fad818dd750400dfe360f829b46f4995b91c77e4e330a7a17ffa59f5fba4f993

Analysis

max time kernel
120s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c4a79d400e2192ff285e82c754ba0e0N.exe
Size

76KB
MD5

1c4a79d400e2192ff285e82c754ba0e0
SHA1

c4d0407f11c175d105a74376fb4f97a3fef36f85
SHA256

fad818dd750400dfe360f829b46f4995b91c77e4e330a7a17ffa59f5fba4f993
SHA512

703f5f6ee6037ad5f73035d6b7848fba1382e598619b0a057a5a809c2c9177edf7d867a4a8f45cb3dd62012fbf871a3f14377a971b7674c0826f3ca6ca5c5439
SSDEEP

768:/7BlpQpARFbhCWK9WKD7BlpQpARFbhCWK9WKmK:/7ZQpApTKIKD7ZQpApTKIKmK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3139) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2920	Zombie.exe
2980	_MpDiag.bin.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	1c4a79d400e2192ff285e82c754ba0e0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	1c4a79d400e2192ff285e82c754ba0e0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sw.pak.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	_MpDiag.bin.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	_MpDiag.bin.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	_MpDiag.bin.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c4a79d400e2192ff285e82c754ba0e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MpDiag.bin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2920	2872	1c4a79d400e2192ff285e82c754ba0e0N.exe	85
PID 2872 wrote to memory of 2920	2872	1c4a79d400e2192ff285e82c754ba0e0N.exe	85
PID 2872 wrote to memory of 2920	2872	1c4a79d400e2192ff285e82c754ba0e0N.exe	85
PID 2872 wrote to memory of 2980	2872	1c4a79d400e2192ff285e82c754ba0e0N.exe	84
PID 2872 wrote to memory of 2980	2872	1c4a79d400e2192ff285e82c754ba0e0N.exe	84
PID 2872 wrote to memory of 2980	2872	1c4a79d400e2192ff285e82c754ba0e0N.exe	84

C:\Users\Admin\AppData\Local\Temp\1c4a79d400e2192ff285e82c754ba0e0N.exe
"C:\Users\Admin\AppData\Local\Temp\1c4a79d400e2192ff285e82c754ba0e0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\_MpDiag.bin.exe
  "_MpDiag.bin.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2980
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

Filesize
38KB

MD5
a3d75e367583d722ce2756f2b62fc9af

SHA1
c92b8d133d6d2dbab7eff625be51b8184b961121

SHA256
dcc9ea211fb3bc14c92fb80ee06ccea5588be82188d1dadb202c88d401a8f2ed

SHA512
6f53860bece5c0975aa02c665e5fb24a9d112f55d889feeda584c102454c946cec902931c056d2fa76af0c15236097d64b986d89a95a4d6f5d0d4b7186acbb57

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
150KB

MD5
b31ba095d17afe95fc7186bf0dfaca45

SHA1
1b2c2a1dff1fc85e37bdf5417a5035da8107eac6

SHA256
3f90f018da14697dba38e86c605ccc3f948a0105b7be47a5e2e4358d2b978c1a

SHA512
7b00f8c64016dab7922703a5c9b23c02a00026f1cf60778dad69d4a77d9255c70b9529a5f23c98b0b6bfdc574dfdb250392af717ca5fd4006fb4bc5167c699f8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
137KB

MD5
4e130e1ee27f6382e53b4886dd16bd18

SHA1
a118aac6621efaf43e85340922cec67da7f97323

SHA256
d557338c1dcb43729b3e42606bfb28a76676c526452158f2a1da5fd682519dfc

SHA512
997c1676a9954a63664bd3e446222b0960b819d0187f7064bf77aac0460a15bb1b23c37aa8ee7899770ffa788879926fc10c0defa96036dad0aa72a424d6f5ef

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
582KB

MD5
6c9669a3d40335492b5772f798e979ba

SHA1
c23bd88ae7201475ef38af31bd288ccd684dc007

SHA256
1f8e7507f206350b4023816f85867a6e9d3e55373104f0b71b10e8b264a1648b

SHA512
5cc7ac655304f8f363ae862fae2249d1f789aa5ea8406d3419e0eb7b08128ea3843c7662b5056f75900ca7f75cf7b682cf781475fa032d0754780504bc565588

