ec70f66d56ae4ca682a455d19543a0e694d3c2af771e08a47d2332a0d886f232

Analysis

max time kernel
118s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d8b0e27b482d016bf78b7af704dadf0N.exe
Size

144KB
MD5

1d8b0e27b482d016bf78b7af704dadf0
SHA1

299e726df9ec8fe39fbf4bacf6f1d75742db1760
SHA256

ec70f66d56ae4ca682a455d19543a0e694d3c2af771e08a47d2332a0d886f232
SHA512

e3002137299bfd3da448a6e56deb1834af4c0cb68e669e00130cfd1446a364a0b232df111f9ca277417fe4a41a26a3ccc033f05e31e5d345693cd13ba145ab51
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5GT6Sa7Z+pApfGQ3y3RWvfmRfm9sKsSd5GT6+:6+WpDfmRfmh2Tg+WpDfmRfmh2Tj

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1042) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5060	Zombie.exe
1084	_MS.WINWORD.DEV.12.1033.hxn.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	1d8b0e27b482d016bf78b7af704dadf0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	1d8b0e27b482d016bf78b7af704dadf0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\ConnectCompress.ram.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	_MS.WINWORD.DEV.12.1033.hxn.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1d8b0e27b482d016bf78b7af704dadf0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MS.WINWORD.DEV.12.1033.hxn.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 5060	1788	1d8b0e27b482d016bf78b7af704dadf0N.exe	88
PID 1788 wrote to memory of 5060	1788	1d8b0e27b482d016bf78b7af704dadf0N.exe	88
PID 1788 wrote to memory of 5060	1788	1d8b0e27b482d016bf78b7af704dadf0N.exe	88
PID 1788 wrote to memory of 1084	1788	1d8b0e27b482d016bf78b7af704dadf0N.exe	87
PID 1788 wrote to memory of 1084	1788	1d8b0e27b482d016bf78b7af704dadf0N.exe	87
PID 1788 wrote to memory of 1084	1788	1d8b0e27b482d016bf78b7af704dadf0N.exe	87

C:\Users\Admin\AppData\Local\Temp\1d8b0e27b482d016bf78b7af704dadf0N.exe
"C:\Users\Admin\AppData\Local\Temp\1d8b0e27b482d016bf78b7af704dadf0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Users\Admin\AppData\Local\Temp\_MS.WINWORD.DEV.12.1033.hxn.exe
  "_MS.WINWORD.DEV.12.1033.hxn.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1084
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
73KB

MD5
df50d147488ff16c5c7ac1f558d51c8e

SHA1
85e8f8366518c5035bc5c34a12ee0b56bed30979

SHA256
30093c958b1e532da58592ed40fe4bbecbdc9cd467837380099a63ba8ad214dc

SHA512
fde7bb2298cd6de4eb05bf99dc1a134e9e4c9d910302a73a489046170fe039b9c0acc4e63215bf63fd5bc24582d890b5ec69d00f7f756079a66274d37964be8f

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
185KB

MD5
902da144028cd66f1ea0a169198f79e4

SHA1
cc917ff792bf4a0dd1c3568fb7f807c72d66fba0

SHA256
1ebaf8ec649f03d5c4fb29f0e4b7fbc48844a1f10b9039f1511b0a0ea973611d

SHA512
4746b7d12795843bc773b7ca2f6fcd6cbadcc85eb564af88c17b5a00793394887e8657feb7bd30068580b121d1cbf7afd631fe63c97b57ab4598342b4d715ed7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
195b67d3115e5e0009864d96020376e0

SHA1
99330836a68f6526d4861dacda889e20a4a563b5

SHA256
e5f64e843def096d2632283d71415eb1638e27b494385830e6ba353729526d23

SHA512
148c3f117ec071aeee8ccefb9bec314760251e05c7b21b1503ffc797a20d2b76984ce06b4eacffdf416ca80b36a520c6e9c536ef6b8c93d1643ced9b13423eea

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
36c3c5469de02a873cb31d5d39950915

