1b7c9d21841579bde918f6f74712ee6992405e51a049765c498388f0e6e58a9e

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ffd95fc4bf75a054a93502f9735f410N.exe
Size

123KB
MD5

4ffd95fc4bf75a054a93502f9735f410
SHA1

f3b8746ac824a0ae4b6aeb4cea70c827fff93bfd
SHA256

1b7c9d21841579bde918f6f74712ee6992405e51a049765c498388f0e6e58a9e
SHA512

4cdc85f45c4339318fdf7bd94825a7e87780e323a07f19b252d25c7c8b4247a020d23ccf00628e304d408361a6b0bab60226d37dc68648ebd3f1b656400aa805
SSDEEP

3072:6NLWpCZLYFXxXXS+SNNLWpCZLYFXxXXS+SL:u6SYFhq6SYFhE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4416) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1732	Zombie.exe
404	_cup.exe.ignore.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	4ffd95fc4bf75a054a93502f9735f410N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	4ffd95fc4bf75a054a93502f9735f410N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\cs.pak.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\id.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoCanary.png.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	_cup.exe.ignore.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	_cup.exe.ignore.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ffd95fc4bf75a054a93502f9735f410N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_cup.exe.ignore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 404	2744	4ffd95fc4bf75a054a93502f9735f410N.exe	85
PID 2744 wrote to memory of 404	2744	4ffd95fc4bf75a054a93502f9735f410N.exe	85
PID 2744 wrote to memory of 404	2744	4ffd95fc4bf75a054a93502f9735f410N.exe	85
PID 2744 wrote to memory of 1732	2744	4ffd95fc4bf75a054a93502f9735f410N.exe	84
PID 2744 wrote to memory of 1732	2744	4ffd95fc4bf75a054a93502f9735f410N.exe	84
PID 2744 wrote to memory of 1732	2744	4ffd95fc4bf75a054a93502f9735f410N.exe	84

C:\Users\Admin\AppData\Local\Temp\4ffd95fc4bf75a054a93502f9735f410N.exe
"C:\Users\Admin\AppData\Local\Temp\4ffd95fc4bf75a054a93502f9735f410N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1732
- C:\Users\Admin\AppData\Local\Temp\_cup.exe.ignore.exe
  "_cup.exe.ignore.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-857544305-989156968-2929034274-1000\desktop.ini.exe

Filesize
62KB

MD5
cf43af5a134dc02a6a2397acaf9b5d96

SHA1
1d775a46b229760f951e40a02347b106f40ea78d

SHA256
935dccd14e910f753503ef787756b6d0a389ec0f1a6f5c435a41396ee3037b5b

SHA512
ce69b37e151566a6723cce3661ef2659bc5216ae5e92ed3ffed7e5a34078c211819c3298f4a6d2186498a4a8e3ef849b6182ade104fbfaaf0a471ec4a1da0a38

Download Submit
C:\$Recycle.Bin\S-1-5-21-857544305-989156968-2929034274-1000\desktop.ini.exe.tmp

Filesize
123KB

MD5
877dc2aa9676d8b167001c2c4cf80afc

SHA1
82f164ae1ea1223204fabdcaa6113b8f585ad56b

SHA256
01a0e3e8f67573d44527aa42d68546013cb97df84152c346d04e820df66b431b

SHA512
aedb85313a9b558bec6cbfe0334d0abd337cabeb9aad26cef2dfe5b18178bcfb8b9dea1cb25d44224c666fa3871ed1f9042f1946495ecc9b8ee12ea103d78da7

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
174KB

MD5
292699bc3156fc50822a75b799ae96b4

SHA1
1b873e371ff88e012eba55b8a397a9534a5a6bfa

SHA256
d28278e349eed599c7c5dea114004c5b68082549ed4f58ef02875389d1604d3b

SHA512
46535847e99ecf5a2f3d9b957b42c853df5742d0d36fe962b4f7f2bd8e33e003fdd0eac46ccb79c577c40bb937ab7262221a2e30a93b24332e24859edff5601e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
160KB