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
247KB

MD5
50de4e77d336413ffbadfbb3b665fdcc

SHA1
b3f5bf30f26b3c27906dec1831a109578f984d92

SHA256
715ca77994ce0309405f78835a559638b1732c6c0dc2787d8f45386e9f8f30aa

SHA512
f6820c13febd0fc744bc9820c9d5b3cee5721b5bfab39b8e52deec8c5f282d40db08ea7ae165c6e1a0ad28ccab91b67b04645530785de7a493f1a782b73ed2b6

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
740KB

MD5
58459de3ebbb63c27e2fb10b4a3377bb

SHA1
b14f3f5f0f5361c93e7b5c5f63705cd89a562de2

SHA256
8104d89895b6210ecc2af50fc7f7d1e853aec8aafaa8176b504d00721d803336

SHA512
62657ff3959766f6b9362d1824fd34a3aff872ba2f240f771d51c5fc22ac2f8d7b8dd38f00f540d9b3b954e650ecf92140438e731a6b3f68442da107061ac624

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
968KB

MD5
fe8b40f67eda7c39364312fd25af7a4a

SHA1
0a72487ce1341dbd5174e18519caec6d6a9c5f66

SHA256
9e73f46968461a306eb97d647acb1dc11521cf1efc6bdfd3baeeb3d401240f97

SHA512
d1f8cf218477805219d7381a9a0a7f085aa1817e9562c12e6f5e370436a20a558193bc1a37d1f7f95163bd3916fd718d7b1950e511f7fc6e578f8a336d2fa4bb

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
722KB

MD5
7b3788d50a4a997d91a38c247a3ce505

SHA1
165d48e98ad198fbb5de6855be44cdb9060d53c8

SHA256
bf7a4479422d6cf384180496fbffe4fb5f1f0bcd3c4b18c4b99bf9243eeb54bf

SHA512
1295b27d142b722fa94ee78130b2bf4f87b5de7bea507d67ea5551c455f37cbda4eec2766ba1e5835be7dbae491f0988073e74006c09410e099c285b5a9a2638

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
38KB

MD5
10aacbe4cfc8470021c920bc2f3b8cda

SHA1
01d110d3b8e5274f957eec95c1c88d051172a7aa

SHA256
bb73067b82d938bfa316c5772378203ff3b676d8aae78f55b3391f67b13bb55a

SHA512
8cbc9a453d9a2f08f02b7b980e86309b39507932adfbcdbcd47966f09b816aac31bc6fe923c16ce7199272f801a41c66057ae99469c5ed26906b9bc9aebcb32c

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
45KB

MD5
0c572510ea96bbdaf6e23241ee0b32b8

SHA1
38946e7c38a560cda4c231e47bfd971f8b57f2dd

SHA256
c6e00cc4c76817ec836ae8ee22f52f4845396f43c27ecbf821408ab9cfde347b

SHA512
a795adca08d5a22265fe304ae22ea2fc5a2f958026db36d0c85279c2f706a510f92b8d6c48e87700acacc75c898182066afc9b492c5679125c0d8814a8d0f988

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
50KB

MD5
9338bf656e2707b3fc3f9f4bb1e67c18

SHA1
79190fe8e0f8cb53832f67c1461488fa638a0fe0

SHA256
565d06b1b83752abccecd0d6b8ddfb06c283439e589867f12f73e5342f2309b3

SHA512
95648f74e03b01a0d93c5e6d6d05a30a950b6279279956d7a77d8eb1ad96e74cd97e0268d722098e62e7c7e61470b8724e22fdb65245a843d366170851f1ee2b

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
16KB

MD5
de59cbbb7aa0a0636af0c6aad443acf1

SHA1
43f63758158c7eacfd8f5376e9b0a976f9878927

SHA256
27000a871672d14dc3847581557ee9ece1627e2e8eafa6821213ccdc56d3b3aa

SHA512
267ce646956a6290dc021f31dc7366201cdbb64b7e7293ef8dc58e120594224370196acf7db2ef16b0315da0990a14f65d082ad67c31e8b3f8abfa1a67df1613

