9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe
Size

125KB
MD5

60e51bcb9a9845999e44bd206947f1e0
SHA1

e0baa412edff0330bbda1d756c70b41ce7a4a4be
SHA256

9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e
SHA512

f034921bed3fa18733dd40baf1a31d1c10232a3eb8a0d63696fd4bfd7c72838b8ad034e9f81be0308eb7a97cb2337a1557f1c2c61ce984a1ddfc2dc3e5829f82
SSDEEP

3072:fny1aP2awclvmxrP2awclvmx7ny1aP2awclvmxrP2awclvmxt:KdU

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1703) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2308	Zombie.exe
3172	_Assert-VSInstallerUpdated.ps1.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x00090000000233c0-5.dat	upx
behavioral2/memory/3172-12-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/memory/2308-11-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023412-10.dat	upx
behavioral2/files/0x0002000000022aa7-14.dat	upx
behavioral2/files/0x000200000001e6f8-19.dat	upx
behavioral2/files/0x000600000001e6e4-20.dat	upx
behavioral2/files/0x000300000002299f-24.dat	upx
behavioral2/files/0x00030000000229a0-28.dat	upx
behavioral2/files/0x00030000000229a1-32.dat	upx
behavioral2/files/0x00030000000229a2-40.dat	upx
behavioral2/files/0x00030000000229a3-41.dat	upx
behavioral2/files/0x00030000000229a4-45.dat	upx
behavioral2/files/0x00030000000229a5-49.dat	upx
behavioral2/files/0x000300000001e6e5-53.dat	upx
behavioral2/files/0x000300000001e6e6-60.dat	upx
behavioral2/files/0x00050000000228ea-65.dat	upx
behavioral2/files/0x00050000000228ea-68.dat	upx
behavioral2/files/0x00040000000229a5-69.dat	upx
behavioral2/files/0x00050000000228ed-77.dat	upx
behavioral2/files/0x00040000000228ee-81.dat	upx
behavioral2/files/0x00040000000228ef-86.dat	upx
behavioral2/files/0x0004000000022901-90.dat	upx
behavioral2/files/0x0004000000022902-95.dat	upx
behavioral2/files/0x00050000000228ef-96.dat	upx
behavioral2/files/0x0005000000022901-100.dat	upx
behavioral2/files/0x0004000000022903-104.dat	upx
behavioral2/files/0x0006000000022903-117.dat	upx
behavioral2/files/0x0003000000022921-118.dat	upx
behavioral2/files/0x0007000000022903-122.dat	upx
behavioral2/files/0x0008000000022903-130.dat	upx
behavioral2/files/0x0005000000022921-134.dat	upx
behavioral2/files/0x0013000000022923-138.dat	upx
behavioral2/files/0x000300000002292a-142.dat	upx
behavioral2/files/0x000300000002292b-146.dat	upx
behavioral2/files/0x000300000002292e-150.dat	upx
behavioral2/files/0x000300000002294f-168.dat	upx
behavioral2/files/0x0003000000022950-172.dat	upx
behavioral2/files/0x0003000000022954-184.dat	upx
behavioral2/files/0x0003000000022955-188.dat	upx
behavioral2/files/0x0005000000022955-197.dat	upx
behavioral2/files/0x0004000000022958-207.dat	upx
behavioral2/files/0x000300000002295a-211.dat	upx
behavioral2/files/0x0005000000022958-221.dat	upx
behavioral2/files/0x000300000002295d-225.dat	upx
behavioral2/files/0x000300000002295f-229.dat	upx
behavioral2/files/0x0004000000022961-234.dat	upx
behavioral2/files/0x0003000000022962-238.dat	upx
behavioral2/files/0x000500000001e992-1684.dat	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	_Assert-VSInstallerUpdated.ps1.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Assert-VSInstallerUpdated.ps1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2308	2700	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe	88
PID 2700 wrote to memory of 2308	2700	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe	88
PID 2700 wrote to memory of 2308	2700	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe	88
PID 2700 wrote to memory of 3172	2700	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe	87
PID 2700 wrote to memory of 3172	2700	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe	87
PID 2700 wrote to memory of 3172	2700	9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe	87

