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe.tmp	_README.md.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	_README.md.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	_README.md.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	_README.md.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	_README.md.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.exe.tmp	_README.md.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	_README.md.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	_README.md.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	_README.md.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	_README.md.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	_README.md.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1512	1008	82710994bd87faf9a11a402b22145510N.exe	85
PID 1008 wrote to memory of 1512	1008	82710994bd87faf9a11a402b22145510N.exe	85
PID 1008 wrote to memory of 1512	1008	82710994bd87faf9a11a402b22145510N.exe	85
PID 1008 wrote to memory of 4264	1008	82710994bd87faf9a11a402b22145510N.exe	86
PID 1008 wrote to memory of 4264	1008	82710994bd87faf9a11a402b22145510N.exe	86
PID 1008 wrote to memory of 4264	1008	82710994bd87faf9a11a402b22145510N.exe	86

C:\Users\Admin\AppData\Local\Temp\82710994bd87faf9a11a402b22145510N.exe
"C:\Users\Admin\AppData\Local\Temp\82710994bd87faf9a11a402b22145510N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Users\Admin\AppData\Local\Temp\_README.md.exe
  "_README.md.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1512
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp

Filesize
49KB

MD5
1e121dc3d38a08d69ad10222d9912d41

SHA1
01f95d465573987fd463f143e6a43a30023eea89

SHA256
4ee965bf16a4bc13d26aa757682312f188b4ae2adbfd3e3d15b31219f47bd062

SHA512
836dd6aa9da2aff25d168cd5992bb9a9863c2fae64722722d47845c692ad20924a17693ea0effae4b345f9c1fe371728596764546d0cd356111bda2aea3c2e35

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
161KB

MD5
9b11a3316b4e245fa0cf18e140d9350f

SHA1
525392dd1a4747f99d9f454d15af8d710059d6ec

SHA256
f755230491166c48bec71ea154d35d7cee2808c0f2624d4ad6adb8eedd8f246d

SHA512
0df28699c1e8f74a828e52778bc46d08fd8909d9472f84113052a6ca58a6f61338a5fd0359b23e07df79f1acb6106799b5079ed08213aee40e9994cde284fd6e

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
113KB

MD5
7259cae117e4ee050d115915ec5d6db5

SHA1
a79ec54ff0bb4609603307fb68d85032e097b491

SHA256
0d3be00d6ae68cc56964c62ba625144e0be8094742ccd4ddebd4f559a06119ee

SHA512
9705aa23255dab0afbacde4108bc43a0c653192f6f1b16850ee6d56ed3bbb08a9cce38c79325e7fc3304f7d62c1d284d3150751f53f78e6c71b24443250cc055

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
8e5aaadc9035326d81680ca095c422e5

SHA1
77211d7ab34aab528d937e56f62f8e8be9648ca8

SHA256
fb7f533588dc12bda79e4ddf8dc4426150c6fef6ebafb27e84547af8e4f8b6c6

SHA512
4820ef28e6a25984c028374bdc4508620a736a427350fd200f2c4b2de1cd873fc42f3a578ff16f7fc0b4810208dcf68a615759b75d1031ffb363a90c78b04faa

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
592KB

MD5
6b0dc88e01ca8dc2e53670e9e6679e41

SHA1
545207319c778cde4b6c427009fa2730f7011692

SHA256
afc86119f8e532a9c35b31b63ea2589bb4a893bb4c75451498bf75b6af19bac9

SHA512
c4bccd1eb68e86c45eaab9d0835fc260583a1c919cd3ee0e5c2ad018dfc73cb4a371a13a9d8f1fbd6084448939808ef0a0cadf25157976fd9ebe649725c7e364

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
255KB

MD5
d51d15a63113648e554f0a4f348be9e1

SHA1
e23f11b3e4f21abd8ab095fc9ad6335fe05e55c4

SHA256
f293e6000a384c49aea7f444bb5b4f35abee7c1b2bb05cf6092670de1ac244e1

SHA512
764509fde1bb4351263a994983ac7486e56985f6e8bc3096a663cf2aab363a0692c527f949c2a8576707c1e4b09200fb2e22ca161ee40b14719e9ff52e119fe1

