4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe
Size

75KB
MD5

3938a45e39e301b599f72a2fc7846978
SHA1

5976ad01f12d125d89cb10acc34670b353cd6af2
SHA256

4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de
SHA512

72f517038684964e5d770d0f3e734761541aae15935b457d8a175a0012bd0d0d933059a7ced95c48c915af946b3fe6fc548e63124e5db64f986aa22142769571
SSDEEP

384:yBs7Br5xjL8AgA71Fbhvx/IBs7Br5xjL8AgA71Fbhvx/R5x:/7BlpQpARFbhJ/97BlpQpARFbhJ/R5x

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5239) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4292	_Node.js.lnk.exe
3564	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe
File created	C:\Windows\SysWOW64\Zombie.exe	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\ConvertFromUndo.bmp.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	_Node.js.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\da.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	_Node.js.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\zh-CN.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	_Node.js.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	_Node.js.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Node.js.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 3564	3572	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe	84
PID 3572 wrote to memory of 3564	3572	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe	84
PID 3572 wrote to memory of 3564	3572	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe	84
PID 3572 wrote to memory of 4292	3572	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe	85
PID 3572 wrote to memory of 4292	3572	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe	85
PID 3572 wrote to memory of 4292	3572	4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe	85

C:\Users\Admin\AppData\Local\Temp\4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe
"C:\Users\Admin\AppData\Local\Temp\4d6ad8e3cd705080d17f75f4ad0c0d9fde9a0b71e1f8d61297b30f1392ffb7de.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3564
- C:\Users\Admin\AppData\Local\Temp\_Node.js.lnk.exe
  "_Node.js.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-195445723-368091294-1661186673-1000\desktop.ini.exe

Filesize
36KB

MD5
64239cc4dcca5e6778a8989da2c73870

SHA1
6140dfefa4eb8236b68786136933338da40da239

SHA256
486f42965346624deda003a1d60aff5a5939a1bd1a972ba9c35daea09813f1dd

SHA512
8954cc14ec0d08f647991e4f06b30131b336563554cdf1a8551f989a84425782026f49e4223253562e35dc57ada63c68454cd8f90903849bcbecf339e6378bd7

Download Submit
C:\$Recycle.Bin\S-1-5-21-195445723-368091294-1661186673-1000\desktop.ini.exe.tmp

Filesize
75KB

MD5
1988b03b2ed0ff17081b5560d74ea11a

SHA1
a3cf496dfb17947ec5dedfe478855e9e1c6a7d6a

SHA256
4212ab1afc7d1efc3aa4d172ef401cc5b2238d35640a856eaeb4c871d5730bef

SHA512
4f725baf683b91a8f11bf8f282c0a0132e2f16410fbcc1db7a7273ff56975fdca1fb192d2e9a37f2ce4c997f923a68e15c340a81b3178959fd5d63d91409ab69

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
151KB

MD5
572ee8eeeafec16f0214ea929f5dfdbf

SHA1
b626e338d11ea92fe5a0beea1fc89af404f1326a

SHA256
cf738e17eebb7bfaca8cd320dd4b6360546a463c9d497db83e8c39a2e96661b0

SHA512
034e150e77f9700a5f0b180f0880b2d2378d6d09625a7d91d072491a1f60919fb3303aed92e75ff55664d7a1eb822de5126e2e33d4e34f40250123bbe4c3db53

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
151KB

MD5
fda20f24d685b7dcbb23e75087a6ae25

SHA1
ee6eab5d14571ae589787db644f08ddff7e64146

SHA256
565b5abb9e741e3073d9a9c567e847ac4e8f6e0953c1f765265bf068e67690b6

SHA512
dc9fab4201c9d6e62fa409be66f3aefc62ea78569822e00122d24350a3ecf5bf0a273578d5ea529fd1f145b31d2acd901b8796fafd6a85a6f82045b195234d18

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
137KB

MD5
2f57ec0857eee65aeaa608527e91c77e

SHA1
13d78b0a397d8733b9ac93253f6e14278681c025

SHA256
108460f88e60a6ec2c1ee31cec790b2f55a25d3f03b51556461ab73996e5134a

SHA512
163cb1eb8e32222cc19cc707255df4077795a5b690e5d1ba2a2724c67feb79ca28685b73b1b0c81073228b031dad246f97023548fd49d6763554e48558fa3337