C:\Users\Admin\AppData\Local\Temp\9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe
"C:\Users\Admin\AppData\Local\Temp\9ac40bfa21b3dac885fd22e49028cb558b9da987fe4176fafa17a2fbca89e29e.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\_Assert-VSInstallerUpdated.ps1.exe
  "_Assert-VSInstallerUpdated.ps1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3172
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
66KB

MD5
c078b3d0d1e3ecd6230476adf47e9d58

SHA1
22b0859194bf902a61ab9daae35313191a86b08e

SHA256
43561ef50ff61b9fae608bc90e24797b5a4aecca25a44ababa15ecabb1c181e7

SHA512
aa5b677466a15b3552ff7461df5916f15652ba5a5cadaebffb6ad28f491ef3b9d23d6c685cc6b36fa420055b9662013b98adb6f509c37018843547fffbf5f2d6

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
179KB

MD5
d98326cbbb49316b41c3aedeb3f77642

SHA1
b42d624673207ded0dc1bd951abf3dcdea56842c

SHA256
df14796b32ab3e6cda105e50831dee5c53b4d744da70185a3b48d046d2c5c87b

SHA512
08d91f4b38435b66b5109080a274f42bfcc99e7b81abeb32cf55c52e498edfb99b4b40731a17950c1f209f6f7f9cb57a44c610ab8bd05e23ba4b2a3cc2434b6b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
165KB

MD5
7b25081bcf4e7fc1a55618456ce36855

SHA1
02a11386b1b0978508380be7b2932fa0925af65a

SHA256
da1c9de22effd486ac2dabfe4b460c4cca76639ff9955ff547c592f4d7348a6d

SHA512
b5e28ae9d99d7b4f7d0f7d7d582617d2ee2b2368687cd7832e18a039e883dd11f9ff967417d7377897442547debee138d960055b7a5365b985eccd1a83d56894

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
131KB

MD5
b4687b7f801a9a2362a6de283251d3f1

SHA1
97bc902c6dffa9b3401b3e9540501bf407d39bb1

SHA256
c6965f446b449b711ca081d41732c0f313879dc4c65602ff8826d521679b2cd2

SHA512
92097c1da29528d2024a9ca3275d44ccf8abc6e55dd8806a9ac53078efb3039e584e7d3e522f58da134631ffb9963819f8eddd386ad53d5f29f4c16e7c00aa5c

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
72KB

MD5
b1b007b0d411c826ce13869f267991c9

SHA1
417b95a2115e0ea4ae98850a33fcfb7bc2e8cc6a

SHA256
e7e96830ee765f3bb70e09d0bb1ea1b8d6a2127cdc905cdf7fcaba6b41e79159

SHA512
cd0ae629125b25f423d00c20a15b23681525cadd7ef934e72ef2b399f73b60ae998727b55c3d3125805a20642a06b1a40340b4e3cc55c9420891aef951228639

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
610KB

MD5
bb6cb11d0f93bb910ae2145a3fb32f6b

SHA1
4c544264aa3601d1fb2e840727de49ec75b2a3b3

SHA256
bae7ccaa4a371b5b16a0d0b9bc4c4f2d4387d2f579bf5705e12b650480969fc4

SHA512
ee55f399e5eca573fb787055bf203e14571dc1cd1dda20c02b23f69d56352727cd2e3ed54107ce6d27868db7484b9fe0d2fdfc6c6578d594dd70b5d1881e7c6d

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
255KB

MD5
b435da1db5ff90a6f625131b9374c70d

SHA1
c58b77922186951e84ded3bbd17a4564e7a55267

SHA256
25778c0fc4e696c6e8b4263f66dc045ca54c3b62a5a7381d143b7e5eabd3e80c

SHA512
2ab36895bb6a3b11d611f8f5261f8b46c62882f0509aee3797b865ec47eaebfd76c1f803672e5e8b96b240707bb5783294b8c77fc7d04f6f41b5b04256b934c4

