d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0

Analysis

max time kernel
19s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe
Size

112KB
MD5

c4e82520323f9223b6a12c09a3f29213
SHA1

c20ed2dd193266def35d3f3cf4a63de1f1812353
SHA256

d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0
SHA512

9b91fb9b84d2dbd8a12fc217619d0e149bdae6bf7ec9cbb306061aeae30652b49bba10c4a15247a650b497c5291e409ca6eb239d91db8ee8688d738c0b5c04f4
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5DPQWpze+eJfFpsJOfFpsJ5DaPxPX:Lpe+ewDRpe+ewDaPxPX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (80) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Executes dropped EXE 2 IoCs

Processes:

Zombie.exe_desktop.ini.exe

pid process

4856 Zombie.exe
1064 _desktop.ini.exe

pid	process
4856	Zombie.exe
1064	_desktop.ini.exe

Drops file in System32 directory 2 IoCs

Processes:

d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Zombie.exe	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe

Drops file in Program Files directory 64 IoCs

Processes:

Zombie.exe_desktop.ini.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt.tmp	_desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	_desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt.tmp	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe

description	pid	process	target process
PID 4836 wrote to memory of 4856	4836	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe	Zombie.exe
PID 4836 wrote to memory of 4856	4836	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe	Zombie.exe
PID 4836 wrote to memory of 4856	4836	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe	Zombie.exe
PID 4836 wrote to memory of 1064	4836	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe	_desktop.ini.exe
PID 4836 wrote to memory of 1064	4836	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe	_desktop.ini.exe
PID 4836 wrote to memory of 1064	4836	d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe	_desktop.ini.exe

C:\Users\Admin\AppData\Local\Temp\d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe
"C:\Users\Admin\AppData\Local\Temp\d3dc48c713ffc3d99c3ff9b6855f4854f3e2ed1e9c54132ad91075762903f3c0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4836

C:\Windows\SysWOW64\Zombie.exe
"C:\Windows\system32\Zombie.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4856

C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
"_desktop.ini.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.exe
Filesize
56KB

MD5
06bf7f0d56b1f654aeda969b6908df55

SHA1
30d53ce1f09bc19f90858be4b6ff3a32ef6e26ab

SHA256
c62fb97923f68ccce00160d7b89e6416eee8b27b18a7f2a67e187ab3b2e166bb

SHA512
4c1ecbaa7ee7573f79eaa4567259a1efae03008eebfd3e51b79e33cc35648f8577d58bab1ca0143325919c276006dc3bd72dee8f8ea7dda7e11cee1b0edef0ae

Download Submit
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.exe.tmp
Filesize
113KB

MD5
b475e30e4f590e8bf9325ad38d86708e

SHA1
d6ee5da8c04d6996c1e28e70c648fcd6b274a69f

SHA256
3f4b72b5494e3bdc7d7dae5581e6afb9306370dc67618b175e567e06b34e199a

SHA512
d8b3d52504f1107f362f452e18a2325e9e938fecd7dbe2fd2a93136ec603b1d667cc9eafb10e2548591279f7e724cf73c270012d2a29bb7d99cce5cac014fb07

Download Submit
C:\DumpStack.log.tmp.exe
Filesize
63KB

MD5
3c3645f313c6bdb075ebc4f9a63ca815

SHA1
cc98b11d965a29e89f9507ddbc3b0397ce516c18

SHA256
c1ecf340cb57ddb2394243fa2a304ee90dac091cec58ecb47120e6211f1ce6dc

SHA512
692bf28a9999ae199943a34314586ab3e23d7b834372b0f981b246b430e12fdf25f7680ebd0c48b8474ae431b74fb9ef162cda8d9cd387d1ec607491bd2592ce

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
169KB

MD5
64717d85b6ebb1e7b5c5848315bb6f65

SHA1
e6e6b19a417eb13ff6625ebc623be486e1e317c0

SHA256
4f755fca3723810ea110a57157137a7c87346bc2c51ca366a3989c174dc90473

SHA512
f3cc422a4fcd7c87982901d3d63cc56170b831867b33c9bad06018b823b3908cbd276736220ff3736181cb594fd797253e5f35ee1ccfeddf14a56b1b5e0e0afa

