5097685ebf426e93fac45bb036008446f39f103125edcb6a6cf340ef4826026b

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06f9f41d01a36849b59b677463fe5d80N.exe
Size

135KB
MD5

06f9f41d01a36849b59b677463fe5d80
SHA1

6b4f6fb6b4b46c16eaa3561607b737bb896357ea
SHA256

5097685ebf426e93fac45bb036008446f39f103125edcb6a6cf340ef4826026b
SHA512

8cba2034474c3d387ab56afcac64f38e0aa0c03daba8d76eae0112b50a3242c7f2c88ffc804c3d6a4b3f75a386b3f7c480966b9d5acd33c4096781b4716492ec
SSDEEP

3072:9QWpze+eJfFpsJOfFpsJ5D4QWpze+eJfFpsJOfFpsJ5DqTdc6e6kvNDck7Tdc6eW:Lpe+ewDgpe+ewDqTdc6e6kvNDck7Tdcc

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4654) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
388	_Resolve-VSLayoutPath.ps1.exe
3412	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	06f9f41d01a36849b59b677463fe5d80N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	06f9f41d01a36849b59b677463fe5d80N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\CheckpointSwitch.odt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\bn.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ca.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	_Resolve-VSLayoutPath.ps1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	_Resolve-VSLayoutPath.ps1.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	_Resolve-VSLayoutPath.ps1.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	06f9f41d01a36849b59b677463fe5d80N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Resolve-VSLayoutPath.ps1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 388	4616	06f9f41d01a36849b59b677463fe5d80N.exe	84
PID 4616 wrote to memory of 388	4616	06f9f41d01a36849b59b677463fe5d80N.exe	84
PID 4616 wrote to memory of 388	4616	06f9f41d01a36849b59b677463fe5d80N.exe	84
PID 4616 wrote to memory of 3412	4616	06f9f41d01a36849b59b677463fe5d80N.exe	85
PID 4616 wrote to memory of 3412	4616	06f9f41d01a36849b59b677463fe5d80N.exe	85
PID 4616 wrote to memory of 3412	4616	06f9f41d01a36849b59b677463fe5d80N.exe	85

C:\Users\Admin\AppData\Local\Temp\06f9f41d01a36849b59b677463fe5d80N.exe
"C:\Users\Admin\AppData\Local\Temp\06f9f41d01a36849b59b677463fe5d80N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Users\Admin\AppData\Local\Temp\_Resolve-VSLayoutPath.ps1.exe
  "_Resolve-VSLayoutPath.ps1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:388
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1266786182-1874524688-71015548-1000\desktop.ini.tmp

Filesize
69KB

MD5
7f14d754565555d51941c185acb64cd8

SHA1
b54aea95582c729da2cab7b48e7ba431a0b2efd4

SHA256
251ff80c11171f4afea7db2a5267bcddcc68304e95b95475bd7ebbd795b34b97

SHA512
1aa6644f4d4ff536ae951d4f4d17756cff1659b4487195ced1414fd42856f8bfd160c97c3fcaf40d38efc04059c0cd0dcf484615a52584f320c7b5877565d533

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
181KB

MD5
bd73ec26a0e52765ebdb6eb66e4467f9

SHA1
c569901c232558c8531a3dc484c4404b9fa379a7

SHA256
22ef1ff820b7bdb392bdfc30a341fc597d8ee7f216583def798e6ba6cdb3acb9

SHA512
7a3cd1919a7f3c06b4dd3ef096ed7d57208c3185166524b848716fcaa202e0d7d931d9c193148d444585632f7a50744cdcf974cc0040e66aa60ec70d74c738e3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
168KB

MD5
d0a2614dee132841001c6d1bb4705c15

SHA1
ed671ddb4b9d6751ef3fd51b5eb82a9241518a6f

SHA256
6bdea3e11e437f46a64a2d71545db845ee5702e7f94d85d37351cc2d1fb79482

SHA512
30e6c1386c73350328badea81529cf90644ce3a904f6166ecc6bd883c0d9dde78c3e0f9172aa8d44457b3ab6b07f3c92839bec558b0d8dfe4d844829fb138790