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
979KB

MD5
ffa5428f770a3d9a90be57bdd244059c

SHA1
b8ad2d94ada07ca9ede39d2f91a0b63be8f38ee6

SHA256
e748fe4e909e6a586f6cbd9253b10d0a140d30f457fc79af0d7b29bcf12a2acb

SHA512
12d8f1e9c4ff65a7da01575e9fa2920084498a54cc2945d428d3fed3ee7e4b6c022df5fa651eaccc449d841af6d2052b4477d0f75063a991e920f5edcc6140fb

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
732KB

MD5
ed346dcc45493011ec0648f4757bfe6d

SHA1
7f0ee7ae4ab4ee8ce91f43d3bb330b5d2757f9b8

SHA256
10ae692a53b9c99f5ce16629282ff7bc43ccd5fef4afbffa128c86123351f096

SHA512
902b383aeae38bf56d13272b51675a7d348563a50bddf0bd099dd6fc8d4ba3b0ccab70af81ef2faf905b9f5168aa5b8fcdae1891527f6383eee52123ae1c5e84

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
56KB

MD5
51c3ebef727d060a7926ea718e4efde6

SHA1
55236f4303466ed699e5800d8c822dc0f7b7ea53

SHA256
0c93cd506e591d509a816fee802fa3a634482f2a26df59001afdaf73628ede06

SHA512
87699e7868253ab293ec845b0f8ccfc7e75f31d75c0f6ac7ef0af222005dade12362ffb977ffea129a95473384218edaebf64592415939691ed52c3ad4ea5d4e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
59KB

MD5
47687ed4301629423880e2f2bf21729d

SHA1
d74c4bfbec414515215e28e18f401ab9dc71dc22

SHA256
1b9d91ebbc7ec19b8adf52cd0f88951c7c1875b9560f979adf4bbfe4bd64a854

SHA512
b630d8ef60f3c48ad7a985f30c5dbab5dff29e262d0dd588664286ef0585c03a99eec49b20b519a7379956a9dd317ff3a5945b625b19344dd87b2343c59a0990

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
61KB

MD5
8fbe6bce950fb369c875927e7e0540f1

SHA1
6b1b733503cd08d3150801e1ad241b4c133f3e7b

SHA256
21317d3c8500cf302c4553d2fce3fdab937fb1140e171246b0c1fbc9ecfe68fa

SHA512
b04cdb4c2b0f7c18b595852910fdacdfcc4cd9324f5c327aefc70d396954e27ae7ef9365242a1ecedf6759a520fd55729b8576ebfa6792e73faf7e7b6553e9ba

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
63KB

MD5
51dc16f5d6731ce4fd670eb7e7dcb16b

SHA1
1085aaa2b43db4cd5f3e2abaddc277083a476c54

SHA256
872cbc7e8a9656ae3dba338714da10874da4816336cd7ed6f6ffb6f07e101333

SHA512
a0311d0be879e2951f01e4a614486c621fe6a7fe196e79d9980158217bf20a12317c63dc6d9796c361d6bcd699fa932d2d73cbca5251e605c4c594b948a05f40

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
57KB

MD5
b4e098477ffd9fabb83b76de3e489eba

SHA1
1eb3f8aa114d8828436eeaf6e68e065d1f5652de

SHA256
061134ac59aa36ee4a011b0dc335a81b0c0fcf48c673d50d26b975d1995d70b8

SHA512
18e9bc70974e036586ef69a1217d37cf7fdf415cbe336681994563015346b171ad87e6195c0ee0fea58e2aa0fcf8ac13aae148036288302d7942ebac0b4480e3

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
58KB

MD5
e794a13db7dff0cdad0aa36fe82fcf74

SHA1
353e9a7667af31ed0c68da5bc624269e24401b30

SHA256
e5e947b3b504f2ba4dc1398d00b6f61eab28a2f85066439be2da68118b22e26f

SHA512
c9de82b3341f03d6fad3e9a758da7c0fa9e29c579baa63178236bf2e6ecb9a8bd4a7e16fbbc9ab6eb1d32adaadab81aa517b865199588021fa248035a6661dd4