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
996KB

MD5
8c7c8614015136260090242fbc086aab

SHA1
df973c578eaf008e318b9dd3b77b82bda5d49190

SHA256
d137c25a6a1fb2809d93e6fe95de3ae6b05cdaf059d5b9090c27585f3f691319

SHA512
a9108d79bea0381af5a0c79f27dbaa7818bfff7238706a714f10520aeac104ca6ea727b765487c11aa3536daf6c0b1fd128aa79f482519701a9c2672acd36ac6

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
750KB

MD5
e89387467c0b3cdaa31a10a626be76e8

SHA1
7421e90329a866cd01e7888084a71cb03c67df40

SHA256
0cf687fe808c3c409a5661d1b93b0c95e1b830b97d07fd8533c3fa67ecbc6bf7

SHA512
a4bcf3bd2bb7e19f7a52996efd29e3571c823e19f49faf7a272d92b2a1db7fae3607dbd2e9e8b5d985d5393d33a989877b1638f2f742728b69bcf0a2d487b738

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
123KB

MD5
7034ec666807d6b27e61c1eab8243d30

SHA1
15d79f85cb5577f95d85d84a273bd2b39cc7c294

SHA256
294628367d763a6be8620b9bf910ab34a3efe3e49e7d7d37b0233c6fd6675b6c

SHA512
7374c99feb5f52eb0432ace7f31ecb72aa170157a764d7e7d880b19d05b5b7404039c01b2e036c3cb7d503d844d124789a13ff3496b1d055f1a9de9500440489

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
76KB

MD5
44610959a96ff4af4aeb4c4521ef68ab

SHA1
9f01127cef69ea209a23ca87ea70f4986de4e968

SHA256
79d6f283b2d5359c6e8c0114193ae4f91be2e87fb38a1745099bc92f27b3d4ed

SHA512
fafd02a808f77d93e42d9b1238c397b39025b1d1ff1156ad11e567e36210218f0b86a14e4e61d921cf2ead5a22111ed1237c1b4159189e879da7b3e0b6f6a946

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
79KB

MD5
44e60ff8684f00d369b3f03ca423b45f

SHA1
66e30d2cdad599d5b76fff944997bb81ad5a1d34

SHA256
9c0a1e1f5fb25b90504704c156817f14d5a4c0a941d11c402f3c230293f53444

SHA512
0592ec262b07d0ed947afb9f3b6eed08bc659416ec68c3d53de2606d1aa620c29301e0b26d0c1287fe0678ea990d7e1834e3255529d80dc6b54925cd2aa4da06

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
79KB

MD5
203f5932e8d050b21c07dabdf4cca8c4

SHA1
b457782eca1133debf4eddc26a0cb48274abf571

SHA256
ecb09b551ceb60dad90d99f3d05860c79a6c45e5e52b521cfd65b295381cd209

SHA512
2a5f6934c605f8dc3d6c08eb26e424ddff2a1182575da6cfa0fcd7314bae83eefc9f3eeaf1445edbccef3a94a9377465990e520e5b0dc5ccacc24e1d86c931c4

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
71KB

MD5
a12890e9a7dc054489ac3256c6f8963e

SHA1
9f7dd3064c341150199213f62703fc11a0e9962b

SHA256
7fccfdbf7783591f193998bcca4ac1679f96167088e6cdb3abf46f3f8ebb3c12

SHA512
932abe5220aa5e6c2c20ac5eeaac566dac1c1d4ebd42d2b05e751bc41238e3b31bae10f3b1e30e5cfe448fe0346ad8ba3ec6cc8aba0c6496c218c26ae4eb1c14

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
77KB

MD5
465c2960b64baf2c785f323b4c5883ef

SHA1
26135e50f70f844af466cb2634e8ac6475975bb1

SHA256
d14b834e0aa902f614027b3938e66095015fadf1b161c5dec7405b6b3cce0bba

SHA512
b540292372886fb6d68452d164b1d25711fe755f3b4eaae095a79805b070bc4ba155ce2ee7f9f9ebe3bb57fe0224fcf0c2448d70170d183e2d7b576995048aae

