928fdda7758d5b7223d3e1fbc41286b4a1df8c27c554c88d5ab7e3af70ba94e1

Analysis

max time kernel
119s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b92097ebd1402422a5a095bfe2dc160N.exe
Size

83KB
MD5

9b92097ebd1402422a5a095bfe2dc160
SHA1

d0a1cf11a9e2a5557fde23211b0235281df996ca
SHA256

928fdda7758d5b7223d3e1fbc41286b4a1df8c27c554c88d5ab7e3af70ba94e1
SHA512

829ba9bed6487979bbb1d6ddd17fe535aa99edbc03f4f1b6dce4c6f83276f1d60c1c5ed0a79fb2e2ca8531bd209cca7c168a5bf9695de0a1d36ea3b3ce070f0c
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy47BlpppARFbhHFoqAJwBqAJw1VyjVy84gR:W7ZppApyVyjVy47ZppApyVyjVyK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4667) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
412	_Run Script (x64).lnk.exe
1156	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	9b92097ebd1402422a5a095bfe2dc160N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	9b92097ebd1402422a5a095bfe2dc160N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp	_Run Script (x64).lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	_Run Script (x64).lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	_Run Script (x64).lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9b92097ebd1402422a5a095bfe2dc160N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Run Script (x64).lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 412	4496	9b92097ebd1402422a5a095bfe2dc160N.exe	84
PID 4496 wrote to memory of 412	4496	9b92097ebd1402422a5a095bfe2dc160N.exe	84
PID 4496 wrote to memory of 412	4496	9b92097ebd1402422a5a095bfe2dc160N.exe	84
PID 4496 wrote to memory of 1156	4496	9b92097ebd1402422a5a095bfe2dc160N.exe	85
PID 4496 wrote to memory of 1156	4496	9b92097ebd1402422a5a095bfe2dc160N.exe	85
PID 4496 wrote to memory of 1156	4496	9b92097ebd1402422a5a095bfe2dc160N.exe	85

C:\Users\Admin\AppData\Local\Temp\9b92097ebd1402422a5a095bfe2dc160N.exe
"C:\Users\Admin\AppData\Local\Temp\9b92097ebd1402422a5a095bfe2dc160N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Users\Admin\AppData\Local\Temp\_Run Script (x64).lnk.exe
  "_Run Script (x64).lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:412
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.exe.tmp

Filesize
83KB

MD5
180843e2a75eba8e7e58f7868af5e87e

SHA1
cbcba9d3b00692f3112e0ecba62875eae4cf40f8

SHA256
0b6f667f955c200cef2a165044caad889e660f42482ca211bf623e6bea384b66

SHA512
efd62ab2bb1360b063ba7e70479168aba89ff78fa93a14d153509e449e0ce6730c39349abb9581e76b849d4e11393f45674e58a7be9be77a7e96793b2dd5b1fb

Download Submit
C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
40KB

MD5
8d4a41097c7f965e6fd5b3476a2e52ec

SHA1
194224d87877c3c3d3f232d1a779b8043f226575

SHA256
a5d5fe857af07caea0a26299f58ab84444a8164595c5fe4972390f3761d8e73d

SHA512
d8407dd524a9977450c398f70d7411d4ba4f6ee3b920e63704ebfa9aa579d110b25b607d30cb1e537087955dfe33cf74d04785022f759ba76506884fa7c5bbb7

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
153KB

MD5
4fb7e316931f4aa4bc13aa31ee475418

SHA1
9031a5fcf4971a5bc8408b5c69e67e4c64effdc1

SHA256
dd52b7357db4d02f250d705f53304ac3013c01acbbd04381d0938b67a936d8ee

SHA512
5a9bb454dbc541a3f7ba1343effde167b66f6ebc8c8266b256c8c7a0299fb18443f51e1db794450ed5c1604807927ae0229705a9ae836adbc977e3cf81e62e9d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
94af50da87b7dbefbffe955b84a90cbf

SHA1
5b5fbd790f8e384bf6fcc0f1e247d490865bd84b

SHA256
c15614ac9f93754357a99aea48997b495f1e32e2ef2cd7ea0f86b0001a967d7e

SHA512
af500610875efacea525e300b17e790bbf6e0a389c9b4b0db60620a5bc71734a1cbcc598d401290688077276cd149dcdf88fd341ab770b7456e6755f3e79215a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
141KB