MD5
69b33dc342b023846dbd3c18389c41e6

SHA1
60ddaf390a52177204d387f4118d590d848fda3a

SHA256
7095d1e3ef7565787cf9e26d27ea060639cea05ae9eac977684a48c60f31d1b5

SHA512
3b85bf9200db06f9c180a022167776d8b625b39b018b7578f82e829adc232fc0b24449fabaeb762c0886bea55ec90952429bb9fc4229f5c1f948880ad7a16d78

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
126KB

MD5
8bedd8d894439675453b499d38951919

SHA1
f6dc25918bbd3b10eebd71b3f20fc7b347cbc290

SHA256
bc1c3c2fcb1c3f04e48ef253354ef7a98b84536f950595de0d5458fbb60ac604

SHA512
0ac578631c39f0f0abe3c7f0d0a72b20e3a4c4d1b726181ee472f159b3c4f1317d40c925cb6de94963108844ea729224ceb6ea9068f1c09398cdcdafcdae9217

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
95d9acac3775c75a4988abea351bab89

SHA1
90ab237823c108c0983bc4fd964edb0da780cdfc

SHA256
fdb4e8ad5440240bc76167602e1db3482ec5581241d82922cd3783425bddcd0d

SHA512
00f54a1c65a9628922c6e6bb27c93f782d0c6d12a649cd5cd431d3db5d4f862c81843885a265cfd08ca9006a9e55e596b745c0ba146662e4b0b52d5084f067fd

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
605KB

MD5
326b825a591c57692e6e94dea1256907

SHA1
d8abe86d779648fa6acf22e71302727b353bb169

SHA256
03b6026a6a40bdb6d2c0a9c472674f05fc60b39bab157bc50f35073d5ff47412

SHA512
49b9ce81ea0dc5268afb916a4adc86f215d48565b00ff526f2085bdd9d238c3266b11da7854c0c8c53b863781e4d2eb3554fe87bb6e5ef0ea6081a39994bb91c

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
271KB

MD5
1dc9daabfb5ea02da326f09ce50100aa

SHA1
e9c7335a4b871e6da3a62d4831670ed866c6a529

SHA256
6bb8713c406e321f10128935da5b1169f5c229883e01579dfce63bb2cbb34f1c

SHA512
4ab01b372943c00e87778954fc68cde65e85dbe69ab604242a2889e93ce525d7974aadcf1e4441d09eb63c5722fc44d1c39d90819c6712899ba4dfd7de565a28

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
250KB

MD5
733cabb2610aa5b72f9f7b18a64ee48b

SHA1
3c70a9193517e6b3255ece79a336bce5e2c5c840

SHA256
63a6ce6736aaac313c8f7f8bcfd0affc3e7373d5867d6d684a88b14a8bdb4646

SHA512
284245c58a0b8aba6872b0bc325875c9c1981a8b80713aee0710fdf35ae5cf5f2e956be94ea5ed2d757b98142d9dda84d75e4ad1ea83d4fe61fb6e011a11f68c

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
992KB

MD5
f4bd4062cc8d2605fb40167d05b102e0

SHA1
06e1578594a59dd626bde689f8466a2ba354bdc3

SHA256
9669def2168404c837de899028b3a38dcde79bd6d05e5ad117c6a4cee02b1263

SHA512
2e551da01a7baf638a572cd76d59dca6e5924ca64c88571b11d48323aca8a309220fc4c33acafab5939e5068eb55b1a9445501904c152137fca5b47b60aaf0a9

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
745KB

MD5
5bcaa3b3cfaf78357b5ca7216ef4dd7c

SHA1
122b9e7c740c108900d9bec724bd7d72be445bdd

SHA256
ffaf741cb13bd59e3582d9fe1e61f8cc52ce3377abd0d169b2dade0ef3bf8ff2

SHA512
6d254da24baac27700baab302b4df7ff57bee546287f2e51367306bd8fbaf68c92959ce2eaf5b1137fcf6d4d67d2d44c3e9128c8bd621e08fb69131130e1eb41