SHA1
5c157f7e49a231509c4c79ba2a0804f8437e41c9

SHA256
a91308a0b903f9cdfdc483a2fc03a73cdbaa69901495e6bb1f304a99de491fca

SHA512
00b8c5b7ffffc06bb8b9188d53609bbd07f407fc60272554c08c6ba9ef90f7996a77c814f2cf11c02043c55c9fcd40d29ecf3b22d6e808ba26c14c10a753c4fd

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
616KB

MD5
2740d1a70107968742af9391742c2929

SHA1
a27c46c6956c438bf8077df308dee9086224fc86

SHA256
41f78bd5c8d537b6d5c524ab45934bc6b62d156ee4e2a7f82ee53d6c77eaa43a

SHA512
0c6831dc97036d9976a7b1be64edad190529c2540105e20744194041ee0986ce85f76f402a0fe9fa4078cc5e83253b4d01ba55ae5923bfb04657220ce2138c57

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
616KB

MD5
2ff7deeb63f351b554bc825eba4bd4d6

SHA1
72a045343966d1cf905743e8f397a84e9419838c

SHA256
f7dfe6850b03ec70633b8ef71c5cd9fcabfa719e84e5b8dfb4c171541ba0784e

SHA512
20542df008002462363988f0321b08a4247f35155ca5814fb1ab57a0fa344b51f29dfead4870f9079ee73c72167e26844ca5d1f5cca3f4275711a84fcd6b83e3

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
282KB

MD5
a39b117ef98570f4824805b2c465acd8

SHA1
29da08c41536cd80d9f84b17a991c6f6f9fee2d3

SHA256
e444c92a1c1c307e7a8a657d3684b02f89a7a27fcf5b5407f294cf1ebbb46a79

SHA512
b2e1f50a6d88f9b0519403d54d587eb02594e04ee7e4eaae1955ea0058f70024846866c6193e3bf9277482e5e04f1db65e52b5b4c48291fd9b08b646dae975c7

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
261KB

MD5
e974b704860efd89b01163d5b6bdf8a8

SHA1
fd02125973cf989e178b13498959e01ca9b37fcc

SHA256
d78bf02ca5a14854cdcf58149a87fc63820bc21ff1d0d2866e02f34b860983ff

SHA512
f0027edf204435ae46e95eb26b93e8a4a1bb1ff3ba355480dece5b57d79fd6601111e82cc2d337ab52981b77595a42c16277636af5811f1e1b093387833fbb65

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1003KB

MD5
35b8af0308b30f78b39f4e702d0cfe01

SHA1
067b5cc4010d9df0b90359468e4314838e39cced

SHA256
85b48688080a407cac0da804cce0cddd9ddc153c864ce8221a4b9629a996b739

SHA512
f0927f8ca83e99aa8168ba213ae596095fdd192c00742025d506ffb440d191741af1ba5c9e2d7deda584f9dbba99eff51a6f5a413b1f30fa9086b31c383bce44

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
756KB

MD5
75b3468f62d8710d626f828dc4a46e9e

SHA1
e2827d866eef7e243a5c923be6c1adb78c44687d

SHA256
0792474e2f743bd688c00ad22f170ac2a18332f8559b9964d5d7abcd27541249

SHA512
befd065953401cd7fd15d302983e6b2516837f544f8b47e7e586b8a2c8844492f79e87a27465814b7f1f89fecbc9884d78d924156699d67d8450726c56d96414

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
129KB

MD5
32f4b12542840302d67d8416500113eb

SHA1
6199804323ae16334874fc97e574fdd9b0e99497

SHA256
797eaf08cb20bb5821a5dc20a87082ffaf9a0795caab9cf1babaec9fc78242c2

SHA512
833658e30f997944cd42d1168e9e37cd4d4e17fd6e3bceff47d05d92908f3d66ad2032b5c96f985e48bffe92da36121beac5273c646757323e866ba3b4f57ec2

