268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe
Size

206KB
MD5

6bac7c483484656a31483308bd3ecc42
SHA1

573d899ed7227e76f6a8efce98949d66b7251782
SHA256

268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c
SHA512

0222b4ee55f632a99d1d30a0c966a6978b153d146099c4b3f2c9d485c87eb80c7c8bcb5d169923336fc7224b49dba639e468a58326267cb37ec9818520e6f6de
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888P:Lpe+ekeq1Ype+ekeq1G

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5030) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4744	Zombie.exe
2996	_RoamingCredentialSettings.xml.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	_RoamingCredentialSettings.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	_RoamingCredentialSettings.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_RoamingCredentialSettings.xml.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 4744	448	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe	84
PID 448 wrote to memory of 4744	448	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe	84
PID 448 wrote to memory of 4744	448	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe	84
PID 448 wrote to memory of 2996	448	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe	83
PID 448 wrote to memory of 2996	448	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe	83
PID 448 wrote to memory of 2996	448	268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe	83

C:\Users\Admin\AppData\Local\Temp\268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe
"C:\Users\Admin\AppData\Local\Temp\268188c1bf1297a227b82968be3609e55b23414a8142ae1d3ae61cc36d9e9b1c.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:448
- C:\Users\Admin\AppData\Local\Temp\_RoamingCredentialSettings.xml.exe
  "_RoamingCredentialSettings.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2996
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721909339-1374969515-2476821579-1000\desktop.ini.tmp

Filesize
106KB

MD5
40313b9c961728abcd99886ac29f47d8

SHA1
ce2771ca5dd7ae6d25c331a8872fc22d8abb7503

SHA256
3523960690f1e54b7845438a2f5500593fa2e247a4fb77accc547f8cb6225420

SHA512
260322f02e352174f31697a5812cd22246c44e613b88da4a32c24d121b54b1d0ebcf0312e59c3ad9e49cc7551c21a2bb65ce6b7ee3d50c35be76a4dae5e62ed4

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
219KB

MD5
9388bfe1fdaac5b2b34f4bee53c52637

SHA1
6f5353a4a69743637315ebfe4572826f8b510973

SHA256
a701138dec67acf4c637dcdf045e62585e7108be74339c739488531219aad2ee

SHA512
9e7b426d3b0920d586d5ae12613dc3ab35193e051da7fad4c53978bc752745cc40a2a7f60be763d1a862054a9036995cee28af0a59485b341db46f542b9d115a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
205KB

MD5
24db396b44d06eb4f586d0a5e267c028

SHA1
84a8d3099112a294894b33466974249b7dcc9f2e

SHA256
71ba049f73c8a3d686ec689e54c5a56ccd6948a38ffa9358be6301d5dabb771b

SHA512
113979bb3f245fef74b92b40be3b45a78f69b618d15e9a4af6124d7147476f96fd738c84b680ae79f34d709a1ac1454cd7dc13ec8e1a3abe263f1f7530fe7a24

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
171KB

MD5
70a67ffbfbb0270a97f9e60a919f7690

SHA1
55fc70efce3a9cbe65df0930f9243f98b883bf55

SHA256
23b4312ba1fab4380bbdc4922a5b7eb22a38000f1cc97a05ef4b89f533846ef8

SHA512
8408015c4fbf3a15c661ce1849f7662e42b5faa45a6913af05f7c9949cd253137eb6b5665fe6b67e458e61fef8d54133e045e9d23dfff526ebc58fa6da775eb1

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
800KB

MD5
3f77eef2576b70e83f2cacbd0d0570c8

SHA1
264211cefc8f621c34cb8302d3d420a9967b61ab

SHA256
c45595a123634c98a46a07be33142f89cc9eeb03db2359e9a67b9e36590b8cf8

SHA512
aec0c92cc5f72e3c820d2c3e35b8528bb59b465098a913843be3f94ac43641602947c2ada3b51f550ddcff76d50b028cf099daaf37c7f44f60477362b67e2c9b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
650KB

MD5
3e3444018f37257d0c6be5c12ad021ce

SHA1
6a63fd86e69eb9e1ba9d1888a48cedb1ed77a159

SHA256
42d3cc7d0fcd48bc0c8712d836b1afa7fbf0351205f9e381977177b3494deb8a

SHA512
c9cf1b799a26b480084345dd9b954aac60aa93bf120960d6e409a128a7541684780018bc5a6ba0ea84d946f289284f9649b6c2b418336977f77aa09487dabdb9

