c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f

Analysis

max time kernel
150s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe
Size

90KB
MD5

127af07a955e15dc3ec4d70bea36172d
SHA1

151ac668249c646bfb742b36df45e66a24917f40
SHA256

c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f
SHA512

acaa92664e299dd94d6a22b0351fa404e2ebf472d79e7f3aa8a070faf0fc3ad575449c6aea972795898753abbf50adc7a51e6e0aca5e61c824f602371c8e23ad
SSDEEP

1536:W7ZppApyqikTqikYkL7ZppApyqikTqikYk0yF:6pWpyqikTqik1pWpyqikTqikAyF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4976) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2052	_.arguments.exe
452	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	_.arguments.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	_.arguments.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp	_.arguments.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	_.arguments.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_.arguments.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 452	2332	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe	84
PID 2332 wrote to memory of 452	2332	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe	84
PID 2332 wrote to memory of 452	2332	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe	84
PID 2332 wrote to memory of 2052	2332	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe	85
PID 2332 wrote to memory of 2052	2332	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe	85
PID 2332 wrote to memory of 2052	2332	c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe	85

C:\Users\Admin\AppData\Local\Temp\c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe
"C:\Users\Admin\AppData\Local\Temp\c83d1a5ac0be0d20f2f83cece6263d737e2869f59d7b6e93ef4e92f5b3d3270f.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:452
- C:\Users\Admin\AppData\Local\Temp\_.arguments.exe
  "_.arguments.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.exe.tmp

Filesize
90KB

MD5
ae86aa0a60f92b02f4438a745dcda7b6

SHA1
e31f461d250b75c4fe424c31ea4c3f8884e8f378

SHA256
4c5e743f192f2a08f7dd11c8632e458516ec65a8aa1e75114ba0e3083e1d2e6b

SHA512
a1782e9d2d7d16064ae74259db1e4864705972876d4ce405422c9184aa6b51006fcc898ec13777c60259982086988c2a494df581f0ff508828f25ad11f2d9fe7

Download Submit
C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
46KB

MD5
5a829946e6d7db93e817af822de392db

SHA1
4996316fab2b05933d7e856e4877d23d8305ab69

SHA256
2504853bbcaf9a420afd939d31030130b73d1883c055edfa6f91dd9738173886

SHA512
ef5ba7f100014e16793ef60942425b1509c625430d4efa65834f4642f3fdea339c08d84c5bc2d49df6a1df974ccee9842bf32ca6419bfab442c300e5ec91aa70

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
158KB

MD5
d0fa97121112297766196aeaae7d9e29

SHA1
3bb2297dee6b1ef987cbe05088a30adab447dab9

SHA256
8dc60efeaa89425186c798b1594fa5312d4fb0f745238fc45230c9e2da7791c6

SHA512
5d8b50b2d01689e7654c3c6544dfb8318497fdbd9e123f951e7482ecfb1960f87698a7ae41c8af8547e263f9c8d73b69de1c5c574bf7dd3c6f31f579e5298624

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
144KB

MD5
a5aba3e80038cadd451dca83749e3f10

SHA1
2687005855d889313bc04ca4d9f1a1c65a0d74c0

SHA256
8b95e22e39276f8fdf08f3c24290945eb8d83e5ec3542b8dc8a293bd493c8a71

SHA512
a3fc6efebe78113c5114a504315b09d5f6ac49649a84762a81de77d445960527b9d63c454d306ba078f03904938ba6787b4c383ac3c0004f1deb3dcc593081e5

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
589KB

MD5
cdc99cee20ea0513626882288c7bbdbb

SHA1
997a9aa6dafbe74c80bb8d10f5467928006cd663

SHA256
0672ea969edba8c11d48181de740c275b014d4401c5be0cf803c55c83e5b8ec8

SHA512
7c264661759e5e4830080c1172a050bc80ebd3c7a77edc91d7dcf10d9a611cb2e6b7dd6f1a291e5eaece03429cb5b79048ec3081eb359c62a1487ce12c0d38d0