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
78KB

MD5
e2190014b3b113312cf17de1d9337fb5

SHA1
f8ec3bf2adf56cecd4fe167ea844e9fac6a29c97

SHA256
3f418e20519410ba5e8e8a945786b50c43067e5ba918273c05cc84fb7c01a754

SHA512
503ee3f9341c9c7e674ee1db1d9bcd089eedb8da56c6665c351ba1395e18bc113e3a46686f6b3751903972ff9ad18ec88529a4bf62b6e0e6afc7841406872d72

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
71KB

MD5
4b279209ca75f9964c6853eaa6dc2044

SHA1
4f22bd4a3014adf7b6b6a8cd4b650a2f537d62da

SHA256
7516c203f315f203431c7817d429f02fe19f981ea841f0ea06056cc527c90488

SHA512
510f05104f370268956e7fa95447b9cb3b214e0b2d731c8e2b3eeb94273a87acb7b2ba4e0a02584cc886ff7c335bd91fa6f9643a504c243f55534f644d34d368

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
73KB

MD5
f2fd175843e828f08bc6c4c5c3ff7a65

SHA1
4078417457af80a85d43bdd4af62a2108ba2a7f0

SHA256
c175a87a313b586be22b29adcc8faebf813bc8bb96bd924093a79bce1becd622

SHA512
f89acee57182841e6587d2a8793a60992e626924305ccc5c79b937959599e9eba005dfce59caed4fc8ede5eac43790a353000f10a9330598a03456725b8129a6

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
71KB

MD5
ba121395ea78f7fa5d1d002b42da66e9

SHA1
47e49458a8f5074b19bfe6d6a1950de0ce310405

SHA256
d17aacfb87cbfa7313267a05bc3b2fe2e48a5725fd6311053c300da9bc3a21e1

SHA512
315f6537772e59285d965a3af217d5771760dd1a73fb65aa8435a0fecd8f40eb12c447197f06c75d6f24506691f5065434b7a6ad195457f4fc414870e2befc1e

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
75KB

MD5
ef8e0baeaca286e19ae67461ed8394aa

SHA1
2617db2fcca68ce4d62838afec2816d041163737

SHA256
18ec50c2c13517bbe30a2e49044b85ad48006e4c5fee496c6fcea1a729a28ec2

SHA512
c4a8e362dad9a416335a549398a55997c9443b451795c285474f98dee545a2cb23ac04ebbd33260b91408479f50ee5b0993db8e6ce5295c03625b5089342b034

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
77KB

MD5
27181c62e34c3cff3b02cf1e06ee9614

SHA1
e418523725a5ff80dccbb408234557071e5c864f

SHA256
e1bcd344b26c933bbfc37318d2affc71ce30409e2e4ebd74542c754bbf1dfcc2

SHA512
6c608b80362ee1a4933f3319194863ae38cb96eacdccd80d0b978108c4b160607abea648aae4ce90ac91b9a555c6320a574ac690f1778f72c7e48aebe7fdd13e

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
75KB

MD5
9c68cc096392c8d9449ffbc5ffdeef5c

SHA1
6ab8fbe2ced9a6349d50f5a88b496399be8b6b06

SHA256
c85c2fcd60f3bd2615848d25eb3cc81386faaefeeb0188c02eeea68e75f2d38c

SHA512
4ddcd9d80e1ca6fa00e628a8cd404dab8e98126f42e943ed077a8ed288db15b84ddda4ced27b85ed0be66bea8a9ea8ed6c14700aba3f5968e5d0bdd6532b8033

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
67KB

MD5
4a9fe7bdcf636018b59701a981a1cbfa

SHA1
6a081abd0e0276ad6c091f0a649ed80fc32b29c8

SHA256
04818cf2d486183e7227af6eafe948f03dc1a8a88fd12b3dc0c2f1f8ecb5b184

SHA512
e489d8e95b74ac64644e4e2dfe0330d4955f3c85603cc8f335e453cc9fd05e61078842469d1240cc1a2bdd9aa2e1f57b63c6190bfcb5f49a87748be9bcbcc448