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
49KB

MD5
17374b3d15902850c43af4b4a8e21ef8

SHA1
ed792610baa614e3848462321ab85d85933763d3

SHA256
36a239d3e5f580020d9c011f902444061f75fdb3c7d2349cd0639171b1a612e2

SHA512
72da3137a3cc0290fc70c4c8612ef713e942b3d7a8fc3bcf82a106f11d14eb8d1ac499f43e49f50a5859923c7360cc5a2908166ffd28b896da43770c4bf6d583

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
37KB

MD5
2a7e1a743f9cdcd6cac6d2b3c756b8f2

SHA1
4d57fe123540f939d9966e4ba97dd1ef4978415b

SHA256
6c4f0f0a12180ca2f1f616ad13b1eef88dea4de5cffc7f6b3d9b7485648df244

SHA512
839446f234be76859451f5493dd805b419562850e966a8a9abdc89ca951298e07033edb370da06c283737fbeae524f0f97839c21cfee1e9c3d40d7cb34244392

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
51KB

MD5
d23e906695a6806ba835d53aab8dfa2d

SHA1
40af222612384b0b153aba82b308022b99d2384d

SHA256
4f3e37d93cd63f1f567ee0e49acf2b4e01b0fcc140d484aa28d85ecdfa706b91

SHA512
d97bea17c0a7e04220eb815c4950469c56ca6a3f3089ea8dd9329feb5aa5728e98daaa4cd37a3818a86a3d21d4ad23909d1b2388acb3b41985703faa72623227

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
52KB

MD5
ee08364933259b89e6734bd6e90879eb

SHA1
8b64a34e006fd2dba6cc53dd930aa6de74af0d2c

SHA256
77892e1dfa84b11c02ff0143808b5ccaa726b8803cf691751bf1cd2e9368e89c

SHA512
2852d04649040649e4b88447ab71213896b3ae95ddd7bcbd2127a184f5df1896da9ce805ea93c3f5ba4391d180b63b0602763728abb57e878f608ecbc8d28969

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
47KB

MD5
4605d05dafcc3c088ccd9118a7648ae7

SHA1
b25ca21125ca6d6a119b38db92fecc6d01ea65c4

SHA256
62e5d9f64f08f492a1153e46a0728edb3a9ce1ce48eeed497f1115a3cb16f16b

SHA512
5560873294389282559c6415c32d5333e9bf2a846bddc33136cd969a6e57adfbf355a08460f44a83eb663ba7dbbac281303a99ed1eea536ca3df88f834f809ff

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
48KB

MD5
2cadaf149b90ac5a2d27ace54a9a6212

SHA1
ab94df9926a41f94a0cfd15a4ed4a9b40d2f44e3

SHA256
dda4ac703be5c2782fb55feb0b498ab3b489f11c9453ccf2b38978a5c0c6ca11

SHA512
b808e10f03c824d2faf12528e490300367e02e4a14c14988f7198f32221feb77cbd79b10120b02a6cb8bf8de0715c4b2493d84c8c1209543d3f204b18e8f89b2

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
47KB

MD5
320b8117566ae4e2cd4c17010c7d823f

SHA1
ad39a1d16a508330f825ec47dd27a876490339f3

SHA256
04ca8dc117c4fe1544b63021c18ef531e058e5b729f8196b1f41b27b6331ce0a

SHA512
07631217f09925876fb35b50a02ed4368b703e0d46936a1b3777909f8b2d6e4997984237e2b8aa32b01113ee9da5e584c81f6eee9eec60768fc826e517ac2c5a

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
47KB

MD5
20eed7e9fe03b7bcca07db7143046471

SHA1
210ad294317fe589a8873c537a4e48f52d932919

SHA256
5579229b45c68b1ce716966a521cd10b846c62b2b31109a611f881158f21fe53

SHA512
10a515eb87f0aa12c2876f0653c5c3ca23c13a586d7385c0fd5f4a76dd9df6b9fbd13a27bbcd26dd9d367d91cd42637a10451b1df9f0093c42abad59e36111f1