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
65KB

MD5
ee5bd16ba32cc043871d2d836081442f

SHA1
45eaf7535add2104e1266b12505cfa66c375b5b2

SHA256
375e0b19396e79d4a3d62a856a1ee5acd3402f529d7594f9d5856a2478db85fa

SHA512
3d9da772976b06a1503e106c01bed18ed3d3cfb006efe46eff5abf48666b90c9c063e994e6fa7e28470220fd82580cb737bd2c73d8117d1f8a13138b59e80f58

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
54KB

MD5
de5fab2b1bec3284534bd7787e9cb890

SHA1
653f1197abaeaa6f5b09b3f81a1a2427237542e1

SHA256
9cc34d01720e9f75d8ec6838585283b04f6cbe4c96fa830e34fc3eb2e998d887

SHA512
efc33706604ea961f27160e352ac450b37dae6973fb32ed77b2cc6b1d8534311ae471c9fa093eabf2785ce3335a2f8f73f7c79d06ca0830dad431ad4f6b68f17

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
51KB

MD5
9a839756a6c4c83f82c538c05e32e6d3

SHA1
ee2cccfb584e9fbf791de7a389c9b6d824764afe

SHA256
fcd621909ebde40bc87321290803f9d1261e43c89540fa803fc8f77b7eb19984

SHA512
186b794656d7fdc51e7f9e8c31b7033b0f48feb35722a3ee2dce3b37ea52e3559e0aa6d6a0f584c3a20a30fd15c528e1286804b0a3b532968624aa9857d1c600

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
58KB

MD5
9e7d3382b8bf4c0da0594bc0c97f3e63

SHA1
3a3d444abc40683ead65afce2d8e138a9ed08042

SHA256
bc25aeaf629296e15aed7bc41125088a8ed23ca8efd6dcb0a2dd496215f337f6

SHA512
ae9c19a9221b1a26690b20cb739d28afada69b54674ce0b4b1514f40135341c1a798ac3dfa319ec81a19b2f279c6aef58f02b3bd77cc657c6005fc0dbdfeeb4b

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
55KB

MD5
fc94ca3c536497d14a7a50bf9a41ff4a

SHA1
000915265f39e132ea0d0d93dd21030f3e50d69a

SHA256
7ca1d7bb3b4e4b32eb53584655787117c586721a9274a03e137be6f17bf512fe

SHA512
47a4f93695ea149a06629d1794462e222ba59fee3be21ea238b78ea8a89efa7379a03f612b479d52af257ad1d3ff656314da693428008db4bed5e42e9b43d5d3

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
57KB

MD5
3fcd3c062264f0a28baa18ce2e0fb497

SHA1
6ac0e1879e49c5d32176cb49a893898555aa3061

SHA256
9c66f541921c1bb975f2e328733bac1d31682ba6a890e2213bd3944aad34cc39

SHA512
43682cf75b4b4d1049971d49774c92339fbf223922da7def6a044abe9bbb531426b583c6796a2f029bb0cb4c87df0c00d9820078ec993e43312070ede6a4412d

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
62KB

MD5
3c8e9a79896c5108fac37fa6119977ce

SHA1
c42625e46cd2227b9cd0a78a9a50e945eda9561f

SHA256
eb7f43f2e777c0febf25ed4f63c3f090576ce4d330d6b3a1dbb6240afd9763ee

SHA512
fe108032810ff59957488394eb9d0c0c733516bb20ab0b2139ea414ee97b0cf439f23eb890177cf38acfe6e31c94023b966dde92dd230e1830cd95a104c37a1d

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
55KB

MD5
77efb7a403d7855d31a26721faa141cb

SHA1
a38b97a5027bde5312b35178aa40b160ad99d22f

SHA256
149f95446f5688c8da539289e47c2e49a5d59bc250c44cb8f80de65cd59b305d

SHA512
578a78444ff83aad7827aaae2333c6248be58c791ba3b411b1934448707cedc29b36fb3884bf3ee0c09b813aa800d09f33eee73788130c9e65e1b41094703601

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
55KB

MD5
9ef9a53dbdf965d231f70feaa8d4eee0

SHA1
3dc69543dbaab22442d270c2e0e6b7f68bed9851

SHA256
069b5d0e4d518900343506db9392b831e1384efb21335865acf8d77637955a10

SHA512
8c49062a419580cdac3c92e8715787874685a0a0b04a0e15b13d1c4daac1a5f7b22879ea0413a50a9fd7087858ffbd932cd995f5dae47078f9da423801fb1eca