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
255KB

MD5
2520197d8e75e99bf15f2b790a44a5d7

SHA1
c066380ba105272b0e5cc489d4e51fcbb050e92f

SHA256
6d6acf3aad4a21a544ef735a8ebb5bfcae458b506464a8f2e9b14df3100b5d5f

SHA512
a636bb1be48dbd5888656895f0bd1ef96cd6ae8acff1f4ba32d014063c51dcf30cab0223bd67007915ddadea4115959bea797b307ad4fc4eeb9de33f0a87a719

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
234KB

MD5
d36d7cdb07b44ac90c7c5be414683dde

SHA1
9650ca7a14ef0deed0f8adedcea6893b6e54b46f

SHA256
2469ea97351bf1ff051463f0a66fd9eae7b0490079e40aeaf321d268bb813f41

SHA512
c398dad75c6f8719b97f7bf924c288ed0c263e35976174e9d46db3f2a45d4c6f90e2946decf2fc0f9a9e41b2e9452933ce97c25a49aed76cba758c9d6ba50dde

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
746c76abb15be5d3a6e8c0bafe6b7c14

SHA1
71ab8730261755251c0cf9a809f32f0cf27c67c4

SHA256
aee6f44a38b729b12c619463df76fcf406e3c7f063511999b70ced2cc54c20fb

SHA512
b9fc86a0074982fd0bf2523ca0fe4d4187b4afb07371c3ae3d9933d089c3e3e0749870684bf18ef88b5f1bbaeb0e5a5f2003d37929cc6d69f6abca6556c275b9

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
729KB

MD5
6e141778a27ca7eef280ad22de8a963d

SHA1
4de0116c6c95ce20a8bbc101b19c69609191023c

SHA256
1527bab18aebae81a2ae33e153c4deb299c245d57da3f8725e380280ce5000e5

SHA512
182bff78d39505c60b06c851f35c5a02b012ca8f239f97abdbca8041dd2d4d0c59cedb99c6a2461d7e64be80c01aba8874263840f9dab458b608344cbe94db75

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
55KB

MD5
bfa64d6297b0f9231a2496da7191b884

SHA1
f8788985f1abb6639d5a8d220fb5bf4f764cb0e1

SHA256
f78235c111bfac9971bb85de70f26f8d45d0b663208c8aa7cf0f53ef01025927

SHA512
379697e25adf7553fec7ea686f653e8134ba9d3a1cc294931514b4aea8f0274e258542b4b2fb4a8c0f7ce01dcf75d0323616c45b583f7441624230a2e675c2c3

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
53KB

MD5
a07b4b05350d80ae74e5868c30024f7d

SHA1
1e46442bede294c82c3c234ec543afb40a22baca

SHA256
48d001cd5b7428c928b02609b1f8270efcbbee75ce8df1a1e4751ff5a1cc79f0

SHA512
9f8629159c210950238850d4d2e5ec7504142c1535defc45984fc33b19df90ab685e30255421546271e1823137e8659853689b6440b162f3418ebb8ad3ad18ce

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
58KB

MD5
74432a1cdf58814bf707039496c23b2d

SHA1
69d01a302039b7fb12215921036298c88431cd00

SHA256
43c82dc7c131bd30b84489ecb8b484133819bbcf1b26638d76a1583627e8d148

SHA512
c79d70e16f1888716c8144a484036c0258643396d7524765237fb3a1ecbc14259673f811f7555e26756f55b08257bd3f9405fcce33103082b40152b534d729e5

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
51KB

MD5
5821c23c5606dff1bf7add6cfdbbb318

SHA1
4de72bcc1f8250634efe416af78e13b4a1fd9628

SHA256
c2916a4ac8965cbded1eda47b7a1d40b6d3773d823ce0f67b7667ddfc26663bb

SHA512
16b20fd768bd0da66c57f429aef7f2eac34cc4b04ff153b4cf8d7b5543a719392c392118dbf20b59c4b1e0402ef2e51ad546bf147cc01f4192ae2d54588af708