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
46KB

MD5
50069797afe14b2edab0075e62f07af8

SHA1
9a3f2b0dffd71dc074d1cc8c8cc8253f0fd197be

SHA256
7d4e8882116c8a30068a1cf1f98f744f77482bac3522545ba77fa0fa88cc3590

SHA512
b3f8a9ab9b26df9b2f2ab04693044f51ad2d8a37fc4eeea5761fc220ef58c53ecab7e154425375c5d591e934dc40589606ecc4539a9bc7262ea5db4a7c7dd6a8

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
47KB

MD5
1225a5d2822585f06da0dded2daffffe

SHA1
6bc60dc4c70d8e87499121c282f1a627e3a39964

SHA256
0547a4710b25db560dfb6418d2b3363a396f169c7fd65284a26563612870ec5b

SHA512
de1bf58b949b22f4930a2a1febd42cbe554e08cd2893f9ff41e4f53f0873789f2c7e51ffd5df3e2ac9dc3decee21fe3b8209c07ebb0c06d985fd3f295c9e1f3e

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
46KB

MD5
de1c477fa5036f3796dcf78b46a21433

SHA1
d21629e1f07f7a7bfa5e8c5c11fecb23534f0c2b

SHA256
9b53b646c925da618f5fc97887165cb29565848dd68b03f4c1d68839278a48b7

SHA512
a034a9e3debb1046f64dbf7ff6e971eefc62692359cfeb6e6155819bb2b3ec25400d3dbbf85026572e7011c953d59d0269de57494a7d596522c2bcae6795c6b0

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
38KB

MD5
1f6bfcd8c8f03ca87f84aac266f4659a

SHA1
68ffe0d2e3ed97f783d21608cd6d62cf33c299b4

SHA256
a39973ed7cffe72e234e319d31fda05a506fd68df43f78f37fe4e25166add07a

SHA512
fe8994c7085be83b1d604581be6487de91356e1a9ab929ed8af7756919ba6dc86e378cc77a9801858d7ba3041405750c2f07705e87b38340475aeb766776d5c6

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
51KB

MD5
6cdcf3ed3da28ac376af9a78db5840f9

SHA1
4198dae28de8e2680920f128a141a9bb23618fef

SHA256
967d85cdd7852bbe512bbe731e899c30360d6d5b2438c4ae3acbd32cb0430428

SHA512
144974fdc1b5b4f82374d2d2ce2732a925d3b5374539a385f60f8e61dd20a77d2ddc6d8d70ed01a73afc7ef0b91cbbd50efb25f5cfd2ffa5c85ed905465b8b0a

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
47KB

MD5
b9cd6fb60084b252127f56936b27afba

SHA1
26c729fcec3dfab963bef674467127bc122bed10

SHA256
d5611a371cfd43e73c6706151bb057d4918562b849e1b6539804fc4a4503a422

SHA512
2e7cc3f8760a5b28f995e08f9a9fbeec75b80c12548e71496718cf77e93b2a3ef55a9e5105e97bde9be63521ad12727ee595e5bf1e5a92d2ccd11a08c05e803b

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
45KB

MD5
0ee61085275dd0febc449c5e1c97fe2a

SHA1
0594a0eff3522284867df9341386a766e48ba020

SHA256
b32c900cb853940139b1dfd1dd4d4b0f2afe15ec430ef1e9b93efc73e54fdd73

SHA512
9ef98024ed3de19d1944073a4cbe6b6fd04219b4ab85f347dfef22a46157a51fabe2b6ca4c21579b6e10a64266bea5eaf26cfc58b943783e55e88b1797c1d423

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
37KB

MD5
e6dfedb8a63d2989d8c1fb5865d703db

SHA1
34428d52a487913c19074cf0be4c8c1faa138c1d

SHA256
bf067a5f50d7f44c9cd4d271e2de0a9f3310d4e463085196d0fd979b4222bdf0

SHA512
c8486491b25595bfa97ac6bf408552524bc35f6c855392956c6fe7498c26a9e60688e174fcc7fd4813217510e65957470a3cc05a51fd01db371a494e8d392b4c

