Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 19:32

General

  • Target

    23078f063fe68966b5a6f96ed524c365d7fc07b123551b01ab702470af9de433.exe

  • Size

    126KB

  • MD5

    536a78ad6a35923354c9baa5e4f57a8c

  • SHA1

    c9563812fb0ed50eac805c6e8c586e47749af355

  • SHA256

    23078f063fe68966b5a6f96ed524c365d7fc07b123551b01ab702470af9de433

  • SHA512

    92a919f2e69309a91cd9eee00a70291ecafdee177ec3bc63c52f2650d46a5be3865990e55f527973b392ff9e0e8908a1fd93019abefb08076bcafab06c2f8298

  • SSDEEP

    1536:W7ZNLpApCZuvIYXJSpXeXr7ZNLpApCZuvIYXJSpXeXz:6NLWpCZLYZSpu5NLWpCZLYZSpuj

Score
9/10

Malware Config

Signatures

  • Renames multiple (5073) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23078f063fe68966b5a6f96ed524c365d7fc07b123551b01ab702470af9de433.exe
    "C:\Users\Admin\AppData\Local\Temp\23078f063fe68966b5a6f96ed524c365d7fc07b123551b01ab702470af9de433.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Users\Admin\AppData\Local\Temp\_MicrosoftLync2013Win32.xml.exe
      "_MicrosoftLync2013Win32.xml.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4068
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.exe

    Filesize

    66KB

    MD5

    025a7a4e488f78ddf043278d2c7dbf40

    SHA1

    8e73e60dfc1c19c01f972a12521d5e22d2ec35a2

    SHA256

    74d8bab25fdb4ed2956c0d9e44232ccff41af802dcf9a34b4dbf5507c6753b7d

    SHA512

    4d524d66f7d8f442e7b710e4b133b292b2302342ab59111ddc6b8bb1b37d3fadccb1009203b4c85491ea64250e1683502171faf6151b494c59fae674a04943c5

  • C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.exe.tmp

    Filesize

    127KB

    MD5

    a747b14a3a498b9243fc12b2f0c41c91

    SHA1

    3402e8143ea2d9c69e697fb641baa9dc4aa043a5

    SHA256

    cb24420f41e186ea9d2beeb0c9a184f466f2614c508841145b50a3dca64acc8d

    SHA512

    f6722426676b22501a1c88ba422e68c30bd369385373fe9d7e7ce15c19399a1060404e50ec0ff31be8fbaef6e5821c207c54d2393b0617135ba2231550ef2c8d

  • C:\Program Files\7-Zip\7-zip.chm.exe

    Filesize

    178KB

    MD5

    899dd32b023074c87f1ed16a7c141ba3

    SHA1

    1c125f116a4029376de40e2914fb38ae343404f1

    SHA256

    ff1b9439f689da21baa532b64b5c0f8d2568be922b06d278bb4aa466d37f8eaf

    SHA512

    a4ca1d3a8387390d84c9ddfff73745ac9fd5a8131b72e8429582c0c78602253a7df47546667a628023c4ca049803655eb481075afe2007c03bcc349a068e5b7f

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    165KB

    MD5

    472b7df8bd5773c80a05a924af9438c8

    SHA1

    a90a7f460ea97b3c3e2c5df19320a94c2a9f991a

    SHA256

    f178055c771da7f754361efda3682093160cac1fccb6e99a241b910f1db657c3

    SHA512

    7bae55f4acf4164c0524d5f4d0acb01d8bf92363152923e1ec87c98ef2e6d9b1bae0b0420cbc834eb4c768f58a19d53c25e9bc9cae32eed77d072ddeecdc935e

  • C:\Program Files\7-Zip\7-zip32.dll.tmp

    Filesize

    131KB

    MD5

    b7d7ec342ae9c0ac0f337a1964eaa141

    SHA1

    1b2b5e98f1a5fa830c7807a548361facde097e2c

    SHA256

    32ada611e136bb6f34f2aa75ae60a3665ae72fa1ecd1d92dd541a5f966008d23

    SHA512

    a2a67f9f70e1d4e030fc9fd6de88ad59c18980a751c60458df82c92b8c165dea56ebf206a9e68e23ac006e52cd5619d201a08a776561395c5ded2a28e4659bf5