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
56KB

MD5
927ce54206ca29ae962eb5f703b2f041

SHA1
b0fa06e178ae523e31c22d471ccf21d913bc76f2

SHA256
e62af8fd4067b0aa17057496350c440f67d7de75d49bc6b08c6f262939b45d17

SHA512
4bfb1e9d4b151611766392b93e5f13a68543a127830985d9dec38554452eb0b07baf4d3118da2b163bd065a67069e388615451f53b6250454e1c87cb7ce3da68

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
57KB

MD5
db3dc5c34bb30dab69b19e618336cec0

SHA1
e69d71cfc36c14cf763542b37825cb5c60d38e9f

SHA256
1422e9efe897ccf00394e1943fb4932ec41c4a9bce1b9f53748bae4611e2af58

SHA512
429d6b76819ce21426f279e65658ef76bb45a875e8eaba93eec0361986576878a00d4051528ad487cb2f7807341875f754ca1d30c2fee16e4334c68002f3ce00

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
57KB

MD5
f502fe778d6e6cdb31af762fe0a673b6

SHA1
2698977664977c5d20b2ece089286d988595fbcb

SHA256
a0fc2bbc26bfa8f60acd22c33b547e29e4658103c4fb0f4c4c39f98c2460cc66

SHA512
369ae6629dfb10ed3ade2b7f8cab5d4f44561eb75146db075593cfac2caf29eb05f7a26d6a439676c1d86e665ffe5c770d77055f7946a6459d6e9e99aa0b87dd

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
59KB

MD5
9b33ab40e1a22e0f21c37fba8cd57ad4

SHA1
2cf16d8ada022f9c3ee1fad2e2221a60c1220343

SHA256
83327e07ed8a1dce04f15921f86ea232de0eb254adaaf5f6683ec8ed860d54d9

SHA512
4a30b87a184929452d97cbce8f68d12c7b30d9520e018354a94402a1db7e2ddc6af81676341a1994ef23cc52457228effbc5feaa7a4b5d5f7bbeeebbb0a65825

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
51KB

MD5
72e254ac476e4d283c65d5dceec2d6b3

SHA1
a2fad240545450e4c718fe5b552ffe9f7bd0a72b

SHA256
ba46192e5828e1037215681eac4981bc82254e33f20beecd08a5618db9037d48

SHA512
2fb8e28cb0290116541bc1af4613180c0b17d875b774d80979ad7760851fdce6bd9482f4508d8c2ec7c4d51577ac2aac7bf49ad147eb577db54801650fdc9d26

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
54KB

MD5
64b64853d7e5ccadd41ccf192cded474

SHA1
f9e53b27aa3672a1974c6194dc31e57aa84fbe03

SHA256
64dba0da80062ac5a4ec5d69fbbe2e0f93e77bb477d160c836e2785283fdac39

SHA512
c7093810ecb5dbdec4fbafafc980b15071c84f039dc14b3e470a17fc52a4b545a5631ba77a182a58f7a60332090d04f4c385c280ea96382aec53f773eb978557

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
45KB

MD5
05406b668cfa0244bb5996af80d2b19a

SHA1
ebb253ef7fab5e996e13c2b49397d6647359ff44

SHA256
3ed222c9bd3ab54b14216fa4e428b5fa53c5d3406db8af7e7a55c194ccce03cc

SHA512
36b9236f3821524eefd2e47fa73c25379021602e367071103b2b798215cb6d037d22bfe0d5936a92ae44d78173b4b25e0815a91edaaff70ce307672928327fa9