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
55KB

MD5
9f88dda9ff40d336c6959bba3998b32d

SHA1
b4adfd93add75eae216a67d794f47fe1b93501bb

SHA256
e7d7c09a3291101cfec136d1a27667094f6992639d709511cbe615f3f2047e26

SHA512
7efedb0a3aab088a2257e10cb4dc5b55fb601b161850fadde79cba4dbbb43d3bb50ef031d0e77fb07b68d5550b50a3e10cea81748968b345e3c9cefd41f8d002

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
49KB

MD5
d55c2217bc992434899a7379b55169da

SHA1
a266db373a8eb7d9f88a74719d8bd1677d9d273a

SHA256
d6fbd4b064c4e53562e92ad633c2da5108d74f17660938bc3332aaaceaa8fff4

SHA512
40c1f934e0509f31b5372b3a57ad31cd22bdf6dc0a08845b5e7af266a7aff2f62c1903477a77f381f8b3614a2ae003607555cfec4d81e9a18a794aa84d94c086

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
47KB

MD5
d36ae76be6052ce027194a9e0791c8dd

SHA1
31f8dd69b18ac938044cf4908c9747dc8be96eda

SHA256
89b9e0ee49acc90b5edfb62483ab9fd0f06c8b5a7f12bb4d4ac9edbf45d97b7c

SHA512
8f5df53336e2243a1e0589b6e077d1dbd5789dfa82bb06ffda3da78c2a2140778898d00a504849dff3f0cf6c05e2274c47a372c02226202847c4e9e14f0602ac

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
52KB

MD5
da9a73c7f3de9f025cc83b14c3d80f19

SHA1
59564f870c0b38bea0ede1145cadd643822d0a70

SHA256
5f5831065a8c6e71258a66a6930e3fd765ea4338c702958915baac285ed6d394

SHA512
33120777327e78ddc5f49831e6f7f64eb1e894ff12646eec426b91d1a09e2086e65a215bc130621b31052d19ffdd242f65bc81ef384682a6b2304b76e3a30827

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
46KB

MD5
b170107cc4e46c76a1015226a1b1ef06

SHA1
acc24e48257d7024b22a6ca7d0009aaeda12fc65

SHA256
733a7ef960b1b21579adc5f4fbddd3a82b05049948e49a881d969feaa4e40eaf

SHA512
70f86e984b98b56cbaf25c854bd368acc303dc31de008e67c6f05baab7ac344fc86a3ae9a8835b03a3505ac3e0f1b64cc366e939cd3e9badb90cde3031fa5ffe

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
48KB

MD5
3b44de443999785eac73cd73d9d9641d

SHA1
6c43e94191469ae6fbc06289d4183d6aa1a0cf01

SHA256
991dec6c95f995c835e6e805b9137b32e7bc61cf758d0b6a7cd83b55fb78aa18

SHA512
6e974f879281d3d27e518530b9d57e590e5ef42e4c3bf113cfe8543ab8b9d5507d1e43a83f31354a908e16412f9910fef915155ee780f0970bc77d818f59334b

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
46KB

MD5
fa3661bab2d8ee98d092378908b1eb83

SHA1
13361f585215bc4fb533e8553e198ffa57c6e149

SHA256
dab7038b59f7cf1685b83a35a05bcd973759e902a49e54a2222aba041dc70919

SHA512
1876be97476bc77de8a3a78d91d4e354a9c876484282944042ce9801a885944f4baa2330935cc6b79d73e9e8c399e3b89c87fbdbbfca0e6cb5ad4a01d2080901

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
47KB

MD5
ad47ca61b4fb773b43533ffe36a3b2d4

SHA1
0637890452affd70107f0e1edf7da523c8bcf958

SHA256
17ada3328524a717ba6d028adbb9c7612dd343eb29994d5b98d2e56df0fbeee4

SHA512
0e192e0fc1489f331c95491b7a7b1926af2c03f1ac544515ba44e87baa0a85a8647810235b4166cee1f97f67560ffe511e3a0b72eea59077762e2ebb23cdb424