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
156KB

MD5
158bc263f0536448157f2c3ff4467d1e

SHA1
09ce2eb18cb64e8d783c2c50f53a8938af1f0a00

SHA256
d42d15ff7e4c1121ac2dba5b9dd35d0085f0fc5d9b94ed184c54dcf82453cd59

SHA512
f288f40e68a19f9acd33ef18797dc5f450947e33d4f840ac9e874cacf3a49441d618baa920375241953836ad97c730f4a4ad77a2ba5147248830caa646a4eab8

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp
Filesize
601KB

MD5
b51ab00b4d067fa47a1cde973b9ef179

SHA1
bc590fc2cf139f74e32d9254c460b1a4671c4158

SHA256
3a125cbabc048e402de22b26ad7d01f446d186c29ffe3dc2bafa62fb257b727e

SHA512
7ae3d83565c9d99469cf8f3d604d623d0648e6ad72d95ac3ef1a3f51e51188af53111166d0f6fe9af5107ce507d11a738852267ae879e6e4df5d590d8d56f57c

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp
Filesize
266KB

MD5
3774300e9a0bfbef60f940c8d0b5b47b

SHA1
f5edb98178c30f89e65e11f9ad83762be0b821c6

SHA256
2e190a9071c2ffbc7b71f3f0f93c1e1edfdefb335e72d4bc86eca52d0cd519f9

SHA512
d9f39764e1a11f28e4057a775bc7e732207cb06c3fb3e79e4054c77bd8b267c5291ad808a63f91e6116b84ce7220ec00befb5cff1a0e4ae1c09be9f980845364

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp
Filesize
245KB

MD5
149e67642dd53021e156625b03f11519

SHA1
e26221d033077702667d3509d8f9033b15e3759a

SHA256
113312d31220f6cb9b1c9ec4e8720f2bf562c8c6a05c95b01297a180146b6615

SHA512
2a3ab25aa31967c8a4fa8af0be1216a79532458163ba8ffb82d0328700f2c30411cf1c7510a3258db22fcd37b3b536e649ea1fb862a0bf9e1445019e8be3544c

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp
Filesize
987KB

MD5
996db6e2a21c68585f3356768f07ec3b

SHA1
06404f83873698cbf0ac4712bd0ba34ae939c6a6

SHA256
6297f86184a5fcbed30319db607ab36ad81b892a36fae18d84c1a2a379bd1a08

SHA512
a3f552ba1a4f77e5589e0a0ad8ba97002d148aad8f89161193cd8462e82ac239e5303aa7a68b77ca7d87608e5a1a24f6782a3f3a535b947dd64b31db157923c4

Download Submit
C:\Program Files\7-Zip\History.txt.tmp
Filesize
113KB

MD5
4b01f76337509a9a4c41de15a6a42876

SHA1
2d6d20f7c5c0a1ebf497e6f6451f31110def5348

SHA256
a8f8e81472ce3536fc814e4a707aa6127486cb23de7a0be612b21cca0c4558bb

SHA512
a25200e0ab6d3964ba53b3a954ec0a4d7ed3ca4911558b4324ee29938dbbe4f7388117f5a07ae60b83aa2b2e1d7c3c1393d4f49c75f9b0e4099e2789c083d3d8

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp
Filesize
66KB

MD5
db0d60687cc9543fd43f6d46e1cfe2fa

SHA1
0f9b077959c38340199ef57347fae5a8f462813b

SHA256
f457240039899a2cc9e78a8a551d8d335d1849a4da82ba526c577c4750a6e338

SHA512
8d944226606992b571ad6c730ae2a04ae4db6f81dfe703c6060d18c20e9f92df8ab84c4000905cb9817a8510f4071b7f2e5c940bf56a2cfe73c972a41e857d40

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp
Filesize
64KB

MD5
fb926c31dfbbf915796e7d0f86f2f821

SHA1
190688a964cb7ce50cdbdc02412a42c072675e3c

SHA256
16021b41a5830def19ee7a2d8857f0961d3845dd3b3495920896e214a6bba544

SHA512
5daf3cf3e0ebaa88cf4802f3bd62564c598d82f41fe08e029cd9e621c8e058bd803e1f5c9f56a7fe23b48a4b52c6b4100d07f8e35a75e9afea329f296e0338b3