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
134KB

MD5
0eae849b2accc2baac9856e5bfc157b5

SHA1
e6ae6e71fa21f8b8efa4709211fad1e0ab263327

SHA256
83e5f1c4b02c93160be8b3db2555a5e5a5b3b76b4388ddcf9a372d8ec4c26936

SHA512
e058f15b846848d1d7049bb7fe915f91f295f327ead15873504c56c1f2ad0b201f94f237f924887775d6045d291df8a63da225de47c75fb0b674e995d07aabfb

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
c720d0973ffeaba5d0ed3f2f2bbfa0ac

SHA1
b10928458bd7d83cea81ab193ff0c4d3c25dc74a

SHA256
bb2d85c0dd436afac9fb4478866d327b73c1be31ab258d6b382362e2f357a1bb

SHA512
51aefecff3c5ab81586a2ac0562b4eee33a9e18318fc06dc217e7bbc76713491178954f1c6c8cf94f106a9c7acd99b953c3dbf68035f29ec49e7de2a8461989f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
610KB

MD5
d2f980c144fa3094d823070fa242af00

SHA1
da3d5e2d1cfbf100ee0220dad2d4294d8d77f568

SHA256
d19fea56ca4a5265d05415b08e84fa7d7336086ca5ab05abd620d3c43c60b611

SHA512
2e23bc0d8a59a8a88d3d3ddc13071fcaa28a0c3988bb01e300a171115f0b5abe86db460afee304d8865af3c5910194615c8fdf3c06b02954512aabea8b577955

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
278KB

MD5
6beec09fc7a18db87f8a49314aaa38c7

SHA1
a03656570bf8861fe49d3da06990a6461345312f

SHA256
c1772c87c4c6eba8468f776d6ae4fae012654d828341b2606bde1a96bef08067

SHA512
279525a507bba96d83b473e61a761cb67a7777c303e3f157838cae7fe56fae0d6be4e7cab76c5d980c3bd249173f2e744997281ca6e66848b39fbbff1b08e019

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
996KB

MD5
294337e3ee37e161306030188dec9321

SHA1
826eb5b3e68ea27321276a4e9718b9bb54b992b1

SHA256
a610f78304c563bb212dfdb7c7544de6c1a121e41a02e9a37d6d2b4a0331577d

SHA512
f5b2e96c0c05e3355e7f19ed79fce1ce581bfec0c34e75209c33fa4d4be379d86c23e558a6ff9a4701087e69252b0c42df03114bd1631858868c08e7a7f7ee19

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
999KB

MD5
751ed55da1a216cabc2a3964ba95b3a5

SHA1
a302682ad8fd09c5e6ea2f7c495cb85ae5f64330

SHA256
e5d02049ef1be7ba27febe7b21b49f03a882bfe893345b57bf39645bc4eaca5d

SHA512
9b0139077560e884216e9e07a03cf431a852de5b8a63437bb1d57c82b18314171b4e9b518b5869da71e07bb606366e2a5da757b8002844b2928cd97147d0ca85

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
753KB

MD5
aed9535f36e7e5a6fe2c2d72fa1eca3d

SHA1
fdf2f71521f7967127d9dccc763c4f23dd9c925a

SHA256
e6bfa8605b3b50d2048472334fe0a0245f0b8087986f74ec36621638ea9f710b

SHA512
eb19a6d0a34e10bf0f8c0d48c0119c5f2d3c92e707e74821cf2b6a6fc4155ae96c41231b88091b29e6ddfeddb1187cbf2bd535044835e80e307506f912d1d101

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
76KB

MD5
eff6db1577d089cfe288bf14710af721

SHA1
96ce1e020b287609088285bf65033666dea499e3

SHA256
3c3738344e525340eea2b21828f8f9cedd97180c21caea3458bb69412a9e7e77

SHA512
26837a9feb4eac13309785c8aa71f16c794b70c76396c540b14f431b3c0502ecf0343c752f790c86879f90c0a17cb44b5a92bb03541cf7d23b12b3f4a84cff4e