  • C:\Program Files\7-Zip\7z.dll.tmp

    Filesize

    1.8MB

    MD5

    2869f8cfee0493eb56a1db83a567133c

    SHA1

    903b28d15a3b535bcea9cf58ab1c4ff293950537

    SHA256

    82556ae6b6b3a40dd2b3e5bdba34c948980f6301b951c58d444d0885e953524b

    SHA512

    00abb047defcdf1e927de986866e71fb1b59ed7263126666f453af4ef7ec79af452f1bd5e71269963cccbf1ea90a911d44c6e003dd09873dd9ad1e805110022a

  • C:\Program Files\7-Zip\7z.exe.tmp

    Filesize

    610KB

    MD5

    3d46a2f5e0e5b99d087fa7884caee46b

    SHA1

    6cf5d90fe8ebf1c6292d0652b53688e63ae1f369

    SHA256

    09f88f41e91c185558f2c6486f24dbbb77bc74653777457af17c0c0c0f173e82

    SHA512

    5af56fb74dc5102b7092729d1d950e3e2ac9134c0dbbec9283ff3915c22bfcd892c7affafe658edfe2a0adf1fe593c35c189e61fbf8df879445c83ea5e413ae9

  • C:\Program Files\7-Zip\7z.sfx.tmp

    Filesize

    275KB

    MD5

    253a89ccc2dfe3cd17348379b2c5a660

    SHA1

    b5613d98f5a253ec71e95e92f4ae418a4cedb1a8

    SHA256

    5ee4f74d501780f45d6f37306d31a3c7dde528c10dcc01eee1cecc392fc435a8

    SHA512

    28cad09b90f9114ba3b44891d5b33122c9339d944370614b867629fbac3039055e3d6f100e326bb659f72f51c3fe7141f54a9cde1d1f6a4e8ecc2f798bf26bf2

  • C:\Program Files\7-Zip\7zFM.exe.tmp

    Filesize

    996KB

    MD5

    828dbb7d8a0a77c13ca2c692f964d7a2

    SHA1

    10fa7696cd7355d74e30120e39e21fb71b837b4e

    SHA256

    df213003d3b69357046810725bb07d88aa2ff8cee80e4bfff445a8b167442017

    SHA512

    d90a051667f910508cc876e1d11d3f5eac8425860d96a2e13658fc4258c3b7d7303ae0892d4b58c1154dd4d393bd5dcb6d8c8fec183cb998bdf19a341a987cf4

  • C:\Program Files\7-Zip\7zG.exe.tmp

    Filesize

    750KB

    MD5

    217fde0f9a73743b0b49fb5b0643f29e

    SHA1

    f8977854fdee317ac3c460960587c4ea548d6df2

    SHA256

    914f25ab23a9e9a587dcdd0fcaa064f3f15a4ebfded53483fbdb977ee4f57963

    SHA512

    b79d458a01bd7b6f0886b8f27abf09ccfbe55e1b701e019b0babbe4f05e0bb9d9b65ecb78ae23870de8d789349a41365ac39d417c8e46f089107de1aa3a271d2

  • C:\Program Files\7-Zip\History.txt.tmp

    Filesize

    66KB

    MD5

    b0409dd53d5c25092df7495266fdc72a

    SHA1

    8ebc7d983d22cc3194a2f52785f007f81a805751

    SHA256

    1662f042bd5545cb04140350dfbb64c6326cff9782d9de57a9ef6ced5f573ede

    SHA512

    0a9b422a0dbbed4d0d5e0ed9d2a8fa6486fab93895bb2489287a4412bbb870fc6023f261560c16c60a308c1900287f9557c34bd6ff7de76748250371391185bd

  • C:\Program Files\7-Zip\Lang\af.txt.exe

    Filesize

    70KB

    MD5

    d917ce3642da12a3e41f632227eccf0c

    SHA1

    89ccbb43c16308435e0ece6f32d2d29a84612aaf

    SHA256

    1bf4ba7bb7eaa86a4074e968ec6e2fabd7fa863b0d04253ab5fc261ff64f77c7

    SHA512

    a6387351db87ee6236ed0c812a439561e96babcf2763d421f4c41365e1b115483d8236b4a6502ce496ec2f62dbb14edda713b9529afcd2828c0d5adba74e049d

  • C:\Program Files\7-Zip\Lang\an.txt.exe

    Filesize

    68KB

    MD5

    fd469fe35c02466e2021aa876ca9a956

    SHA1

    14384c26c394b8ca6fa3769ea43ec7fc0be5f91e

    SHA256

    45536c12727b96b8de11e638255aad4717167b8059da3867a345da1c2f2a170e

    SHA512

    343ec90c74391c55997dba39f56e98ab3b2ae3475ff6d90fe9f71c1cc382db6b8bb60a365d30aa8f504f009a8365f9aac72bba636237f6883776b8b48171ba0e

