dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe
Size

138KB
MD5

a7a27ac52a0676d8753da7e998746e94
SHA1

3970a53bd98b65d04dcc79e1bfaf100651281679
SHA256

dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae
SHA512

a8bc971f66e05ae5d5862685235e6bc740b14f6aaf7fe2b776a03dc0441903657ea03d8bbceaf801168c6167b177ccda76d8f364808a0e954ca6d4621227ced4
SSDEEP

768:/7BlpQpARFbhiWbMwH7BlpQpARFbhiWbMwnhV:/7ZQpAp/37ZQpAp/3hV

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1754) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

Zombie.exe_.files.exe

pid process

3000 Zombie.exe
3260 _.files.exe

pid	process
3000	Zombie.exe
3260	_.files.exe

Drops file in System32 directory 2 IoCs

Processes:

dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe

Drops file in Program Files directory 64 IoCs

Processes:

Zombie.exe_.files.exe

description	ioc	process
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	_.files.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	_.files.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	_.files.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	_.files.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	_.files.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	_.files.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	_.files.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	_.files.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\ApproveShow.rle.tmp	_.files.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	_.files.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exeZombie.exe_.files.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_.files.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe

description	pid	process	target process
PID 3664 wrote to memory of 3000	3664	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe	Zombie.exe
PID 3664 wrote to memory of 3000	3664	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe	Zombie.exe
PID 3664 wrote to memory of 3000	3664	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe	Zombie.exe
PID 3664 wrote to memory of 3260	3664	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe	_.files.exe
PID 3664 wrote to memory of 3260	3664	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe	_.files.exe
PID 3664 wrote to memory of 3260	3664	dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe	_.files.exe

C:\Users\Admin\AppData\Local\Temp\dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe
"C:\Users\Admin\AppData\Local\Temp\dd27f127a575f6a4d78b2e32ae4784a0cee6bf41948c32af12891e3d824985ae.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3664

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3000

C:\Users\Admin\AppData\Local\Temp\_.files.exe
"_.files.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
67KB

MD5
a34f9df5689dd38e4e5777bf23c27c0b

SHA1
65c0639c4b195f5d49d9ab6b5890a37d04fadcf5

SHA256
98ba8642aa7f94cae52c5d3a6b43c1e7701dc7b07ced9a826483b86a4b986f84

SHA512
8bfa3c571105959fb4fb8074a5bdafe1c013c4deb08177f250cc3608b4b4a1a9a9d2ae70f00a807b5f3c35fda44b69828bc12e7883099ba17886c98d85683d17

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
183KB

MD5
636492831337dfb251d2c8995634f35f

SHA1
121d128adc94db2d3d0c22e1e5a509371ebd1ef8

SHA256
6157011ab5603879610a0192c9c42779dcf2fe239ccd1f79e1213e83d1e5b40e

SHA512
4027f1d90ed3ea9c9de0e9dee456303c04e4da34339dffbecb09f919a6bb8a9f257dfc560ea38c6fae84ba1aaca373971bb84aec0a57c8499101675d1a7b9d33

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
135KB

MD5
efe83735ecd17d2a547178c81c12342a

SHA1
bf319dc3a65082a0928186a2b7c131a81b065317

SHA256
8ec22610db6433f36142b281eb688f09b709a3898e40a3f5548d66f3a627a86e

SHA512
47c96d8b7c3b51f570182413a30aacb43c50c8724fc6c12b4b8c1699fa82df0afd36c6862291588c7f11509b35f3bd0c7b580b461ef793492c46f0326ddaf50c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
f865f2125244fce12c47b01ef5ae23a4

SHA1
2bfd7819266c8594823e21936ac38c8e27781b3b

SHA256
e8ce9c7706cd5ee2f3cf6178907d6492bb14e428b1f7628973d385994684fdb1

SHA512
a6a7f60c2a8e6536ad32b2159f0831ad7d4e336a9c72239cff35de4f3d40a381bea1f8a80f6f3af3d66284e2e3acbaa82dd164fa67f50a5e900567302ddfb552