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
73KB

MD5
8a68f36c1dc2adf9f33abf3c617c7802

SHA1
db0c10e1bb29b50a39e2453ffe0ead5e1405b030

SHA256
72ada3312df265e58a28d810224ee727c41ddf78324957e32f17b525209a67d3

SHA512
97a6f865e019a9fecb5def226ac6c86d8eef9d2be0f98e263a60b5c713f8472972d1dff507b0624bed7fd29c85200cc3220842e9bda2225c030153c8ba3f67d8

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
78KB

MD5
e2361e717582db2502068119430ce9b6

SHA1
edfecab117439f557b27796b8beebfb910c4886d

SHA256
b598979ad3276bbe2af66023b4ca975298704713f4a81bd4e62733844d85f0dd

SHA512
6c3fd5799049f7092b6fc8fdd35df4c4554cad0332268f7c37111539e5f81c43e911733767a27af4377917b6963e2ed2b94909fdb07d35e05407f99c625a66db

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
75KB

MD5
f6c95dd24b1d38c6c03afd87a714bdb9

SHA1
4ce1f055a53386ec5e874a47be94f14236edd438

SHA256
932062d6961bf93eb2777fd2b09ba7f866ea309435d15afa4ae2f642a777578c

SHA512
4c2ff5acf499754be53d767cf7130da9e4e901fe9a16f7150a42e20e5bdbd6ec34b989ed39fb0ffefe78b78940714774d6eda35d82294cbc4b94c9b5e9abd7f2

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
69KB

MD5
b90700c09135e2e54c4c26b7d859555c

SHA1
fb8c577efdf25448110e37ef23433232a9447cd0

SHA256
19e9f6ef3f5c1eb26778e76dc3e70825c7a069ea627ebb1e9907f3f3870169a4

SHA512
60c4a8ed0bd0af76e62af3d10a80f9b5300e7db96b9e716992371bdf3835e8324d5d9428dd385cbb8591c8718e4d0172b7b89b0439dd50ffb40f4753ba929539

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
78KB

MD5
7a6eb79153e93a9081264850761b558c

SHA1
6da0c6f6b275e822614fd1d59a3b7e000753fe79

SHA256
b037bb644f5c2e689c0adb0355c661ef9d912436f3f87df046617e5379114516

SHA512
5cc1666a8c8457a0bf13df7e6840c4afc6aa0b43d5fc67eca03a22aff3bcbfef75fa7f309e3b4a5ffc7685dd16b5c27dd9bfb3b61e1ccf94dea0b78fdcae416f

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
85KB

MD5
9360c685c21e424d2d01b49f13becc32

SHA1
540ee89642b93aca0328dcc0cf4ecec4bcf65c41

SHA256
d881a0062ddcf1b5fe7c97427394fee639bf295e27aa5c6210b58d1dbd2eb25f

SHA512
edf1d15370f2a0824f2e8838b2da84765e87a5a97e5845d36d52557de9685858accc15741ce5a0f8a46f819079ec26183c1590a183792b4f277bd981c6899439

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
76KB

MD5
5c0d08a91e33c5a9022384cc5c2f1b27

SHA1
a73cd18bfdfccf607b6729bdd3ac96874fc3ebe3

SHA256
17f24d664882d3300d27db89521b53af033e3ea4ac7764881358fc7f184014df

SHA512
a1d22082aa1fb6092ae2e9da02db99e6493dcdb5e46c27b24e862a9eae0e5825c391b769d6259ed50f5b2a2405ff3a974122c0a45a4f0898209120de065c9aee

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
73KB

MD5
ec1d3f43c20a24b304b0f4ad9b467936

SHA1
b0f4e6f1387043c5eab567c4c5d03f4483b16dfc

SHA256
1a6f99331b89895b1181ecf0b5f6ab5c944694466cd91a55cdc25241902d7cb5

SHA512
dd413be6748b3451250068ff4f4c94ff623d087b48cc3fe70d186081e0b34e063b1212d9ca3aaf35a945447608a68551f6c72b81bbd634df2862d354ae346554