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
118KB

MD5
88e63ec72709d8344bfa7f3bc73c51ec

SHA1
e2b83c2e636d21bf3e8567fd1427967099b3d9ae

SHA256
385eeba896734953495e260a86eed95b6d2137e103469aefb9fafcd5a1fcb2a0

SHA512
bd8082b4545ec616585c1c3888d08aec47fe8c761dff4d40e66216cb4cec2c27f6a6920815af8e6cb71710cd16a2a5d09a74b23a89f42a7d6923a7bcc5540a83

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
71KB

MD5
0570519379344cbace79899da1de8de9

SHA1
407706582ab32dd7237cb3a1f4e152a311fbe981

SHA256
bb2feea8476606898a95c3ff94e0b946eb8606da692ecf3fb78e951f27b43e44

SHA512
2fb4655d0da7d39f5265fec63a662168b50731e0841f45d708ca0144f17fff3ce7a4e764de7815f96370d4ddf8493af4d4c7eb652f1895886d5b435b0e6b0969

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
74KB

MD5
706226086569ff0d1906180b6f3bc7c7

SHA1
597c3bf97d665c60ed5d79737268b4196d23f347

SHA256
30d45c6efdca46a69c17c2779c5e3e989ee5b3e63567f6e30f42f3522f014b5a

SHA512
b5921e4c681e8f3f53f24fbc44cbbe973957da45a0fe0fe574aeb6363717603c29d23d28bd39dfab9b389ddd47e757aeaa3bb083bf9e505e82b3cbe699753751

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
67KB

MD5
32218ed19fb9974ad9267b1306a4db2a

SHA1
e011fde658c93a2ec1e853e7c2b3046cc1909a8b

SHA256
50f8328abf0cf9a0f4d5e21b89e427b98f9904c81c1e2b2232640602ccb478e8

SHA512
c1419c4c86d02047d5c817bb6b31ec97824679ebf403cdea8a81cc9564766af9d359561f77fa6c5b77b8e20eff4b4e58c1dde5576037c02c72980c947b6adaf1

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
71KB

MD5
2da174c0ba2e0558457725bec97aab2b

SHA1
0721e4edb7a4ca9b76c4503ccbe3294aaea6c4ff

SHA256
46fc4c5b450b58323a8a3969a46e36a3a4db9a6e7267917d192ad5c55ba2023a

SHA512
44ad3d76cb100290e3522b57e40f1442fe1c889a7e1d696d5ee148592868890fe52421ebad7f8f1dd1abda24b68da25187f62a07a5b01f649932e3a85c0a6325

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
72KB

MD5
33462e536cb7ddea43441ba888088afb

SHA1
23db241e1d407ff6f819762f2b25f7c6c984b7e0

SHA256
54227fc30d5d0c27aca34cc3613ac8adf504f275be44556412457d5b05fd5d8d

SHA512
b4d8349d29aca73ebb7b89a46e727b76f8cb559d60b9ece9cbb58168209fd98b325b5beceb19d7e56f9b14d8520d2f5a9a58f6cf69517497d66765ef2c7b073b

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
73KB

MD5
159e68eeb410fffbb353c37b11ac8378

SHA1
aa2116778423d2196886e0132cae30d1592cb0e7

SHA256
6b6b6bd668a53c08e8ab165baea361b5d620c4a3e7c770ec48a90965610422f3

SHA512
b8dc11a4d7fcf2e9480694c0e928b394c890076131e8a06cb7d3dfbdd628184de5774bf0bb2b9dca9d0aa131f46336351e3f71acf5282970b6d75a769db0ddf3

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
74KB

MD5
379306b640a29f9b64d949f75caf4900

SHA1
dd84fdda1e2909052add01f88e15380b5e047172

SHA256
a80afff07353cc82539b7a60c7ec1b5cce96ee94dda0f6ca7644dad41bf880df

SHA512
a90f65457ab41ebf4761acc1ca14646b97e6e28994d8d5fe2f03dddd38717283fee981b6aa46c88067b644ca089f040d4ec9d44418009c52630dfd117277adff