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
74KB

MD5
a8d9bbdc4f2866f561f641b8199d1160

SHA1
1d694581a329e7b52fe98c15df625fcd9438672e

SHA256
d89b2768bb639394ca2aedd9dc2c54ff6ced6bc1306dfef6a2496c9ab55989e5

SHA512
ae93e2afcccca13decf662cae6b2b78665381c2ebc86486a796ce0b78ff1cd035d933bf820aee830dab0583d713ce150ad7a78ed2aa10a456aebbe408b29a293

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
74KB

MD5
46c44c3f1bf44792b89237692b1ee2c8

SHA1
b089035d530be428dc57fc003109eb03c1dbe763

SHA256
7c3459db6109474deed005c718310988a76161dd09b0389bb609f4e52a3602c7

SHA512
53a29cf73ded4981024f81a9ccc751b200ab8260d207d5fd784464bb8c6956d71f31845c28bd2dc8bca861e1de93623e98812dc595408e47e01e7b8c8db9d367

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
76KB

MD5
61ed42f3dbbfcd0d8e550eedcb8d303e

SHA1
01209c85b605c12dd32fedc73673049b6ef46cb1

SHA256
19126f35601bd334f8fbe31f420d57aca38c79ee8c2dfd660bcdfaf73c49c667

SHA512
11bd2cdfc987d5f5cd269a71cc81d6f7e09b72b20c2f2faa3fca4cd5919e821660e537c6701947b41cc285850854b1da25ccc2f7a59d199494d302875513d74e

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
73KB

MD5
788154bde46bf0956e7dad8b3b9287d4

SHA1
6dac6c7c56c1f42bd308c4d51a666b084e91338e

SHA256
c4567e5c8d1e646087d622aff02cb1fcc46f16b0106c3e0d180dacc894a2ebc1

SHA512
ed9210539c04b384dec079f52080e18b5d0e944c8f75789574254793fa0ea9ee3fa9d5ce6528bd1d4e635fcd04c7b3f065634a1e49b4919a93c0bf79f1287997

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
75KB

MD5
b03c4a57dbac920865fe7c34a5e1b092

SHA1
1347b0c6738927de453eaab5b02f3d5a5e312b21

SHA256
8d58acc39463c6d2701677a3baf3a1bf13567ac0519a2774c1950ae7512d854f

SHA512
a51a714f2ee348d8099ea85bb34332f6fece590aa250c222c522b856258863272ee97621ea885389eb25301998695b165b4273f5217922304a09e609c272f50d

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
74KB

MD5
935cd0a3be0020ccce4805d538369b68

SHA1
c4ccc4d288e95689871c0f066c25513cc578ef07

SHA256
4c48ac06adc0cfe57bc2ed11caec502d8b481efbbf220eccfafda38971755781

SHA512
f18910598a3559295ff3d53b1cb9c1c57425f3e71842682880654c8fa97d8ba1c9905f8f85b061567398c01bb6edd94ed38c2e844bb075ba982db1b7a44a0f62

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
80KB

MD5
95151f9cf7dd83a7afabd119b11765b0

SHA1
10b6e4b50dd60b77dd86cd5ae05c1883f0e3ae67

SHA256
ab0ccd94b656b8c1dbd359f8e66224607acad82205f3e942ad03b72d454f003a

SHA512
c95521ccf403b23684576a33fb9178f7c557344d7065954b5fd4c9e4c40f6c8072cd858d6c70c3093ec8348a4a81a9cdcad35f432b1619d409dcdb5098d87219

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
75KB

MD5
cb578229cd15daa8a4b585b571b15485

SHA1
f791a8a83d85aa7d6233e5a8c91b1dbf96f80c09

SHA256
a163602e7d100e11a0eec1cd632642d56d6c4a80f0cd717dd71a6f2fd8b6e6b0

SHA512
77755c37366b2967a5b23c9dbe777ec432adbcf3cc0d25669effe6bd5ef1be669f6b0707fcac1815a1ade8b2c52407a24713872118f0ffb9e5d00eeb3cfb91c0