  • C:\Program Files\7-Zip\Lang\bn.txt.tmp

    Filesize

    80KB

    MD5

    db5135ef2a65648e16035fdbd2edb88e

    SHA1

    525b0088603d15da3178a39cf3cfb171056c3dbf

    SHA256

    3e9d302b71235770e743bac01e12ec0d38fcdf0448bda9c3f1eb606b69e77f55

    SHA512

    8213581551b20775e263490f65f3ea258aa146288863b918283ba9ab94d5e140bd8c414ad743c1c13adfbd48a9d6a5a840e1f8b9cea1f5c7ef0e42ee8463b82d

  • C:\Program Files\7-Zip\Lang\br.txt.tmp

    Filesize

    66KB

    MD5

    702bfde9f6a5210b00aea99775a8088e

    SHA1

    976330008e2ac7cd19b0f0caeaee56b8cae689e7

    SHA256

    215c7f19bc2fdac3d2dd6d62e9eeb0b4c8695da8e240b620587ae055423f72b8

    SHA512

    7c544528c71cbcfbd08c712cad3795e704b4dc13b91fcd16896084fa4d01257eeefbd2619bdd16bab508dc8c982dafd13385f8222a08ff4361eda33b86b91f2e

  • C:\Program Files\7-Zip\Lang\ca.txt.tmp

    Filesize

    69KB

    MD5

    b98ddf3b711996c7526c8e74b34d9dae

    SHA1

    e9d37e103bee19e25e901ffaaf1d379aefd10d36

    SHA256

    4a0f3017e12b748213a2e14317839fb0edf0116c0bf00aa809fc2a3aee5b5226

    SHA512

    91dc1bc91b3c863dabb606150972a790c8d8cc521bc482b60b6120b22f8b97d6e7caeb16e4d38ea8202fae7349d2f87fab64b6181dedf36ccac313a6c6ba092c

  • C:\Program Files\7-Zip\Lang\cs.txt.tmp

    Filesize

    75KB

    MD5

    bb071d38dc3eb1e7fac965ed57cd1dc5

    SHA1

    7417204c0ca2099d5aa4b3a0d4cf176f0670d7f8

    SHA256

    7d09bc2aeea119898499bd784085e815edb2d629395b6501bf9da72eb8295fd5

    SHA512

    49b04838126aa5f2df31c06ad6dfb9371f4ba3e09f1fbc75b68113d82cb7e8d51dc0264e6e49415067a028ce4523453744807cc106f73c3d44309a2694d23518

  • C:\Program Files\7-Zip\Lang\el.txt.tmp

    Filesize

    77KB

    MD5

    09b5a10cb1d32c22c2ece8898b8c9c77

    SHA1

    fe15c9a18df87cde167715a813d1cc4e3e5bdfa9

    SHA256

    d368eec9e78c9d2e937dcf2b06094fc2bb4c6d38ee9dd4cee2bb3bcb7dfd9373

    SHA512

    435d8b25bac6e36be38868082457c034cf1b72964d67db2b1edb1f8cc759dd6fb46dafa7dbc768c1a137c010a52e8503ebdd1238f1db0855c571f26b0a698c94

  • C:\Program Files\7-Zip\Lang\eo.txt.tmp

    Filesize

    71KB

    MD5

    c073015fd00f4331d3c5a434bce7379f

    SHA1

    1e4b5f4f99d9456cec287c15587191c93e5bfe23

    SHA256

    7ba8355ccf05aaf638e6dd74768ee37c01a7cc8d2a77e1d79fdaff26c7b9daf6

    SHA512

    eacda35866a38537fa68e6c0b4d8b7a33ea61bef6845cf191ed463cdf2ea24a3bddf519aaf5429c36ee39c82ff2725c1ba01da23bbf91ce016290fc3c0a231f2

  • C:\Program Files\7-Zip\Lang\eu.txt.tmp

    Filesize

    74KB

    MD5

    d8c765327d8ae6f4f476f8121fb7e309

    SHA1

    47dc49dabd2b8f40a78b101b95dfdd6c8187b6d9

    SHA256

    74c2c37e981aebf2263126d432c1e7c9408cf14cdc9da0f2d022b565a64d5241

    SHA512

    c802b6ddcb4980603001edb2eed31ad54a81d58b240270e8118c6575017fda18912698143239c82d678a5c1a74b917b535e86a358d0718ced3c3b4f04e0000f7