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
316KB

MD5
c6063e468dc00c1aec137fc1e7a9e73a

SHA1
ae653a603876a565e8744e99e9c6f392db3af7f5

SHA256
a820700f5bf066119fefb36e4aeb3794d02ff0c8baa6c6298f9f426c332c7693

SHA512
2299614313fb398a4335bbaae141c0b68ab28e5f09f95e64e87275acd3e6d9aaf7d83784515850a60b7d7ae5d84d2e3afeba8124f4ac9ec1af0dc2480480fd1f

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
295KB

MD5
0aaeafeeb36e32913020cb094db8b715

SHA1
7a334a7980f529249dc3e9279acbe66c57b751a2

SHA256
16eab5ba46163995022c38f85395dc79319e1bbe92d74de5a3aceb4014e4faff

SHA512
2627af64015bedd247e3c979a92d406989bb0261c7dd75658bcb784b9e2550103d03cf262a55eeeddcb205ff03d91553a5bd59bb7a3544da30b0d3e872a91715

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
1.0MB

MD5
be753664b427e7fb3de40e24b0da7f47

SHA1
d1b47715e5e3bec9e26eb15d35cf98191984b619

SHA256
99d51abf5d65e6583aec689a4d45eb07abfce59f819ea32042bb59f64870e138

SHA512
08432badb7630e4e9e47f17f46ac4eb46e9baed2acfb96f2e9976eb70c5843db733e7ab765f0ecbaefd3c844590bfbb7977504c8b09f2faf66c0d30c30e77d59

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
790KB

MD5
b639064b6fc1be419bbd429c2e643ef2

SHA1
94e801fa0ce46e73130de4f6e1b78d5e43458b39

SHA256
8769cf8615d8bd5bfc3e8fb07bf754245ae45a02e0cb09e4a4a8ec784216352d

SHA512
8772d535aa3409375a95a8270d7edc2b41929a9640fff22ccb02b814f6c50be17a5640e99d895354c86e8dd374a3688f15399d38da92e836dfe410257c248e48

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
163KB

MD5
a71d30405476f7f13e37e6e56664e26d

SHA1
7697f498f5607deb988a5daf7fc88356e307c0cf

SHA256
fe85fbf9249c69d3b9ee1dcf17c21cca571c2684bd6990fc4b0ebeed3b8c29c4

SHA512
0c5a48d88144d4deec92365ae590b743d79e2ee3cc1b8ebc4f0736d0043e7f4c021204f311f5f19d4a1547baa32fd1805d19dc089b371e362bff718cdef0b773

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
116KB

MD5
f87c1850ebbeca00af46e74379520138

SHA1
9257df60d5a1d33be507bf8b1191d7a931ec0645

SHA256
9dc4d550296d9be4a4112ba375d04178098a496439ca59a8f322959d201d6835

SHA512
ebffb9bd5d9933fd222c82cbbfe00a499879a9014317b014501c99ddbe886ab20d4f184995095c9f7bce1c3728707851a4fc29dc552b29a1194eff03d81fab25

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
114KB

MD5
3be98e6cafaea766204b8230e2fb25fd

SHA1
e08a6b325d47d9ec59fbec1a17aa19e5ccd45be1

SHA256
b8a6048110eac21811c3038dc484f8f00c56d7fe1c97a58e4932d48f8efbb3fd

SHA512
08ad4c3b0eeb4e541f6ac28d55db4db8b0bc536fd99e96cf63d908fea93806406dc0d85989cb647d4096b32c292f1e5d4726feffe2b385de2646d9741d7ff174

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
119KB

MD5
0c6369401afb465af0a51de34809ee75

SHA1
f1cddc862ebe494ceaca27944cc3553092289d49

SHA256
356b21a9915c9643a7cf1bea4e41d594e07cd41aa1dd230524e5d60f15d5dbbc

SHA512
b9af6f6908621818d8f13bd0d709dfe5a23486d8a11dcf8765a06c72a87c38caeb46e17f04139b0e695fd46c8755042988d26faa52deed67b36d2cb0e841293c

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
100KB

MD5
cf0e287eda90f73d1af41006d43baf85

SHA1
f63717c2a3bb566cc90a7ae44f34d4c36ee7fc47

SHA256
d064ba642a692a8765acfc0a08c2f4b7663558fc11117a14a8589a7bd2e7af67

SHA512
82445d353b91b491127758b8e375aeb63c2643bd30c319fbdfaa803138998e6c024f71c70fe6bd612d01e2a8846403c3ae3851c8792f60ce7c82d741e87277ba