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
46KB

MD5
a62f660060ce59821f0b46c1223bdf61

SHA1
c365fd69c281d62319dd0847b3bc6725bdd9838e

SHA256
675d8dba71b6cadc426cf23c0f42968943186b7386375d0925cb4f070245d7b4

SHA512
e3eec4a6bff4350409525f876c977315fefa9735cf93947cb7dd1688aaa43f7998ad3a15fcb98f360e059d81ec712cb21e97a52cb0306aaefb0d3280e0a5f2a3

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
48KB

MD5
4ddc067f927c063de874142f8fd2acea

SHA1
7da3f610c14a480b338d2018a166a42eaa4abc96

SHA256
c9af459b41ca0cbac41963b7f7117ebc8792319227edc5cb4f92ffc394a764ba

SHA512
8d7d050b84b697a845bc5c2f484df85e9b973bb5af9ef868c33b838d83ef523531de6fb10ecd6ce871d368539af62e8ef568e1611bf7c915fe4dab36a6c96d58

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
43KB

MD5
ef008b1979fdd8b9943c281c292a5347

SHA1
5f25ebce8b3d40df0a2a324099a9ba362cb04060

SHA256
03ad259157afca477cd6490d966f99603dcbd28be4241c2c58bf6c715be5ef4d

SHA512
c1bbbedcb6a215c6964d7ba381eebef889b92d1e77ddf5465453a04a84258b70fa9d4b2f4268a7eb0feccf46bf39057e62cf073af4cdf4a2a0238e7026464f00

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
50KB

MD5
e85291db81f06d134fb1cf7aa022c37b

SHA1
3c36bc9006fd96e35ed31f1e9ddb6a5ddc222ecf

SHA256
f90830a57c553068f1c891183f2b95db9767a3ce874302be7bf6d03af647a0a5

SHA512
581fa732af4b80667ff880073e7987a7c2b9caabbfb96aeed48515db5aedb02ec5404e89cf9b3e92062d3beafb2ac74c690437d6b2e1bce9f42c65ae92bf1259

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
45KB

MD5
362a7d592779973ef4cc49705f58e9d5

SHA1
24decc811ce73531d9083212936b5cdc72508846

SHA256
ba8691ba574522d6a864310763d3e7910627098e2198dde21dbc33b517e553b5

SHA512
5a46b909191542769cd67b74dc011d7621e7b50978a82e9e6609d4cdd2ef87e0ba6c920d887d2cdab3e2142ed58c1c956bef060187b38b141a52a4a96eae61d9

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
43KB

MD5
80488aef7ae44a2403063c2175438139

SHA1
9541f732fac9082615f5f61da902f0bcc1892545

SHA256
b0c8705188c59c2505b0f7a79c7ab1fe181b7ecf8df0ffd3c3d01ac59c84c226

SHA512
c6900942151edf6d522865aa19cfe2ae4507d3634b50e6da174ba7c879f2ed9caa76bd3404d766c5efddeed76030174401bf0398269ddcaaaeb80739be4373fc

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
46KB

MD5
5796e2f85d13feb2ad45c3394a494436

SHA1
57cc5656a87c430b4e2dd3b6c44aa0f471ff57f9

SHA256
fa036094e0963aec998d463ccb289c78ee465236a7c8d4eca6c185716b654032

SHA512
34b1a5f51261759587e8bade48b42db683fdfa89fbc00ae09ba38b28cbe1c48648a7c5fc336cd6a43e229b2f5014849bd5a8725fa15040c53c2757449261774c

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
46KB

MD5
89f2b820faca58d588b7988ed3b50d69

SHA1
ba4aeacbe5c4a2d0aa3e7312cdcd7ba341afe706

SHA256
c1ab01478f1f442922303b41c8c9f25b1ed11569695f87d9ae1e55d0b99d41dc

SHA512
4d2e3505f86f0be2949a0fe7185295e7c749ece372a7f6d35b5b2bd8bd955a62e4c7a120344a85a41dec29089ab5a16c36ab66feacc3e792b568872a95135730