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
77KB

MD5
ba2473c775766e64bae67a518ef77d53

SHA1
aa7fa74827b6c3562a535a0ce9f331d8cdddf3a0

SHA256
a198db8f5c7519884a054ae60f5fd896e1e9cddc014d253331331271e4dee42d

SHA512
ef60b8797611fcf37bd6711a618523e34cd41447741d703e040839254e82ed38e2a18cc6c7ef74768ec32b365a4a0a27fcf4a24d036630938afbd59eb2479bcc

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
75KB

MD5
8b7c0fca62f849850c129b8c7ab58093

SHA1
c18aa95306798c3a23175d48a98f21db1d781a1b

SHA256
2342d0e3a2aea1016a9e314732799316d0d2161eff0a9b80365056654c7f316f

SHA512
1316a0bb098aea8108b911f174cdb8eedf44f32e5deb748eefa46d26bb79ab13d9d0f75b6ac079f89d07a12d440579e5cfcaafbe82a04b4dac765817d00c120b

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
74KB

MD5
a207b22be901fbfbf1a89c175f377438

SHA1
941609e54407dd9b221a77989d93299faf35faad

SHA256
a0db72221b45c0f1f0b01104275ea460a1e53cab2ef89ab83facea2c4478af8e

SHA512
c796b374cb8196eb18093bb209ceef264b48c22f8ec478fff5f74f1c6a34bd6610dd45b2251b3d490b860f35bcda163f018b37c2d5fb5d2ac9d348fdac0ee940

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
86KB

MD5
789c4d9cd1ae43954a192455bd964ef8

SHA1
f3b3a083d8d12e8e5ce2256972f92b2cc0216e5b

SHA256
c202a5ca3bd36a031491e981ec64d1251ec44540c6fe25301bc32e069ac23b94

SHA512
558b64abf77558b0db3871488cf4f893f934862ea7c604cacae2e43ecb1f48f216cfce825c73e5d2951c644277c21725ea79d11aa8c62345cb499755ab578bd8

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
77KB

MD5
29b1e4ea270f9e09a10ab24b11bd16e8

SHA1
068c1a69fe9700d5d71e052a5f6e942bbdba848a

SHA256
49534055b491ed65d6bb055236f3b8222ea186d8e3ea5c6bd7dc012f9addce17

SHA512
1ad8e632d2f3f336f66023d57f81a09da1242741c3934cb0bf89c0698ea8e939b069374c44fe08bae63403db07f8a269f113ad39ffd45d329db37010289d7952

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
83KB

MD5
4a9d2043a461aeea956455722b425996

SHA1
7d70317bfec364ac5a219a48c85e43b15618ed5a

SHA256
f4c2c74bfb2332a376bd655e965c83b6f781908ecccf9ea2df10ef8b419879d4

SHA512
2e923d1b60490e89ce54e88d1950905953582e56fb95cd6a629d0f352487aa9dac98511bd298ec6c08bf6d4b93394360ff1c445abdbbd268a893316470e2c22e

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
69KB

MD5
ca504fa22d8903636ed9b2e72f7ef208

SHA1
714d6517fe9595435b5fc084bd5096f0bb6f7bde

SHA256
9b5bf90659622cd110a5a9359b8913058deef78a20bedb5ba5591a8de4122ada

SHA512
c3adccfb5c9074817fb80aa66bc7bcf538f01005723d2ca3c36f687dc18e5533589d8d5f733d0bf2e530f41782fb4fc80dd2dcb5be02f449bf8e9118f8faa56f

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
76KB

MD5
f5c09d3fafa8b370ca16035df17536f5

SHA1
c5ab36efaa90fb3678b5622fce051a80e44ca7d5

SHA256
b8504c0685153036e9bccee6a4399cea39f4e83a1a8ec9529a6586f05043a358

SHA512
01b95957601d0cc5f7885ce10a75b86043f19af331ff654ddfcfcfb4d662dd5c78da7aa38ebab765786d423189ef0c6877ac1514f29eceb626184bd0b2a81c34