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
117KB

MD5
cb375235d6aa94906ca1df889e7ca3aa

SHA1
40b530e3aab16bae3bb27717324630fbec65e0cd

SHA256
b3216760b1dfc0bd1cfe68533ad099809e4ad04836ba88e9ba98e632b68cbea0

SHA512
6cfd000c3aad5b85b105453e26589713bb31dbc8eef03f9f3a8e0927ac26ad9c0c3a6c04e671d42be5a2fd7c6a5d308b0a943bad7cc8617bd3ac7d09c3192742

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
118KB

MD5
fb0c30a454791b06e2eb9334a0c8c284

SHA1
d1f9030b71c6007d4c5252fd9de04bc13f96d1c3

SHA256
f8ed08e3f28f4f579bd352a8597b5db030b28d123769658e3e1a5bb3d2778fa4

SHA512
ac29bae7c8cdeed4e57ff0d1f6c711b88ff6765b43046e3eee78819e886a61cf9f2391bf3d766803bcf4ecd8e2fccb8d9bd8fdb21abc9d51b768af7175d22ce6

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
119KB

MD5
99924112d597306bf527cb74abbf5c5d

SHA1
e78c6c3d499cf56591fc4fe5efa0964cde7cd4b6

SHA256
bbe31e675b54084c08c7b0a9089147761bf2adb1e8ea6420b42344155f820ec1

SHA512
354e1e69eb85ee694828751a5831798fac72caff2d82119ffca0ceb7c1e7b76daf7d6a06bfb9e65fd4528ce4449ffcda76f1f6c7d24bab5652a02c938a7f0bf5

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
114KB

MD5
6de593816542f37d31e3d1b08cb98bda

SHA1
e31b9156aea3f6068316a8f0045284e3967843d0

SHA256
b098457d538f4ac45c175955b8344ab28f81c27abfb3b76b1e677814a3d4e514

SHA512
bbdbebacbab1800b17274e26fac0a4d4e191b6a8f197d4055eb804ba79b18a4c9453ba6aa8e2803e6a81d9215b65237115ac5cca8df981d1bdadc2dc45059a55

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
111KB

MD5
4f25eeb6ed74d28570ee201d00f4d0a9

SHA1
0ed224a2bb49ee5c3523e1d26d48a822580b2109

SHA256
74394d5f6e2ed23cc981ca1f7287ccc090327c973442f74b7c0084c2faf972ee

SHA512
be4241f986ffdf6bc5304c2106984d3b65b7587fc0184b1de620e5d33b0dcb1e3c87083e0259ca7672f7989c1291cfa0b23005c18f06a2a000ea9fcd631393fd

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
115KB

MD5
b7830e526872be949abab276dc85331e

SHA1
cefbabdbaffc290de384a1a8970f673a2800b7ad

SHA256
cd05b269493186c604b9303ef2efc4cd50c1a28ec2f64e24813aa595c6d8ef6b

SHA512
d5dae0616437d96628706ef1e4efaf7d39814024eadec60058d49f9bfe4cc11809c6406897ae009a197e1650518f032c555a4568b504ea3a07f4edb1d99d9f1c

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
108KB

MD5
dca930ceb8116758e1c62bbffe67a515

SHA1
d13e07b0d06a4160a40532985bc161cea519b787

SHA256
9e950e9512dcd7d3c4671820af34e131c28d28e3742bdb584bb1f1ff2774cf2e

SHA512
7d0c1132e6a906c88c76943a4328bb9ee0d834897b15174fd5ed0f9357e655cb7a3f53769375de1e1b348bd3a58181b4cb183d744aacf812f77114dd3e2a09ba

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
105KB

MD5
9753750706c8560833992b32857de7e7

SHA1
096681a944b88a901930f3accb4d0d5e569808f5

SHA256
67e18c0d8db8c91015cb6657ed91b7800fc33746ca7d1dce5ca7b62504b1564d

SHA512
53c68d2bab313b864f7f9ea7e186bbe8136daa0a15f2eee94aef08ed43e0d8e251b25caa30a0d12337974b86e3bbf358aba4315f386490dd0b22be4e31288522