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
76KB

MD5
82b0132830770b84f3c268dbf1d8b7c9

SHA1
2d3fa60ee8a0d285b3596fb2e65c8ec1db4d5de7

SHA256
f3573d6075f7a8eee5ffb0cc234c1e76b7f2d0e94a0033f3c24125633e5c7bc0

SHA512
e7adb3294ed792973ab7a4eed309927bb45855b1af59c9bf8b1c21479b6edc274cf1d8bb48d6e928e36d34fd23d8e3f6680d50adb04793bc0883674f67c84ebc

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
83KB

MD5
c460709c5060f2a8be842cbca296857d

SHA1
1ba1913e80a0cc9ff63c21a1ca10b3bcd1c5b658

SHA256
6fc6ae99b70a047d65a3386f8cb3c07094e6ef7ed260ef052b7a70a951b80046

SHA512
628663235f70c54100bb5f878b3fff6e7664b9dcb46b9c4cfcd226b2fdd3f8559c8a172b88989e3fc5827001ccbc0b2aa32b3221d2490517d74a3391a071eddb

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
76KB

MD5
7701a2c9974d08032aebb47ae4df789f

SHA1
909b302d70b36285cbd9561eab3159c2ae85bf49

SHA256
7889b3e6be39d15508250eb8eed86e9ba490d1edb33509341cadfdf67c2ab63c

SHA512
b8c1a97bc8541897dfa349fa0fc1bc7e3d3b86a382a4cf6928999dfc24b9425573cd2ac1b93384ae821e8bf7cae42edfb7619d0b61873221491ad4573d1ae0c8

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
80KB

MD5
81884f8550faa700c15ed498becf76fd

SHA1
e7d0f8ffa0f5ebaac120b8d91393b8e35d2537e3

SHA256
3cccba24b1b1c3a22430c2e597110a350c2c9c12c9879f192f4250e157cacc63

SHA512
90924678b073bed24e0d42b497f634b1c8c5792036456711dd1f565b85b1aa4d5c2d9b5f2124f6c8669f488fc10ef86c44e66494f1387d775e5669303b1206e4

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
75KB

MD5
a8b61efeabe2e2a052ac1757cfb98503

SHA1
72496097bf63786964a5ff46bbe8da74fdf38c0d

SHA256
d1fc289898a8e1712b4ee82044b88d8555a03f7cd720a14be6e777cf92dfb7c3

SHA512
2edce2d420eccc94316ad0096586612e59df38cb4252572ef474dce61b35f642f2470cc5bdf0341367f09475cdc265a8ab5c70481a2b9de9898fd60ca9888166

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
76KB

MD5
01821ea707fed6b33bee6b757331e5b1

SHA1
df9de227086242872b43f8565de56d592b6df196

SHA256
6cc18008fb3aa7edbf6ca80c7c8b5e0edd798c44a26f3cbf2c624b010f40a6ea

SHA512
4d2ad7f00836cf67950033921b2ceb73de620295a4c2321fafbd5e30b643f0588ce7e94013babbde59eac496d78a72bcefac283e6ba4cc1940cbb3ff673f83be

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
74KB

MD5
3ebab11383faf4bdf592384e0e1293a1

SHA1
919016ef29b136b9c50c4ed30a1640eebb933255

SHA256
e26cd36d2689221602dee3ef8d3c628e0965adfa7afbeb3315bf6a0ac9dde2c1

SHA512
c785ebcfd8943c1df73f54326be0cd04ded539432cc765531b15c8da42d1a4d75dce3803ffb2dfcab1c26642f4264ecee95ba045faef99ce150affe8309a0c75

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
75KB

MD5
ee482213760076d8e4ad67aac096c02b

SHA1
2fe626b7284d0aa256622a0198ed63f08e8a168f

SHA256
a00d14367fcaafd8dcf42629fe378c14ff7904d960d4604a84a218a07c2e3394

SHA512
f5079b686f6fe3b159abe5d440bd5494d54f42b9fb89c7feb1369530b14e753db0b5495e1c28a90530f79b7df813b0079da52d5b68df47a09f3ae7aa6c708217