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
76KB

MD5
d26d6d1db67cc84a7611625fa447cc5b

SHA1
96e7d607b19c1660eb64f9d9be1abf9c362205f7

SHA256
61d6b1f6a6fd2a83ccdd2f43b6a1eba72670d7908b08d5d6a671b0271149cee5

SHA512
802366b02949a6ea9ca8509e69375df7ef22d4810ba904753a2b0edf2cc5743124e505641216a60d2526ba61c4f24830154892a3c415102a39fe4362bb56ab1b

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
66KB

MD5
5d40a1dd584e100f1c9a2207e3162cfd

SHA1
6fcd35ccc643cff8e85aecbcb5645484a66e8f43

SHA256
163347ea211ea9f41668afd4c23b5d7202e3b93799d8c9470ce4365ee7f740d8

SHA512
13bd210f6b41095a458ed04bd0241267e8efdc6f63f9866150b85ad9b8d48497b617f266e0d19fcca4e4d1aa8717ce3a55bad24ab2a7230a4527f774bb0300f2

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
70KB

MD5
5dac45d6f58fcd35da0d545dccd58235

SHA1
e2061ecbfbab0e70395e62c2035cfbf4ae5a2934

SHA256
14fc3c6efc96e092dd9f12f7749022c47b0c800e6af2dfbfd7d3e8cce7fb6c02

SHA512
64aa5e4fa7bf29fdaf5ceadb047c7eeaa2faf50130c8ee4670f1abca7f085d56fca4e7f707b19128c08f872847ea12db04024c0509c0f571f961b815a50e7a8e

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
72KB

MD5
0ccee1a21d4eee8864e95df86dcb696c

SHA1
1315ff00c7e3b903fa34e8fbdc56e60044a5c584

SHA256
d178c3c326b7261f1bde90603e2438543b5f891c55f436aa106cf6b2f90e0ce3

SHA512
bf05c4952e061822513fa6237e49c9e68d5707df262c992b7ab607a2a730c4128937e3c1d5be11eb8b24ea3b633107077afa4d3c0fb1f8d6b3fe5fe7d172d31d

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
69KB

MD5
9cadfaccb7b7c07605c4271afffa100c

SHA1
7695dafe2b76c255c3f45ccb191dc59fdc89ef88

SHA256
f9b29422ed4475dd0e78bab60e7fba2b8de0354fba00a18772cd9e98b6a05ece

SHA512
6d7c0c0232247513082a4bed9412d6635dda14733c44a2aa38674767857af7a6e787920c55efa6de19c86a4e7f755ac1b61201dd829e2bdbd9fbb6190f02b8d3

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
78KB

MD5
92ed95c0d7ea09904d495289ff4362d3

SHA1
0272ff4a80cb63da352b47e49760df803fe57e16

SHA256
00e5c097709ec73d83473e31ce89c03964e96d22d09d7c9fcc82f73fdb512231

SHA512
835c80e47dffcf85c3ca4d476bdc471d902b5d3d2613a480cf1e21de267f3e85f6cc170109d8cb033fb914c2b416379acd9c474ceafc0baf24a543ee189c3cf2

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
66KB

MD5
9ef4bb40efd1a240f4575b316f44c6aa

SHA1
18fa1b096c7e515b3aeafb61f3d38f0a4c0c5967

SHA256
458d98c99f79d69f76c2d386ff21199c493f7ba44c18733617f951560ce93e9a

SHA512
8531c5fa856322d1b8d0e5e232b63cbc44f2115ee9a27984e7afbd1b7cad22f45d7d21939ae8fa34e1ac730288d6666e7e624a7afb36f230868f9dd731a49d2b