MD5
d461135846ec7d50b7923b4ac486313e

SHA1
6f696f1d7b27e6254fe0e7cadafc16b12b62f35c

SHA256
f8fd6abb754e745066a3d070994bb4d186ed9995c05d83aa7f4c13755dc062a3

SHA512
69e83cdfadee0fe89bffae55fa31ab6c5d65bf7f97ff082215b4c02372de78ee1b33c1f93ce7e5df4ce8771b3371c8fa1c68a2b694dbe3c40919015f1d3ab2c1

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
bb80496697e2d4d27f33682c5ad7b689

SHA1
960f68a52b0f6b6a9f09776d7222e45d72e3a96d

SHA256
d7eb20707dad717dcac099f707708f21dd3fa734aa912b3da31df45e43dc9e84

SHA512
414e65f2c6bff9782364e9ee0ee68722fd6dd69d98ea54efbd74f13ae3b7aee90d6e6732672d791142e29233b3627376998eaf437b41db0ca00522ef4c262d26

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
3b3044aeb7085cb7a8b618c63631a5ec

SHA1
230aa4a4ee08dd519e544c7c4c21b83266e0e188

SHA256
401d884bac69e340f589c6f261f338c108e90de5c222a8d1ca102c84373c01ad

SHA512
93507d4c0f0b42dec9c416120f056f2725498ca5ee071131f814fad1f60ba307cef057f7927996928470fdbb98888cfbd4b0cc1c5a6cdbcbcc19a8a7ef89b4b8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
584KB

MD5
5891332689bcc249d2a643da285906b9

SHA1
b06eaaba8e0b7fa6785c139fd6e34107ff73482b

SHA256
96c610e0db4c36c35435313eef41c6c81f7ddd3142ebbc1aca168b336433d74d

SHA512
50e9c659820af6712c4de1267054eb058855d1a66cfef67ee3127bcf595a8d96fec9721f3088a1bebc4dcc8395949dfd41fd6d4a547885adfec49635a4bc855a

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
973KB

MD5
846111478d06cd83212d524c550bf0dc

SHA1
ea8c0bfd6b8a386d4c27fef31b05ad3c483a6aa2

SHA256
e766d8ffd9a5dabd72072fa031919711b048f932b7ff17142cf23a5cd7e2a1e2

SHA512
5700411efde0ad40515f2c9e089dc6af73978c7d4710dceef2e6108dae56549e724325f489dd325fbe307902fe1ac737e0e32029130d63ab1bb70e8b98f2cb27

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
726KB

MD5
f6c74db69a93ff2ef2d8aaa9895026ce

SHA1
5aa0dbe9819ae0d9436ea233f558c311a823f787

SHA256
2d9f5d59e5ae5b6bc3d776f4d9d822911cab8ce7986efed1e8b55ec5d37fab2f

SHA512
99d35791bb40bd898b7db3a2dae6fbf9c4bb4cbab338ef9a58caf595216f2e0826bbd3731f63d1b4da34d29f671ebebd825bf273c4fc5e7fe8db56c04d491380

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
55KB

MD5
b80d4391854e3bb970a9b30f076f9786

SHA1
44f44509549c7a1853553ce9ecb23037861e42be

SHA256
2e157bd3244cb79e1b4766dc24f1664b92106cfd9dee31bee2ba43603a8229fb

SHA512
bac9e21a359ccc04b48e12d0eb32287b7787561e13b3777c31e39a2fc0c448d92837fa739a5ec965d5b3e4ef92a42ef24c8d7e32cf6fb863e6ec86aa10e0c464

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
48KB

MD5
91b62e3bd14b8977c977ef799c67e48d

SHA1
cd225b5990758db2648cb268f28c7e822904baa0

SHA256
5e8877f7ab990e08c80a5071fc9138018b06496cda4979cbb8e5aab172eb6a69

SHA512
1038add11e34615b4f204f236ae8001ddf65bb8cf49691e57e080cdfe6a72b1ac2f054cf96704326a80b5208676ec2c556ce9ac9b165c3cadac82380cd9d314a