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
53KB

MD5
d9fd5e736eb3c6dab681f1dc2cd0338f

SHA1
ce17b5c078334e0b172a6bbf87ab0be8ddb18052

SHA256
a3d63890556a24bd70a1b8d9beac2d45e99247b22d55dbedebbba8a3f8c13742

SHA512
333ece1036d556ded682c8179ec8cd04f495c3cceffd6fed311db68fd2fb526bb1d25a94bf7d5fb4553deb415424f814fc3d19561aa1834c5766d32f7b5045be

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
61KB

MD5
45d2142e87ff81def714c7b3e6712131

SHA1
98aca5d1978d47892ee7f193d8b34f2dc9f3cd4c

SHA256
5cd6b3d6c1b5b608a17045da6d4253d991dcbab4f2b6031ab77f2db9fc796981

SHA512
51435f1f029d59312d920635a21156d75b2eed04718df0cfa37508701a1f7b5f17608b2a1dc061659c51d3d45f137f2fa1ac93804e737215bca5cea188d53a81

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
53KB

MD5
356d8159531c1321d4c2773a885544be

SHA1
2902884777ead98b4269f0f52ee2d40f851ec551

SHA256
2e2fb0ad735e79e2fcf308b7f1852589f697ef68fcb75f558c6d9fbd9f8750fc

SHA512
4b424736990c671d6e71b04ab53e1df16925a33028748008b56ea59ac1c6dfecf0971c19e4c300547c8cbcc68c95f8992280e2dc7855133a458963da61c134d7

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
52KB

MD5
02eae308f3acd3ff1cba053ed905adcc

SHA1
3565871d10187373ccb81f9e8283da9a2d7090de

SHA256
bcdc8b81c4f8244f9e96c666a19301c68a2c6df3d060c6fda14bd62f5b9a7a74

SHA512
ce73e80c77f1f4938f1e3a81400d1de4dd24350ad7c369194c4bab1484c43ab702daba719a161f40d1ef8c6312684f37970da9ea0e112a0f3249ce51926e757a

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
59KB

MD5
5cab295e94a2e153327e98e85f6a6419

SHA1
5e39c3679e5e729b2c24d1d483654ccd3ba930fa

SHA256
7cba8d9d1eb6110047d36b90e6f9ff8049a0e7c3c5bc6147d8227034f308839d

SHA512
a4e09f91ab680e59dab88c634ae1ddade38311945f98741fa4be8cf7e8671476d037b84e4b2678eb15e4313691acef0f57668b38adc3b1e50efca4c33f30f7fa

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
54KB

MD5
030b7c0ecb10f68bb60797ebc156aba8

SHA1
5c6a68259aa92723d32561057cb4d9c899c9021b

SHA256
99247bda2fb6d50fd51910fffb9101121f8abe12fabff042c0ef5155b0496555

SHA512
13900eb67ec790e3853a43204872be997a61ec323b67b2386b77ff5c7082098a6c0f9c6714c93231e88aba376202d42a6741ac5a69f9d8c3c1d2344db304c0fe

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
55KB

MD5
eea8ffebd28eb285fe7f558925b8b33d

SHA1
51066429e383b5a80b291091a84c05bf94612caa

SHA256
9afcf4344436c6c74cf0d4de887cea26569e4864ebbb1e8d3416bfcbaf37c311

SHA512
aa53d6a8011960ca07b5b72b6954f65d65dc3c3a1386fe2e79e83b6664c339ea0a1f87ea3c74944b819d7da8f78ba8a30e159831624d9866b931cf6f44136711

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
53KB

MD5
03efaa4c90431d8d2f34a70e04cae442

SHA1
fa6f478b0f2b2fe9a7cae4749745ed2bde579318

SHA256
2d9c2fbc0c8894eccbbb770f2ee3d8e5e0ca5e43b35f3f0a8c2ef6911b5e1447

SHA512
bacac2f3e3638e923204468bf2313b5c233dce3a2b03bed179997024cc74f9aa20cabd2d6d67c27a58384e11fa3dcd10f42bc1921f252d350a655fed426544a2