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
103KB

MD5
5d0b7a9791de41b8db24323ee524be87

SHA1
69571ebef2ede01aad417fb6628c275a61930f7b

SHA256
82b1c97c749d7d33c790d439c8f93e89afcf7d797874976fd5c29ec653b27e21

SHA512
54c1f9672978a70357c325f953c49789713f8d7cfa30ae21e4a33c110f5eab01bd70fb0f1769c1bbe2101ef137436b9ebc139e5636f7e7148d463b6f8ad74948

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
2ffa9191df22ce04464e19e421605f88

SHA1
eea3aae039d9a52880346bb9d03d33d3e78ef37b

SHA256
9a91eeb165ea9bc069a4a911dcb229e7a3ecd129654c6600d03e2021eb5c5cd6

SHA512
d06aa4e0013aa908d10a90bfc2bc05c7ec122791caf45972a34605dbd82f007892ce38f0ec835d332657b44147819d274cb2e5d90bdbe923c3623a04d9523792

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
582KB

MD5
2fea824e0d97f048225e739e9a5b2f1e

SHA1
e1ff2f60ff4b618a723f33c1d0821e43955949c7

SHA256
cb1e7003956631d2e195d498c6700f92f871d6e791039765a440b07acb784eff

SHA512
0ace11f54c0000bc37af26b6710ddf85af0be3e93b4a79daa2e722baf7190dacd895ace233ba9d2a7ccae3d31f90dd467b2c928d924de98a866e0333503a26a4

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
227KB

MD5
f6afe9f5161a98b7b6c9231376488510

SHA1
1e3be8d976f626f698ef8beb34d49f88a5bce19b

SHA256
746e5b3c033d2f7ca54901fe7f13960a391937e629d7f8bffcf73e2e7a72c5a8

SHA512
69373cdb9bedb582967a3e068615ae33e7e6f923e3e5187c46b97c4f9b7de0a40dc584167a84a53cda9fdd00760f8b12df3c71bd04a603f7fc2e79d4f8a5e00f

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
969KB

MD5
06dde4e5efe2a1dedf56933191df8fd5

SHA1
20eae5e146b8af078335ee4c0a4879e89f4c1dc0

SHA256
7e3856940ec3ad661801e7b26721b48396982085c20f24234c2ac1c47732799b

SHA512
6f811471d25cc47dabe7928f2eac5e47a27c85c266a39875ad373f1e044d4ce0c7b433abff9c31b64ed4690e1e4ff2dbdb3f126e0ad6980bb031f4a61e0adc80

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
722KB

MD5
01eed0b8ea20d66f69aa8beb5fb1f9f4

SHA1
74bfe4f26dc850f9c09fc933e25631136b5d5ffe

SHA256
98ab9b2260f13f566bc30dec7e96d6d3b904bd03ce93a7eeab4e1c6e7c425883

SHA512
968ae0fecaa8befa6d55892858c6419950782084cd2199ee51f5b49d7a4e4b1531390ff218da85d2e31a3ee435ef36f600ad778dda1d42da553f6801b9cfc9b1

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
48KB

MD5
ff1d710386c5e1bc7045ffd90d9517c4

SHA1
9dd067a4a8c7f272e0e0dfa5dea720aa2ab0fc04

SHA256
b09c71cfc0493882bb6fb7fbc8f161e397ae8ef75b80f6bb4db994f96e48e033

SHA512
5cd29fe1139eeb61884436b36103022a54b7b30ceede10c0e365c0bb839a3fc9c39e7347e7ba45ad624ac40f1dde14d220e01f34c88687abefd31abda674e78a

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
49KB

MD5
8f23c5a3b1617689af932791cfdc5646

SHA1
9fef3dd10fb72811a781aec241e4bced9aa8d121

SHA256
fb9d5e2d9f395d7f3ec15152926c6e4fb64762b48729bfa3e8ba63ba11ef67fe

SHA512
83d59469e35dd0a0883df6cb0c907d61e308d8db990bcaea197ffc3b1d2b2d8ace087388b45ebf8c676897142797d212c924f9df0f7902d38270587e5cf76f79