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
614KB

MD5
13bf1610a0e01332b2dbd620c067f1ae

SHA1
3e2f3d1680d621e7719f9d531f1cf5126312475a

SHA256
9db48c7a3bb2bf0073f71d3213fcaed78ffce6ffbfce5fe736acc3725f46f157

SHA512
85b24f41dbfead7b979f0dfe97f3383fae5c8f2cb501e53d83ffb396595e11d4fe2117581df1f3e7ccb41d17d09e421347e0415d6f6a974b0094c1c20d05270e

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
280KB

MD5
d81a4e118ede5fd47c4b629fc0c84a8e

SHA1
530f77c05085daef099cf73fd2a71533d7a10c99

SHA256
d9856f5c109c9bb5968716a46ff1dae2532ecbc63c07534e6255049175839011

SHA512
f6ccb55f367ca55f4490e31b1cf37e317c122d454596655d30cde7bcf28dc16c2b6580b5cc1f48b24c85e85a11dc9b41087ebb28cb528bc6700ca15491fce697

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
259KB

MD5
26318663f1183a27ba16ef7b651e6d12

SHA1
fcc6b9b58d8f64107f8c82480ba385148b38d01c

SHA256
7844f4307ba304612469eadcca2b71f04508ae54bcc2b7e9f82e91f035f9a669

SHA512
cbb3916ae92dfa1db78df578802b435e0261324568b812057cae92dec19dea614153b055cb4a959a9e4e605343aa2a22e24f5a8a4ef4807840c0176b52ae30a4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
644KB

MD5
da7938bd8483671ca3f0a60e3311c8d7

SHA1
d4322be50c4f3bc1492402f7a4d913190060be74

SHA256
201b8661f8058fa14f379400d681e2a46d9720a26b9e5fb7fdfd7cd660187e8c

SHA512
9d7b8a67a13b6cfc83b7bb5b78964eb026b3796cedee2025a7ea6a4caa1827a244073105c420cc14f8b9d799a8cad9aa73376c5131b2ee790d53ffcb47f17066

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1001KB

MD5
cf39a22c80fdadcf6fe6fcd3ea1bd8ef

SHA1
b97131971c39dceb106e8302a19ece6d664b945e

SHA256
10761397863a631e6e367c376f9867a9aa26d7123042b30e2cc56f2e923d8924

SHA512
79e70a2b47995c887072f056bbd6d96cb9a3f7a3ce0342cc16b56fdd9604ca73da4a7ddcd17ffc0881ab4159a021ad6de9d7911b569dd7847efd2a379135e2d3

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
754KB

MD5
67af8025554cfae94f834ff314bed77a

SHA1
387d3e8f516e3a27613f6a979206ab351beac1c6

SHA256
61c3e2d57926f6144fc73881f0afde8a7b7432207623f17344b29d846f1f5e56

SHA512
fc3b1889200b2ed54abe06566386e6f979df82580044cb382ffb7abc50a4ea0b55479cc9eaad5e2607ab0040a1206b288bfc33728f5c8e9e00245021e1cf0e11

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
124KB

MD5
556becf4fa48486214a08aa6384746ab

SHA1
979479a80b084b32ee8a734d1548d49f8302e215

SHA256
701d8f5775b9c9eb7c165097f7cc8924af52e9c9170eb87bff72fabf9501a432

SHA512
3e2e3f19f9498cd13d1470e08873e1593a0f7b5f7372638394bf528c17b1549498a46de3458547f79e3a2ce050c7ed984118b71cb6b420ffe59ce4611eaae2d1

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
77KB

MD5
b31e64a53097f860190468d9a2f98a90

SHA1
f62d3dbf6f01b26cccab0178211c7e87c32d3e32

SHA256
46162f53326352088a0a3815d5669eeff656800b6f339583afbe4f7d38e3c845

SHA512
51b9735c6290cb4f7f070458bcb1d27351867b1307475becccde35ad360b7cf49394bc13c8096e34e253e256f533e90c0a6ee1f2ccfcb8a262c9068aa23cc149

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
79KB

MD5
c3710b5a46ad8aa867322d78b3071eee

SHA1
ace76a9b9bd5589b4f0feebbc7e3a183e06c5685

SHA256
5a6f1f4a16a372481e6c42f5fd09d67430b5db99522a35c49379e9df643fad27

SHA512
51a4947fcc953ae5edd361bcb7097e1dd711c79052e3b9263a2a5c448586f02e6217dcbbe3fa18ef13430add0583c8181c8fb01ca587c4b9948b413c94297b60