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
82KB

MD5
ddccf0971a8253d18c9c82d0f6128167

SHA1
0e3db51c3f1cc1ce2f24f5c310f5a67f24f0397c

SHA256
816bfeea51d01143ba5f15baee9c4c2171d62324310e0bc5c771e8f34052a10f

SHA512
d561c9fd79b133c0d5ad6f3175cc6dbaa667b24b697744a72e17de0867a0b54a0ca4d6a7caa5bf03ad8f0e71bb6a2ffc2047ed6f25d5fa845ba30d68c8f1f6ab

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
80KB

MD5
fc3b403bdd1a49352fb45490524ade45

SHA1
40449243beec4e572dba49d90e3a950e4fed261a

SHA256
b1db972146042472b9fa26929876059eabf670da09ea72f09d52d51c64b748e7

SHA512
5ac58322c25ed9c0cd5300411c54ed32933270eb500e3e9a3f4699e46e17af88fcc5f86da436d27d46817c76cd5453d5a75b6c7259de8a4424874ed5d5063727

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
85KB

MD5
8fb45dd24c88f270bcdaccb4fa693fc7

SHA1
781cbc95a5324e4037553ceb0c536228d143889b

SHA256
baa0b3890d7d5a6a80e38a14f63456a86f7b26b77300aeb572a054ee3228b505

SHA512
4093e3652c2dee6656dee5e38945d929d6580357ad04d42c61b56d890df1661e8e5319aea21e311b52576b8b39b7dd98fafc2a65d34b524ede73738475e421e5

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
12KB

MD5
5b7a3cd76ce32e54144493c75053f6cc

SHA1
40c5b2047c0e6fef1c71792862cefa38d86064b2

SHA256
c6e9ccbf0cd27a0778f3bc9ee234c54b167cdcd49c0660492f773c20a891bee3

SHA512
f28871bb6125c6d6a46fa0f0779cdf7b6d57295ee6ca7093af7c0849d8d42ee75974c3dfe826f731dd290303124cdd46d6f8b7b98ef2bca5355ff441bed91416

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
82KB

MD5
0f35bd7684a29a6ef843da489918d488

SHA1
713c61944563873b8a773e7387a6ffef9f32543e

SHA256
3b0b429e689b0b308f00ff11553492ac6ae4a308236b8f7df1a57995caf9f1d8

SHA512
2feafcfc8479ff73b4f5493ab40e7dea5f6a92442cb8c9baf29053374f447510baadf59de2c0c56b6f296f300c3cd3260b5067d86d14af97a37e8aa729865c56

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
83KB

MD5
b28b070357d25c4b31e37610ff8b5ec1

SHA1
1740715c30f7940b86116fa7213ee9a0c209fadb

SHA256
1c87fe78df2743db5452a16f0c23ffbd96e34fe664f7aa3624071f6a52683b04

SHA512
724434380a6bf51436d4aa0b254a78f103c5bf9bf5b33e7a2b1466a04601381341e594ba6d7dfc19c101dfd50fda4c46bd16d82c392b6bbbcedfded001c7da64

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
85KB

MD5
ed0f274e47ddda68fbf49c829f8dc80d

SHA1
f4f8749d8668a006772a3e799df75b56c0ffb555

SHA256
15293671d2f47f2d8b6613c742a75b42b5ef2a43c4512abc192ba6d5f8aab0c1

SHA512
2e85daca37d5faea8728e669da8271b06eedab9c32f907f903ad0decfb757576d709f7f68ca85ab2d2f913c6dd8735a67952f0183411e271903b2cb353ca34f1

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
87KB

MD5
2551996432383b9217390d0466e09d7b

SHA1
0b7bfeeeece268a34a57cc4e3b7bd9fac3eb14b3

SHA256
67ecc3a28046911d2c9c8989c2ff81e8c453e3c548aa8f28c37bb78d42ae34a3

SHA512
59dd64ee1be8aee6db668623bc5d0601cda5ac934032a6106079228318941aa08c1ac5246dd1e7d3b71046bb03b33ac394bb6a90a9a347437b3b0761bc1f5ae3