  • C:\Program Files\7-Zip\Lang\fr.txt.tmp

    Filesize

    75KB

    MD5

    41289d5a904c44c7c60ea9f2c595d44c

    SHA1

    e4a6c11af14b78a289ecab69a84214bbc1941c0a

    SHA256

    6c30e6a4114da309273cf1b1acbccc2bc9c1eaccc725b6959946a799763b2690

    SHA512

    d655f194ef2ecc413dc404ccd6d22bc77bc7cbca261e65d7c1dca0f1b3779adfe9b98da985a8aa072987fa854d5ac6ac501efd9ab9469b30a0b9b8e7e4f82b16

  • C:\Program Files\7-Zip\Lang\fur.txt.tmp

    Filesize

    60KB

    MD5

    e829273ca6964ea12f4c4d23324733b1

    SHA1

    5da442f0d4dc3f3ba958b2352f3802fa7bcdcb70

    SHA256

    0172bb62f598c136e7ba02b693991133d7f753dec1bb343e561d169b8092142d

    SHA512

    b0499449baae6a1936aae767113a41bd6c5e33e09dcb34156bccda4d5d4fe0ae885d0fe0c160f42fe6176241a28bd0c77aa4b335556f63804a5e916f513ee46e

  • C:\Program Files\7-Zip\Lang\fy.txt.tmp

    Filesize

    66KB

    MD5

    f127b27b634702c616cc916a2fdf2b86

    SHA1

    60ef7ff203c5126ca386aff24c467e69b34e650b

    SHA256

    58b24f0de98062f80abd9145e989e45ef72657f90bf44fa7d20229d715400a88

    SHA512

    0cc5c1de9a38f1b02bbe3a13a2cf1c3814b35dc48e8358feac836781b67bc8507ec9628991dae365e92f2003e3e32370afb00c23ce66bdae97c10e2d751ca893

  • C:\Program Files\7-Zip\Lang\ga.txt.tmp

    Filesize

    66KB

    MD5

    f9b6b2bf8ec2b06ffed43d7aa24f3a7a

    SHA1

    787020ebe3a590126675271d1eca8f267080aa1f

    SHA256

    d2084bd6a75961717acbeb138b51d6c6df0c32842ecbd565ad62c06a9fdaeca6

    SHA512

    b4a9a91d4d14068ce0c2f067657560cea313f8cf6c190151ffb29c492ef8bac80bec63e244b609f31f1bb92144558d2a4346dc1d8e523fa04ed07fc130dc43b0

  • C:\Program Files\7-Zip\Lang\gu.txt.tmp

    Filesize

    77KB

    MD5

    106e9513badbd4bf139c588b713174ed

    SHA1

    d9035ffc9c1c3e0cfef3e43a0ae5bdf55d89e0d5

    SHA256

    d890f30630c1b6c45fe05e7af6e36061ac82cbe88e00f1635e778b7a9a36a970

    SHA512

    f96331afa4e53a76bee5f18c4f6321f7dac0a85f71cdafa8216280d9a7804402339e97073f403ae4d73f17ba3f4747dd47ee0d764825c6528f99db423a28b6f8

  • C:\Program Files\7-Zip\Lang\hr.txt.tmp

    Filesize

    74KB

    MD5

    cd2832864b7544e27c14cade5474e80a

    SHA1

    d055b4734fd9303bcfb8a011f386eae4d54e32dd

    SHA256

    6ef8cc4743fd18bf0a8dc9c7a7249ae80c193e8918d152209f147dd874f4af59

    SHA512

    7535682463cd37d760eafd01d12711ffef09df2fc5b1af875c8905b5945c0367948f8ae3d8acbe283a6925d4331030a1e0ae268f95ce8bcaf628a4708a48c178

  • C:\Program Files\7-Zip\Lang\hu.txt.tmp

    Filesize

    70KB

    MD5

    8ba9726ef2f602c50a111ceb2e9265dc

    SHA1

    d6452dc9c82ae96c652baed1852881aee5ae644c

    SHA256

    4d2beabaa056baa9164971b85a2cdec39f205375ce4b237c25dbd8b09ddd34e1

    SHA512

    ff597844d02659ec8b0f9937b9b7bfa0df7cb79300fa68b166193b673ffba34cf734cdbcb66c6008dc98996c783c386d2f4f432c0cc676278c460efc302331fa