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
71KB

MD5
436b9658a6718fbdb6ea84e86f9b7dee

SHA1
9f383dda8185ca2c8a65512cb7b06e46118c78fb

SHA256
e8430c719ce666b7d6fdc98c7b081b2ce3b85680ab57743b3c7f03453e3f54b8

SHA512
e41c0e48c10bed5a2d29a04a7ce7c0cf85837d864c5959dff6e5846e67222590a5c810c511c944f27b29f0c973cd4473091fcbfe5e79fe29fa0272439822adc8

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
70KB

MD5
e3f1c829093f7907a3fca75e35db3d69

SHA1
6f7d997239b04dbb0829816751a20c94caf4c568

SHA256
a879c39693ae4b5eebc7eac2ba998de688da7a77b8c025b16cb1ea003b0ee976

SHA512
b23792930a472775d33c0143e034375191a7328e7bbcc81b28a53815b822ab312f62dc146d2da78aa67a389191eb08854eb91b0f1ca79f5b85a4773c2e157330

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
61KB

MD5
93ae187e87d66aebf5fbbef9e3b78eca

SHA1
ab8ba4d70e52abd9f88b797776a5804246b31034

SHA256
23c804b6c43baa6bf102c81b8ee9003a3b075e7868b9293122fda7f603c9ecb7

SHA512
8c0e764d1f334808a664fdb72ebc8bf3679946f6d192069f3db5949737e7b12b05f58cdf590e4e581eb956dd779bed5821b7db97b0bb9121c40bf7cd1b25d7f4

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
67KB

MD5
fa2088e7be4a58c0761d35bbae25da56

SHA1
ba8f7699922b8c50619b97b4cfed656e280f6c75

SHA256
9593ae7515158b197c581224bd3d17c8eb02e8381327877db00b809b09dbf350

SHA512
880329a8bd33ccf95be5b24d9de180fe494b427b32d55b8c54330d8836b88c32f9240cc716d25e9e8fc5717acb92ca44a391da505dd41b3eb51352de3f668c1a

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
69KB

MD5
156a61a93703f8ac9d8024e781e437f6

SHA1
75959ee00387328043b9c7ae3dd4eaa0c269b7f4

SHA256
9b860fc4987417f3ad0077c5e6e1d02d630cbfa181d6919be2dda357a5c10b7d

SHA512
332df2ca824b5544221e2c3fb6cda5710cc0d07c6ba4a07f7fdd4b51610c6390861a7ed0243055b3c0d8b068fcdf28a3118e04554d769d29efda82363e99d770

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
61KB

MD5
879261e60b2c0cba74316edf1c52ef08

SHA1
fe9f2272982a1d666c4cdea80ae61685881e6491

SHA256
c428b3795a63bfe5270b6b6bf984d51c879103a9676d98699f5b9588711e9509

SHA512
5a2b8e70e7778c0d6e1e474899af45ff12795a35294b942e50542cf3dc5f8b7009bd92b0b2684b362f6e164d80a685f0284a9be99c8961e95be0139e7be9b0eb

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
79KB

MD5
9c52e56d956ecc29b050047090d54bc3

SHA1
bc345b5ad3cacb6b91a4d8f0b1ceb875939f76a8

SHA256
1c982ca1dea5d2150f086bac89927c131e024b186f33cf8561521d05d3c44380

SHA512
448bae959a80295c1ed42da32d61535cd0519c1bb7067d92aab1ac6355039c7d9776d44c87d1540a63f64c54b323a8cce9df08aefedb82236652154766a750f1

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
72KB

MD5
8dd74fe91b7961c038c67d87279ddad7

SHA1
a4c3ef3babea522e81afa1540ae35dd0de15a1aa

SHA256
d2d13dfd1cc286bea062daf160361357f291ab94066b9e91a63eb6aff0ba7f31

SHA512
603b52e3ab1a7348d9a872096d17613bc032a18b9766ad6cccfa88ccd1b2684ce4f31b41ea35c38caf3a5d1f6e5b71af88d7bcd6ef5f4613c0f80a41778acdad