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
48KB

MD5
6b587a86f14b79125858207b63994aca

SHA1
b7f9d0ec11b9cdf104466cf9ee72e54e8ba599de

SHA256
be16f931b07889a819abe3e97e4666869ff0d5f13971ff6f0ed1c1f08ddab5a4

SHA512
eca2a504f253790fa27d945bae119451909b214d3bb6d0416523eac503cf11aa7a2da60b0d90a4b643189d9dbbdaff7814f58549b0b7a970aeedf85b01a6068c

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
43KB

MD5
9fe160f68a57746b466c9ac1d092c2a7

SHA1
fa68173520bb45c1c29d6a45adb3ce3054a83ee6

SHA256
986be0df76e5c23896bd7414bb8e3529faf938ceb2ea835a0460a6548b1079e5

SHA512
746d2d2225fa2e418cd9344cb61f8a0223fafaceecbd9f37172af2de6e21ca581a2df93b1cfd05bc057d30da806d2568c9636a9ebe739d8e1836639fcd824f23

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
51KB

MD5
40ef300384c854838e6a47bd93a4ab7f

SHA1
00dde49514fddd4bc0ea0759b52e7be90ec7d2a1

SHA256
3cd9de0611626504dbe4100f9744b73e924e24c6bb3e493f9872b8e612cea747

SHA512
eab09d834a99f3ab0a8e136942634ac5dcd1ec3b8e65584ba657bce35e759d75a0b573e7b8f1423f541d4b877171122ff5632c6996a7770601735f6054618878

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
47KB

MD5
5028ddb846c92a3273f1a9c572aabc52

SHA1
97e640f9557cd9e489095e7cc2d7dadadbfe02e2

SHA256
35f1967d781e67865d8b1f75484402afcda7081c02af032080aa1bf4d2181446

SHA512
d8c76ac8fef90133ab6a352f978f3c1c3536e9c45eab3154c4434f3d72a8c5063c7e5781f0ae0057ef72f17cc42c1a48b12924cc494c46c825470202373b1662

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
38KB

MD5
e988504d27d167b029ef8b94905fc58e

SHA1
e0b85818f3b5651c0c1117bf967dc701a516077f

SHA256
28e4456c5e5c2946d7f5872cd71a18723c8fba75eb22eb3f48bd514f1b45c6bf

SHA512
c505c95b4b197a456d1312710dbd92b91b6b9e8f57cb4b558b922a6d6ab57f12873d13ab6bdd7d32896fc460ae5deaa4b63417e4c86ab51d26e3d2f73565c62e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
52KB

MD5
92352e2abab6a85d81846b5afc660235

SHA1
5fa04cd5b07165bcd390d75389be7190206f4615

SHA256
f662b94811e8900316216e98bf5ae83083fd1aacad23a835aa01a4071f300bd9

SHA512
487b3176564d6d97f9c441f28768000c87a3ea33fc1b2e800fc3d562c544029fd4ae75f0a6d37cde38df97959b6a9de2daef4a4584d710791139ecc3edc74912

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
38KB

MD5
c4cf107d1003fe178a2b28cbc2df495e

SHA1
6c2c5b1f7f13f17bcb6acd5d0654b855aa56db4b

SHA256
7388ecba574ed49885c66986099bdd98509048e919f6099c82983c2b7ce01053

SHA512
30fa2172934e77c2da269dddf637799f52044255c283b30e808b5f9f0650207a2991314c20ef278d52e7081b6a206623fa2f7b5c30c49e6a1d91e9e2d401f9b3

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
47KB

MD5
fc18fc786f4bca88fdc98f1f59e9bf9c

SHA1
0d09b3b369f9dac3c836d4582008c78fd7ca0652

SHA256
3ed2c33d1fdbfe5d684b0f2768b075c857ba6523b5f5d85e0669101c1309b975

SHA512
e3ac697a886c04aef79a2cbb476472c3425a3d172230ec5ba2d9a5bdee00bc2afccdf8452418984cdf35dfb7535b7e593abc1076bda3ff10e54f5f7219e7e075