  • C:\Program Files\7-Zip\Lang\hy.txt.tmp

    Filesize

    66KB

    MD5

    80b3c854fd33498ba1d36755189bc059

    SHA1

    5484ccc70b2012eed4b900a0409050eb9f86cdfb

    SHA256

    3b578032610218e631411ce2c1f859ddbee5641e374cad968ccb3cf89508f07a

    SHA512

    08329f0cf52ca014862ad5ee75d6ff65a6ca08d1ebd0fa45ef827111429ae35ba5cf6f9776c5591e8fd5399f5a4115896d6cc2ae7d5978f81714526bc8d55f8a

  • C:\Program Files\7-Zip\Lang\is.txt.tmp

    Filesize

    69KB

    MD5

    9f1c06c13fa1c800f0197a03c168e26e

    SHA1

    27ba0ba90362f7080834be33a46612310a1de9f6

    SHA256

    fe5120050122bfefac584db0f21835f541b9f8299b8258619ddf3395484542ee

    SHA512

    2ec2d2edf383d072d13e917117bfb8c536f21e4856f1378738f79897a1139432916422b7246b4777d217b202ea205c64bf67de3162ff044f085a9ea76e9248ce

  • C:\Program Files\7-Zip\Lang\it.txt.tmp

    Filesize

    70KB

    MD5

    7c0e99321a73ef123f19f45726602512

    SHA1

    0c0dd84ffc6322b48c4757b3468a068d2e274dc8

    SHA256

    b2ccd691f43bcb390d69eadf67439f46b829d17b0a23999c24b6338ac55eeb74

    SHA512

    0d4f6d3dd30bb15039f85a195267ab08106c03c94af6c82be373e5e0d71ad7d7f84de1ddc193236d6df5e1b16b7bcbbd34c84827600d6a5094fd293b599403b1

  • C:\Program Files\7-Zip\Lang\ja.txt.tmp

    Filesize

    72KB

    MD5

    e423712aabc826bf17054bde9c223260

    SHA1

    6b54a840b38f969a131816b583c4696b3fe83c30

    SHA256

    e537963d30bf52e416990adde46130c53acd483bc359cabbec38f086de3931d1

    SHA512

    38ee9228b4928cf9ddf94208622c003f7d0e542fdbc43e120248fb75c5322c26167bcb1d5907ec476dfffb6831bc38db8b7b1c45e688fd096bab6ebcf43d54d9

  • C:\Program Files\7-Zip\Lang\ka.txt.tmp

    Filesize

    84KB

    MD5

    7295924346ef7b31730af1de01ee5ec5

    SHA1

    d92432f314b89e90235647d82223dae10834c105

    SHA256

    69ef9984c7bb6a0dd53a75d7fa7dc019d688a89cd1c08eeb2c47e44f2ba7c865

    SHA512

    35a9f98bb940cf2da1f0ff6f2ac8a130192abf58e02f91b36979b4e9145a760edb4829a52fc24315c9888581f279a142aa32f5e42ed2463bb371ae05033c1056

  • C:\Program Files\7-Zip\Lang\kaa.txt.tmp

    Filesize

    68KB

    MD5

    a0b41d4b4f20088ad77619c523e839ea

    SHA1

    7127a9ee97665f12e7968a91fc92f6b5ab7fb217

    SHA256

    fcd69a95482e5f826644b7a6f7386da4955b657e9873f2a6523eddd0a5f6bc76

    SHA512

    411662dd9e49380813992c3a723b6885c06c142ddc591a9578d5704c26bbce1c193f1992adc32230d7047066d5ab617ccce9db238b60a4c5b7519de8130b17f5

  • C:\Program Files\7-Zip\Lang\kab.txt.tmp

    Filesize

    74KB

    MD5

    b2e1db7129d427e042c2d509908420e2

    SHA1

    ce264f69fec42b68c2185d6fae51d566a643ec2b

    SHA256

    8cf7f35e915364197022d4dfc9afc7d82e417782026d8ec858ee0e6ee08d472b

    SHA512

    16ef3d26d0eccc6d3dec5d706cd49c74530105d83d8bf0499c51083fa05fe1e3c67d1e1ef579d2f5e1c621a03327b9deba6b9a5ab11ce28c169e823af4fbcf18

  • C:\Program Files\7-Zip\Lang\kab.txt.tmp

    Filesize

    74KB

    MD5

    489083107c8ea2c99f67619ec629c2b0

    SHA1

    9554e39e21738b2c2b073f7fda032a13d02397e4

    SHA256

    d45e1f1bbfd6c25641add26d6667ed2cd15f638a2f2c5bfc94e00a3aa0ee3779

    SHA512

    b997c71549a16ea2659ebd14acc22c765655c9f7aca63a564232b2fdc669ae0c27f39c50487051d6260d95c85e0814d2a0685e9ce510b0887360fff35a3e6d88