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
51KB

MD5
98a6256d994b7e78e83e495d3026eae0

SHA1
2cdf0f23c51c60cecf7aad77391b01259ed5fe28

SHA256
a6eace9f8d18fa9f5af7817404074e49e35acdd0ce5e25077e8990dbdddd56da

SHA512
bc9818e35f076cb23111e162ad171ddfe51635cd51a0c9bc007bc802da89a066fca0fa2ef7854e906246050abd71988337e469cdad6255f36a6c0f0327e12048

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
53KB

MD5
de82cea1e51453ff2b58b39b4912e0bf

SHA1
9d24952a4441b45e3821071c17ee286bb0a357c9

SHA256
90fe7b48b1e133ed4c4a21fdd59472ae62de4770add919aa5a1f6b15bc00dd44

SHA512
ede496cf5314576550a4173e7b2919ae0f1e43b436851af29f39b8a4f880ba5e6139f0f855c929d383a1d52bcd6777738069322cc8b344d37c0e02744b24f8be

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
46KB

MD5
2abbb9654a606d79fdac9489b96cfbd8

SHA1
172a19cd81929615eb3be8d24b32c0faac1dcaa3

SHA256
1257ac5c94a0f76fe2135d4e2a1624307c15f7e34b31ff512e0bfb8881d2e745

SHA512
256d7798084ff80e870ae8f45a8fbd26f8764e1d010ee6eb05583cacf2c812b1808b49cc35b1ed28db039a1841a287eeb76c5839bb2aa610cdce6ba5d83bc690

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
47KB

MD5
9c980e5be2b159a7986ccd2b02c5672c

SHA1
e5f72c277a69119097491013f6333c69429222e3

SHA256
842e77d3cbe3bd0050d7e9540246167cdacd0af7123561cb5c84c409bf75ca2c

SHA512
7212a80e0db11703d4ffe3e9cad2831ce3f0c233960df808acdbd033fc81f8bb7da8ff6e2415206a46de91d27a83491baf8dda99c55ca570a8128a0cf414a4df

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
55KB

MD5
62b49166c7607f3bba9e91f498cbc04e

SHA1
12e87def18cd6a23595f82216feac63eaa6fb47e

SHA256
90ab7f67b1c9fe01c2e551932071738b4679bae3479bd5fe42d7006aa810e144

SHA512
d4ab2882a3d9f898059d6a5f7be1e6e72e91ed38f2af3fec62f7e94b74ff33f2b0dba43e1501718aa8539a578f158c9f902ae78baeebfbd8130b10f4a0500284

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
43KB

MD5
b1b31b22b6f00742665ccb304232df07

SHA1
194006fd4168dd2b8bdcaa62a5039d502d914fa5

SHA256
17db25a6ebdadee2c8a0ad2e75a0492a3c46093e4b15bca0670507bf894c15db

SHA512
8f292c2f03f3b08fd6452ddbb901d48da57869cdbf8f225664e40193ce78a76c16a376eff84ad67b7bba79a2ec5649fd0113053fcb05a508fa0826836ac72a7b

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
46KB

MD5
8ea8b60470970a4ec4f1fa046b010cda

SHA1
56bf561bc018573977b9422a696b7337d722c191

SHA256
0aa453fe103c69da17d5904e455a4777da50afa6e0206af2f3f9ead51a64868d

SHA512
6221eb7597786157527886a9bd12d463363800b8d79e7441dd018123d1780d92a1e4a499de36646bf225727faa605f1fc077afb7c6ae526cde989cb9d2cada99

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
51KB

MD5
71ac0d777fa7bbfb9e58892ad2566ecc

SHA1
fb22e4a60fb35bae531fae14575ddcaf0edc5c0e

SHA256
2443ca78f1aac68e94bb117accd2210fbb124271fb0fad8fb113f918a0105f83

SHA512
eb94b3c93c09bad858fd49fcc1eae4ca81b616c03b54a123db3fd60c1dcab3c612a7517644d86c93a225c48b24526fa9e16017d2a9e90fcf51b1746d5db34354

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
46KB

MD5
200719c3262fff23bd2c29011c29b9ec

SHA1
9202f2e37f65c944ed494889cba6868bfda47f13

SHA256
7ef55b6c52f6bfb5a0681cbbf1c046bd85f181480ddd8925254bea69f92eb9bd

SHA512
4725fbf0c7ecd3c0ce549fbee7336dd6eba1c73b560381af82ad990f13ff0cdf7da51637ad08dc4d591ce3565d32a202859f91767d78e779cd92454e6bea2c2c