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp
Filesize
69KB

MD5
bc821f04ddbaf9aeb7da84421160bf19

SHA1
3b9bba55e797e8b7e986218a981e4eb43c72c886

SHA256
a38b7dd2c653e52e757494cdf093d300f6f41bee10e2cda4eae38cd4fb8924c5

SHA512
6b715219c31178e60f1bc14ca4905c33f8dd5c2f321a6ae45ae438780c71358cb5e6765cae80763e19c7f78f7cc801bb60b30c84d1a853f438aa1083f1da221f

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp
Filesize
56KB

MD5
769789d38876520994b099e9b76a07a4

SHA1
3f8a688a7b59c5189fdb5c1c387985bf20fd9847

SHA256
221a4c350d58a9f7b0d4cb5e884a297a1c625e33fa3a1e3cafc2aa3ddc59c03e

SHA512
a2972d70e0350e15ad59834af58cc33235994966429b64dd5e750137b8154b457a9bd3c6fa7a0ee3b8e0f39250be539f14542da589a707c213a9f87aab3a9e63

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp
Filesize
66KB

MD5
6c47a17619470e62cbf5b0719639a6af

SHA1
e6635633df3b6b0bf7b74e5fd8cb8aee5ab80390

SHA256
a35848cbbe17f9fbb93de500793589b9d875a321e3b38de7c9492c942dba0502

SHA512
481a830d6a8965f5ef0f63d1a57a5313fd2f945e0d912b4a79e501f2416de2fb9b47d1bf7240f68bf0d5c89b3273fd48fa2d7f255c8b6b943ea2b522c05fa215

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp
Filesize
68KB

MD5
9d2c0189e8509d4a03e8c0f04367e8d2

SHA1
26a8a75b0ff800300de5eab842ff0eeab6798fa5

SHA256
95c0400bb26308b6feb40147578fc4657c8cfcd2566bf5715d751ac3af7c4e71

SHA512
b0c9316c316959558672704bcbe4814d5f9eafb91bab9a49a4486e83aefecce909b8676060faedd1ee108b69fddee0459af690d8060f55698344c5983990b35b

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp
Filesize
65KB

MD5
6954f0eca7d5cc50d6803382a06b8b64

SHA1
f94593f152481bd53b593e8778a2757c9be7e575

SHA256
ab1065d83522634c7b9dc09881114a8442bc5dc7a56ee3efa64e671a92315bb5

SHA512
4303e90a93c75d4d6ac52161ec8f9dddd9f6bf464bb8381f5a28701203f8b8b20a2ad30737d15c53390c7a1fc3955a4593ef412a65d41dad5aa65d83e30aff4b

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp
Filesize
62KB

MD5
486d29754cce3e6fa536985e7414365c

SHA1
4f44019b9004391de9230f2b1dc40f39a7257194

SHA256
beb714c40de28d8d71adf1359756f07239c35af434b5fcfc74d6b497f6e2de77

SHA512
f327869b5c120c7441e81e6251288bfddaca702b448a660db457ff5104c2177bc058d390567aef27aa86de5bcd78edd78a6ac065fb1135821736b205520a89c0

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp
Filesize
65KB

MD5
8468f25be589c1a446ab030669e7e18e

SHA1
7ef4adebf89e0cb78d24b2aaf3429c33facf3091

SHA256
59ad8f9061f8ccb9838d8900a79150462867ea3ca956dc9422c26ee68b4701bd

SHA512
99c37dde0a8aa1c56f3c88aea2f8e90ee15122c8b729cd042f8b20566b7bc6f421bf6e0f7fa41aa19e9ddeee51a0674ebdd9e40380536bdb61bb339e4fd6f25d

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp
Filesize
73KB

MD5
4e37a6ad288ee569137ef28ccfed2c29

SHA1
de1234fc960d9924cfac7d51948f6690b9ac97d5

SHA256
578ca790c037299bc40bcadd9e457a5586b08e24a9681cb27dc72181f70b616c

SHA512
958ab194f7f5d9f1e8832496dad0bd235c869e335afe639d56fe404ab47629a051c8d16475c1eeb2c2634f371de2ef43681eb8fb1f1f1d69f72c650a2e469f9b