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
77KB

MD5
6d19bf2d66d63ea0ac48861a0d04ffba

SHA1
aec2c97e5b8c5d58e5f8377f6fe0fcba5f5b631c

SHA256
d82e49e9e8d1d0977a5331c97c02e497c7455baa748682882963d22a4761a308

SHA512
1a082d19b5aa6e73f04ae49b0a53e6b29084a4c69af31ae44d22cdca3ed43c585a826f3165006b3ae2120ddf567477bbfc26b428c91d01bae2f7ea1639dad7d1

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
83KB

MD5
5b8c455afe709c5a31e3b030eb7b985e

SHA1
cf9f22024778457b5fa0ca7da0ab4d99cb050eca

SHA256
90b678e12c03b703c90b5463a89a9cee971fadb0374da5251e97dc39e9299fa9

SHA512
a995ad98bfb2f1e5b7bdfe421e3eb37ffc7d42c8cf23bea131624e7f13d7929e9491c77ca932f422ed04d68f8e2dc2eb731e6a8074f6da109e6fabb0f7fd98c1

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
81KB

MD5
81d13f12ac379e80f12a9f5e275623b2

SHA1
7a8148eafb572e13267c04131389a83159305dfd

SHA256
bcd5fceeb3a101ebfdeb5a936f46351e14ba2ea3334ab7f60f7f85cc05dcb965

SHA512
9049f4ad457ac56c107acd4855cbc8a12518f7053c5c430fe0e3e34159f097e6579d6a1ea4ac189fc2c023c60d67315af1e9944d0060ef4eb8a8af5afeef9fb3

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
77KB

MD5
b49529c84ba82e7e999cef067e59ce45

SHA1
7fe6e7308ebc78a78d169920634adff6158ef463

SHA256
7c408ea5c779e44fd67f13d900d8a63b53ad188956e933e3ff935102ba589028

SHA512
332e99421c8804030dda3df1347b4d2631f10af2909c7dbdf4cdbc3700c106d9a215d9a29e3e8e7779de892a6358faceafb17263e81789a6be63c8051bff30da

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
89KB

MD5
887475989a1026642be552af4048fe20

SHA1
d5cc77ee0d294a72edf9802fa975dad2faec96a6

SHA256
f5c7a9ee90dd2f230781dac657e92f82f200568e9b3c7158105b3098f2283cb1

SHA512
c0ace63d55ede29f06552b9d03d56c7ee0421216026a84e3a471be68bc0c21940fd023fa4205256ae59040c09abd905f898252697ee4ec494d452c98d458bb82

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
77KB

MD5
15f56a70c69b83ec8fd9fe1066c93b19

SHA1
699773a25a07552ec001de6aa3da6a0f7455d7fc

SHA256
a7a0c509021fc39514f5631fe243b60aed2be58b9a99f22d488521f271fb1c93

SHA512
391fed1751ddca2fc0b879f8fc477b2bd84544d1f4ca1ee8d775a8c00c9e4b7a9e364994e6ec2d61983f1fa85d994f5d1f4adcaf77b7caa699620489c31b4397

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
72KB

MD5
9f2f5c387be68211c5a74c4ccb076a54

SHA1
7b630eaa82f5d74068af9448444d48f82da867fd

SHA256
92b0eac4f735c1b793ef72e24021bc4abee77d02e3ac9c8a06d269d17fd15bc7

SHA512
c792a487482cbbcde73d66e07b09873684f4be80e722befe78ea95d6b0d2ba38301a51f116c49ff00b66df1396fac21e511c283d887dff50ddd95f0e5bfe5fbc

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
79KB

MD5
ff3c4f75c55b4569992797d5008c6834

SHA1
9a15c9165842911fcf9b3898493f9340571222a9

SHA256
3aab65fbd9e238a00955f652312490d34eb6e288ab18972f94a189654c00f98d

SHA512
e0d323de8c7ea69c79d62dce32504b4116a9f270344da9bca38e7f6b9555ac00a47439edfc574b4921912c118ff5177193c6db31f97bf9b496864339db13c478