  • C:\Program Files\7-Zip\Lang\kk.txt.tmp

    Filesize

    76KB

    MD5

    8d8099a9d772b41d844edbd4f88ba0ea

    SHA1

    8b2c3cb224e60ce4429d525349dc699081d40628

    SHA256

    fc6f57147704c22f3c1a3b40570c4c233afe4a9be7fbc3bd0c20fd8f0c84829c

    SHA512

    25e579cfd21a6b98c89da07f2e2b969e3253e70c3d2abf451a5e638b464992f2d21dfbb8aa6280fc7f09581bceb80b60acb07303feb27ac33ed44c9296abdc4d

  • C:\Program Files\7-Zip\Lang\ko.txt.tmp

    Filesize

    70KB

    MD5

    7c2a4aef0c3d4fa5a2614b3649bce37c

    SHA1

    d155136e482285848754de05e44c3fab0e2ce773

    SHA256

    d432d0baf2ee129e465d0739a024a7163f8e33cc65b9778b43c256037d7c7295

    SHA512

    def968fbb2055090566fe47d7ef7bab50079136f5a1a7b5eeb7a15f4bf1f6a293fb4beb50f49ad792b0a6819069a2d9bdbb1bb1b846189837a8d187a9a06f6f8

  • C:\Program Files\7-Zip\Lang\lij.txt.tmp

    Filesize

    73KB

    MD5

    f71f7c5484006b94f38966d46f721818

    SHA1

    4a2c010b955bd871487318badc70f939f30867b8

    SHA256

    38acea52f899631a8a8e92f300241f3304929d186e2f5e609d8bddba31290c12

    SHA512

    3cfd23dc3ad9f64a711a8b0787c110eb862ef5a1907e72bcfa823823d3e37b8ff374b25281ece0a673f873173066644726435489fede8a5b1741eca95ab99c73

  • C:\Program Files\7-Zip\Lang\lt.txt.tmp

    Filesize

    69KB

    MD5

    4d346b9d9310240b40976e904790d399

    SHA1

    658c196180e8861153a97edc1e4b98ef359164da

    SHA256

    be316138f0d6e5c771bdd047fabfe3385703c34eb4cd375be9a3a53252fd63b6

    SHA512

    c9c16601327cda46f2cec274d030b81b415c5cabce56d94d8a76771f96cd4aa4524009ae8201a311e52f8d4c0199c09d9a1d0c95e53bb54d17edb61902c0f2fe

  • C:\Program Files\7-Zip\Lang\mng.txt.tmp

    Filesize

    85KB

    MD5

    26a97cd734b149652c0ad11c6e63ede0

    SHA1

    6210f1af8e5616091fc701e2094744e0712fe50a

    SHA256

    3ae6b3dfeeb48810a7a9fc0214bafc2e4f3c829483b18d4a197c94d800ae9a3b

    SHA512

    5f7bc180f0447d530c5adfed81fd3a75ffd61ecda135018c39bd7a99e3585ed98826fe845db6596b3d7e32ddcc05c21db63457727b842bb62285c90a14e34ec4

  • C:\Program Files\7-Zip\Lang\mng2.txt.tmp

    Filesize

    87KB

    MD5

    aa96ea7f6d169b4a169ee26165212512

    SHA1

    8db88b0c23d6313a8d867211fddc4471bc5d7a15

    SHA256

    739bb9d7da46d44b453fd1e2e1c86a014145006f83962eeb2b0e81f243f5024d

    SHA512

    d4ee1a8ba05157df7d2c48b054d73cfbff166b651f7e5956199a465d38c90009e56930671136fb1b3908eb179775191a7c22e253a70a2fa0e8e1683d769b5d81

  • C:\Program Files\7-Zip\Lang\mr.txt.tmp

    Filesize

    76KB

    MD5

    a759805f0dec6a5c1552e49c14511ffb

    SHA1

    b3674707efdadd2566e67d688743d16fd5f58538

    SHA256

    ac39fc8781ff8423f5b6f67106b502120b24b13a3c7a36d53d85835b8dafe690

    SHA512

    82a0f2a198772cd9cd178fb9f66a0486973919e2ed7c4f45ffa4f9365cd19be8c714c9c7ab72acb3a94bb3e103fb5f8e32549f5bb60792c9c615cdfb0d0cff2c