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
50KB

MD5
62aeca7bd79a92875579bd4c44473560

SHA1
c1ea59351f9c2608ea30095d8dc0a654d4beec47

SHA256
3b7fa09e8cadf3b2d496dd642b142ba889574f5a5b9cc11960fd43c275a99946

SHA512
c3e785e67617f91462d2e1492311c50a0437a19f441879860329f79b10508a606bc20cedbb35eb4ac371d4c38f140d84336865c0be71cc4f2cd4f7aa1ccfba94

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
50KB

MD5
d2d32f4d57b13eb973ea272196808f75

SHA1
cc2438172dac522a842966d80a9ce37075a5dd32

SHA256
6da43220c68f9b228e5282037cf4a9c3596dcc9c1d1ed221cb4af02e9a87c682

SHA512
38e89f9ef7491499f07851236fae62c0ce1eee03de49a7b5ae5bf8108f3e95c489dbf71d30381da21164012b30a2c5be7e299642ef173ac1a574e7769e738727

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
51KB

MD5
d70a2753f3dd08252b584df62f7f7d53

SHA1
34ca37ca91bb493e600178a148b072c3d34ca8d6

SHA256
d4fa3419fbab2485b181787d4c8be964212d00fb3937569521970a63ed6bc552

SHA512
13bc56043f65be2955a9fc498b908dde5ac97510c3dd6005390b365c0079bf54aaa52a224cdb00b67297aa7a348bd1fd29954f78edc3ddfd82c54ad1aa76e9e0

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
54KB

MD5
911b9e5225316f5abdddf752fde55b9c

SHA1
8d7e00fbbc3a1de47e3dba7632252025ad9cba28

SHA256
da6a6299f801bf75c8e936695245e51901a081de7d05c1848137840ba0f9a714

SHA512
7d1cb31f8522b49bdb25697e631f24e93213f31362ee7c71a7f6f2d6ad51e9214153bf7a2f5f0290fa8510a1c819746233b1c210dadfe7a7c36a9c6390375b91

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
51KB

MD5
e135de370fb003d907130a661932ff67

SHA1
dddd14abbfc993983ca63176e0f7ddde5d04d49e

SHA256
8e8a2d4bfb9902b19a04903326ac52a9876c603f7ee3dfcddd65de474396609b

SHA512
dcf607e7e961d1d3b44f88284d6524a9b4824e9a0c76135ac7ebc34baad1d664199b8d7e2454e51df76058be31410531785ab43fee2f7fa2ca88dc3f2ce5c2fd

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
47KB

MD5
f19b1361c9309266a9f10f10f85640dd

SHA1
5a092b61191f36155edf4280e4c67f354e77b694

SHA256
73f98e643a5250713d0ab6ede0fe7464778f84198a9bdaba13aa1ab4511c299f

SHA512
629698801b4322bd73a1bae4aa8d33df8bcec71a0fbea71b440c3819d8c9560769991b1971bb7f2ed561f5731fc7d200568f9823dd088726e4761f350e34bb68

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
52KB

MD5
95eb10f7af1cda97ae3c67671484c16c

SHA1
9b232651e4d3e91b06925d57bfe87a87a2e8f223

SHA256
f0250003f64db46b8b1bbb9c0de9e6b3ca6dbd663413dc218c91b82f15a48d2f

SHA512
a6beaeeeb849e59c049c96682764b2b999bd671bd48f1d8357451b6277735c3c21a55c9ab91cb7c87892efbe43d8a1800492c2c97a782f9e6a3f7a83b2141a8b

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
57KB

MD5
c0f3a2353f72080c54ccd051d02312b0

SHA1
217784635262633af0eafdc1f89fbc868ceaa4e9

SHA256
c96cca53026977e2dc3b2e8b527d7802bad6d289123d21f3fac0efb2bb2cb2c4

SHA512
83edb08b0e24d76d71a85edae083aed625f129025e23c6d44f6ca53a69958a10f0e75904632798576f1f30ba21a158fbb57f41fc8cbec7945eef992e04b49734

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
48KB

MD5
8c062ab6580ff0f35dde6c1ba7868d83

SHA1
5c0c06d769da31666640fe09ff8d62cf6578446d

SHA256
19ae7208c0f3b7cc91db8e1a923c5f89922fdefcc38261f0dcee63bee0690350

SHA512
32403b830bc587a79a126336da7a18ce2461e5958855d4e791fa267e7088d599609e40c479797fd036b1a721090d13bc636841c5bbb3ad68ba7bb8020e4d1690