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
52KB

MD5
da9617d411fc951b7cb29d96ed0195e2

SHA1
3bde974365e7be5795d0fea211586b8a4c21930b

SHA256
723294bc65ebc43e5697e8d1e678fc40493d2bbbe5f85f0de82d768086f2d565

SHA512
d51744b379efb465e18a2a1cca72c2395ccbbbe94a913138e40ee23d34294bd40422984a15898d349a18b89408ec98db20a1169a2e78c3590a8d0b8bbd55d509

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
53KB

MD5
cea930878ee95fc854a5796b479738d2

SHA1
be17d70d82f8c9fca97f0728d3e9041205e705af

SHA256
2e1113522f725c890ec3a3412b4ab6decffe64c13a970f38d4487800f6005181

SHA512
eb888ea097c151aae83acfc9ce82b0bc4d1c2ad709b07ac20c60b4661c958cf9459f89f191340fc61be13617dc9e89b7fc6fdbd001736d0bd239e7c321feaddd

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
55KB

MD5
27ffbde87c819294799eab9da13050dd

SHA1
f999f246df639f778a8a571ed9a010d1b73dca41

SHA256
be41a19ecb7ffdbd178cb4a1e6411cb99077308bf0333600492fb9b1ee1d788e

SHA512
a480f69f582784e98a15bd4c21a88b0c8fdc8c1c057cdfe59854873a703f63dcdcb9a41e3b2d9e23e2f7d76d502a88686ca43c9996b17c632cd2dd4a51058f85

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
63KB

MD5
22273d89d005ce86f81b25cfd9a3abcf

SHA1
f4f108955ca9200d7303739c79693f3a0d8763aa

SHA256
a14cf9088e7b10800ebcaca3989a8513363ec24e69e82775c30bbdb0cc4ebf7a

SHA512
ab0dfdbac8e2fac2f7ba3cc1cb06043b827bcdd2f074efe5a76b9546f4b5ba7a3c7621929b1be7cc4b14f332525e4925e4225cd4db338e64b13063fd65bcb510

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
54KB

MD5
1aec00d37d2915e6aa7ea5489957b6a0

SHA1
e9aca3164b1ae4394c59002f1262fa0fb754bb05

SHA256
22b3e5b97292b88bcdcb47816bc5357f235da83b01603e87e8343d2bd89607fb

SHA512
ffedf8232c0ddc25de37836f161f3474cd03154b74aed524378b654897be3e1dcedeb0a721439b148a2bfba31126f2f764f0c8b26d0cde54405971130d140c04

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
59KB

MD5
d665ce303b1fd9e9b001f07d27fab33a

SHA1
6e3fcec72857c4cd4274686852c0d337c666fc60

SHA256
ca1109e0eeefc24c8348314de7063c3856d25b4723c722f6e0b905f08522af87

SHA512
f905d474fafecb552eb4de288017eb54df35e2a29d2cabba0f25e3ed4eccf7a07d9d4fb10785436c95025d6ec347c9600dfca0e7cf8d3f627c85576067bd42be

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
54KB

MD5
41433dd1fffa9e5b3c2db6195d5397c9

SHA1
bbf84762a398cdf75f05e7ad4a501ec20e6c8fce

SHA256
eeb7c1816a77ab4098aac3e35a01e580a2db04e00afb672ade90ebb31488c23f

SHA512
e3ce86dfbc4f3f1813421a5d86abd3eecb5e5d3f5bcb60e8e8ad2ab1c9a0e0c420db153f710261d62ad3699a7b188e3e76adcd33e37e80ad94fa08d2b5b6860c