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
80KB

MD5
f2126d5f70a2ff95929bdb367e38522e

SHA1
abb91bca0d0b5536f5b29606a12529a5f864d3e5

SHA256
cdb684fa86b1eb472b606f7e5698409ed0eaa6d04ad3cc89c860d0f1bae90592

SHA512
7108a539455a35c9dc459e00f4dbb3df2d796f1cc56d071e7aa4881fd46487b211d83622f19f30ad092ed3606ce7441f9b17802ddd0eb25069f7e4ea7812adc9

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
81KB

MD5
95130eb83f7b791d80d6e4fd3290a288

SHA1
4a622728008e191161ce6258d42e49652a561631

SHA256
c4233b998ef247a26db12c4147c6a0946032667b16f302e0f7b83668f5aa9d16

SHA512
3d3b218691d075bb6667c90b24ed1ca9883c795f590d100ec37238acfe4d869ec1ee6d8d5f7b9d0ba8a25fc48f119b4d2924125cdb0e5515e95a4394fd8644d7

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
83KB

MD5
259455713ffe8913630fdc5c8514cb9f

SHA1
8f9e8ea40ee4d1354965fe98150b0b1dfe10dbbe

SHA256
e6cf4cef00bbd4455812821ff7ed99e8e6945498e4fb131c0b08de188991a227

SHA512
d55ccf54a755ad6b3111e6f5e4ef9de50857a0682b3e959958a7dfd6ba1b506e35ca3ea7b4f63b86db1383603ae64dc1f00d4a76cd64f425cf1f051cea44ce95

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
81KB

MD5
601690b24a0ff8435ce3096871c2cbb5

SHA1
713d1000b67fe7474b0aee2d43a9100325966506

SHA256
903aa79dd8892db326896be74bdba8bfda7420c81debcdba1b58a41062352b4d

SHA512
637bac81b2b720842e9835f0c5045c60a15e315f6f0a9afa7c004754d1148d30f60ba03be41b06c68a6d3caa488096054d8ef156cae02464b4e336535ef01a45

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
79KB

MD5
2a54128657e5a9547b00c8226d250390

SHA1
052f4bcdafc1aada9d128a0176573ebdc1e1220e

SHA256
1e1818c44b61b7b4da54e4a4ea25b0bfe5d012835b646624648120bd808eb731

SHA512
752b2db8219777e07d69b37d8051d26f0ba9cda9228cf8fdfa683d2a1adba32c46b71dbbe87812cde472c905de6dc82fbfe4dab4f23b7fbbd6b2ee17ac86cc02

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
79KB

MD5
0b3f5029bdc699cbbb58534818595641

SHA1
f15bf9a90e563d556d7b998ffb1c0af77251e3ef

SHA256
da3cef9f425b9ee24f7c8b5e96f32d45cb434591c08bf10cc919abb5d388e905

SHA512
36d80e5decd10286d74e1203cf1367f95eccbb4525b1a6a085b203e36eae6236f719343bf6db875e20951aaccbf09d36ab64f103a29fb19bb9d7b8c38a29ab8a

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
80KB

MD5
4bde209f4d87d2ed9a94a7a2ed633a1a

SHA1
3dac45633086e5b223702cd44d91187a6c185ee6

SHA256
ca4668697361d4899a247f180978f87200a6026ae73289f74510c82fad69a3cb

SHA512
baba20f6a20fc29a58c3b7bbba78610a1747ab9cfa1249c7b6342d3bcee4f8fc15e9bc5e7f49a9307c7afabb1844faf0aaf963d352f307a7c7f223bfee013426

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
87KB

MD5
957967061ce934607fce5e5e043b6a32

SHA1
ee4a1673fd43eca6aaa955354da69a27e0459ada

SHA256
5c2fad6002677af68070143326153d6736a1b447ced5f5844a0ffbc0e377da5b

SHA512
a241246465ec6fa455af0e74ea9ce1b8a4c486c1b1592388be725532829169c1cb4e23dd34fb5e4af879a92a15bf04faa69ab0af2585a48025410ee50297824c