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
51KB

MD5
b175d0575c999e5d3e77928fb35b940a

SHA1
4df6a97001f974c723295c693f7d22d390b4b6e8

SHA256
3d2fe8409a6d6007905ff8022e74f70ba7ebe6af435a6c29dd7e8a1d710eb5e8

SHA512
2b92ea33ee5bee96d13ccc4d6d628d826ea91ea32256d0b63b6e224d33302c5d33fae5aff5a85f0566324d33e4706ea8b11a36531dbf27b8741092dde762f621

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
50KB

MD5
2a8eb589c7ae023ee236ab854eed7ff1

SHA1
39512ab7e7051c9ea8cf9816bfa5d90b0339e2a6

SHA256
9109a8d2ca6be3c58e7d9f9a3691e74fe3503e4d5539088a3c71f456417d4838

SHA512
2e115165cd9e3db7c6bf73313889558769813d2d5823a047215315a6286ba3eeed51056c0672ddea511d7504b1cfb68d6162ebb8e416ee04e22ffddb25024b28

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
46KB

MD5
c64ea1520bc0bf74eef0d2395f466fe8

SHA1
c10214bf17c2a77ddcb52d7935edc3750a5d90af

SHA256
a526917d119c9c54a0c952e122a17897b8579e8bd0313912c5c8d95875b89f8d

SHA512
da92da6ad678ff7014fceba2bc9e6298e863a1c585e7d1e03046daf80e7922a1533951c4ab1f185bb4cde6e1d199e83979cc7e876e23be90515eac9ee16444b8

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
52KB

MD5
d4f0c0cdab7b27c8d6524288347efe56

SHA1
fcb1beac3e0f90dade2cf63b4d75867daf24c88d

SHA256
35c6662a5ad033d33dec054c2ae3e182254feadf0e7a9dc2b161b882319be76d

SHA512
9e49baa9c5bbc9ebe7843ae1f65bd0bb32081e60a0f8418a749a491c2fe0803ac849090caaa26838a2f505ed6aa229dee78cc59bf884d1a39b4ff9b755ee5bf5

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
54KB

MD5
63b123278e7f0a38c147d718efdf1e4d

SHA1
3a7d209c22349dec9b735ef5e107b0ceb2ed78ab

SHA256
8491383f55b76898806ba93c92a9e4a01ce93620ccd8d8faf8401257be19b8ed

SHA512
b0d46d5260dec8bb8aae0c0c5cc71184465e6e1ef716a66239c12bc5344f4f1e571b99368215dfff548efef2ea5b7049da9bd6b3725abcee1096581a98802d6c

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
54KB

MD5
df50563c9f4bfb96033d725571b647b6

SHA1
4401e5cd3a6d04b86276c0e8245851006baa3d71

SHA256
58478bc6a0d4b667c07c04baceaf132427c28a8e924f57682f99831e8d49fee2

SHA512
ee494125e438a9142bccc41308935c221535d9ca47002ad4f337fb3f9db02cda801a02b796625ced5d71f3f732787892686b95f36223f7f754fd1061b37b05de

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
51KB

MD5
3639fbca9c9b32ee45e31c2ed4155978

SHA1
d6b7f438b4401b1d80c5644715315b39eff7e029

SHA256
c317277a6f114711b4e673240f36b54b1dca20c5cd8c00428ec92e50086f0816

SHA512
6d4bb3825f9cbbf51e716ba98c21fe60d0c0be06aceae5b8a2aa20ad90960705e76c12f1e8da50a49058dad3c89fda7215d295dc57342aaa95aee4178679fec9

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
52KB

MD5
da0dbdf2f4bb435a08df54b3cecb351d

SHA1
083e9f76bf3ebb9a8fe9fc50b2642c95dae46cc0

SHA256
317ed360017c5fa9f3a4641fffcce024955fc9482cd4723e691916f6e1b30ee6

SHA512
a8cc4ed9a4c74d0853e2bc244fe43fe0af298c06a7de06ff258f654074abfce26ea707d77e8e2ed21e6152c363ca40397a94cefcb5dc1c53c01e119892ebbb00