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
75KB

MD5
bc1e4db27f423e21c83bae0b772fc0d5

SHA1
fa9faa91f8b68480cea84acafcbe71a7d1132dd8

SHA256
09a8914d5e26ff6e3f00704d160c0771fa9426ad18da3dc9716f4f57e2c7f461

SHA512
e93669e6d8bd0db5282fa50477b6bddbf0c44f78cd959e3cf742f5b926b22e0ca5dacf7ee00ae0a308707994577e680879d58856d86a569514ed6f80e6d19d22

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
70KB

MD5
4b35943fb341447e0084f2c9b6c5c18e

SHA1
38ca8c354d074f38fbc36d392370501eb527b47a

SHA256
8225738cf0af26c97d2f904e5e3a314eab5e0896ff3cbba2c6ba8ba0e88b3660

SHA512
881c93ee30a76d9862f7eff1564b6f0c0d2e4c5d76e98e0b66b8bb6bf3ccd7de8f71a6c894fa482f3a353e12ef4dac0ab19dd4c057e49af99a6947ed6ff18cc1

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
71KB

MD5
5a6dcbdf5caa0bbc0a4acd84e5b117bf

SHA1
4c7f4c758eda798ebf16b45f280b8fa21ce84af4

SHA256
d41dc2d0c9ef90c27204f05a97b789d70e41be787ddc14475f1ba7dc78dc49dd

SHA512
4563de19b89e44197efeb420155e83a8131448d604620560f3d5ad45def30ad2b7b2d82060dba0e1add471ae5986e48114f715bb8b1c1ddacb1df184da1075c0

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
73KB

MD5
c6c451ba481be436b3e3fd4fd3609db3

SHA1
9eb045be5e539d33a988823a34dea55eecb39e0e

SHA256
77baef85ac5d025d1d718bb8a6584740b0f57a20a30124f4f736ae7ec5fbc936

SHA512
2038bee0654f19349aeec13b1795e7d299a02a6bf2c72cfa03d4c644d7a397c8b0fb10aa31704326d363beea521b7362ca71e282cd90b58563dae55828e106e7

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
72KB

MD5
1d1f5792ecd908ae4d364d4b705044d1

SHA1
545f60940b0c537ccac401fb62e1900185fb28c2

SHA256
30c7da2ba5d3cf4b5ed6837a16dd0bbfab6a771abbd1721b5398ac84269984e6

SHA512
b15e0ebe4598f0c0c35a42329b2ef26b51373ab6f1ead88076a2ad4f95a4e4ee832a628fda23e0eaa7b8f9d4148a7d6aed767afe5da7bc6d09db52d261abed6b

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
71KB

MD5
2c9894fda85989b92838746e5cec31ed

SHA1
0b22ef3e07c3fadf688fc0330b169027408fa3b4

SHA256
98441617bf48b070192f36f522be465c1ee3b8e906675d07ca372c331e8efafd

SHA512
cb199f06b19a0dd4d251c0b624c602f84460ae68dc9d99a4ee4d966706a09c0133de56eaab1bc25509521572a344e744882f76ca55a1aa37f4d6229a6ec0ad52

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
73KB

MD5
934381fa9c1dd198e03b1079f977cea4

SHA1
87062714cb6c60c854aafc4685df38b49374edff

SHA256
57ba55a1b06afd44fad22a02466a6073af0ef8d52a1d4b7b62fc3cef23a15ad6

SHA512
bf824b429795341b61d2fc1c508b21aa0c8d0f79f9841551eb4fd2c9007c17323cc54a2450fdc026b493cd039982be1db4f0f2983d18717504345228aa40c67a

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
71KB

MD5
8b52ca3fc4cfc5eae3453a2de2e8ad0d

SHA1
16c4269ca9fe5f3c82f654fe744b2e93881b6070

SHA256
7e8f6dd1d42cb53b0b6a0f9e11b6944efd4cc45e87d0543dc3038a407f91bdb0

SHA512
8d665e146637fbd0cf37de3b2d4962b9f4d08fcab04ebbba5649fe912d0a6d6e1a8584a9dc6dca6f5ac070a244d8b30c8b409856c876e5828f5b39138b3ad63f