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp
Filesize
63KB

MD5
d4e85b5fb5a421d1ec4f496672655254

SHA1
e584be2e8641dfef158471c0f73e400935e609fc

SHA256
85f122a224e8a6a0dfe22e45447b356407068549135a8d6a0173cd163c28f2d0

SHA512
8027c490f7c73a8a8bb0379904ff28252bbc545e2ffb71bbe1510ade3e213191b08c2ed405b148b8839da74c2f27aefa160f949fc4de2af45b726e841b34008c

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp
Filesize
63KB

MD5
922566f2560d3f0cc6d6d69d5dd4b001

SHA1
9b47d342bab8eaaea339e563041904c6796f2215

SHA256
c63d337e285b734653f3f86f2616cda5ca1dc93140caa0935fc9e751df0ef296

SHA512
ac41527100b09935257dcff2f1ab6c911c0049be2d2117f0d28f86cc0d41766a2f27c8199dcdc52ae7dec8a8709d5e9441bd11da1f13a2d3d72edfd7a807198c

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp
Filesize
65KB

MD5
addf04e57c96492e97189395715e0810

SHA1
5b44cf32a907c9c1bd3021858355e7eb186bbf7d

SHA256
7ee3105160a811f7d4accd98aa3b16ddefbd4fcddb7b63a5df666edec1f9418d

SHA512
2062a3cd71cd3a677403387461558e574d23b973ea8599f6fda642d270a27015c8aa13866406600b2c93973d234b75dc6fb6f45ee7eab13a4fa0523d31528d8d

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp
Filesize
70KB

MD5
59c9f9704008410967e549d041c207b6

SHA1
ed4fbd67a9a37af6344f16c880e88d606cd1c93d

SHA256
d161a196a078049fbe408d32bd54b03bb4a54190d4cf006453c557164d89c39b

SHA512
3107685513d9840079f4f0b220ca5245df8d0138549d2ba475f903a46a06a07c802029b33b4987707c33f30e09c1dfe642922b60810fbed48adc76a64e3949c5

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp
Filesize
65KB

MD5
3bd7178be2a10778c00bf03961b099b1

SHA1
9925b40b1ec6ae436b4101ec5c64c2ce20f49742

SHA256
1a43956c934efd4d313d973a35836d60ac49686962f0919715c94bdb83b87ace

SHA512
2465198a333b7221783e342b08a6903f29a25de356ccecd0f6b4d316bf9370255491d3638254327b5838d8243f395b68674587882644b9339bc068bb79a7fd09

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp
Filesize
66KB

MD5
952c24047d3914df8d102c68e9f9cd83

SHA1
565783960d9d160cd54d5a7984d5dab35fd456c8

SHA256
5ac6d4efe68cb6a843780be003d4c2b343ab1a86789bd7ea5ec60c47a776b61c

SHA512
df27f441282fdfed8057cf1ba504ac3cc91eaf242b54cbc07bac505cd49bf732041d174322e53e3643f11a85b27852f8e25eb4287a8c5f293e22fd02e0f24410

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp
Filesize
64KB

MD5
8c937dda80de724e5c78ead9a4ce2bec

SHA1
23e2c22c3d0ee720b2f7c682fa2025ad1f89061f

SHA256
411670d1db6f3a81f4dfb4068fd2b6cfcc4331937959ca20a2be13aa5d93a670

SHA512
168a1112855085d4031bd421fc13bcc42c72b81a08ae55fe668d08bb81d9ba37c8b4c910796459ea21cf8c64ebfd203ce8da2edd86f17624afc091ff15e70de0

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp
Filesize
66KB

MD5
cbbe7f2eb78e42641db84b97d2f3c4f8

SHA1
c798d420a56219c53c46dc9fa537c89958330982

SHA256
ff0cbc5d14fc352613c4a44ee82b82754194a07b385c0b1510d24b362ef4ea8e

SHA512
b87bf94f54e1dc28b6a88c7148a68347aa9738aef504a745af3cfb07dde4b8d16e00f66947d044a6bbbb6b7befb0b159b597b25899a87aabfc9619b48c7b6da4