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
85KB

MD5
07c611926b9ed4530c22176befcb5d18

SHA1
be3c22e7075048ae9e3e63b404f75b8063360b88

SHA256
db5306bca2462c18b0e847fe468ada0e34e2a37a8807125eb5ae6b4a6caf21f6

SHA512
f5e3a98cb4a7da9d2fe20ab87a0da4cadea1d0da13481a5ceb05cd9bee146f10dd7177b8e6c1ac54294e9ad56c6187a16c7a692d6718880a45fb9b0c37bd18ad

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
72KB

MD5
85c31f89f3c31ee5c50f8fabe933720e

SHA1
a8e5471b30efa65e28f8f5b0ada70ef8fae43f8c

SHA256
d9e3b9ae8b833fb86184a8426d8c5dac7a514b03ee706c2844241935466a22d8

SHA512
339d6b1d0c5cd0b07dd9b4e59b3cf75f77be7ba22adf18372048e0f2e79c1c3080c3050256ab323afabcadc8cc394cec693da5a90047141529f19442538ca9ed

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
80KB

MD5
dc96a89aac0e6fbd3fbc640401d231da

SHA1
1cfb91ae4f7d7f9104f999bba4844a571259e9fc

SHA256
f1cae69147c2e4099ccb11cb34a52262ddc7e0ac2314b2cf799885465b0e1ee6

SHA512
2957ebab22e12208dc75ebc029dd5938327833e30476d14d74aa6b4b7fa182e751b1fe69446a2d48baa693a40f996fdc768a52abff1e054ccc973aeb3390d7c1

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
79KB

MD5
90d418816e4ed74e8b0237fd6ca407ab

SHA1
c8ca1a40252d76a79840c53207830cf914e398f7

SHA256
5dfdfb550770820606640a2e1f5ea2ebbd1b93a74d38d12d5d29088effe64dca

SHA512
8e18387c5959b43acc26d55c925a9176c4f0d34814cae6c6d17a56bb222ab150d12968e427f79a581f643745880ae593b7f7aebf669875cd742598e77ef91f5f

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
80KB

MD5
d66a3e0e63eb02eeeb02c00345d75cd3

SHA1
07ef5d7cbbc2423199442e5f393f10598cc2ab14

SHA256
3d59a5f56525e7eef39e8fd284a9f1b161438b48fb3d95a35ebf412f62bf9382

SHA512
ed12580eb239e489e6c922afb0fc0fef817648a4e66d2ea87c5452f7afd97570919855cbec9c73b231521b7b0f8563630153b7774b9c8edb7e3e573c4eeff66c

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
82KB

MD5
4dc44260a0b91d5289280b06c1a7822d

SHA1
77e3b95b2ee8b7983d4a72df407ff65216d29877

SHA256
b812715ca45db313ee52b7bf42e15ed7367517120979e5ddfc6fcae665f042af

SHA512
eefb891559bf146658a6cebb167d7e9de97b0a75629aaffda1cf79524dc1c5189405a957042796bebb1a4eda99e235025d128b6f63e5166094ff02fd76d5e542

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
89KB

MD5
e1deafab0d80487ccad0f052727d7f0c

SHA1
c1f955f2c82c69860d19e72ec981f3b352b71a24

SHA256
ba404a9f3cb1cc1299fafd7d58619c48da6cab93bb5a94c1cba08fff5cd58e67

SHA512
caaf1156f829a788af183aea2af9bd01934c0625941cb420cc201ebcf2f964831c0e388315025e04e9147e182383b8da6e08f3f4dce26ed12da4451f8941b4d9

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
90KB

MD5
41d5a130f5f19329b4ebc792c69c22f5

SHA1
08c3a632dc8d977ca6e1954e2a88fd83ad309d41

SHA256
45fd91b8c3745677857d7f8222f208fcba59c059a1cbc142c2b84a0f43dea958

SHA512
d764428d975860869e31b3465656ec4d6f8bbfdb7c821ea7901f27e9c86a1a9713bdb6fc6f6c7b4ca42b724a405f2fa17c0be53e66c2695990c54c1edb457c9e