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
54KB

MD5
72c6ba2ba44fa3a4daba5f94331cccae

SHA1
53b78377ff19a838fd90a580fbdd25dac6c88672

SHA256
e5fffd9ea88b0b6a4b12b142c1bd8ca152f856901d8dc0955af942eae1a4d6ea

SHA512
f61b9822edafcb3b850f85040065e83890f81aaa679f4b2959e2fceafa70381345a29f2fef009d1cf29db009f364a61f0882d6abe4dfcb9e222d0a9d35994faf

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
50KB

MD5
663a5dec6a2993a3f49eabd46d469386

SHA1
0096d0abd927ddea96d1f008b09048ad722266e6

SHA256
fb339844937b6b6812a7c5238ae927fb75f2d80bcb38d7cc9dc9989832da19fc

SHA512
761f34055f5437e9b4404641ffd38b29193c4b0d638698d1c9afe8ed5a717fd0b2d8439d19e951fa0d21ce3acfec412104da5769428dd0d8ff0833c8d34be377

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
51KB

MD5
579389c375e5267ffcb7da49c3ea6440

SHA1
fa23bad4134288db1f7846a4046423b454ff64b7

SHA256
7777d314c585a46463a4b564cd7571c922cb21f1a6e6e77b16cfa454e8299a75

SHA512
13d098255112002dc9cda31c9e82acb2dcbaeb569f7262bea5fac0c62c70193fba79be9aceb55f2602c0a83d4d0c375e52868d770726d57d908efb8c30b4dfb5

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
53KB

MD5
d7e676ae79428e82a1923ee1672a1df9

SHA1
f5ce67572d7fa9a38a700dda27649f19c6861cec

SHA256
098c4944b04fdc6dad2ed89d0fbba6a8012aa03e6a2da4081997218d421df0f9

SHA512
5e203d47eac0f65be8c30377bcf360eecf715014994abd9296ff1255128712f489c179284ee271c3f6eb45dfc387b861d51369d2c54c0beff8c1e64c84b5682a

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
50KB

MD5
c5cb28708a16675f3e6f69c277f941f4

SHA1
82bccebf5626f345b748533488dbe70ce99578a1

SHA256
14609d2afcb718835f483566c37ca18e42b0da22c52facc7a4a18baf5a2cb97b

SHA512
1b7fd00ba49b1b434a29c5b5592a79d158b05e684571987f8b66cec7e6e04b316e14180ad548644c8104ac855c3a5cea8f6f179a17373c3ca18057e43e3abb3d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
52KB

MD5
1f57811c46401ff7e44ab92b961c1e76

SHA1
c723ca96a47133e549749e67591b51d41bc25117

SHA256
3b2cd8933f5f0b3f78c57dfb5badc4872694f6dd3d92ee6c36f00fbbc1284ce8

SHA512
ea26c3ab9dcf6a3d6d8c50dc2089be716b265a440cbf66715823b33d2a4adfc15d9a2d54e89e0b453d8a58fbdc9811808d66db4885fc0486a628ded08c42df98

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
46KB

MD5
9c0f270d8e21dde997e6b598dfd6117c

SHA1
d3f03476673323ab7e618a36184a5bea27cc6c05

SHA256
9177afeeb7e954805154903205dfb11dcef4b89656e6c81f57fb9657bf78755a

SHA512
48efca46efd597c7b767c36ffe2d8593e222702ae0dd0a5632704261b8e9759edec2d65cd366cced9740e30af9c24604ececf5f6457cdfb657c29d07090a5835

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
42KB

MD5
a6622fb73b629c55acf933ad1fb4415a

SHA1
68ca222ffb71c8f430d2ff5986b45e90f9b48883

SHA256
8fa0f24236353344c0d81a40b0f5ad3bd80720d57ce7f7251fab9d267dd574fa

SHA512
babd682faf4408eed2047d996ca06ab9c1be30d4d793c303153f80dd649e93c1f393dfdd75ed8bd4bf9ac4e4390e5ec0767c4fe4d1ae5187a7336c17e3033e02