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
45KB

MD5
81336affa61432d5355a7b54b6d9bc4b

SHA1
67c4ae6f1901615f68148427865b85f4c81607de

SHA256
132d395730d3f81d337e77a17e1eab8074f0a7b7d3af316ee3a4dc0a38936944

SHA512
0a263a2c2dd19007cd407bfd3d67233275cf8d130442f5568b43993d2c7c758b868ddb374828737133c865bf1f4156262c05566e0071aff6d4a2e8d5d43462ca

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
47KB

MD5
a6970e3a1ac91443686d9a86d44c1073

SHA1
f24319b7f072b7b97d34ee83b2d36ab040f84ba8

SHA256
ecf28527ee315bad028a277d43e45491d7f35a0f02a6cb2d4699f88baa2c201b

SHA512
03b3695f909416ac35fc883fc03fc5342f075d71766047be5d80f577bbe124673a5a20f759f4f0ff50198c88a5b8147e7ca0c86b9c8a06716a97df7e991dce6e

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
46KB

MD5
1397342290a806212fb5505a4c522f25

SHA1
a2823d3bb283a1541beab04fc4988e4eed04ba4e

SHA256
734b5a374fce81a9335d8aaa9d7e33dffb4d67fedd52b1ae7b66ea4e97f281d0

SHA512
3d346b0df587a9ce35a50a0fbd81b6ad6183cb8764ce37cf2e305ea28ec2956279203468435778769ede9cdcf8493754427933acd9cfd5c9804d137a0965e055

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
44KB

MD5
d03af15a98f40cb3b35820cbe453383f

SHA1
ca5612d2657f7c4dd9d50381ce512021c7d11492

SHA256
a56b6057ffd617e4c7bf8a1ffedb525ae5cd023634e8dd02477a45a83ab23ba2

SHA512
dfe4a3bab4828d6df7eb7bfc76bf7fa0747fc873e99bcd49325d06670157477a4720df54a0a7fdf87cb0357cd8e560c6f7ff57dd5a3e1289f2d299599132f44f

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
38KB

MD5
a1dbdc439e51c686e71104c9c91e2561

SHA1
6b5abe37fab26503e96f0822d1c497162cadc512

SHA256
3e051cdc5a7ca64c3cae7a6999904133b716c9aed46cb2b4813c82c91c400fbc

SHA512
d5b0cfc77af910ebc1a8e93ab89697957624e89434d811d2cd9859fc9f9e13499471c7efad456a4e36d1244ccc0b7f86f9d0c4c5e02cc245bbb1b7ede18920be

Download Submit
C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp

Filesize
45KB

MD5
5b683c0baf1c9b31ee8c3d11e796505d

SHA1
343b0745d228444b7ec94d323051dfd29798a14d

SHA256
610eebf2bdb16b70be8c9c22eaba1e609dd2d2904dc39568d1aad86321983d33

SHA512
577ba0685848921bb5178b63a1c90fddbca2596c5905261b0fcf0defd47509f39cc2441a399a2905f0d037e7d3a05c01a0f239d63f5a13ca3824765e19681e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MpDiag.bin.exe

Filesize
38KB

MD5
0aacf982ff2e2cb9004daf399720a4d7

SHA1
679095312003b6ccfa2cf17df0e45e63a227ee7c

SHA256
c7e4c1015544defedd2b4bf8d4ed75c097846c162c4d438f2716091c62dd07dd

SHA512
6a0679727f922501577b27d90d321fd068231bd5174c0a0c82cf1f58aabcb8e60929221943f49bfb36f5e751ff98ea3dd963793cdf831a3733b415a03b145784

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
37KB

MD5
ec7973d5306ae5dbc73accd573e853c5

SHA1
364dfcedabfa5445982eae2af912e5e96295fcc3

SHA256
78ffc81b5d0e8a053441ba2fdf5d24ffd16161df18482b928730030119d4fb98

SHA512
e5e0cf3a9b0e8fe92f72e6b944b0b85ab8899ec86ff317c89e522a2fe4f8dc6c92cbaf5ed47ec3c66ca73e13fd917ffa7ca0c43bcf9c9134d28fff32bdbeef51

Download Submit
memory/2872-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2920-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download