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
47KB

MD5
3e56815a9ed0a6e9fbe97db74d7a4691

SHA1
f767de94d5e0e6ef39a9c69c664fd65f13ed06d8

SHA256
5cb9004879d133a7b3a8f83d405e9bcd9b8cccafa9b5cd05106b0fff4115a6cd

SHA512
3966df0bf9f34776700c14c5b821eb88ece4e0d9cbe1bc42059bbc8443be96e806ed770a0f80e9d163a4579a8bd2ad45361fcf91f148532b70b5932225ef0943

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
55KB

MD5
16a9ef74d57c6973eb1bcc9a2ba16623

SHA1
0495ac17126bb72bb7eeb2640df4d1d7a701e149

SHA256
8482bab0fb2c256626e5a2078f8c809d88dde5af1bda1669d146137f9a0b9de9

SHA512
4f3e6fbb6593c6015c660136381ddfed7a0a8f0b563608b306502a10c52883adec47fb8b4ee09e689255bfecca0f8d969631d9df1f7de92e3b5e4336454aa448

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
45KB

MD5
50470f1034eab2c3d4adc41dd93b4ec1

SHA1
b62aab9185b7060ee470f9a630bbb7d08caff23f

SHA256
82c2e84e1f065118375dc28d0f8e2b61e25d5a1acc2e38f363548953d98feae1

SHA512
4f18b7e7f370424d480ea7b077e24da64d7897eb5c0787f614325e4b8c91cb42d837189cfd613b2f018ff7dc109ccd47d41d45e84c8da9ef568a69450569e40a

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
48KB

MD5
7e73289c0659300263d72887bdf71837

SHA1
d4ed1d3b946b012ffae7620c7623595bd3b20241

SHA256
343bcecf270e1eda4c79d2457aad6eb4560d623075c05dc7498cccf8307c9ed8

SHA512
b545756415c03e795577644c384e01146a6a210d698ff9d359e4d983aed381a04cd62ddfc808007fb037ba2d8007cd19d2bcdfb266f97294e148b3a68f36014d

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
46KB

MD5
230cbd2d935ddf6f38448fb09d06a1a0

SHA1
874501940b853b033bd5425a849659dfc1bb8ce0

SHA256
da0bb8415b66fd74af693d30c51fbf5126fbf8ef97f8f3b7c54be03f3d1a7057

SHA512
ea6a90048c346382e413ac17e91652157f40d406777a23fd51a277bad18d0db3e98acc13c4ab6b3c89cced4a5ad4b4be14d33890c4f8634d9f4a110cadf26726

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
48KB

MD5
07ebc2d1040ff408a893bcb9936688c5

SHA1
4f7e55b39535c9b72d6c7d6341f0bd3f45054d94

SHA256
88f001b6372180171101bf1b6c861eb9d2d9898a1e46f242831d0d27132a6ef5

SHA512
1738d66e1356f0ecfea9043cb45a949c5738165dd9ce3e8c9ad3203c2e752a6758cfe8735f375768275c0866a4c3cd4be509b13dc59198eb4febb7c6f3a8c97d

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
48KB

MD5
eecbe3a591f9d39735d7d99f77f44c7b

SHA1
5b776970f7c8e4e6f05ea64a9a4da8eeb1043e35

SHA256
e98b1ce60aa16e4410b053e96ba92e2dab9270180ba13902be396138b56864c8

SHA512
27bba030cbbdb73ff8f36b1d7534bbd3e5bdb9649b7336d0cd05727a93b9d7a71808a6457acb8f9729a719df0e7049e1975cbcf90e599e6c366deb40ae138a75

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
46KB

MD5
261179ff15ff84cd700728dd8048d427

SHA1
a69f5ed13a37fda67db4095cf3926d7cd71fc54e

SHA256
40c42d808f52d4b8477d15ecd9112b45ad731c906a7cf36a97fb982152cab9be

SHA512
3508f2e44b433333a72f40fcfe280a34f710ba3a0d22ae748bd6f7763691d83d179ac6695598edfe42924a94f278e5e4bddd1e1f1b30e6207b0f2d22aca02222