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
77KB

MD5
ebce88707975d9d36a1aa7a5391a9666

SHA1
5f783327b1aed02dfb9fbf201aba44dc3330e5ed

SHA256
124b6a5c254a9c4a72a8f85e8a322ca87310263c4f6a4115a9bac4e3e3c6be93

SHA512
ee3ebced8cc6c81fef03c717042d0497e01fe3f6dfd7e4630e55395e31ea7b63703a502053b4b077cb85093cf6af762373e3a02bba4046b68b6d5781fac9d44d

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
77KB

MD5
12b1eb043cca8eba9561e2ffdfbd2949

SHA1
32fcdf5da30146d3dfd6e1cc4ac5c64aab2a82c6

SHA256
06cb273a31cafbc5c1efc676598b80beac5a0dc7e4ac64f7a3c2035b9af41bd4

SHA512
4a6c09f2ef6072f87998b58e0843b9829a87b5f606a3ff9ae09f2a07bb1976a8ffc46233c1094094b25045ac9adafed2e6d9960d25acffc68713130c9939611d

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
78KB

MD5
9a4a10540b12bbb5e85267276da70f50

SHA1
6e0c21efc5e4d81c756d03c9d7e0abc756e2abef

SHA256
c59d6d958c93bb4b769499a1381d58adfb26b748507023b24f7be06beabbf285

SHA512
d462556cd0d14be557a788f129abd4604d12d4f32311ec1dbed4279dd269ed26476fe05bee59d7a98ee4a37a93447aa13c0aeaf737a62342a789e121eeebd0d5

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
81KB

MD5
fe2b8504d50675fb0cfb3f3ae196fb31

SHA1
fc99c16ab4885fe4e6963936f140ed8f855c294f

SHA256
5536cb54330747f285a432ca613796799a0f9189751890adfe1266a8a4b3bb41

SHA512
e8b63a67f5f36ea7aa0a0853a6cc7b52bc40a2f3f6c9f45543b95a5b0fa2d8bd7c9036f378b002d4f247d96feea15b7b4163c45efe463d5711fff9ab077f90c0

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
86KB

MD5
df84f3db3bbee6f45978b806a7153fc6

SHA1
b1bb6389fcdecb9780289d7b8822801fe8ac8cc6

SHA256
fc94920238de7b17861affa088272767532e5c63030791409579a90e932a4df0

SHA512
46164656f607664f046ae8f9c6d0d518860c8500c3aafe4c369374e8175b18bc8da8bc638f6c44e2eb5354816182125d875f6618f41805d0733acd4adbaa72ad

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
77KB

MD5
d7a4dbdac9f6bfa0af7d8df318275206

SHA1
73a8ef1764d077f4552eb8888af87d54e105430e

SHA256
89cdba21b57f603996362e6b3aa5602866d8221fe5c1e04fc341012a89c25768

SHA512
d8bd80f2778c639b576595f8963db62613f8262b1f311d68835c65eadec1994482ed385c622257544d4f509d9481003acd83da3105306dca62545988829e5fb9

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
77KB

MD5
2c067f8ce2cfcd3800748d521c533566

SHA1
0de57782163fb2b892c3fc2e15462dacb182ef2c

SHA256
fcdd3458174904fe0c7969519dd7df819ef2d5621188bc744782fda078b86006

SHA512
de267124722d3cffbc81e4ba2cf7d795e495044050cccc6b0ca7dfa7c342da19ab7bc3243c8157b075b3257092ad07c891876489240bf0c705ceabd70ae479f1

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
79KB

MD5
9b0629dff37e336696d584d2c348b60a

SHA1
e68fb0a54284986e27d07acadddf63ff0048529e

SHA256
1b99269eed685aa7a273ab93bfac9ccc9c1c55be3a42ac39c616afbadd8365a4

SHA512
32cdf69db43a56a61188fec36aa7cc4f3f3b3dbde838841ef40f58650b444dcd3e79c2ce6d04df0e17901bbd9d53f251f18d5b3601cfea2516c1ceff2cf4474b