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp
Filesize
74KB

MD5
07bbb6e91cba8a6709bf4b50bb44b63d

SHA1
b3e155ce75c2509d08fc81e071e35ba35ec954a8

SHA256
ab298c270f64fdfa4b0e2612634c276183b9ad161bf5eb54b6d1496d190ae0b6

SHA512
c643f38226a6fca0af61182a9d2c3b2b97d0d8cd908ecf9568b6f1cb31be7792ce25bc1ae8626e6ea37ed29cb7a7dc7e71dc67646a73b176aff0577c2fcee3b1

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp
Filesize
68KB

MD5
2b91041bfc8a60f587dd45f59f4eac0d

SHA1
8eda6d559873dbd073ae4b2dafe11b693d6a8c6f

SHA256
c6b090ee622d0ba832f92e92e75ae7610f629a1debc8cbac03349d25532adc28

SHA512
813bbfbc96fdea347898df9fd15a1d75845ff50cc8a10ea18a55481b76dda949862b93ee4ff27bc8f0eac76e8929e2bd477ebe89e106e04d0e7c687c0b58dc9d

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp
Filesize
70KB

MD5
de9529bb8b9f5c7df9aaead8c7d52c8f

SHA1
f8ce0e9fc7ffe0b1e28e0362b2b02eb901c779b3

SHA256
ddb7eece4d3f65ad46c2673115ba2242e611d0ab08b8d5b2ac463167f323f0c5

SHA512
d9d9a87ccece0797d28608422d796d95c14315aa150df7ccebf4702414caeb339d55375bf45538887f36a9a214efe8277c075910eb6f26332e392c2101c586df

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp
Filesize
65KB

MD5
2686c804261b65942a14253d1d7cf7bf

SHA1
b684eb6f790c4c8cb8045918ee9446344e558975

SHA256
323b9b288191e7b234ec2585beb0a74dd4d886248936e917aebb3febcced6bd1

SHA512
f6e566fed8d78be6816ba9319251f7faa58c1c1b0e498508111fa835d6c4ebb15adaebece3709c279efedd881eb661bd908c255b521fde208874ce796d0d7524

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp
Filesize
74KB

MD5
fb6c1ed7b5563f7c2ce8401a6a4cbbb9

SHA1
a499c9196e6eb194b9bb2f9e93d0774b866d672b

SHA256
fead9d2e65d877bdf828d04d53655861485a84162de67be16bdd0ca88281a3ab

SHA512
b290a68638c4ca5c0d4e493c27bfa9e350832f50f03b16d3dec2abfa5a2115422bd2054e56329f4ed821b12a49a13d179294a59ebd55d691e1f1dd0431a9e6c5

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp
Filesize
65KB

MD5
be0aeb116816ae91e4165917e65882f4

SHA1
c1eacf56fbb049910569b1dca69973e16594cd5b

SHA256
25c99206aad1716c10df839a06e5834c8c12b0af89c8007ebf811b575aeb6156

SHA512
0e9699335039b1d419b901b6cbf107069dcad7bfe6e13c77fbf3674fa08bee1b7d5bf2badc053c45b60e2d2dd602b9f235a5a3d6a36a4e97e5c56907a02e3f73

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp
Filesize
69KB

MD5
cc4d89a69f32893d4f229fd35ab9700c

SHA1
ada70a146e8e5a52115ae67f0a55788c64030257

SHA256
439576c29837302009640d1830f03252169dd8be8ffd614038cc2151192e4159

SHA512
718ab6529dc25e1325ffb2f9dbc7f1a6ee146ad920f1ec046e1240715ba9552df1e73a55ceca8b0cd993af2ae7a70b2e5cf67ca6a5bca3c668d3cf6ba5e9ba64

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp
Filesize
69KB

MD5
5baf508a56dd67d493d5a555545c89fb

SHA1
13979f7864fb6cdc67101915a15a5f451bb43a3a

SHA256
8be73c679e11820fa1eacb7f23244792649aeac56c3e8b0eed7a4f3284b31db0

SHA512
2bd5737ebe26fc90c730faf0c2f90fb32d62496f41e0fd65c3c835b97f44e1ebc9a61c19ee3c4a9d42068e3407016709ba6ed1ad9c8236fc48637d2708a857c0