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
47KB

MD5
83ec9b33691357e026c5708acdfbeb03

SHA1
ee268f1f9e8e5c899c5c8804dce98c1765dd19a0

SHA256
63add26604984dc89e97e7d2fb078e3bbf42601e344f35265ece60c5d1b9d91b

SHA512
3bb5c3d9eee4a03c0bc4310d7fdb9b07d291a97eb2352f1cacceac5bd0c177b2657aecb987ba93d177dba837ce7cb6dce57ad7aed5b0297187e739bdb31d8a43

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
46KB

MD5
635ca0a99ab552914cc3d8d182183cb9

SHA1
8670bb708df7eeb8e127cc9be1ca5c50b7619061

SHA256
b3006d885b2f2ad1b547e5bd73fab33c60b618275b2e9fa0aaa560e500de80e4

SHA512
1b11a6440327af96ac4efc01b0c9a2d792021d2d7dac7501930a03e1dd05f12b83a0b2027eea8be5d9d5cafabc024b544f9e45d0523153002f00d87512385a42

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
50KB

MD5
61e95ad6648ec8f4cfdde366d7334c76

SHA1
9933a6972a468f2706d499d2147d7cb219dfc05b

SHA256
1054bb45fea99e2932f783a9383e24d3f1af3a7705f1893819fe2f33e11d197b

SHA512
44aad1da42edfcd8be1dedc23443e84e42819f691b9cfa1a536fc5db962a0c09b684582c1f628da80b52df0ea66e21196c714952fcda5b79e62c80fbbc64fa11

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
46KB

MD5
b1eb6f2b975d41f1d09067239de74ffb

SHA1
4fe49df8af1742f1e88c15b3ef9ebe33ac6635da

SHA256
3ba5b5d650d1f389c8a8ecf21892a84886cd39f3ca1da06a5d19f9f4d6846a44

SHA512
428280fd5f9dbe5aeb826b5b8a643084f37686a1c79cf27945b998b9ed6e22130f36847458c877fed24fdc0e5c7f179215580e3f1b158a9e6c8de1614688d1a0

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
47KB

MD5
747806c5c9dba18cd7432b350d3d7c12

SHA1
45f6b306d9b25c234403451eec8be45fd136623d

SHA256
400676134b945d972edc477b1f55285ef84cdc257e10a36e7871abf76199ef07

SHA512
6d83177acce8502336dafc80b7a34227168d88189abfaef5af06994bcb880fb54710cc6c35c6f14ff93526c73950c5b56984c4d21df32459d7c4608d5ff39d28

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
43KB

MD5
76ed087781c74850202f52eb4422fc09

SHA1
88e67cbd9496128f8c1baec6181bda56f212fb95

SHA256
8d81d4fd74accad2bec6219cf4f82513bcc36495368dd2132865d8cd45504093

SHA512
0b9b5d5e38fd4a6314b54f4be452029940e5fcb25e1a57b3c704b8d73b5578b9a35a8e6499796403f39fff607453f08e81ba07fe5ee0167471059db7ff448a69

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
47KB

MD5
b620c31ea09638b2c77fdea45d587469

SHA1
2a1f4936491f12ccda35ad97b4c6ba25bc1daa1c

SHA256
2529f60fc787fc4327a3d5f0c9cf52f0f008e1de8f372c360dde07ecdd6df3f6

SHA512
42261ef70189b8b2ce384a03dc076c4e3ef2d8ccc4b920667075e1e43b308f25ebeb5ffa9a416a77e7066a762cdd8dc8ad318fb2f1cae80464f5a167986ad653

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
36KB

MD5
53f11d31363d6feec3290bdfd2845784

SHA1
b85192c3f2147252c41f4ce8b3accef5b0067521

SHA256
4e86ef2c415ddb8f8028fb3323f645e1ed7841f5093f77a4847ba7aaf3cd9d88

SHA512
e00c24b48adaf7dff03f32867f6eeee0c2239b3e75b6f81f7c5a047665aac10f07bba2a76f695ca8cd77a352f1975efdc584d81ce0ab323d73fccd0da49843b8