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
79KB

MD5
6294df73df8d2034c81d1b4364d8e1a5

SHA1
85bd1d8389c9b9c218664d2c0e9f3c3df6865858

SHA256
a4e5bc1dd7e9261fc72a415359cd59890e84469cbd00ebf34b2c3a6bd7df5e77

SHA512
d53eba5d118cca0e7ce997efc7b339485bf20d1d428a70bafc2c6fbf8646fdeb6e10e3c030c3e4cfcbfbc12f9d61ed6ae60411639edc5c485a3f1f94d21ba3b4

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
80KB

MD5
e43278b78b92aa08c7c9c5c83cc4e621

SHA1
acf2951f341f2d4134477ac2c8cce4203990e58c

SHA256
c0a46ac105e81d8a969fe2380d28c6581bdb8d25d3a897a2c058beac91a60b2c

SHA512
821b48bdb3c3c66df9bc8b6e6d51f6eecc59b396842828f0e2cb621087d134ef4ed059bcf4ec5865dadd6b9dff8502dfd94408805fc642ae96930c3cb96e7fda

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
68KB

MD5
ad633cf9af1cac87bffd4731a043a189

SHA1
a348100114be4d62f411cb419d11ebb4b687f4da

SHA256
ad74daff62f3b21d7d9cd57c1f022a0b3b7178fc2faf80436ecdb2c01c75f335

SHA512
0330c5b23bb4156a50278e579cd71314032de9796f29d115343d48ca0dd597f9d09413d6fd7f63ca00b09313b2e90f5a13e9c6637ba218d7dc1575729faaf3a4

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
81KB

MD5
91488f59d8f78deef2d957990756cf1d

SHA1
ea57e9828ff5738e5707d4aec8f9307e47a9338b

SHA256
044e4437e0b1cfeaa48c04efcbf92fc74455ffaf71a7410149a4b24ffb058efe

SHA512
4f4868b013b3f0ee17db6f0e98e1d55a007f739bef29bda709e661416074d30e9bd1a511c045442e4bf7019d0bbf735bd6fb8d1fbb25e0bd71fd953c93653fe1

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
76KB

MD5
f6084eb7bb25caae1f45639615f6663f

SHA1
580270191f11ab7e5236d50d6ff8340c5f52a8d6

SHA256
7a473bad2c0748fc53a084feca1b3bf33a3ac30ee9037fcce0a30f2e8418428b

SHA512
12b1dd86d3113aa6159ebb514cfcbcffd7ab66b7b3e03e289e9e99d737a2c9d7fd2ac5f09091419258d03f2fe3e354127bcaf56d86596b85ef8c5b17df5455d5

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
75KB

MD5
3bdc8c40cfcd7dcd0ae9c38ba972e8d3

SHA1
4acd8ad1f3856b0e3bb3dae2776be7007f723d24

SHA256
90d64b1f3815a1efcd16dd336dceec3d66d5760665fb15f2029eca0c5fbbc4a8

SHA512
859b56c1c71a3e58faa8e92cf08d54084d8679d471cd476c61587813f536f80a2ca3aa900caef8e638e6e6254388e666dd3d66d0ed6763ca9ef64f40f8b32bf5

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
66KB

MD5
802c254b08e80b1b29c768529d9da51d

SHA1
9c514fd96ad30853ebe87ead964faac3c775c174

SHA256
ef565a83383024c40a93f4dc1cbbae88e7658cdd6727b4759f35782106e2057f

SHA512
8547403217eaac905ed8d433b8c16a9d98077d01710156710301ad479e7c9df01cc88ef071543a087f060689dbefc91923bda1367e35390e679ecbad8ffa3039