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
54KB

MD5
90a2b360e2cb04f1537075944bbc41d8

SHA1
7f85aadc34df717a6a3921c70f70e2cd3fd65cfb

SHA256
1598c27793a0d252f3f7d7f441ff6b8624815ab357056666d1efba77428062b7

SHA512
5aa87fbd305c05ec0d5b1fb7db0e4a20d28416f6e1055ae5acd13f6dce14951774caef46112435fe06be2b273ccfadff5ed1543fdbda105852e11777994d5af3

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
54KB

MD5
0a89918a274f7214b5c99b4b439ed5da

SHA1
a0d9cdb376cb4e11d7d6b4607b11cfa6f20ad0df

SHA256
c96b39c4476fe9140be824f33f2ea5cda3270a9fc30a267810947e9c6d3846c9

SHA512
31a4907299895a65df0309ab1bd7cbc566fda61d47dd57ba212deef474eedb08d212b48b52176c983ad531c9466f01fb1e3774ab84ce8f1328ca85ef64c271a3

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
55KB

MD5
9e05fc4838af62d377af79357d208d1a

SHA1
725f0006cf0ee8360c9bc6eba8d20f5449904288

SHA256
a63b175fbef092201cdeb564d9b57b5abc16f7861c743cf5a3037901d64d8c4e

SHA512
7b42f1756194d40ec3c08442c641d4f26e6c6ff8c0d466c7b3d27cf3402141a1f830c2d71904de3ed530ba76bc79c8b711573f1e69110c7a5cb2e7134aae25ea

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
56KB

MD5
507664f581a16903e5de94499abf1f21

SHA1
ac06f9f0780483bef0dc3f40aeb25aba712f8ca6

SHA256
0f9b4e6a8f6dd8c86e632fbaf8ff4989231d8bd7d0d68308d0ecd18badc73ba5

SHA512
5d11b70c839961d2ac3b306efe71ce9601daff2b6792dcdb528b44084e195600e64ccd5236d7a96074d287febb1033d4c2fdc35093c5d9feb11f5c3fef1845b7

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
62KB

MD5
55e1f77c3b24d0341bf923ec104673fe

SHA1
2368a6ca4a03c23c695988e87ecbad2a29682e69

SHA256
a517562c4626f6977a585ce21c270557f8b6c7a414c308a9694ed2fde8de71e2

SHA512
073644039cb452b27374a92fd3905f6e9e188a275ec52afb21092e74111321579abb6cffc7292f72457c9512f48e05d2f5c343d94d78234eea2e9a4840e7d075

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
52KB

MD5
989686064906263922d493fd19277344

SHA1
8c7ef0c2f82f8a7889afd851cd20fda3b008c021

SHA256
c4d95b1602eda4dff2b8ec868805d2264fceeae1af13e97667b18f2523f041fc

SHA512
d5862c531c7197257c7a0d2fbdf8cd0b635db7b37bdab528ef3e9acd330b3a32b144f565d48158e1f17ab5097f01a534b31855d26cffe3eb93c38e338718e23c

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
53KB

MD5
0419bb137b7aac4a78f30e9c40105e72

SHA1
cc6b43adb034a3e22f3fb1a2036951b9700d26fd

SHA256
4c581c13dd8ee1d8edb6f93d7a51c0d3b1d536b6041e13ff8aea91bcdd9e9133

SHA512
031f8d481dedc240ce3068858c00bf7a8364b02f360f21887bf93621b7ca56ebb44f963c1b1a1c5a1dee4c1e1ea487dc5c6c741e8853bac4c7a6a8bf6345f49e

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
54KB

MD5
b2c001fdc852933387aca6349e4428e8

SHA1
17c39c379366d0ce8fe26a14de51bb933da85f70

SHA256
c4106d63dd43c5247405f5808a606097e8f00e49c169b9b060c0e6fb899161d7

SHA512
33af948971f8c59713d8bc2a077367e50dbd2a601283a204d5797c9889c3127cb23c9167cb333f0713f3984e55c56a395b65d20fcb4241816561caf84f99e02d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
56KB