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
58KB

MD5
37f9b774a20732d22b253bcd626a46e2

SHA1
df02e30fa41bd80a60c675c2fffc24e62bd357dd

SHA256
e1773782c941dc1b95955dcbe2c06225f6d10299615ca3cb82324848afc8ee98

SHA512
22d6f2fd9ee04204386d20f987b17ac04656d717c5c6c7a4bba31bac01e9a06fb2c3148f42af0aa456423aa0fa7251da4572543394be63b6a3d018c99481f44a

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
57KB

MD5
dceec70c2d9c8630812f8a84cbb8bc1c

SHA1
3db6b8d0e048db05d1515e2b7325c2d6e7a6b900

SHA256
a0bb43bc35d4cae3e5e87e62c5869252e5c687e687f6b1064851dfe8f37bb9b0

SHA512
9063cd0221e910e26c8a93ac65efa69ac28263e06b8a60c915e70a388e68b1e50c9c94869d07f0ce9487a56f4a503f3cc11ca3d33948d239d929b1a371f1d4ca

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
47KB

MD5
0847699ad2618cb0592bd895bd5ab518

SHA1
b7f9f76560eff5efa4bd7ec0c395cd16fce7eaa2

SHA256
4cfb274592ad94d0d521b032bffd12e88449738a37eec5b6d89fd06878b4fb0a

SHA512
b7877924dbc48a8d2d43e9f07b4badc42bd1768906780cd4d4df4f54224e122630ff0d89429727779721c5ac24a48f282679af523a264612e1655abfa03778d4

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
44KB

MD5
eb4f241284039eded68ddee0acfb1b3e

SHA1
06e119964df83c10e4d695c2c136b28c21aff63e

SHA256
c363bfd8cbeb91eccf9ad7fca6483c05a748540b3e730bb1deafca39b3bfcb73

SHA512
99d196b8f45ba82195bc80c054a27e4585b1f4fa82f1c2240beb77fad8bec98c9060b402b5f27d76314ba2c9a332a383c1990e415a0647f0a5183f6fab2ab855

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
49KB

MD5
958b8fb58c186110bd9f69a5a9e3fc20

SHA1
cf5d44355793a8a6f86a1230dad27f450d23ca23

SHA256
547532edbc08214ac831f1caa4ddcfa88135b322ecf6d0b9c84a8406aa062b9c

SHA512
bc3600747b483c6e8d1379b85d3929d1294ef97947c6d7dbf3c064c10c65ac6d516caf4f94a578e08f82b11209b2b2713ef18de5fff2953d7bfb910a1dad1ab8

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
45KB

MD5
508a54357488430ffaf1786f33546fce

SHA1
010baf8a363e1394299ef8305ec20f01d9755bef

SHA256
bc271a4c54b450e93dede3e2ffceb986b6eeee1cae02602a6fa071d6328b3f54

SHA512
e1e32d69c9b4f2bad5373a931d14880a6894988a6d6cd4847f45c95399961c19720742a3db8559eaaf935127d48afc604a1d6a80dbdddda79a29e5920f42d5c5

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
42KB

MD5
a44a3420eeb271804266dcbec0d4607f

SHA1
c45576aff5b932cfe08f331ad7ee7de9f9ed6218

SHA256
3da42f28292b6f419512a0479be8c76b83dc79e775e020ba2925de52262ea5b1

SHA512
4d860e24d60b2fdce469cc7d8c8bedf62640b09b52d112761d176ee8ceb6fb5e6ce66e8369bb589185e65b83f1609be562b5cae35853dd4af2b4be5a866e46de

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
50KB

MD5
62448e95c339eba8bdf526c5528c659e

SHA1
dd864a2463080f3c3df22063ad392808f00f1c4a

SHA256
ffefd84cb6768133b1559eb28783ecb919d6bc30473d6142203c810e474aea37

SHA512
4c0b48d18894506b086cc50540339a03a077451638cb8ce991c68a66a2c96fa73569bc11e92c370ded65906c144baeb34482211b3a386b63ebcb8fb98b454ad4

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
48KB

MD5
50ac0a820d524fada1691d5e18a83f26

SHA1
dfb149df8ef1bc4980415f32b26aa57ac9682abd

SHA256
67c89550237556a2a5e7f0969e376e679bd65abd5123ccaa3c0b2e33d4e00d28

SHA512
a05a7f70ff160b0c46e4305d0f78ceafa21a20f11550d5b683ffef598a717d4dad4075dce327a0c5a3643067d114c043c7c5ec843648aa2b833ffa439535aca3