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp
Filesize
63KB

MD5
bb4bab7e0ac726eee0d2a98deba8bfd9

SHA1
805d8afa2b5076b233f45fd164f4b6bcbcfceb8a

SHA256
eaadb77e6e21f5898cbdaf59160aebfd38e66df69dc05920c7bc23dccb75caa6

SHA512
067886606161ab4b4ec12050992061d196393599909c1585ca0ca47c496bc5fbe83dad4960460b4502be5f99469165f719ac924d22c49c462c3036538a90654f

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp
Filesize
65KB

MD5
31439888431662a289c75caf0468d71e

SHA1
1afc240cee982b2dbfd85f751a33f9976506a5f8

SHA256
631eb124a8d421b3f70fce6eb93d904dbffa7fecd7eff883432fccf299d2650c

SHA512
7d1d4ec1d23eb3e137404f585ab89c656de36ad058c6685b3dc7aade9a4cd9dbf1b4214bbc4cb08880fc0f009d9bc2fd38fa9b47a25334e62160aeb6b73db42a

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp
Filesize
65KB

MD5
05f556892a2c4e2d5c9929159c53653e

SHA1
f0b3f24e84fbd5b12adc48b7bc9096c7e397af99

SHA256
377e3ee9ff890d888435cc926f506fcbf33cf638d51b2631c8b99241268bfd30

SHA512
4b0353924eb2aecf2ec129fe54aa4e2415082c968eceec6df8db61637aead613cbe2f95afe17ecb7ff6640b06055a08a253161ee738efb40b3490dbe589a4c68

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp
Filesize
76KB

MD5
c423f5b6b72ef01302dccec36b42cac0

SHA1
a184bff48440c62967ef364ec985102b8a3d4ca3

SHA256
0a6d177a23b3ac7b19fa06b930c7f5b4a3c2a7b7a69bd01b84b724ba499af987

SHA512
2651c3c0be0694cb4bd9d0bcd92e16bbec07bd1b268574fc7dc96a86846fd731b30e06e35840d6a52a09d1dfd35cb08356ebcfa5c3fef68a38ebf6a4fb2ebcec

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp
Filesize
77KB

MD5
d9ca712d5c8a590b3733bf9eda8f8bee

SHA1
470e0542fe7dae8616d1ea44d2bc0b72be2337dd

SHA256
bf38e060ade2cbfa212844ceb2163ee8d1cc7c8a30a46fa34730c729dbaa851d

SHA512
159a4d37d0882327fb93651959e548d1395613672a196879ed9f69468854cec64f898b3c0e4ed63a6e521f56e3e4a945d0170c1c79e489d3f6a02c8717ba0c0d

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp
Filesize
67KB

MD5
d40cf08512a799fd2b23bad5c56f9214

SHA1
1993111a627c999b77205702a3139457ae4140c7

SHA256
d605a6812c1b5b47b61fd940e9eb34b870745d98cd56b6b8d469f536c41b1416

SHA512
ac0398561ad469d5aa7ee5ac7eea90191e3ea723c58c1d941263b25f1d2a329b2d4829d289a63b305a36de8f81ed81a98bfd2f0406397f73a7f713785d1c2893

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp
Filesize
62KB

MD5
f1ee4c03990de733916970438a914665

SHA1
d35a03ff8c5fe5237e97d13c3be3e1b02867a3e0

SHA256
0f00e7a68af6e04e3b62349cf8f4a5f7e7a4df624a06f5366b210fe15766f857

SHA512
307829495aa337434d14369c2a9267818d060ff0bf351c3a22be771d6042a600107fd7d0e3f29c6d093a17026b8ae066e8f48eebca64a5a6c11c7868bf18314f