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
48KB

MD5
342104c3e7c5b641c6bd6ad0af6a29b3

SHA1
ba767ef676956e5e12bdbe9440800e7659161c35

SHA256
2fdaec6946bced891e0044395944ce67d0981a6204418139c19a60f1dcd3bc8a

SHA512
5b914ecb53ef50a6863aa79c088912bce5db439864013d9ba2dd6de89c4a453aeab1d3e1e7b1ee1eeaa98c1dbf93cc3c0fa9363d236fde36b5134cb8c223e292

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
49KB

MD5
6361cfa6bb01e3e725a2067e89657abf

SHA1
e8b1b229c70542e0ccabe3f19e35da47b3ba885f

SHA256
21157b11e3f2f968ef2aa0a4212467dcdb81035a4ec4694598f1189883f1d5db

SHA512
8d516408655ccbd9bf6d97ca54b482810c324bb4671e846fe3f327c35e206784c30567ac176775391e93cba32e245672ae793d8c332f119da8f2b791bd3cedd3

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
48KB

MD5
62b5e5148bb22a5013aac47edcf90338

SHA1
2b6e8ab2297852db2d46d12f6a8403235abd5f86

SHA256
11d3eea5a312c212ca5ca026ce0373383522b04822ca90439b8a8f55b9764805

SHA512
9ce1841a13f0f16c0a25b407f36028bd559a26955290e7ca5848fd683fd57fe9340bbd17369a982690ef2bfc16e5ef699fca77fa9c51583b74dbc5157729d0df

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
40KB

MD5
cd0c67f22177d4fd70dca0091896a89c

SHA1
5e397b597eeebcab215d189fb3f1fcfb30b59195

SHA256
e17974adb36e40286675ffcd819c44c43e97d975f97ca35860f50c0e1be8c848

SHA512
ac2ec4827c83fa8048a09f65a880eedb55a36829644e2b2ac27f4b277ace331f4fd2b83f0f1e466a51386a19b3c707c99a279d6c0e88ca773f978b2777b7d44e

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
63KB

MD5
b84231ff4a6dbaf7bc7bb534a7a5b63b

SHA1
ca4fcac605c7a3126511889b96aa5c8d88b1f03b

SHA256
8758c7665556bd47602d1735314e5eaec53255a8a65c5b0e1ea903d7ea71bcb6

SHA512
701802746b45cf664ad20392902c603487d3c99723db06d83232f80a3b48905673d2f8ae524fa9800a2fe8149c18bb95a805fd2f9e89a3e537d414dfb06018c2

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
51KB

MD5
5f7aa17b44e4db551f8ce60853f07c36

SHA1
7e91dc3ec70491b592bd2c48b65980688cf5be6f

SHA256
3390791d2574b8b68e569a2dcb3a7a3ffd089cd9dfd052a7732fcac7edb5eeb7

SHA512
dd3aaacfe8d031843f0ca1492a098242e2ce3989dddeddcbc76c93446a3840ab1e346a1f529a2e315cd3bee7fe1f8f5f1c4d0ad63f2549a0baf263f6d0c5063f

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
45KB

MD5
709c5e6a11bbbde1c7c35d1a1363933b

SHA1
7c0333983d9c5bcf3a64558afb1db54bf95f5279

SHA256
608d7fb354f74b63ffa19cd4cd384bf0c97eb8681e48a8f80e99dfbbe658be1e

SHA512
1b0933be5c24a94a38ac594ce27fb0a0fa1ae8a844c626f6404fe40c48c19633d5902141875a52182071d683becfb3cc9d353be60435fc65d1b23225bd7c2e17

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
45KB

MD5
7b17e50f44f24b417863ebe8d5451f57

SHA1
5cc5d7cc664795e875302445be9afdf46a9036b8

SHA256
4f0bb6b8c963444d9631a6d49f5a4dd73a3dc4a3d95a3d9723e907e753a4795c

SHA512
814b5ca200e4e60a6bd5ff9c9e19d9a153f553c69c54d202ece6916bf76ff551d542a76d026436f09f7bc5ccbc62df36f697d82ffdd479201ef9fb4d8d76112d

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
48KB

MD5
82c2a916793f93bdc0f69d244c6dfda3

SHA1
ee4efce05d94dbbc4c3421ff0812d0556a7039fb

SHA256
40d20d4bdf1a020366c7d138310f632e04c85d85cebd099ff2293f2a94198dfd

SHA512
bb8d7f74807acca1cc88d75f989993614c83f8fce36b908c850a37978bfcc8398292394044c93c73a1ce07f03dceb9df91b57f7504a49600dc4e8037431d3b0e