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
46KB

MD5
eb985a9ce01d6d788bb58c7c699d4709

SHA1
ae72618d25def1a855d149b17377d84ad52dd72d

SHA256
9539d143333118f6c50711816a05a2074fa8aed0cca07b3d12f691064b592e69

SHA512
5f4e496d22a8d5502be5b1b2a1799457a372c4719b87c1c84fb40fb4303f3614b106572bbf56a75b0457a2194cf01390cedcabd6ed22bab75550fce3252969b4

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
36KB

MD5
9338b5ab8e33b34afe6fa3b30ae41478

SHA1
bb8d5bde536498ec216d85a93a33dec4050e898c

SHA256
16f6ef68fa78f44784b66fb77fb1849ca7b27da7f8f0d45e48b92dcfc6bb6432

SHA512
257c6cb3c03e6def4df50a4a325a01f650f8932348dbee7887b8aadcd501d8f04fe61a92a8dd48deb3bb78430594e6aaa4809fccda2ed9c1b76c2376819842b0

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
45KB

MD5
5c2f1ff35c5605d2c82e3023c1e37793

SHA1
1ea80b58c929ae8e569d936a55627c55d00a9ae7

SHA256
b6d77adebde497df93247e14581ede84a3f32d4fc81d5e4a9011bde58eac7dac

SHA512
7613511ccba12303c881a3c4fd71a47f23db91469b50ab22d9ce2f7934d88038cd86d83258f74936a8d54c7f2d9c7a2e1ea2b6e578d9777fc83a59f38cb03e0c

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
53KB

MD5
5b18f1cfb17caec222d0a535a6cbba28

SHA1
9887b42368794065843b4b90a44c8819d24d7674

SHA256
842af6fa8f82362fb7ac4c66bb8acbe3c36b80550361f415a73d8eb21333927a

SHA512
a374448da0bd67a647c1511e5eacf43d97e7b46b0b9ed3ee3e6469b7fd1ec281f90946aeb9153d0b9f0d43a1bb9c968263df2714e1ea5ee357273cbdb8df01bc

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
57KB

MD5
b03a415417b3cd0a5e26a16214b77146

SHA1
da0894ea53ac034f4c9777585a0ae214c0c53020

SHA256
994b7ce9a9280f8d38cabc9388e577685815907eea3774e10c1b572dfca3ddca

SHA512
efa7c738e871c09e43f0df787a4a8e556848b423d0ea5adeb204418f8c9ca1884cc7b2ab5a3c6f19ed2e9b836e4c404e4b8227a9c7703fefb3cc8a6b49bb848e

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp

Filesize
54KB

MD5
5b0af40412013dbe0c0e02bec054c802

SHA1
1f7a325de597821ab8dda32ac254c02196a9d55b

SHA256
3409bae167f233e41a4735ed1a8a595bacbea5c5dcbb95d18235a28297853bb4

SHA512
d839dc777f360888ab8b1e267890bc95a9d8212859efc2c82d403789dcf53df36ffa9a33130d987bb146e417d6198d5d674cacb9ac43c29dd2d769c130593a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Node.js.lnk.exe

Filesize
38KB

MD5
b8c0e0b680255004f8bba5b44f9461f3

SHA1
0108cccaf8766f5b2e93280be8b22448e646628c

SHA256
9b3428e7733b678335f429c25107e6b0c6304163420cbf7f2327e18c5116d5c6

SHA512
2fc569b7368249602775cc7f4c4a71fb06f0278c2fd324efb7811dca5c07d3057acc6411b3a4b749c7e578f42318dbc06d4690c0ce2df09fb1d46094a589d615

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
36KB

MD5
6f24e26fdedcef9894060065493bd763

SHA1
486e2e907e899bf50e55adf922322ab3ddc15a2f

SHA256
ad74956f76f445d82fb096589384323220c2251916e4b93982606a5de9b9dd29

SHA512
2a5ed9d4db16ca943ac5e44b20850e6a066dd0c1503817c7da1faee9b9d37c3f613e034d8970be75e62847afef536a65ddc1695bc74320d06411402085ab1248

Download Submit
memory/3572-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4292-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download