  • C:\Program Files\7-Zip\Lang\ne.txt.tmp

    Filesize

    79KB

    MD5

    8dc954e6f3ac05d8638c4474fcd8ed1c

    SHA1

    416d7474539892669f7dab18354361619bd1a0fc

    SHA256

    ccdd351f27ec2d918437a2f191e71f702bd918f22dedbc31fea3bf4ba1ade926

    SHA512

    61713aa0073547dc0e946e20505179de96be101fbb1723c93663581ba64f73e6d88a5eec502b61d24613772aee862c0f2156c3c71413b8382b06f4ab2ef76fcf

  • C:\Program Files\7-Zip\Lang\pl.txt.tmp

    Filesize

    75KB

    MD5

    46462247030fc334176f67e09f879809

    SHA1

    08970cd2f2e6ecdae3984b3d3b61c1025b81bd4b

    SHA256

    9a3cb4a34487da7112cbd0d25cb6cde59fc1af8586608c669db837cd52ba86ea

    SHA512

    b3c8887aa8bede94d3dfbad844acc1a42b9ba00d50c3f11dcd241ab426a02763da1736af6b846457c2a961f502aa3a1e4c7f74ab85b489f5ccd58336be75f89e

  • C:\Program Files\7-Zip\Lang\ps.txt.tmp

    Filesize

    74KB

    MD5

    366ea5b4957d7440a2cf8cf299315b3e

    SHA1

    9ef16ceb75a26b7affc703844bef971a3edd0b5e

    SHA256

    1fffbe50ba3aaadc3dfa420deb6d9c562c85913c1b051180c13bfc68b8a415c2

    SHA512

    668814b807abb590ccd3345cae1bf7a61233a854b2e80e3331cc5d00a0c9af8793103ce2d1622c9def5741adbe342d20d21544c97d67cad3e6ac02f1073642a1

  • C:\Program Files\7-Zip\Lang\pt.txt.tmp

    Filesize

    75KB

    MD5

    5e164bb78b3f9c4c6f2c08630c605f43

    SHA1

    608434db6f96823c5bf599dd67ed376338a00109

    SHA256

    edab4cf88ac1d5f3579f9f6bb30391d5f462a10111262c06c21cd673dfab2539

    SHA512

    43f47e53bdba6487b0907b63d5fad6e36c604839c90d5282a1c8a0dbe605403d08db96fcac5a575865b9aec3de358678712b11726eee93d08c45f353473b397a

  • C:\Program Files\7-Zip\Lang\ru.txt.tmp

    Filesize

    81KB

    MD5

    2adece8b2d595e207f95b62e1a320b25

    SHA1

    a63536caeacf78ed3c310408bc4872d41be87d87

    SHA256

    8a702a42c389dcef69754f994f99ed6a24bf385f20899f7952db3390e69e8ff4

    SHA512

    02be2709c8e80331f4e6e1746762190fbb2bc75ae61d72b38920098749de0af03a856e99969ec2fd911b34b22067119d9650293bf1bd4e5d7bde5fc127c23483

  • C:\Program Files\7-Zip\Lang\sa.txt.tmp

    Filesize

    85KB

    MD5

    c8e12a11c825fe2a749417d3975a19f4

    SHA1

    cc9d44c5532371c896f215dba4107fbfd627fd01

    SHA256

    e9e69f6775dc62f4db1dfd24373e51e3d607949976a84bedb813090e4ec8bd07

    SHA512

    b3554d86b44703e03e175741e4daf6f0cec6457406496523b4b97347a8b7ff24363129f57ebeedf14ee28bc45660693b10e483496db52c11bbc63613518da054

  • C:\Program Files\7-Zip\Lang\si.txt.tmp

    Filesize

    84KB

    MD5

    6fd983647a7c2acb67062bd35f4b2f48

    SHA1

    2989d6f318676863c8f2d39876788054e4366c8a

    SHA256

    d5ee4da99f178211d77596404de3cb2d706ab8b9c12cfa6695c764e70fd8b0ec

    SHA512

    c41d6c0b616b9183cf9a32e5f9fa253f3a65ed36d38454cd0283820fcc05b270e16daf2133cb0d7b3e275dc05b1808be56f389a49c2fb58408df1b6af4f5e899

  • C:\Program Files\7-Zip\Lang\sl.txt.tmp

    Filesize

    66KB

    MD5

    cca776d16ec25f0d06957a2e01c97070

    SHA1

    4ef001c25fc0aed7b89cff0aa77859f3a7575c9f

    SHA256

    69fd833d174d9f7f5e58d571f9f87a9fc4cd08dc7bde9c2083a135400c304bb0

    SHA512

    2271b4199e9f16347e3a4981d4b139efd5bbc3248c253932d0af9c93331c5928f0a5c41f5df1f441006dee26effdc1ead90d9050a847a3e23de0edec8d1231c3