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
109KB

MD5
5f2a42134fc8235cc643c9112cf27d4e

SHA1
764c4570374ec50d4b2e4b72cc6d7884f552be76

SHA256
befea3b3b33f78a004aa6de1a823fd62f21f7b422c82380ef7b3ac19d4842151

SHA512
694729902803c310153cae421a2d0cc4d7eb6659058bc666ec2559ed5cbe8d8b7502886eb3fea049441113f8f7b039ba7755488a86cd49ea3b029255f7dc0615

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
116KB

MD5
7d550be635de1c178056a2f4ca22a52f

SHA1
6810e7b03c92622edc853aa6f1b98e7091248a91

SHA256
758cf8e01af10d948a4f09aff0dd87693ddd7868699866b5a66464ce20b77b35

SHA512
d04118f66652dce42b1db9b82991382c7967144853dd5208efcd59a789de6a11263975adfe43c4f23f5fdd5036c8cbd549dc9bfbeabcfcdf27e1001404495085

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
107KB

MD5
371a815e6cbe0a3968ae4128780949cd

SHA1
85e93d40e6e342ba84971b3f906a273a397ab39c

SHA256
ba5fe9ab09bef3b3eddb21e67dcb0f7e905f3c6f28ef4d0ad26d6035ba90857e

SHA512
bc50441f4a8037100e93c700bad37ce2e292cce92132d4ac20e59468d32daf83f52e9210128330bbc0fc4c7c130e678939bf35e67613a02fe86e96773a120235

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
111KB

MD5
bc00b3ce547ae4a669a28087857ac7ad

SHA1
77898a18d92c1632fd22a816d023cfd46063ba9c

SHA256
fda41db61138f2bae6cfff0bcba80c16e176c1d6852c210134831f938701d391

SHA512
cab71168a22819395aafbdbb090e9437ad7672ed9b7511b80cd5b2c20efa9ad04b0414034a3013aa8e252cebecfdaead768733e35e20ae4c3407f888b10e1420

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
106KB

MD5
320daec4a3514135271421441c78d6ee

SHA1
a628ff4decfbc3e9406a054e768079a443d70740

SHA256
7557c7d809780a800f627fc78677a084a57c896cc7d57ffd1f340ad7227bff4f

SHA512
c2035ca5dad1a6dff5ad051ca762f9598ba4c0fe4636469a4a96d7a94a796a80c5e03550549ca32d20db516f1e4c9f89eba097371d53c049793233c91a8f3b0c

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
108KB

MD5
23b9217635080e9c4fa0b7b884bc165b

SHA1
120d319e4a5af844cbc47ac58a38042081be34e9

SHA256
96154bb946fcb43a7554c06a047224d19a44d121f53a56b8573ce01a28bb5aba

SHA512
935b8273f97e7d0da2bcda71bbdb16b7325aa5cd3b1f42e909b627696304cf3073dc5c1345ad5471d314e616c8b996362416cc0ddae6b7ae01f8c34e108c3446

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
113KB

MD5
0437c43f33666f5f6fcdb05c9d7799a0

SHA1
f8a7a3f6a658332d81adbf8a54767f8c9bc131dd

SHA256
b942518dfeaa0b692ee2d768d1993e64861a8c8ab682ddffffa601679fed5bda

SHA512
44695e5faab5694961842cae14c8d718d9c17d1968a0390c76af7b792989d215090acf0a82ccf911f393cc7a149cd9253107b04d93561686b547cb86a0e67bc4

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
115KB

MD5
c89b4e827bce98f9ca7290f82519a38a

SHA1
c54b5b6055562e59f9c547b28e11b31cfbcdae31

SHA256
1c0bfbf34059e067dff4ff3025307c91c2c65caa89423322189b36ca0c81dec3

SHA512
1763f64fa4fa56a7cac818bbb7866be3791da60dcc69af10de77fdba92b910914082d7b71064ccec3ea7d89cae60fe376d5f5ee9c9c50b487d69d80bc90421a0

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
116KB

MD5
bda5d887e6ed7bd4ecad033ffa7e540e

SHA1
6d7ce22d837e466262ab97c7cc9b042ba1cd19dc

SHA256
8f0275694d08b9a828d7dbd9b9dc7b951ba49f11d6ab8f1fda29f69a87fcbefb

SHA512
fee4e20a62dddb7f658e45660909913f9ff9dce152f72c11d1164b1051e3ec92b480540b1465d1640a748b070eafe26cfd6cb8ad5279faad0efc228b5a6e2215