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
54KB

MD5
7e3c9d3c55ddc0c4ebb346b4cc516ca3

SHA1
b2e6650df9629f7586f53121cbb3c7765faf5d99

SHA256
17ab3c9c315cddf6620cc83dc4f6b10dc1cf93a01426dcd782f5eecfe8f13a29

SHA512
03c18fdaceda65733a9d370a59caa8c74a9be6b2f52123c00f576dd9bcb8a38b0c8fd251d3928d2226faae16543e5b70684282598581b85c2c9f5d9dad96eb87

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
55KB

MD5
340774eff00cd23392de55dbba690f4e

SHA1
17c5663c41a2b339d1c515e46e0317e08c8fa496

SHA256
fade78e7da3e10232f163fe3a4b7bde7938e4a9ec9d897e158dfd50bf5ff86d4

SHA512
ff1f57393be9a10a665e70f3fa92c6d2580b265b414e2eeb285eb14c5cf5eff0057b12b17cc5a5fe66483cfc42491395ab2cdeeec766085f34f2033ddb4ab378

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
66KB

MD5
3df18c86baa673a239c38f28f0016a22

SHA1
e5347209b20be8ee49b717cf5934bfe8151c42cc

SHA256
4f3b5d60b801bfa1580ec87e3842430861397a02b01276f4c9e702097fb13885

SHA512
e9ab67160065882c2e0b77c4e4eac8f2bd80810959224fedcf09bd4154ffcd72a1d2dd5aba4414537f85a4b46c885098d227c4ddeffe680ba88081df7a0e3061

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
57KB

MD5
7861b8ab8435824ccfe70f03b38d18b5

SHA1
9b2619e266cfe6e409375e66e79a6782188ad791

SHA256
e5de7187fc1072e7ce68b1be2f790a0fb887a9e0c822ae219dda61e6a9bc6ce8

SHA512
d4d6cfe832dd2535a9f6758b7fe2765f85287008cf2cd70202580bca4b664f643938b83b1aba3ce072b8d9f117bb42eb9bf6e7664cf5d0a04d57852091af36e9

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
a1e5796fc810ca4a018ed1bd11f653e6

SHA1
f364407a78db98ffc2c2c321ff42b3fc121249a1

SHA256
9222a9e46b6858e7adeb923089799ef7663eece1da7bcbd67f8a07c7b3b7ae51

SHA512
afba0217c4d07f9c794e4cf172416ec615ed13d107dc4045ffc132b219111762b50ecee5a5082f8eef4955b45d182ca18be46a73c9a230e5d704f3c229c91751

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
66KB

MD5
0fee47a6a9d86c173e02bbd7c782522b

SHA1
33b3a5e33105452832e14ec6db55e49a8477e2de

SHA256
db1e394607adede1cf2ca7b72c977dda40ffcfddccb87181ef924da5be9e31ff

SHA512
c2f348baf97dbaa26a9fef8412d1cf824be854a0fedee8c7900ec4c3380bc04409521bf8ba8dc3fce4ab8a2bd19ba49c443b2bdcb5eaf8aace9cbf077893fdce

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
57KB

MD5
777c1183bc187d8957e300c5054a0524

SHA1
f55b0985dc0c5b95d79e30ac6591ef2a19cad889

SHA256
5af5e58f04bbf0ef3b69718ea6e554dee79b5c7b5b1d8fc6a0cf0dcd3815f670

SHA512
605e51b393b8376294c0a91c27fafa159f77f7d647119becaeb9e2053d1bad74541bdd6ffe2f3bd9fbd4476f6dbd37729cd8543aac8a9bc6641641917c21ce63

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
46KB

MD5
0e524dba98077ba4893f6f1a8baa1538

SHA1
97ea21db6320741c3332c20d808101fcfda2d8b5

SHA256
a2f44146d766c420a453b88b51232b96bfcad8135634ad10019be9e272c72c4e

SHA512
d6f04f38f8f973da1ccba7d141e3506f895d5f670176fb304347d382f1e414bc8e9b316e272ba0fa2458a34042627644b39054bff32f28a64ab31ccc613f846a