MD5
a4ee167f515bf68c58f0d1ef8783d469

SHA1
e2965b286e880851508f462f86d5a9a365052b08

SHA256
3d2db03c5ecdb65b667447bf98865f8db322f682de6e620ca7f044c6b51ecc04

SHA512
f25a8ac2dfdf0f991f44c53d08ea5ec4f9f488af9cb6a82d858f128a76f68cde5671b2076611a1890a283916e7fe115455e1bb695d2aae33a5b09bdb0b920bd5

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
51KB

MD5
c63809b328567a5f9262150715f218a5

SHA1
96e92559bac9a50dc6f94222f9c051fda3ba68b8

SHA256
fda68efdcf509ff7707e4c7a21c96980bde695845c43124356d570e6d4a02291

SHA512
7834f85f30f130b361f5f533d58ca0c1a26fca851b653e6e8fad55bfa681fe27136653091e5236f1a8b8fcd360edcdb3dda53aab2eeb40e88fae8c08a9a617f2

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
52KB

MD5
014d9d63b48c99d8a1ce8141c43605c2

SHA1
dd7f41fdde7a45dbe556af0e403f79cc1884fe96

SHA256
daeb58871829c8289dbadb1e6fb4edc1167d9569a98bb12ef92e7a4be872138e

SHA512
09b9b3332d35d5f3cc824a4ae559b1de37aa82fbfb72ada2b2200e53dbae36ff2c1d465cebf6e12b1f4ef268d099813aa289ba66cefae3f6660720a0cc1ad25f

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
55KB

MD5
c8924ad2167eb54f8d979ffa207a8fd1

SHA1
a29f0bbad0bdeae5c2af78322b7e97f410520959

SHA256
1ee2c1aabbe56fb6ec98050bc5991c3b9a99334cdc4789bed83e02a924b5ad96

SHA512
853cb8df85abf09f714debd5b5991fa4ec316b30e4fb26302ea6bb7453ab62f8f59c11044c74ae73c0eb7b32e8bfdcc88d03e5d55e56e63d5275bda53c1e9471

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
44KB

MD5
be2f3faf58034397f733182dacbb49c3

SHA1
f066a55b48ef8d1669cb08f3bb0b28eb65b5ba71

SHA256
f408a6ed0d89343abb6ec1717a87d3240f46ebe097e3ab6f543c1d7661909793

SHA512
7262e6afe28382f5d8fdd969c2e7cbf1d5f9d4f7e5c60247501b25ecd69ea8baa47a3b57d6cf18a706b0f04dcc014fa7e1408bd62e102d24b0b8dac2d1663aca

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
54KB

MD5
df08521183984d2b48e8df26eea2fd47

SHA1
807adf938a2ba7d1d920db171251bec8eb737798

SHA256
5e737ac70197bc5fd02880e2cb1a7176e224493c328e5d29e92cfa231e4f7f9e

SHA512
2d2adaaf2b6a24af56f55948d241a4e88ae1d13e13353dca39d0d37e1a479f53f3d4c2093a46d5e6964ce61032a29110642fc2b3d121d21e0a77dd7eb50ed051

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
54KB

MD5
7b355586be7c682b4f0b5a0d2afa4dba

SHA1
e2cf4b0b7eec98101d9f936c9e34e011418e0ff2

SHA256
34281f05ba32d10615066600ca62efc3341c21e4f49c0adeb0ad8ca60538d2d7

SHA512
cd54ae919efb443ee933d192d2c6c8fcf8b8020b31414db2709497b5a0f67576b60fbbc5912b3479d4a048141b3e9afbee62897155197a3de008329604c4b690

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
48KB

MD5
856c06f405a970c4c6eaad01ac41ae61

SHA1
0424ac09a4d8c93fb0b7d6d86bd0020cd5d91563

SHA256
6b5a958d81a5d4dc1363cd94172385521c0d69b05b1ad4f3d7f1ba1b6b9c1512

SHA512
df240be840cf08bfbdb9f9d56aeebeea82910f30bf4bad41fa301ea8eca43547c99306f44cd3e85634c1d0590fafc1f14699517aa945b576993e81b5a215c63c