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
107KB

MD5
cb0b306f3bd50af21233b2e843ab2c24

SHA1
c7910bd0c2f78c13d4937476187a2dcae2419683

SHA256
611e218b2640f1920a571ecdbff26087e8f049a129534c3e578a648409b629ec

SHA512
613467914691c74f9c084a870b68310deb63b07cff1d369b71119fb01fdd5d8d0f0b9e0195ba36a11ca697adfa34b752e34d3ad9ad2b7e2107dfde921de661f5

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
113KB

MD5
f207b12369a41ab0496988c7dd7a1b6c

SHA1
e62b687c77532309e9a925434b3f648239209e86

SHA256
a69070a6c2fc95871871b102ff06fc2fca2ad166df6aed0e1be7c06618bfd987

SHA512
a65542a454f9706750cc349254680ae6dac3eb1a765f5d6a798aaee99ba9800af8f7bdddaa781741c6473c7d9ae1caeaa0f56a233b0270bdaa6df597616ae800

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
108KB

MD5
a5dbe7640d5fcf95b60b82a3eef58306

SHA1
00d4b748c841607c60d1e56abbe8df6d69c37c74

SHA256
8024911fdd8bfab78769791deecafac6a0fbaff32c7111945ba318f6c6534010

SHA512
8fa3a0d44fd0dfc5079361300302e42a5e7f4f64f79493ad3a2c6bd4fc4b98093a3a98310a5d0116ba07df6b7f55dbea29a17accace0929d049c505b5b1288e9

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
109KB

MD5
1c2939f97259520d62616313e123b114

SHA1
af9cd6b8f43f757f531afd5181b18432abb3d349

SHA256
030f72d71ce1fc90fdd34ccd1bcbaece66712cf37e6ef7d42da5304c400fcb43

SHA512
98803428c33b2d9dcc6b535ebc0f34117810d150508ed7ca2b0c1722854b2f072c73e5b839f23cb1e8a20357152d9e63e409a354c4468237a9e34a8ef9ea69d3

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
117KB

MD5
16545bc52e00475d2dfbb0730714a43c

SHA1
95b9ddaa8e407959c58715f85012502bd228409c

SHA256
b7af9775164d7ea3cfbe4ab157e85cb02bbd7b8e1182e9543b151749d7b07c10

SHA512
15ab058600a6952878fefeb1de6ccbd9ddf537d3dd6f6bbe010b4795a2f15b110eea972fd6aa717a91feea26fe1f280905f338e7e03ee718111b5e898fd1c120

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
124KB

MD5
51bb179aae49aa97d3d4b24d671f71ab

SHA1
b42040d1c2e3d6d8d1c733a9f7b4ef6a1997e044

SHA256
ae23635478c615bfbe2b24efb60a2cddfa1d955e7ad64f8f9408379156af2007

SHA512
0181465bacd35790f1e4df49dc59c8e02dd642d465031cddcecd8ae21b2ecf29b3a20f196d3a385d41e6f5eb43c093074c3b8a86a2d1b8b523f9c23b015bdd14

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
115KB

MD5
9e06c5f0157537edef580977772b593a

SHA1
f67cb22dd7fe464b6ea5b6f0f1547bb03519f8e7

SHA256
532f7047e4cd49256078ff19dc38bfa37242572b89e349fdffaebab610d1cd54

SHA512
d5402d67a535258082fb3a0ea7702c5148d52f6fe58c8ca204808789ab36fbc3bf4ca12a23958ab68ca413f2d1d48bf23c5646a0bf0d2806157c79d716d5d745

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
116KB

MD5
01a0f972ee514850e85bda07d3b0af7f

SHA1
964b58e148257846c03a6bab8eeca05052f28a62

SHA256
d4697fd37548575cc840e761eab61b18796b7861e074d93990187b9de84ae293

SHA512
792132e128191f68039728ceac4ed4b6d38c44125229ca6ea781f570ea3a99b0c62ce3b63dd66e4aaf3653425e9354256ab7bf3ebc70e58bfb81657dd31c2e30

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
120KB

MD5
bbdf24c3f7483da22b2254757e087697

SHA1
2dd998a3da482720db43c80fab17a814ec5285a9

SHA256
d9080a82a76833d3da293d825bcdda58d799cac3438dd0ccb7df4833d7390ddc

SHA512
35c6a2a30d6271bbb6038b5d897f05cecbe262ff125bac380edcb956580499364f02476ddacc3658d4a48073cd980722a68959719e7bc04d388efaa67cb88e1b