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
62KB

MD5
90717b50f6b190c7418fa8b9ab567908

SHA1
9adacde2743700219145b9adfe09c8a7a66d9751

SHA256
48f14ac571c58aa21bf920684ae98636548c00054083ff2f03c8465b0b0063c2

SHA512
a5df9218ae1392912b8a079c0abd3630132b5b51c73ebfbedcdb3a72702947ee5d7205839bb13393943784c6c6feabab8245f97ad5dedc8afaf74dece50ae967

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
57KB

MD5
14409e1082622a51c1ee56938ab7ef7c

SHA1
aa1ee7ff0fb0026e50f504ccbab9f4ab16712df2

SHA256
0632332f6e05fd3f10e1061b349032b2113ce4f6fe3f1bbf19664caca706d14d

SHA512
f39a80601cb846a2439f049c2fec2a64e4f94cfe1d66c243f7252314d9d63ec9e165f8edb1dc225b517dffa08bceeae3839c8aa9b0eb445f68191376e6d49f4b

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
58KB

MD5
4b63de78c010beea2294183c0906298c

SHA1
4bfa8dfc0de0ae6079255f80129f9995efb0006b

SHA256
51a1588c370873677d43738c471aeab079689cfc05d60d87915c2659b58913cf

SHA512
02c00a3564fa21e785497fa2678def8f3e95e79961dd4766b48817ef2392bd9c26327eb79f1a2d606974cfe06f7194c3c02848286f76d49e2388a0addc973997

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
313c50ff04d6c6859ccb3d380726a368

SHA1
5eefc5d073d45a56027352edd058406c96f0f2c4

SHA256
273c84ce2f702b80528f99b963a18d7fe0d401032230dbc0ba62688c2b4cfd46

SHA512
ee6ef90ebd3686d64747777ecc44da9933003a6a94fb3fca5a81f987ee8652afcb6b486c263854b8885fd51c00e1e4480fce8cdf2f681d6b62da0d7ae971afd2

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
373d6080e97814c8124a305041dc0bb4

SHA1
e022f7a3a4cb62541bb547183dda6cc97ad8f05d

SHA256
346eae57e0cddb0cec3274968c6bf9d880a72c8ed10285f7173051afed4ca0b4

SHA512
8f95e253281e103db8944fe98ab7110ace7e76699561c1877a7f619515b17373ad2e1c269832c0e6607b9fb52e0d99471016d57c8854811bc93f83347585b7d2

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
60KB

MD5
9702431c6225e4fb12aae12f26d4666a

SHA1
7fdea1d21c6c3d006d67cbda0d64e758a9df08fd

SHA256
60cd6c393858df572e07cddae666a7cd3349ca0a8807ed6586dd5a9e5e5d2d89

SHA512
c4cb86f39af63ce322c4471cb42978b7ca1d0c6eee519de352d0a4e6ac0010d9da090527d0113d857c364daa80e92130b253e04e4ad343d30bc5a915c3f8c2db

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
66KB

MD5
8027c4e8a08f074bb93453c1e86c7bf6

SHA1
aa712115f6111273b1e82eaee52854d1c704eaba

SHA256
3b007d99448506081f2ed4ebd095ab60da951f44a54e72da91b18b61e4ce4fce

SHA512
8071f2704892246dc59d22e09f59132796850e0fa31dbf584c498a99836b3805f5a1c7fc8d916853b5e9f6347df43c279ac80170aa370ec5c039a470b828912d

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
54KB

MD5
8f70a2ef92f338a9e4087578991c4b7b

SHA1
681b01ecafa4f39387757ea7b752be9555da2393

SHA256
2cdd42050bd3346262f7c317148e4d2c8bee7de9053f6292cb1071c674f75cd4

SHA512
f1858c5657cec1d651576f322375aa69e6d2eca8497bd085a9fd6cdc4345cea2edb9ab80154702c22e587affdfec0482c5014284e5430bd8322c92b30af5dc8c

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
59KB

MD5
0060575ae16cd209aa39446d119afe22

SHA1
db0cb52e19c1a4e10711f3e740c07d88c8e9ba50

SHA256
25dc5daaf190ca321d083220cefab3bd601652c857378f3a95ab7c13d0a6c038

SHA512
e0b8b01aa36d2a2faa4a6c700d6763bc0da6de447d1b3f8b92eadef78494907c82747d3750b36d23d444fd17b925b34ef210c77a6b4474ee91820c06e46cc335