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
78KB

MD5
f2fb7c6033a0c6e5f062baa144d8e3ab

SHA1
518a47b7d78c4eb5f5c911023996c02f033d44b0

SHA256
487d204d4f33154b2a5e268e7f5c5aa482b6b21e5f9e037ef237fa99e1e5270a

SHA512
762640838a747b8de43f3eff9c3ec3ce6745c4da54c46b43e90bb3d8b29624af1d846b352cd34d2dc0c2d38cd267d28b242449c9eac9d55b75098b14bf449f9e

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
76KB

MD5
df5e8b3b8efd512ecc6d4170abddc5b7

SHA1
bf499f7ca8b19680fc94d1b4a1282b8db69a7b5a

SHA256
582105d6342dcacb8d705556b24e50f353ff78db959a4a3a70a9ca33f9568b7a

SHA512
315571abb4a2835c6ebe3f27bc303a9e47f692c64c0101690cdb3cce4461ec47547ab2279bbd665edcf2d5fa48e2fe615a236103f419b8d4793a8b8da291bb1a

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
76KB

MD5
9686b8c53041ce6844eb518401a9da70

SHA1
e419071c93b69cdef2203081130276ed83f7dfc0

SHA256
be3cdefbc091337b25ae2b733c1c39f811f8555e77f1ea144127772153a1a647

SHA512
6f09225d01bb73c03791384916c1aa072fd5786ce8615c11465f34f7a39731355393517855201794db12422c7516b5b10aa7cdb772e193c05588f2ab4520a184

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
76KB

MD5
fb0392e6b5a5ec3888caba607ad0c150

SHA1
5e90bc46a4fee2b8fee781300ec14e53a2cc5e5d

SHA256
283d373ea49a71411d3a7cb307e47559edbf6b96d5279ca2e6b0a318d2dd8b0b

SHA512
9ca4c263c134893f63800a6b4e306b727d7915afb315cc2ba69d5cac37160f99c21109c9fcddfafa5234c8afcb997d77e6ddf8c203e24d9d05fb64659d8a207e

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
64KB

MD5
6fe3d524f3fc89d502a53289a9ef188b

SHA1
abb8f7b4ac1d86a56ecdf15c72a9cc8763f21176

SHA256
c68a92bd960a869d2ce93a9bbc3feca7bc781aeee2f667d5a1dcffb7f4680021

SHA512
72a2b29700c6b44c59dffa788120d06d3c551e37cf7355cd340f07de6b85b257cd923d2497e03878cfbbdb1895e7e250e1e6ecc56bb0fc0881601cd15b952349

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
79KB

MD5
d131b9b8248d12c4613869a1a042f11d

SHA1
375cfb5c051128390ebb7ffdd15216b81cfbd228

SHA256
4f04ae33c4a4270b948539199dbf4f0d8f307b923865d1fbaf6809810b3e5ba8

SHA512
944f7d8230bc78df9e6d98c022f2c3338893e290767e0d4c693fb7ee3238966ade0f90a37d7e03434eb1b89df1e36c13c23e251384640386c169899848e272bf

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
80KB

MD5
4cc639c2ba711e5f478ed020de9f4a08

SHA1
6507f3926dd4eaf0e2469c99344614b692361fce

SHA256
7abdaf7c8837a84a0dff760bf8ac03e0e6c57295a15206d730fb8faa813d808f

SHA512
bb36d6a41a31685460c2264a85e98d2df1540039f645cfd58588df0aa5418dc191e0b244ffd8f5503a4885c56c3a38823e06043c8e4d8177bb9da1b92c80afec

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
77KB

MD5
07831bab32b2047fc69e33b83401e001

SHA1
5facec6670b1ae9fbad18979e6cf2dfce2e89149

SHA256
1ece171b7cd7c8260a2c47e51970895a700525c3ff1fb4692658b03ef95fbac3

SHA512
5f8cea147380f541f6019c8a025fbdb87fa159d2a7e21b2c3b2517dc44891cd0e0989870ec30ad77e7e62e2bc30197df874a641867d20ef1acffefd7dcf5a2fc