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
115KB

MD5
c468f18b9b01b875791d795e49b42e31

SHA1
50e2175bfaaf36243edb076344adf81548175e19

SHA256
d95ae75c9a10f8d267bb43a21a2e1d5de7df43e8a6f756392864ca6a58718c1b

SHA512
667338db47c5af9f8eea3bd6669e589492f50dc01e04135be596caa3b68335c362417c19ae4b058cc121c4b407694e61fa34a87ec15b97d2fdd9c3c092b78fbe

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
116KB

MD5
9f46b9fad88ae2f49655184edc64f7cd

SHA1
2c424c13770cbb227810efa20bbca89c245ab3f1

SHA256
f672b7ff0a73a1c3db0127824aa2e498b967e829e67bd6f735b77c54dd524392

SHA512
59b8fbca31a70aaf8b4d1f9d847e05f69a691fa111f1b2d86d8e9ad75cb787b94f58c796551bb975aa4d7e8864a85969034fb5bff68533803b792b5d5680853d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
115KB

MD5
c123cf5d18a6d5c2477853825ace0b41

SHA1
c12fb206307bee1e392d3d866aea7028d25f9b5d

SHA256
362d40be466985ddcef9d5f67bb87b52f3610eed088c5018b1123a2e4fa3e73e

SHA512
64cf0104433244a5b649dcf14b3c594b3cd46e7d2f7ec5510553c2b0fe1c7177c0eac2463ad12e05ccf71a308bcc7971db05e5886215250997621a69e078216a

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
115KB

MD5
224f98843eaedf401b0b7581c3193757

SHA1
9c0e599aad5c0ee8639bcd2b7dff559e930fe910

SHA256
34a0ce2c0c18f39f2719cb2306ae27fb9a70b948709fd1b6331d10679da7b441

SHA512
0860074956074291b011c0cc6ec570f923f309eec68408230876270db6cc8013b02be215de4d7a2b09c808fa033654c46daf0ef540e7c8958323b88d5b97f126

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
109KB

MD5
475eed3d2c1f23b770252ab2d31dac08

SHA1
16159c87aea5dcbd867f0ddff02d8833d7396c0c

SHA256
225e81827cecc268c3d79ae35f7173bd1cbb07285879305ff1f667130acafbe8

SHA512
15c36b19edbc463a58897b7537a03b1717f39afef09bc96f3d9f613df6d1d96ea467d90df06f3f8e6420b3781f6efd96bad647336ec3b951eb80d566ad837301

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
111KB

MD5
61ccc7841b2004714ca84904432d95c1

SHA1
309a31ee0accc81f87c0a42d5313efa7de3ff804

SHA256
88e7a6420d41a547315219d183fba85489ed2db18117d4ccb7b0677d795e9886

SHA512
3a7764b6564d253e439bd5817c8216f11a6c5f1465c3c4ec58f9ae1aac6a583abaa4db9c1baacf058020c75a0cba36210c6e241b91ffbefe5f7083dd8a182a83

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
114KB

MD5
e76934700cff56fb6f8fb06a0645f59d

SHA1
e16b2bc1ce941b50acfe919879297e88e3b9a5e0

SHA256
6020e439a610fbd2ca8c410720e4212849b8c14f1e9b1a1d56ce5abd5737edb5

SHA512
5994464f26b819987e0856a0a979ade17f76b8f77b25bfe87fb7468139c7dbbe923b0471645404ec96394f4d3e094100cf9b76008b5764338557f69aa03deb63

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
110KB

MD5
8762c13f2013ec980cae6c9a6d2c1e93

SHA1
9c92fc126a07c7c0e3b9b26bc80dfb10dba3b05b

SHA256
12e28ad4bf71f6363431f687150271840a07fb39efa6ddb2bdf2351eb17e423b

SHA512
fe3ec4620285646af116d9c091f83e0702cf04d3eb3bfd5c69d4610f03642344cf79023a7268d535306f3fd2d4b608ed07721bc466ca71abd73987dd214c8ae1

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
106KB

MD5
04c038fce2981a1e18dda100da0a70a5

SHA1
20890c76f350dd3463ece4b94a97186f4a6e69ca

SHA256
28303991e52e62e9ae6d953eb81e3adf62145ba24a15ae72f20e52cc3f32496e

SHA512
598b4e25cb95b4532e2aba9963181bba9968fd445777c82ec7660eb430355331c68596e27079550f683ab0bd4c2f8e234167367f697c4ac9276ea2efb6fa4b6a