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
61KB

MD5
4ebe07e540f64f143b2ca78074753e78

SHA1
519afb3d1387aa292f5ef264da202f2dfa3a2bf2

SHA256
e3771e20b4f7c8a0f59147e2ecdf2d96c1d9801387bece509af7c1cb6cd65717

SHA512
c198b9aeb23f7a91806fedc032e38cc560d40ae40d9c34ef44f3cb271b687403c970262e0d206431779b79929992889b3310a1b6c0ef661468f858598998606f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
44KB

MD5
d58c897a512a64e3a1429540f4da24f7

SHA1
d5ae9192f4d19d2f0c9e5de4582a2369d23c1935

SHA256
da6589f62459b84e1db6a4086a4eb128ff112f58b2ae56e8fc7a8428ff78d034

SHA512
f93fcbd86ac3b8b743b9a2012b5d29478e5bd46776910cb660321dc862724debb24e4721e6ebc399c9b2b91b7c6449bd6403ee9da83f856873a5e86ca1787c83

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
61KB

MD5
dad2ae187c8b5ec151a71bdcfe84842a

SHA1
e815666d3541076c8c218a4d38ded252ac571dec

SHA256
9b990bb354c4e07fd48a89a355e9de419c5968f053213cfa930769aa76688fd5

SHA512
c41e38b3783d5499edc2e27ba1724dec4d0b2755123ec1f77c59795052b76b8ccde7f31279ee9a485ca94b422d5c4c5e67114bb28b1d1e576b976887bd090787

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
48KB

MD5
c3fae783762b2a775496b8f3bf755b02

SHA1
318e09364728f104d7f4ac675f75678c2e62ba8f

SHA256
37571906eeb472214de04c789c3535b49051681e4bc424d2cde43c68543930df

SHA512
affd4754a7e3320a317412b9b40b491892575c6ddadb3e0cb7abb6d87b750b7006a10fa3522560c8180a04522acff9b46f6cee2af71910157f4bc96e7e5529f6

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
48KB

MD5
d269ade1811edcaebece768317b5fa9e

SHA1
dc3a19a39a864d5945dc6897ac1b1ad8040c0f32

SHA256
957e4fbb3c45748b4f316ca394d5a03552696935c67a559f2b02dfc572eaed46

SHA512
1b0c9a9ba5bcbe00d0f818da8fadde065415a37c1209daa9e92a8366d43cfdbc48509a6e1d2902fcc149535849e03db10581ebab9a701fa17b53a3ce7168c9fa

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
57KB

MD5
de3d351c491b4847d1f68924760f3acd

SHA1
0dd31569ac9ac5c70533084c7218a77b0af73306

SHA256
cdc6ff5c5da79090cb0f263f0da00252e22f0f2423b73b37fa36c46085af4687

SHA512
5d12f4884f1f267a2c879a354183f5b6469c0b5555a9e75238c2ad47e39bebbc3c6b8eee1d1d7f845efad8ffee5541b6ef97df3a11ef7953102583346a06cc1a

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
68KB

MD5
3028592a9fa1af3ace702cab2fb0ae30

SHA1
aa31b74290c955cc9d7a76569d89529763ad4fbe

SHA256
8269bc8a8228b5ec6725135e12ca14c958d499fa3428d42e921e6b71eed7a0e2

SHA512
a80b1d318226ee892e2a7f4c58f1d9ac816741d640fbc06724dae00552465ba839c09b4c7a6ceec520e6f891a0855f7b4e57fb5d96e1728f2a1bfb63ac1a393e

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
67KB

MD5
648a80c821661c52e217c262838bd6f9

SHA1
c401523c9f37c2f68baa2468f664e26c58c3db83

SHA256
eaa875ccecce01f031fb01942e263c25ab6b9f16b3f575cb0489c5e2d4c67194

SHA512
736169c131d10abc2454c5a69ea89cf8f53324bd71ef7a06a1c4f45ff29da104bbae0d6c5a18cbc57c550d8b9392ceda706bd7260504aac2466ee664a9f33455