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
70KB

MD5
e164b12f2915bbba0c3d18e4155636bd

SHA1
00779867a272c83e1d128aa1c1bb10da4cdc6af1

SHA256
0bd7f47e1079a41139eec8428a6248ac907072d5a96fad0b35a91002cb47537a

SHA512
017d55ced2d3c95adc2bd494aa2765ec257e6fc0668ceccc183f9cd6ec11e8a71ee34fbf6ce8cae5896f2703d8f7b71e6c71720be263016103afc9678d23b3a1

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
80KB

MD5
e2838b0f41cd1e8eace8343cbb30b406

SHA1
b67def564dd6bc07ec5cba80d3c6f42a7d6537ae

SHA256
609d7a8ff9c5b3038e420323e724e3ed3aa49c5104768daa1446254b9cc242d7

SHA512
6b2f46836aea9bb5e0d19b4f012d96c370c642fd079691c0f675a3363284949e09d5ec3fbf7b186eff4912869019f35f273ca292351dc1529c47a1d17ef5b588

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
88KB

MD5
a1867b6a7a0b8cf66ad93d3a0947f81f

SHA1
8a7d177611cda9f70262676952b71bbd1b901b8d

SHA256
2c6ed8e554f8a6088455a1924a9140d4a7abd68e370e15a62e326799df99a870

SHA512
f56db38a32b9437c37710d47313de20e5f5a7de329028d74fd28be86da54138fcde9f2c361a4b05d12e42307b06d5f2fe89976ff94a0d03031a6e13001ec07d8

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
82KB

MD5
6c5ceee6da6badfd05c873c7378b62f9

SHA1
ec3d4e348fec14fc76fae9226f11fb57bb6d01a0

SHA256
428759ac9f9ac23abcef7eaaca764fa4eb45b1552b784294f5ca6e6acab8921c

SHA512
eed1474f6fc89a2e5587620295f769194ff6ca0215054e2f9308f873a2533922b690288e1a73fac58f015faa690167781f8e3d6f02274bfcfad46236df92b57f

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
88KB

MD5
344b36c4b10371e1d7b0448c43aaa4af

SHA1
30539cf17fe15cea141484651a224e6e0ed9077e

SHA256
95c63413e2b462b91ccbbfb34d4224a16849dd38bbd020110908b2c71aea9624

SHA512
cb3ab471910fcad68edfb2d5adcb7cc92e0ea0518866c3f65b164121f2bee1696a273d15bf193042c7e3d80eb3695cb8d4a3b6bbdd0273351d1ee4036e0a236f

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
80KB

MD5
ec3d5d9b94466c184de3b5978248c36b

SHA1
592fb0da08833db0f961b502c51805795a993677

SHA256
eddd9b574dd0ef1ca41ce07e86e95e6bfecb4d70f8cf2c4f165834b462034658

SHA512
8f58d6f7f569b999769f4ed6dc91093ac020e51f1929d570e746bf52911dcc8d29ea9e906e10eb81a738c5460c8117184022fda66ce6d4d9641e4cfd98d1a803

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
81KB

MD5
c2ef988b37f172bbc10f2898a6c0d438

SHA1
f24ade01ae4041360f1de9650f959067a64762ea

SHA256
00d2036f81c0fa1418132f012a263404af0cc3cf908a224854511958fccd63c2

SHA512
c18ff1a757485c9348cb9afeebd9ca22f93a18817770594eb9b2332eea10aa3802a2a911cf2c903a89f4c2f5bdb58e6bb79c9a9ac8e8c04b19870376c4d2126a

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
75KB

MD5
dc55e4712c045a8a64bdd34b314be299

SHA1
ff507f4fc97e86fd66e0a6995fba6aaa02569837

SHA256
13cfab03c6c11f49ab731ca49aad87fccb7f47dcb0d4312f2faba4ea89b26539

SHA512
93efdfe212492ef36e314cdb717279293455cf261c6b513a9dbf6f804c9f3924904f95763b820fc13d46609d4af750899ffbe3bcc4b9992a80f7b2512343fa1c

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
77KB

MD5
58d5943e0843d7dabc385a05b87f273f

SHA1
c04ac3653ae66d09c1762545c4fbc9e231434e6b

SHA256
4e054d7ffaef13f4b3a7949d001735b596e021144fca09e5aa4bbcfe8dcffd59

SHA512
e4a4bf6595eee9273204aa8244f4b7fa2c32c06a98eac95d5f4ccfc263f72b38806028e19fae5f6a2d332529133df2b20569f372c9b54d2e2b2678530236e8ba