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
86KB

MD5
2229924cddcf71e14f108f8a2cc73181

SHA1
a60863c9046c6f1393143ec5b6af8d4678d98f7b

SHA256
c724923839586d802c71adbbd2457122ea20b5a6198c65cea4060ab6e184d99b

SHA512
6f7878600b6cbf8f46395c414cd2c8cb480f6bc05eef1a933eba4c880e0b072feb9e0235afe74eafd3932abf7f2c38896bfe053ed32cce84291fc64c1db1de17

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
81KB

MD5
abb9bb2c1e68eed23bf75755117ab6b7

SHA1
5eec76f0759db37d9a0e09f88d757c810ed37ec9

SHA256
741734e742af2ff4695adf579bbe987aaccd27ac28724b6e7820ca021e7e8f24

SHA512
4fc535690f39986bc415eca8993383773bed6757b3fcc40570464bfa96aeefa8e648c9ac48b9f50c6fd368b0c770a6597b102291b0bd1193b9b3331230df83fe

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
82KB

MD5
c67e44d62909225fc2cf6a10deac6f69

SHA1
b601eb64b894e4df616f48b6e61dfe8e20db9ca8

SHA256
f6209695d6eb193fa72a9d12c1538583f2a81d65aaec32898360c56d371f459e

SHA512
53943c61274db4a2a95b14e2724c2d8adf1bb05706250afa26deb64e755d03fd8506482004286fb0fdf53c5503c62a081d7a557dd911859ab385f1aa29fc9b90

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
72KB

MD5
cb006ffcde9876bbcd3135deca645941

SHA1
5d7e0da5dbebbdade01940648f185a17dea29981

SHA256
ad9dfa0266216c96215d8913c8fa68b669f528f198e476a2d907f71a386390b3

SHA512
b410ea812febfb5dee65ccb5f49ed47f2d33e945bcd420f0aa3fcc16da4ee8ebc773fc8c72229db6f8781bddc8c00ad8230095a7939f7cf20be1ecb5f9fc8919

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
90KB

MD5
ac49cb01ffc7829d9f3603ef4c228824

SHA1
dba21433009ad5f1929644b993baf632c0520f52

SHA256
7a69eebb046a15047563c22ce4e48448d21725bd5781ba487c2f07f851d27356

SHA512
d94de1885193bbc2453ef06a0db370d61090c976a7f731cab2caefc7b9f95febaa560ecc01789ba57880a009a13f82fdbd9380e3b39b405cf7166bf6d11a122a

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
80KB

MD5
a8208aacb4bca84b97ae240db385e30e

SHA1
6fafa684eadd93e51d229a6795de0ebc813f317c

SHA256
9e8b87c4255d63e519c4228c35c6121fe1d6f3d8664e79c73ebf3c5097614ff4

SHA512
25916cdc16ddbbf0a1a96550f9bc975c590033715e3c7cba45140299899041d09644e4805215c5b2a19878719a7d93270091fefdbb15c92a9d00d1ba28b91098

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
81KB

MD5
40498f3870b04ebd51f2fdc06b1b9af0

SHA1
2bb8ef721766f77695b9f2d75a5227d9bbf13174

SHA256
25a325ed3a5e2983ae31ca5ad285a38209c56d1233b5a38a79e3304ac6973b63

SHA512
c972a8c30939bca7fbd5c3b135333e8468e3df0faeb52b316237f6020daa272e35d5c036abdef5d44d570de52739ca4da5b49d8dffb32057ee1875b871cf9c63

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
82KB

MD5
9675e3d50c99b619bef29eff8bc42a05

SHA1
cf57d527e9ab59a92322c677a55af8ba456152c0

SHA256
86f4fc40f6a19fadd5958f6f6d42cb50c9ce6ddb36761f7aeab0b459e7a116d5

SHA512
cd27d98f4b8ed1a863dd2c9b14cd04b3fe5eb9664f68bd37998fccec922cbb3d90add948d14939a909203adaceec60b08865a2d797c8d4b800eca756f46c3f3d