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
56KB

MD5
f88b4f060f3ffa062edafbe65981b2f3

SHA1
0feea15cc27b7e3d6cfbb4d81168a2d826ac2c05

SHA256
bdeda9b866af2337ab3c8690a78c02cc769ec9b3e8a731553e8a284fa12dc551

SHA512
27573aacdd58a9dffd68969cd3376e875e080d8efcd0cca4c87fbf8a3a6d56168a548a37b6f206ac66226dd49597c9d772d3995e02a6cf19710d9266c88c11a9

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
54KB

MD5
6210b260a2027fac9208a83efd7929a6

SHA1
2b1c9c72843c7af51d58725fe87b33ae6a7e6ea1

SHA256
9c5da055d77c51df4cf8716736362509aa1772cc6a087e5630aa27b7c1b299b1

SHA512
4622acdd0ea702efda48bd92ad6afb6f9cbe7c2f9b3de3423a552f11a8bcb1861fd4d8412bf6ea58633ea0f986ba558d8295d46b5241ea6dd9146f6ab3524353

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
62KB

MD5
aa097ae9e1c8b7c229b8840bcdc9e837

SHA1
162fc1309d2d62e357c9b9d0434fd2c23f69be5d

SHA256
626e144b97179b04b34606759bf013b1ce91f67802a8bfafe796ee62a1c37a27

SHA512
ffb7f811ce10e6bf04523e7709797838055a5c636318a9638f42b9b8b2d7d4fdb422e3926b6c2b933f2095e834e9bf9a20e267f293d39c06a533961d7ed6baf6

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
58KB

MD5
4a0f50d9cbfee95a73bb40c66c7e6b36

SHA1
811a0f6d74d4ed4714aed86a57669f9b60c113f9

SHA256
1365a3941b4271c8271b8a6dff7f7ab2bf50bc102cd0568d6aaf7f49f14454ac

SHA512
d9679dad789c4c8fd27e249d789e073d7a629af5b3af9913f60a06d15baad28a893d77416200d910d8d0418796828a92518789dbec545a84754212bc3513d090

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
54KB

MD5
9071b9a9b37f181fa4e157b8adb3e13d

SHA1
99212ca6ec11ea4445ad9d6253a69b73148407d1

SHA256
df351992877ed86175abe6170245e6c5c35099773cf25ab171b40a9c8526186d

SHA512
97b1232d7fd2f6f71a9a0ac92ca84ca0d6602c1adb997348c9c7ba0f175cf09008503f0ca0fe484f8e46e5a603f0f549253bb478e5742629b08834f5baaaae29

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp

Filesize
61KB

MD5
9ce3a7d4b0a01034130571bac9136b01

SHA1
3be43ad12305c6b9b7cee262e0eb6d2b42dd2bff

SHA256
4332620c2bdd406fc27b89a9c651edfe4d4d1bbffb8d9b09831c728104744487

SHA512
7061d392d54d8f87457f871b5138db74dbcbb773bd3c3f667f11c7f382fba5f773a99013211d0440286961f4734a518eb19be5677f371da5909dd2ed23598704

Download Submit
C:\Users\Admin\AppData\Local\Temp\_README.md.exe

Filesize
48KB

MD5
1a57fc48c9e269bcd5b1afdb195c7f36

SHA1
85a6550d92c4e2157a578eb31e306ae0716a6d00

SHA256
8d96813c7614e5d86721b3ddd87c3f9ea5f3587eeb90dfd20f290e6ed80f72cb

SHA512
3eb3594e3b738d721e8470e7b869e306ef5f799843dc1dc85f8a06ebfead9e43f9d5a9f31fb9df276b8f265c4cb7c9214a1471958a3214544f22b44013621c79

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
46KB

MD5
dca1974132c29d080cbe7cf1db3b2f63

SHA1
06cb29e1239a37769ce87632781ec063e721b6a1

SHA256
450519a03b273bcafff22ab25502e73bce9626f1d1291a1d0f2edfd1dfe5fb13

SHA512
f29c23dc094091c0e0a8c84ca682972c752e89ca374f3cea4bca7f7f7184b66fe4dc7ffc36e1e448c10bd695c4ac15d34bc83353076d1551510e5fdd3526e3f5

Download Submit
memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4264-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download