  • C:\Program Files\7-Zip\Lang\sv.txt.tmp

    Filesize

    69KB

    MD5

    d1945af608251fa00f3490bad13b89ba

    SHA1

    ea6b63d2322769cec8e43b934b1c11fe4c2e064e

    SHA256

    b3d5efd63b09c8582ce7d09e24637f5d09a1f669a076d4604fe1a72d2db2ac1b

    SHA512

    3a2334b982e9648824b5c17fcae986fb3939e7a56f91bdd0635bb1b35ff85b0b4aa06dfe7744dc0342bf45d159fe4b93357f32f8a7e597d1d3217f9657453dd4

  • C:\Program Files\7-Zip\Lang\ta.txt.tmp

    Filesize

    66KB

    MD5

    b18d37357e526492783846ce34b5eaa5

    SHA1

    d22fd93db551f8534a138956887057e65f446b8a

    SHA256

    7be079344fad0e557d4287e28b4e93cf76958c7de9233ecaf6801a75e7f02e1f

    SHA512

    9bac8d5565a32597460d351e5c535cdcb4e603a23ddacdc7e44a7f89a3ade081c5d9d6a60479fe232777aefe07455ed63659cd3858853658e53d6697b5d8c89f

  • C:\Program Files\7-Zip\Lang\th.txt.tmp

    Filesize

    76KB

    MD5

    d6cf13bc7921596f57e87a484d93b57b

    SHA1

    e6bba54b04e7cd8e38a38693b6b994bee64bdc88

    SHA256

    5b35281650f361c2ce75ffeaa40fd69e05faef03af2131ca90f9ab0da30f1761

    SHA512

    c31f0f1b23d9711d2f18234e61101604b397ecce83c321a54df8fd0be62d4e114000e475a00aa302c463605a6f13d6a829200d1e0db4eea4037b4459b7bd9893

  • C:\Program Files\7-Zip\descript.ion.tmp

    Filesize

    66KB

    MD5

    96f3ce2a92c0e3a1372a6ea02073207f

    SHA1

    ab351478fc6498d668a9fb02366fedb3a62b00d1

    SHA256

    2d13e0b17c3447bd14a4f1a5db9787c9a6785eda6d8a24591ce5ae3d0d1f0469

    SHA512

    15ed84506c8df43436e5f13f6fb4c091f9676a90e91b65e5d8786861037d07442e9932a17fd690d524a6d840d5e6f769b08fdcbed730c6e6bbcd4ae04165bc11

  • C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp

    Filesize

    75KB

    MD5

    1d7f43841b5ff6fd985fd9f91be65b25

    SHA1

    1ff905230f36e37af1771b28a8ed3933f7a70c19

    SHA256

    0caf89d4f7ed14385906b3fea96742950856d7036d0f0feadaddb15b42436cc5

    SHA512

    74a92b556ee72f5658b55dcedfe33f9c43d9a4eea39373fa105e64af919dbf9658dcf53058014668871387180e1afa2c84a257ecb118a2f80746e56b8b4e0822

  • C:\Users\Admin\AppData\Local\Temp\_MicrosoftLync2013Win32.xml.exe

    Filesize

    66KB

    MD5

    358c2994123ce5d7316ddb4440da455f

    SHA1

    5fd1fe9e5abd127fe6ccf7a23b8a3dcfeda4154a

    SHA256

    d82837b5591c1a6d17a5f5f5a42cdad9160bf1c967171aaa8788289a1a497c52

    SHA512

    256ae701436d3a3429e4c3633ca5d5063d9c0533f8eb63ca0d4b40837040616eb1094d560502588ced44da44f125ac7d30c2d5b3e71b2b7286fb9b617d5346cb

  • C:\Windows\SysWOW64\Zombie.exe

    Filesize

    60KB

    MD5

    37eb7aab9870d5365ef901b815b03e94

    SHA1

    3af61886ef0d0f953e22833b589f94163da2804f

    SHA256

    2acc3b1d06decd9350b03808295a6f48c439dc5536edd539a82abfe5c3bf60d5

    SHA512

    899e8408e74cfe89e6419f3315ab5b4718d2a70475007c9ebe1ce8c21f99fb4c5cf4d326b73c45e172e328192e168cde6b4ad8eec9e149e2830c227c28059a3b