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
81KB

MD5
8b8e812c1cbb19ef0a91074582a3e782

SHA1
0190ecab71183fa54625d8dd77c475a090e8a7c1

SHA256
8088e57e2f8f90ff8622ae630e38b60a691bee969dd6411604a2bfa7c7116f3a

SHA512
3306df8ae7b5ac28cd27c8b79fde3093ffa8e337157d6834f8530a0daede4deb9fb59b149c40da773f10d8e4c7e3dce531f445e77a363fedfdb71a159404cbfc

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
67KB

MD5
d54fe9a7e032141bd2785641d43fb292

SHA1
446fbb7605edd427eb502839b5379f2325b80f42

SHA256
82b7ed7806379cb4ef05feb6f6ba8c0f28dbb1254e70551a6d2aeaa3ad3f0cea

SHA512
a500b2d96cd7521c2eb4d69e97dcba8b499a656930585c600574ddabdb9dcb47d14f208e56a59598d70949a6b4470c494c03053039210b572c7aeecfeb9ebe37

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
74KB

MD5
5b36468b0a9a00c9c0c12d81ba31ccb6

SHA1
20f90a0335e8679b1bd8b5422ae192c5035d55fb

SHA256
9d5605b1b14270e4d3c5b2d7ab9cfdb0bd585741395ef5892cbf54b716dbe439

SHA512
3cef97ea71c383805d0b742973c06b796528ae4f5e4623cb49f8eb8d3091b8ea7e8561b930dea9cb9bffa8cef4941a90d2a8b85201466afa6edea8aec357b0ec

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
70KB

MD5
56280b3db0caabc0e6d815cbad345b5e

SHA1
dade8e0533ee0f6d82d9fabad28f9e65a5a545f0

SHA256
b68c9e30778615db89e73bb0eac6da866d94580653995f07ad0b9575ecdc038d

SHA512
e96a4411197123fe86bb58ec102acdc108b06a971facb4400ee3b4f0404a77e223f0d09c5084132668cddf55efda21d762b731e85fc2816e1cbb7e7087110d6a

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
61KB

MD5
dccf6431641098d3d745e33bea0b70e8

SHA1
15ab3ed91446d5e806aedfafd9d537ca37fa73e5

SHA256
32ab2d1a4af1a4f75068322d2bc97565982dbfe48d3d2258e4326ee07854f3d3

SHA512
319eb1eede38e690b826c9a82bed6f6b5f394bd8d48f572d980d91b635bc89886b10ad6a25c4aa237f210ee375d7f101b8a06ea43aea7215b89958bd853d02f9

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
76KB

MD5
89050b37dbf43ca842da7e23ad844cfc

SHA1
b1a8b5c0a774f8fae215239b458fac5db85177bb

SHA256
d44cfebba513812b6cae364ac3c66f8f2fd9388fbba6bbba045b5bfee36ebb20

SHA512
69c499cf21660a5a0113de4fa84181374ae14a05e8bd657412cd6c23fb91a05af3b6be81b2235ec827543bec42f766f4e628f682131b74cba6f1cfd6e2d4025d

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
71KB

MD5
b21d59edbb990e9888c63f5434a569ca

SHA1
e4ff5e9421aaa17c80b16be570ab25edaa473c5c

SHA256
68f42adb33106dc134aaa1805787b1f94aae91bc98c6914ddc2d6de19e6c5125

SHA512
9740c94f4845cb18b839a5e0059b492ca0c1b9128ad3727813b18609d0366c3815e096a965fa4ec0067c467284195aa609fe7e1307d6caf1582da52999e47e77

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
80KB

MD5
b6134915e94126b00a615c4bdd72dd5e

SHA1
01aa60409e20b377b7ae1f58acbc069081ed0b54

SHA256
cecc0c4c4dc36dded81b99824a8d12294ed4caa94af4c0252e5ad9f5fe6c6f8b

SHA512
ab7958265b6bab030ada869257d9720ba228b6e3991ee1d3453e2f852dcfbb2718c22842a0e938e46d91e1832964e118df5cc22197dfd2327cd3edc2589cca2a