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
76KB

MD5
bec37b77c92fbb4a684b0737e8dc1934

SHA1
2d4710742b76a8fa834b3a2d47a0da16de456e4c

SHA256
ab72348b6ee15ef142bc85be81e3fd661f08772bd2bafae29ad682e979293969

SHA512
ac8ef17e8daa8fe5c561a118334915a22f44a849688169eb8099e826a54c1e8c1f7ac84da666d5d7f4d961aa922d1928362ab30eb4c55cfd0de0ecee5d0722d6

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
82KB

MD5
6e6b2de2dae7a4015714cfb2363ec95c

SHA1
d9e05bfd765d67824452e0a94d44e280db1b81f8

SHA256
8c0170295a84481e61da2d9db360fa79b786bf9af77c920b6b027b84673e994a

SHA512
77b6b8e266bc31c75e9abe0e4f8e08b1ad4f1821ebb2f1272d98e042151e00448e6150eb9a4d18790f1938d112c896b01b88b4b6e6a9456fef11fa46e36d959d

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
78KB

MD5
b4f9b96bf7abee47eec846d5cd0068d9

SHA1
cfe33a2b1ca54073171121b063fdbd53afa02ec2

SHA256
2aadaf38427047087108097bc4ec2e88a0ed01edec65f37c2a3e8ff2de5dd379

SHA512
d77f10c3ceddc3046f5a816781a10f742a69e7c06b82933dfef9b60ff6fa7af426c6c33a6badd48c24702eb9200617dc464719d7ec3a3add701d29343cb6148a

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
77KB

MD5
f232929fed3c6107caec80ebc29e17b3

SHA1
5b7d16017a5030445c48b6e960616969699272b3

SHA256
0d7c0ab5991ed3b9d27a23d5e45a9af0d0692fd0af493c4f758b8c982f76b195

SHA512
8b36d85ec9301e7b8aafe377dd4d79e6a1c8f1feee0b7c13a49bd01db4f4dfca8f8a52a24696e29ee7075563c6070057d151e4635bd1fe1b05b1ac1214bf0773

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
78KB

MD5
2acacdc52255101090cc45b719cfc6f8

SHA1
6c64a05e743383310cd51b513b7e49bd520116bf

SHA256
fe4ffaee7db58bee316422c476f62248d4568c013f19c5e4faccfa7de8365956

SHA512
b36fbe999653fb9ddc7ea1e70429a149f9fb758f4acb3dc0851d91c3e0726e2af62a31cf6869468c104a6c230178eeb14c3593a513de27d6a4b45dec5f387af3

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
78KB

MD5
d4b43b7f68f4b90cf346e40f9879f035

SHA1
33a08f7db86029826af39868de7542cc46db507c

SHA256
bf2ed4df6868025181da1be03609ab7daa807493cbfcfd0f4dee4f030735ad3a

SHA512
54f8133bfbf2f649201c650f48f513385b20d65d531f0908dbec70ab9b39f4a9a743c172cdf86170a1adeeb7e50d26649498f3738b118678bb9277b1b1e1815e

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
84KB

MD5
973cce1326d867a25c13b6f154d6645b

SHA1
920d2fa3f65cbb4fb3225a57d8c8f3ef97f81c00

SHA256
4ef279b0f00b29fa5a0238e33a93bad3331b0c831f8875a71ec4a97d1d65d3b4

SHA512
6c0d841fb1a644db6a13e54bc4f4231144566f9a184166ddf0aa1cce0c13bc531d8af0e2afa39110213824a860dca3261a88951b9fce6b6b270cbd37532fdaa8

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
87KB

MD5
e843fb96f2284c60e078f7318807f60a

SHA1
ae46be23fea89b4ef605fc55e420352ede40b0fc

SHA256
cba80f78b80354f1e3a233d38947d7a96cc85ab26f356bd7e3ab8c7376fa0eb1

SHA512
a3fdbec5a46140d3c07557d124b76de1a10bfd5d0075ced0caab40bcf1afbaef2ef74a615d3bd3d54c95cdd885b84ec9433ab9cf044b11f6fffce2bb43cf47b3