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
84KB

MD5
d69b745305bd37ef60d8c9a2a5f54bd6

SHA1
842019895743feb16148179e182650dee3f3fb13

SHA256
e4ecc87aba4927b16a3a45a516997cb0a811e283c654c703981c9f2ce2f33666

SHA512
e5b22ef1649ae52507b216c4117e19f2bb6861cb962dc40860dbc55670433e279c01deec573838cff65e17984a7c7d6c3c308170e339825ddc89b67cb10352fe

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
78KB

MD5
e572af3c3bb5480b97fa1c216414fa2c

SHA1
0c225f99e6f87947798a4999234ecb060bde0bf6

SHA256
1e581e88e74b6a5c149bdea433391c8459ae7f0a19ae33b1a58e34ac4c92089c

SHA512
705cbec2dd8bba9f7506c6330de9d7e7639a006e92730466c7c8f261188b857b3370905d3d711e32abcab27a356610647c7ded3412a772c6d085022ca2edb1ad

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
85KB

MD5
4ff46e738934f3b5821da046d47516b7

SHA1
337df07f2062148887bb3367843003caf0503533

SHA256
80cad16e28ba9321c591fbbd86051c7221059bf9920fd275310b10b011c38881

SHA512
6b2e292cf0cc3ef5a74258330532169604cc9d14351efef728406987ae4fa4135a87963184260e69d57d781d613add8d3b4ec1414405f7188a7de3dcfefe3d11

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
72KB

MD5
dfd55ba8f7527b49ba986b989ea4dc81

SHA1
44652e6214e5bb1b45d2b810a9cedc067c6789f2

SHA256
6e161b125beca18cd094c4ef4963dd9694f480bf9bd621f064774f9f7e920dba

SHA512
76c29eec734b4973cc41e28461d426f1df246bbfc0cdd67eb831751ff7edbb719cf946ee9e6607b489cefddd34acaa2a127fe9cf4b7a48d42de21d5a49749a2f

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
81KB

MD5
642a6096787536944b11584d7c9f71a4

SHA1
ebd9bbc93222a5e3529d1aaf32987e2c11a0f47a

SHA256
a074629bb62d68b94a7fac8baff1b77b2c82afed5298814b26964ef0b71bf2a9

SHA512
fe640d5d39b97ce9c7c21058cdf6d23736143fcf432eb1c790cb081ce95cfa5790b1aa9668f41c9ccf1bcd72ef4690abee80791953eb6236182d88be3d377c90

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
73KB

MD5
fd00b6b81c6b9a9666dceaf56a1eb068

SHA1
312c523767aa782dacc07a10d9f65359c71769b7

SHA256
1ef13ab2820ad5f58e15d9496847b31b7cbebfdc7e2a33156fbf32d6ba340762

SHA512
71740074cd96e47364f90a688ad1f72bf06ba773956f3e009148beb1f198ed3473edeb3909eccfd9a21f59a0c7d596e32a4449f9f89da4243b9f6f0c824f926c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MS.WINWORD.DEV.12.1033.hxn.exe

Filesize
72KB

MD5
61597ec7d0bdd943a2e74442f1993b7a

SHA1
216d6b7904ea9dbb698606721e3fa30834b479f5

SHA256
65810947b8796b767f716adecb36f92b72a1d716d0663e38fa20a1261982ce99

SHA512
cda73f3c7c57c1c885937841c641f0d0ff551708420ee5f6a4adac010c6368b388cedeaa594dc5c83031997bfe0baee699283009d82d16bf550c5c5b3ad92ff1

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
72KB

MD5
b785d14341e8650b66c4623542f80a70

SHA1
388120407a400befc984e2c0661a00802342ce5a

SHA256
097f37b1eccea5ff95575095019b18d05fca11381bf733eef0d245e7d7947d4a

SHA512
10cdc623e96b28506ea7ae448e1b1b99f7e5581a6ba2b69b084d99d519b38cc9ad289e80bf17bd8164b31c3fb128aba8bfc6ef2a0d97e34945bd2eca766de870

Download Submit