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp
Filesize
62KB

MD5
1a664e3b1aee1f0146ddd51d49847efd

SHA1
824c67a860cb7c0a950d8522908a1cb71bf72029

SHA256
d105582f7539ee6b1a4afca47f1d73ff98728a15428ee2cf8e664cd371aadbe7

SHA512
1250793b3601b8041091c25d6222616ed085196e996cd49790ae064ec7928074337994d98aa87c71fd839e07a2c1fa81c49183c0ce8d8c7838be669e438f5cbb

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp
Filesize
65KB

MD5
7915d555431be97d632709b8e83b427c

SHA1
17107602ee5573d9df2b9f6a47d287e3a8f78d1b

SHA256
542d560fb980ab250728a58698a20c9c82a10b5be1047774451c084b9c038607

SHA512
67cdb286d833612b7f8481e86f2958eafe72774666c9493a703e6a173642d320567304fff8b92880dbae3e4643c05079d514e0c6c8ccfd8fa513b752be12763e

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp
Filesize
57KB

MD5
8d801a9652dd8974b95c18015d3ab2ae

SHA1
12f359516c5f2540801dddbfc06015ea9c0b98be

SHA256
997efa45e91cc5161543468fdcb8568ad96efb89d0424ceedbfb788365c88632

SHA512
f1524db0493c6128c36e19d182856488cb8c378e898885ceedf30285bcb4356c4a9f0d5c7736fd6284235380ba9007077596d804e7d72631cbb7668f8cb60e94

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp
Filesize
71KB

MD5
de161a1f767ef139eb396fe42a31c142

SHA1
2cc5e0b083bc8d957063b294e83f1f0b543ea5c9

SHA256
3dd4ee2159e7d7f28e30656119e18b11f59f76696fd5f41adf32ab9c0721ff6d

SHA512
28c51eb8afcec56382e59c9fe74b86bb90e28a5b7135e729c2bac486c230ab8cf2b4c5b695eeb921ff180a0f3dcdefa0a2e11741eb9c2c5cce73c4301ea3421a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_desktop.ini.exe
Filesize
56KB

MD5
df0047005d9d6fab9b45e9b9f19f9f4c

SHA1
df6d2f39bfa9c4e0766ff880e11685174bf6f1e8

SHA256
73a5245991dfed70b53f4460c9d03b0e22d13deef8adcc99e4249a4fa1c3fd3c

SHA512
b86c9f63dac6ce9c9c5f6247ec57837069c36d865c4d9c3f648cdc78bc8ad3d69fa2b359a611069cac62dcd312602dac9967712a94b423bc4ee513d90d9e90bb

Download Submit
C:\Windows\SysWOW64\Zombie.exe
Filesize
55KB

MD5
635f3179495bd7afcb91a0c3ee62ae8c

SHA1
8bac5f85cfbc2d4846d4a49fec63bc041fd5b824

SHA256
79dd6dc8dae11609145ebbb3feb682bc99e92dfef4bed88641725383abb2b13e

SHA512
c405da174a5cdbfe3376f5ba6309465c842027ce82980e081c7bb201d71a3aa6b2162db22a41734c3365dcf37d5650bae856b4621525b43352939ca7394d44d4

Download Submit
C:\odt\config.xml.exe
Filesize
57KB

MD5
1dc5d21996ff6a7bc3521af9af5345dd

SHA1
71087e6adfd07a11a3bc8d854a9625165db757cf

SHA256
15f4d3b1c521573a660fd532011ada824c221829544c1ff11602a728d696e576

SHA512
81b1bb8cbed52e8deccdb977e6474107d77e0c098f6c51aff0c141045fab5408d1772406336f4988ad925e0437b6db77770761b0eef4c690d103f629146dca0d

Download Submit
C:\odt\office2016setup.exe.tmp
Filesize
1.9MB

MD5
146f65c4c7f1d3f6c87f3265ab9bc6cd

SHA1
edbf38bfd1b1c96e773c2cc92f5f030fcbc7e617

SHA256
9d1c1733ea7f69798b12d2295933cd9cbb497f5e0436dfcc75946ff7ab995a80

SHA512
aef518771aaff5034e0d20919d537a4fbe3b57f1b8ebea916f2a3ed33edf0a5f1a0a51ee381a01a538682a4da0980da6837825617a43845843c982afa3e4b755

Download Submit
memory/4836-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4836-479-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download