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
87KB

MD5
27246f5322da6fa69c4344fe359dda5d

SHA1
16ba0429ccec4a602529e555925b73652278f095

SHA256
32318ba74042659921609313e182293608ed3e90135feda1298c784040b46423

SHA512
66d374b972845fd06e92327a1eaaa717b0849d25141c8c4223f2239e020e36f5b176c0897b14cd285a442e8fdb04634796e559d51fcafb82dd2e16160f949747

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
78KB

MD5
6faf8fad9aa8d1b93748a430dd94740f

SHA1
4097ae7d31d2b3dcb15ffee0098f9a65476e544d

SHA256
0114e394c3fe1b08b4747e26ad1edb5ba820cf47a1176457ff8d15b2cc4c710b

SHA512
a52d3c9669246f995150b5e3c9eb618f3608b3333735203abce72fe096d836e8c5112b3601e429aaad4349a3d5cf1cd0882c2d07588447a37b8ce918ab36e3bc

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
74KB

MD5
af85b93cb264a4b30f59973fcbf5464b

SHA1
b70a6ef616eb1af3d84b7495dd32c8b2411705bd

SHA256
dbaa5391edcc9f07e1aa47382ccf79cb6333569af54661af49bc62b49ff19160

SHA512
cbc1a30087b86109c74e05a1ad921d44593d4489ef36ecb121ff106e46e95465fbcb521b1be569541adf706be01f770a7da347ef0f88d77cea86378966eeacf4

Download Submit
C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp

Filesize
80KB

MD5
778676d2e22d63465233ff459ba9e09e

SHA1
9ad23fe9ff41b32beb49a21f586f8ad23de2bf79

SHA256
3680077919c7b3c32d1ebdce1ba2c8dfe860acd1f52e6e5c35def41cb36abf87

SHA512
462b03d8550ed1160f5aebe22aff4f2f04f84a6688d13df5d5efae3ff46a5ab69451b73f636993eeab3838c005d55db39dd5bef9297d36dbe038fe00ccb2942f

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
76KB

MD5
116678cc8a3004a405a0d1a0b18f6d88

SHA1
5158a8eafc2118ca1d3803a197c2fa86c79876be

SHA256
b4aff23395c514a6d13fd10a869fb41fc40f2d727e9495c19c663e2065bc42af

SHA512
f4b45b915b16af61a874d654574b07b29ba3d1b62848bb51032e3b87cac65e41c3c4c391834718c23a7bdd10637bffef6f3741cad36411c36aaaf7bf3e76dc68

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp

Filesize
80KB

MD5
8f66e3762e32edf2ffea9ccb04baeab7

SHA1
435e1a571938ceed14ce4af33b0992c4c4011632

SHA256
4f9c85cfd85c77d31f68637ff8e789ccc2141b6d02f8108850f018678d47794d

SHA512
d0b2f9010f2c904b07ba02be376fe6861f9eac2ab68b5716393113b7b0101ab70217868d22fd1fc7bc7651c73094d8c7ab1c6f9f560ef378a988ba1984c7550c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Resolve-VSLayoutPath.ps1.exe

Filesize
69KB

MD5
d47e05c0b9e035a8500c90545d2c1414

SHA1
cd1cae7d0ec0a93f265c605e9c2f111588baa1e6

SHA256
ca3c1817a59592b74dcdc33f295ddfb7670e5a44b30e018cbde77f4a70174141

SHA512
921db348c249f6b119e5dadaee22fb0bbc27f6cb9df53201f9555514815571bc85a5cd1e4fcdbb0ff083c5983a08e62fd58998c234e427ac2bcc455da3a57524

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
66KB

MD5
978134058c3c79ec5def7698df5247e4

SHA1
e2cd86519b5355b21ab4623c7cb60b518cd7fec4

SHA256
a1c02c1f3d3dd3b3a9e4f32f2c47b230bd636a92941bd96e2fa217cde998b44a

SHA512
7377ee3e1eebcf4956d95b749404201f057205803c1d5e5a78c66d23607ecf1f80b494b4bc84ac6a2363f1789b1ace2e97eff566ed749b74d765b14f21c564d2

Download Submit
memory/388-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4616-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download