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
80KB

MD5
1e761c3a31e113b181bc54983aaf467a

SHA1
720098ab1563aa886a2e76143c4b898acde240d8

SHA256
700ef4ddb2416ee0e72d0d1cd2607a9f4c57ac07f86d6ba7c2abdff138ff512e

SHA512
2252c4065f6be2be17bc7f1bf1f53386a75a0eb6665a2747c4b547f49eb3b1330e561796224c5833c6d29d812f90837969bece91111d7cee787e559debe8c6fe

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
82KB

MD5
0c00e303b06613e8a4d5a6679e8d61c7

SHA1
f3c09433576a1fd92f839389248a4207451783d4

SHA256
7251287d7245a0da8d6391e15ae6ba54285c62460abf26265e2de84664b186ae

SHA512
477bae22372542a90c4fc865d7963e7e3870793f56e3766cff8536a7f3174dcefb5ca1bd7ea851b16447d3104db2fa19c4c70167974ac7b81792c3ef6ba62d5f

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
88KB

MD5
5f4106e9ad280191523ed435b0d2738a

SHA1
6f2fc5a0ae798fa9c1113603e17e1fa3f7abf964

SHA256
6ba558ea72a26370888c893e667167f58467f78644f6e556341e3bac97f7a334

SHA512
a1afa03eb1213c7af4b2bd823300a6fbb18623dc52f74aeac4a6123d663550524f001635ed1f14037ac26741e6b77e907b610782ea88af604ba0026fde8492a9

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
78KB

MD5
0cf7b2e7c6f4b83c973df6024aa9b5ff

SHA1
24b7f1d956f6cfc8dface4d831a49a1c3696d872

SHA256
283d6a64421969aa4b82fd993f41899f6f89f6d0d87d735e800e5d0a27b53399

SHA512
f33fb4fb1159062f0f93079ff9506a7fb3ad5059d269bedc5dd3c415bd3a4c782065d76c7780e82c621dd80b0e4d5b0eee8565bf8d6dcf9bc1ac2c67e2a67ec4

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
83KB

MD5
78b27f93c843f2dfcdceb4c71a271e5f

SHA1
5c1761ca898586fb32d18ee5f6903a50050a341a

SHA256
4394ebc423777833a2e36ee3175ee1a9da833e1f533ec6883258ec72bdb302c4

SHA512
cafd3fe8022df32c46fdab0125a8bded8e84c397089b4e9b9927e3f8219e44a6e280e2ce6d7f48b8e059360a94cf0a30d13731c2d831ebf25107e46503fc1d2d

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
83KB

MD5
e6549ed91a447b830ecba60d12dbc054

SHA1
7ed7c46b059cb4b9056edf49a211fd73a0ce62c0

SHA256
1900376a28651cbdf095246068efa7c40d2cf43e9df128572a2b0b92ec2307a7

SHA512
5665ae3ed9750bec3903d3b3c14d86a1f860fdb624b2b7c7d9e3ebccdd29e62114f81657177ffdd3af4b55ae82fce86ae27d6a6bba0658014fcd52ff5257351d

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
80KB

MD5
318d18ed3e4e4b970fa814dd616a01d9

SHA1
fc1fdcb12faf107b305f9b235437034f4a9f5432

SHA256
ce9ba5bf31e733036fb3b2278607d6ca6ada9d5f2fa5a20b4c3e4ec2830e1649

SHA512
0fd4a0bc34c641eb418c93bec8c1f6466412f082a4e06d48b15ae3996bad290044137d549da4cc0bbd3bb6e6375272ecf23c0d0cc1326ce81630134f00c0f7b1

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
79KB

MD5
fa9fac7bf797f247b08d8c079a2e564c

SHA1
ae2e76d6e2c4d4ca2d7d874bce99fc884aa38fb8

SHA256
2f262433bf73a3d8c365dfbf7d5cccdf315335ba4f0fcbb93045eb0c0295f14f

SHA512
d4225c229fba3d94d4d3cf0e49356c4ae8a9717a66f63bef3ebf00741adc5164b81234346c2ae609991abeaeae5364ccd7123de5714c447b887413979161f5c2