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
66KB

MD5
40ecb5e6c2a0fb37e5a71705119198d1

SHA1
fbc64382b8df50e5ff27a3a01e32ddfafb9685c4

SHA256
5f1a4870883804271262ee78502e820a7b6d73a49be4bc7793e3e54aa6fdb76f

SHA512
25cc8d3333b3982c78b66afcc89ce6c4699ca6786c06c5c0b05e4273705d5f6cd3173e156f4f2bd30ed42a34b115c444ad21d5fd3899cdc58b401d2b055dcc0c

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
44KB

MD5
0e861c1bee8ad9042a4d2d0a7c3b78b1

SHA1
0e26d04d21147eb12b95671a0a130c10737024fb

SHA256
b00e2cc9217956ce8b2578871168460bc1c826aa9d79f819b615ae071a090431

SHA512
c2169fffdc7a9423774d85af1b971fe6d9bda01833357bc50e0e8be29a0b943fc77d06faab1d080917ba2d6e71b69dc0f685b6dd8cd4f1d90d3813f155611a1b

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
51KB

MD5
85e2d919e2cab48a19dd2261f2de7754

SHA1
ecbaa165b7065ad475f3b7e3f02171150ea025c2

SHA256
9c38b539123dfef3dee0a16395a478ecbb8be6a9f63f1dd6586064565ca39e83

SHA512
1945bf0fa4fd9034be29b2f9b8ee10480f5ccf078180c7056f41ef6c00b1b6260dbc684d4b6f6e1cdcb2389e04c912709e11ec70505cafa813654ab5bb83a316

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
58KB

MD5
e7156df0ee97f2239f741a0e04e55509

SHA1
dae3dde0722d42fc050627db80ee43e59f395333

SHA256
b4a962bf110a5e34b72d36f2fb42253630c33a852a40a885cbeac345d15498a6

SHA512
3c485c979bc12d52de7c1017f7d4208918d8e160577b914596bd4430963f5d29fe674c1b9a6b3498102ba2170fb762c8187d6a24dfcf2d1f8f002737ded2b248

Download Submit
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp

Filesize
47KB

MD5
f170d5653c73fb8e51a16e8a67551cc9

SHA1
af9be9145ed230d8e922193fff9c8c1fb0514541

SHA256
acfb5c6408cdc067f0940b006cb20fdca45eedc08374e5321d121ef356de8e2b

SHA512
6ae8a369229a60ea871145abae2e79dbbedd5c96dc52315222e85913f5b0723c56632c313d4db9dca477c5f78fe1f2cbf0b3f0eedae69ac31310b9a2fb4baeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.arguments.exe

Filesize
45KB

MD5
63ab163b2530dfc528d4b2657ea75035

SHA1
331f4fffafef6a20ed88acc72a081813a9a5004a

SHA256
0263ad94678ed95e06ef49ea0f63074822cc7697332e51b453f2290fc8aa057e

SHA512
5813ad352bfbe2241e5642ee67e874da5779415bfbe4b85b4af9c033ee9a36f96af77e621834b2d0ef5c155457af9609971fc65bddbc6bcf018340aa7ad9b35f

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
44KB

MD5
0c131a181716f60b5cce4e39edc2cd14

SHA1
9eb8852e790b9c70b8c4a7e68811a060a32ecfb9

SHA256
a39ec89d855510f24d0f1e6fc6903c5f6c97d919681579cf933c17c5aa58126c

SHA512
1f14755d2f25458c8f8875f2652b43c25e2e09dee38082584c48a09e26efa6507355b12da43d3b13cd78c6d7cbe62369f1460a90856c4068668f3fcfe2efd49f

Download Submit