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
44KB

MD5
811af547e4f29bac7ba021cceecc262a

SHA1
b0d87c4d29ecf10107a8531332e63c01917a2c40

SHA256
a7d7227a3418f7b908da9c28e5dd348f253550a804162a38c79f800a111d96bf

SHA512
6b044cbecc769dfc560a7b091b5806fad0157cfe5306d2fa7e87226e1ddbcf700dea71b261a1f4afeb39a474a08773dfa7714fcacb153b6591671aee121a553c

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
52KB

MD5
67fbc25e8e69ee0c60586281fcf235de

SHA1
bc3745416aa90a1387992a7018ad91fd4295fbfa

SHA256
2b592cf33c9c1bee611e8092d24566384a43f1a728c3fc46ad20a44c9821aca3

SHA512
d7b5e985526782be10e9e671ae37b1b8cf1a6f908e161eec0b8b30d16d45838fbef7ae01203323f4b47e29f9d705721bb021edaa2de39ea7d85d8db0014c9934

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
48KB

MD5
d7f1159b0c35a360971a8f5f71029538

SHA1
71512dbc3673028455322c9ede4c212682a2e528

SHA256
512fccbc9d2fa483428d0ca6b139efeae4b416ef6f7fe79392890b990942892e

SHA512
ca6f9ef15c5cb2c4f999c27109439e21514896f653efd4fc95f4d2d905018b612367bf91f24a9e6354c91bed21c632b3c398491f072e46055f5f9ea92db675a3

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
57KB

MD5
709d3ed18526659647d8c6f91bfb43b8

SHA1
bd9fd6ec43125d8d198c164b3ef0f4e3677b4e89

SHA256
db4415af8ba60977a98036c44c19bd490138a23d1cb99182e98303be333bcef4

SHA512
b7768e77af5b84746bb043e3faf5870c1d58d791efe62f4655f3cd3e761f870cd53ed170804bfa0664225b412c31e5dc11ab01ffb9a5c14beb9b9697edf152a2

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
43KB

MD5
6c68899c04b1077af61e9499fe81da14

SHA1
b3158cc7003a4df9a5e82fe19143f1b4d56a6a8b

SHA256
985b68cef9636892f43a0e645257c35099888edb18257f326cbac2abafecf350

SHA512
53000f74be6aac458219119b8785cd52b473301b49b2e034b02d159559a32f9377a36ef2950e9d4120823b8dd4f157dabd37b6bcc95d486ab37761d2f1271759

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp

Filesize
52KB

MD5
1046dee63864c25a2bb17292e0aa0b73

SHA1
a1e45ae180f65997f0c9e54a764866661c603e50

SHA256
53bf1bf39943c79e7de634ab1964aa4fc99a84d796fe62c706f2ba9950340795

SHA512
963fda254ed0cdde69a76143da098b9dc5967ca06540950283bc9f954f4f9b2686008aeea3d235b960bf1ecf720f048203e139ac06ce8ddef6a2b21ddd119aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Run Script (x64).lnk.exe

Filesize
42KB

MD5
7550c2a9405c50cde55d2202815742d2

SHA1
cb95bf8a75989f7b38bbf64f703932bdc346c23d

SHA256
212e89fbd51a585b99990c6eb76108a63c6cad4347993c600812122a10175582

SHA512
581f0a0bc1af9410407a9d50018c66353c7b093f2dee8154837c18433d96fc7010c0789ab3a8e640c2e73b398c3ffb8977725d49d34724ecf9534350beb13b41

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
40KB

MD5
35ce9535945606e2eee68b7b55198f3c

SHA1
04a0846cac365f7fe44fd303f0972ce6eaaf6889

SHA256
f72c0fa1316aa0e3b2db5a069bb22fe01037fa562303eb6b021bc45c5997e746

SHA512
d24b33c5220ebc18963505b23d27b20fb1c8c394ebe61ecdfd357c3bf9907b4e2a0c536f180f7276eb58eb8addfd4d2dbdce64bbca6122a01b44305028fba51f

Download Submit