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
112KB

MD5
a50757b6c8fe975a893d0d974d4be570

SHA1
8952dd632f8412f37f65ded9818b4e3d6312404a

SHA256
91de751d35d99613eeb0cba5d30fb7ceff7d66be80c4bb362aa2bbaf909adcf7

SHA512
5592ec60ec09875a5291ba6cd4a7b3ad73fdc4de45d7e78793521097555dac44f8687ae2e25f24fd1a8db229bcb5b1396905ef21391d650eb71efe17cd48ed9f

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
112KB

MD5
0e245ab11ac0ff506b829f3c910763a1

SHA1
eace4f5dbd334e55be6988b78c40b36a02b12071

SHA256
d60f7d1d99356f5bec6c46d786f537fd7699c367c85895f451968a762478e41b

SHA512
622e61fc04d184aa9ed8b20eed2a1cd46c5bf6705f61521fdc02ab7d667a126fbf340d2ae272169b5f8c23383483dbf3a78224f84dc9a8679fc78d6e1b40c07f

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
118KB

MD5
86be5476e938b3f466b5a7ab31e4bff3

SHA1
a972f37653c35aa686f3a0491141c9c44811c904

SHA256
03813b9ff2211f512b6621d2d250ad6738759f5fcf24daa36c21110644934019

SHA512
97500466d7fa9d4f232dc2e487100f4310e182a209e797dca362beb0a9df9d2b18b114daa9b9a5d4a6074bf3180bb312e19c426579846d54cd2d6d30a34e4849

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
116KB

MD5
20e8073d2f08ce1bf404ec0a05a0af3f

SHA1
8a40f3d07f6070c2f8effc319d0fbe6f5f6bdaa4

SHA256
9ddfa7714c06d7898120f5ef05c66b08124b3b0358b5080179a7c54fb5fba4a0

SHA512
ec44b35a6d9546b469c05a937075d5dcd610ef1e0089459eb673c3fb886539fe883a5c3eb2f7bf2808f7d6393f20d6bb78f3a78dedad81e667a6de66f0761c91

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
106KB

MD5
20266ce6a89cece3ad1a4568074ae3f8

SHA1
64ed1f568e2c5fc0185292f3d48fa92f52ebc2e4

SHA256
f8ead34665fbf8a9fb73d800ea50dc33c020daaa3e7df280c65518b9101e4250

SHA512
f575a157e54cfb1bcdc2fdbb8d3dd11393e21eddba9659bde4c0b5b0c52618266ab35e69686229c5be5233e4aa8c4a8b82f59ad24cab386cbf2c0a0555e62bdb

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp

Filesize
111KB

MD5
af9d198b90536efee611f7883865a239

SHA1
dba5a96c79605071f877ead7b254f4ee58a0734f

SHA256
732f376d52070be4b5994aa93e8962a22e3f4d178568cf851f6dcfb355f4611e

SHA512
bc1ea4cb70b28c8d5ca6196da3a1d5fac7314fd1cfb57f62a3dd7a9e879adab5b2fbc7a30678912f85cb7508fa85e751a2f3547c35bbe654b8dd53294003bb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_RoamingCredentialSettings.xml.exe

Filesize
106KB

MD5
f5b44c382c70ada498c25c9be82cdba8

SHA1
be2ef810a1ac9713ea5bf7125477677b4accc3e5

SHA256
0f692aec65b68585e3e67679aa24e0960c50f87c4e7111d048ce0f6e0ca05ccc

SHA512
37024f4e3fefeed00c28b7e8b19320d26ff88536ce848508fdfb86a750b2c504873249840619946871bea175910f8b56c6c6aafcbd965b4e901aea48e582762f

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
99KB

MD5
e1e4ab120f787e8b66bf3484dd71824c

SHA1
2114c1f4cb24656699c5ed8d083efee9124f8a5c

SHA256
20b62b61c7679e3dbd7e95e5570c5b1c2d235f93ca6fa62649cdf5df6904a6d1

SHA512
43429c3db1a46794935fee99098fb5fb41634b422531934c6c046d456019580f4e79683de25656472a450f1e4a89251498c4deff128c8f183daf5664ec39a2fe

Download Submit
memory/448-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4744-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download