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
80KB

MD5
4630bc95a09df422acc21561c3bcfc8b

SHA1
83998cc1f01a5bac8214c2b196d13ee560a0ef75

SHA256
c4ce1a96192a4d35b2a2aed315862c980eef6a41da5a9a40c8c614ec42ef3949

SHA512
02719354be68f3395742b790cd9f05a367f403f2f1922295d41be4529787ef8d8c8e690419b63d250042849ccda17cd780f847ce993fd9099a452658167b5def

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
80KB

MD5
f340c85cc886c92509b928b540a91b22

SHA1
81f56d1c1f2759ad4572728524a08c98a551e862

SHA256
5330f7ea87ba0760c4607001a6905d68da60ae7f0ded1d78a7acff54168fa751

SHA512
d6d502ac34fafeb84db8e9f895619034d55a0d2bc5876ff0de1ea57a886ceca8d978a3ff4786b6fc06193f17ac959917afe6325dc90b1869c4d015989274a7e5

Download Submit
C:\Program Files\7-Zip\Lang\sq.txt.tmp

Filesize
61KB

MD5
244fd57ab1446aab08cc2c5155a15d27

SHA1
f71e77fb4015036e2f609379a7714115ca68748e

SHA256
30870b1364a6fe80cd061c53cf50abf8a7f72770a16eb52b70d7a1389ba90609

SHA512
a04b0d15015a399d1995fb6a7dc8f982dcfba1fea8625eb33d15228a77b2b1211ebf07dca68e4a2da8c2e7a8b191c6dc4cf53e0f50badc8aadd570c60b39c365

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
61KB

MD5
814b3d11daa8e3695754ad4d05b1062d

SHA1
1b906c7b2cf926a3715a1df1f2c9d2c4f081b647

SHA256
26e3c38dcce71417eed6193599462d69b335c381f7ceb5cd4b8a3d3af2de513d

SHA512
822663acc90132b2dfbfc24521f0bd26c930020a9d60aa538ed886d48271555ee6d0af8e189504c9c5ff61fd1134018a6ee3cd556eaa9a3e975ee1d81bc2e926

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp

Filesize
76KB

MD5
eaae9cc58a5bcec30cb8c1f216db6011

SHA1
8354b9b35b059961f745980fd7027a4b009d9228

SHA256
961300272e837bb2594c0193e4199a39599acf064b34688ec0972f3c4777ee36

SHA512
65463f44b9611326f3aafbbadaebd45f0a2c23d7b5090fc575d8e4751bd5ec86af2ca83a11d63ed592deef0d0c729806614ec941eee12daf6c6d4853d3652752

Download Submit
C:\Users\Admin\AppData\Local\Temp\_cup.exe.ignore.exe

Filesize
61KB

MD5
4a25a30990dac611ffd14bf2533b387e

SHA1
1b457715685c9d35628d24573faf2198925f6c0c

SHA256
7f4c367da7e5c40b66c2799c0e2b9c42cf5557aa8d144b4b4e4f3d7b746892be

SHA512
ba0aa600bdcd584a2f2ffdb53e850f537332a29b28c4adea886d125a094d90751bb73c2b4c5c71f230b174e997c15c488412efa6c07fbae4d097bbd4ab43f7ec

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
61KB

MD5
c8ba6cc35503a9019da46b4669439bc9

SHA1
0b5b4be273e1d43070b68f3a6ff9d6624fee5fe9

SHA256
f48cad3530a05fe81046d3483db24dde6f8608cb75434b71ed258af84e4d2c37

SHA512
642a63d4e660265ad70a69101feff1aa6d459a22a69b4b160322c7b8b6b9c6980fed356a05f1e3e00d8c081bcf79b557b81d068a06a649cd959bca60ed86d95f

Download Submit