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
78KB

MD5
4b585d8a329bb6a86fca52b37ead0275

SHA1
8b17cbe90877cf2f337d7b467198ec2704498850

SHA256
7a1e299d0914c6913912215e27b93e83b51fea1baa42b07a01146856da993402

SHA512
9ea61a18d7b2f79b471f2d9834f5266e52acaffbde556c25cde339e775983a672153d7eb1e4703125bb79bd3d6eda7b7a426338348d89e3434cc05275690061b

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
72KB

MD5
692af2f744199bd2b985402a56c9296f

SHA1
f8e0c1f072246a43fdd5d7aba4ffb2dd9759f6d4

SHA256
cdaa25fafb7d739a3dbc45c372e19893110904ec598c268d3caf149ef0675b71

SHA512
8fffcde7f0e93e1f923e88ff8480df1fc8f835385b38f8dd41396817afae7a839a4f1ea6b5676fc929812dbb70afbe9367b8fb4df2cc7876cd0e878e86600771

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
66KB

MD5
c15312b6a7f3f837e8669ab78bb1c511

SHA1
936073069ea1f8d5166ddef96083195504907a3f

SHA256
384058cbb078b68f6512c287fb13d9aab0429aeef8ae84a5743e776a0d6e2b04

SHA512
42910d7f5f22bf6e7c50f50c2067780fa3079f2fa87884af4db24c0e7249441c74288800d67bc7cfed0bd68cb1870be087a9c51cf34354fca440a17a97ad609e

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
75KB

MD5
d948013e28c4d8f1352488b484486ddb

SHA1
65387b606d52f10dfc554655336ef7b16dc8b1ca

SHA256
05afb4282b4ea0fbe5fbc20db0d77b78a2dd90f77394551fd00c585ffc5185a8

SHA512
4fa3f64404a1d7f29c74ed3a2b022d75f18e622da0a760694cb188ee1b03309cd15a43258ecd570e7d0eba040bc3ca40ddb30b47c245863c386013ca3baf8135

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
66KB

MD5
4edbd3e107f3efa79f94fc653c915b4b

SHA1
7dc934987e91afdeed162718856417c67c689aef

SHA256
f27a8cd7f4e1965b0574c3bd9ace4150480f4f69aedb5e5134a474eb63b3423a

SHA512
7f3d883d963df5ae9b41a306a79a4c7861d5ba28f1f3af26eede46619f7411b3eaf622d7d659d7ce838b8ee0f15712460b64db2b7c5f05ec584deacbe8a3f0d8

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp

Filesize
78KB

MD5
0be11a8ceb3fc8d32055614acbcfe192

SHA1
d1249ad5cdd8e4d6bc86f2fe7d2fc79c05f9a37c

SHA256
d4fe58817942abbfd3fad78bb0c29ddc20365f7ddb935cd86402f234e775a82c

SHA512
d8a398abf42b83366dff5558141f8ed33b0a833a2850c2519b43d2025e4f41000140ad9fb0a28901cb37421cd0416f2aef397a04eafe441af7ab763c966411c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Assert-VSInstallerUpdated.ps1.exe

Filesize
66KB

MD5
649a304fbacd29134ec4167b0006c1a5

SHA1
18796badb0dd885af453a492bb381a231eee6b11

SHA256
1bb7bb9239d4a4bb58ecc3da6932bcaa0d126701b8e299f169f87f3016abfa7e

SHA512
2508ec38c0ea125a2d8373b6e48ab14ac42259691b5778ac2abce924972c3461281f55546ee41e25f8bbe42912325995632cf12f531f426282c19460f4675cd7

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
58KB

MD5
a501b36fb4b28878ab6062c6fda31dee

SHA1
cc5463128fc63dfebf9a83b443872ba1b4376604

SHA256
e49d39b621771d4e2b19743b59183d994247c1361780d9e7333248a5e7bdf5dc

SHA512
b62027f5765f8a0ebf43aa7ae38c67f72c37aa50871e0b46de5f92ba2eace969c86cc761017dc58fb7c56e31296af92cf95de47557f650aa40e966ada79dda04

Download Submit
memory/2308-11-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3172-12-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download