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
90KB

MD5
5d503c7e3723e0492eabf5fb8d7befbd

SHA1
eeb700301267ee1a3126ee66f372c06c244d5ee9

SHA256
e8f1447571338270f104f8de9c293934b14aa1d2c65da97c1aab316c6d343639

SHA512
45a68070bfe18fa747bf6a0c58a11ca1ecc91bf9c194eda48ea1b57cd63667dfaa01f8dc8bfe78cab1799eaf3de1233f41521500ee4d3b69bbcfcfecaac7b2fb

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
92KB

MD5
fb8063b3f37601f4b4a683e19d2935d4

SHA1
b7f3dc0a822bf8da1c3847f9d39e83bec8e35b9f

SHA256
ca19a72cdc1f5047ec799536e8ddb4aa47b3bb43ec16fa106c65c947aa862129

SHA512
20f288482cac29c409359d9d279a696bd9c733d3627a2324c5b3c0c3008796e610413fe0a294780fd6c43285a9bc58475804e14d4c537566d08aee7eff6e62e1

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
70KB

MD5
9b36986d140f35b62ae2c43bf7cae1b2

SHA1
e9e66c3a8cd84a55f9bd9847c56fa39e8f2d7b3a

SHA256
a28a220d655ec5448cbc66e39acabb8f134a155638371e403138dd66294fc8fe

SHA512
7d10d8b7b33a531f751d4e65ed6f17e265014f2d681a599200487c1a6350e8dcc507414a56e738458311452ca69490c9a6da45d8d86c7e41478011ec74046065

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
84KB

MD5
bcbfcc1be9fbc7f3bf90a8f6ff272a89

SHA1
b0026b869363c080c912bb61968481b17f9e6107

SHA256
61c9ba27c2538e6412d8f6532b52030a5a4f03586d1e743a9f50e70965d5ffb4

SHA512
73870d92f5e230e17d9ec8e073c28d7a82b8d22b6858ab0959d71540284ad8b0a33e09e7f2b3128c485ec527e217494bf66881c9c38a27deca6ce907d1c616f1

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
70KB

MD5
46ef3e9db4ebf945a70067f4e288d6cb

SHA1
7d4dfc61b8b93e2b567b30712a5fbffce3a8c1bc

SHA256
314235e9a7cadfca3cc743c220d406bef76d910b69f79e11ec61da82edcd84ca

SHA512
6085184928dc65c91b026d44fe18db7265cc96905e3d460ddfd80b26c29de8aba0ee106e045967aa87b34c9f0a9f4c8c2e17367cc93efe7e225cf5a089846655

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp

Filesize
84KB

MD5
2467097c39d055439f009b50d2ac8c9f

SHA1
e9694848b71104120e1c0b69e97aaf12dbf6cf06

SHA256
f286644728bdd36033670c40986cd1b3d7b4954966d5b406b021844af35dfd87

SHA512
cc3bdb23730c40f6e77171b9615ff62e8f330d52082e6da2ae5352426277a44562cd375e022d7e17631e41d007eb894491fc866ab2f88819de616087698433b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.files.exe

Filesize
70KB

MD5
d5ef2b9e93b077717559e3ef7d8aef8c

SHA1
64fba4ad48983df14da8bb02d11f87351062fa7c

SHA256
86705a894c1794d9aa8d719e37f76760f3b84b4a14a5758144d9d22b8a27b04e

SHA512
ca5f86def9d010c3712fd839fa05b8db5aac7d3d95e357c37e1acecca36b605f72b7c7022b92817fe02ed8bda4b2b873569b3f8f857be4e6caa59aaa335271c8

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
67KB

MD5
3a98e659a0e343ea3c1b74963378b595

SHA1
0c5f21075488cf6fc3b4c53f940d9ec97ee2a5b0

SHA256
bfa9abb3edbbda7814b17832892a92f99ae9a09c7bc7be47840b6e3b56312cf2

SHA512
2e5b42b87ad00401ed87ea2987f4c3491b43ddd898a3f63682a10a5d6dfd0bbba897cffa922d9584383325f2cad0bb48b7b4da55325b9e51f09733c54ec25222

Download Submit
memory/3664-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3664-1195-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download