0183662c0a46bcb6bb08b0f26d8fbc37da6d09cc567f2017acf7c1ea95852c3f

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfd21d8568ef13b12846c971c60bf790N.exe
Size

198KB
MD5

bfd21d8568ef13b12846c971c60bf790
SHA1

4091f0064e2f4688c132f0edccee10fab8a08b50
SHA256

0183662c0a46bcb6bb08b0f26d8fbc37da6d09cc567f2017acf7c1ea95852c3f
SHA512

62abd414259454a9c5a8e4fd472cff45bf1cf9be5b1f03afde90d477feeae709089c145c1c9736452c79970654169b05f2828496a99007372b7c95409b57fe19
SSDEEP

6144:RqKvb0CYJ973e+eKZOf7fZqKvb0CYJ973e+eKZOf7fa:vvbxYX7ZIvbxYX7Z5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4538) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3212	_resource.xml.exe
2184	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	bfd21d8568ef13b12846c971c60bf790N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	bfd21d8568ef13b12846c971c60bf790N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	_resource.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\DisconnectEdit.docx.tmp	_resource.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	_resource.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt.tmp	_resource.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\libEGL.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	_resource.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	_resource.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	_resource.xml.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	_resource.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	_resource.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt.tmp	_resource.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	_resource.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp	_resource.xml.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ms.pak.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_resource.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_resource.xml.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bfd21d8568ef13b12846c971c60bf790N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 3212	4052	bfd21d8568ef13b12846c971c60bf790N.exe	84
PID 4052 wrote to memory of 3212	4052	bfd21d8568ef13b12846c971c60bf790N.exe	84
PID 4052 wrote to memory of 3212	4052	bfd21d8568ef13b12846c971c60bf790N.exe	84
PID 4052 wrote to memory of 2184	4052	bfd21d8568ef13b12846c971c60bf790N.exe	85
PID 4052 wrote to memory of 2184	4052	bfd21d8568ef13b12846c971c60bf790N.exe	85
PID 4052 wrote to memory of 2184	4052	bfd21d8568ef13b12846c971c60bf790N.exe	85

C:\Users\Admin\AppData\Local\Temp\bfd21d8568ef13b12846c971c60bf790N.exe
"C:\Users\Admin\AppData\Local\Temp\bfd21d8568ef13b12846c971c60bf790N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Users\Admin\AppData\Local\Temp\_resource.xml.exe
  "_resource.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3212
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.exe

Filesize
100KB

MD5
4976a1dc8a91870dbe228feb7f4e1a1f

SHA1
86cb52d909144f425f155753f89eeed069edbb66

SHA256
4006dd58dbde8adc4609e8aa3fc15f9c9cf70e4900cfb816f46975a2d510ac3a

SHA512
a521863fe09e1b4455827e4dd63937ecc9da8c7adb543d8811a0d8a1eece8d33c125c85f9676a7b37d7560f407edd38ef5a7babcb535f0e836767d6f888766f6

Download Submit
C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.exe.tmp

Filesize
198KB

MD5
bfcce94d78eed766250b4f97d09ea1f6

SHA1
1dc1ce4c656b2e887b1b1ba1008ac8d9f4ac3d1a

SHA256
bb7c612851aa895b8d171843690575fbe7e14280a3b6b038261b873251c18ca7

SHA512
0f3eac4361768e818de2f65d77199950abc2f55db5f3875c55e76303f35e931e77d341be9c2887d2dc74328ef1c34d10fac48887cc9e13bce5f3bcadcec0f0ce

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
213KB

MD5
cb7ef440c0079de27ee10deb2760adc0

SHA1
8b38040d6519fb7128738328d7f27cb28e37dac6

SHA256
f4bd57f9ebbe7937fa4dda533a180067f39fb8ffe89ab8084da0d73bf39acb09

SHA512
a2958abd56191eed742d01faeab5ab7f950a9245715857c7cf502bf73975678a72505911464160a3b0a0a4d4cd4e7e453928aeea35227fb4d6996f415cc6993c

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
165KB

MD5
2596fafde1ef6e20d7ad86a2155cb306

SHA1
00dfb4eb328390bb774306e88f9b24155a5660f1

SHA256
780eb5c5a7fdc291b543b6edadc608b2e5b384f1d9981d71c27a064a4d98bee6

SHA512
8f7387e1c714805adf7f882c358040198af30fe328a4e26407e41d350a2d956aa7b3979fcab691ca10678aee748100143cf3e08a585e84b351650f6645b6099e

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.9MB

MD5
cf3ea406b077d3b327af8de3ed0f2389

SHA1
3dc4f693219018df9e209edf482e555ed44892b6

SHA256
abcea58f9829b97bb7cbf46b9b1961232bad37035d48779534fccc9fe1698b57

SHA512
fe568e57ef5149ac23c6b705ccf98a98b7c939b730eceff4008fdf17cab2b56bf225f62792519c66f008e4fd83d5dfdba2f9a3c829ee22e379cc02d362060a42

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
310KB

MD5
0276505bf1f82435faa6e6cea636cded

SHA1
4520b7d85daab8fa374ba3a5e039c8f81f44cef5

SHA256
83b4d8a8fbef6d20cb77117eb88986086e1f96094431576290bd34e2072f4531

SHA512
b1c9dbf80012c4df9e652303fd7f2bd1cad6430d37215ae248c75a150c37cf300a214b90427d2123175ceb25ae75f1dec8b1761b5afb33b33a654c92906b691d

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
784KB

MD5
761523ed8a350cbe2aa09154956b6bda

SHA1
39a29660baa6f1c41ae86eb411004518e0884c63

SHA256
5a6f5b7fd3ce0d95b4f5f3b633ca643aa3ec4c1eb9335520a1a2b4491b691f1c

SHA512
3e3787358c45d1b6c819093f62400c1d5edd55168e83301e502a0aace03e8809bd5ffb5c2a4686be396604b93d108f92c707c5b926eb2c0ee2a54fdd8df65b05

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
110KB

MD5
65388f1a596bc42e31631d5c5aca610d

SHA1
79f4ab8497f8bebff49d9a7ec29b84a3d9a7a78b

SHA256
c39a8ff962414249a487f5e7e8e93acc4721f970de46c2a1e9d03c9d588a6b97

SHA512
ab3e54f2d0eac7d11a01e96e8a25f5cb669f8154f13c8a378514e264c262e353b104126accdba1df287e1212830380157da0c1fca5af3441eb752066f0858643

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
113KB

MD5
4d180b3324bf0ff36cc3a05a15faac44

SHA1
7c2a03bd8c88ebff29e8d3995e7288186dfa7d65

SHA256
be80ece79c9c3d0e67390a8af931704315936e7c030d0fbda921ab2566687475

SHA512
93bc0daeaa7c352b8f42e0bb60c592fb87c81c0800cd13dcd856331d2c21f89204d7709b832c2f21c0721995bb88c64e8c48b072cc97bc428cfb96c0a882bc57

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
105KB

MD5
b0ab13078d2c3e30312f9d38134445c7

SHA1
63921ef90cfca3dd6449478a3a3081aa06cfe8ba

SHA256
8009add9e23068876cb2e9ba376c5d4720277f46810ce53dce9f2405c81866f3

SHA512
e994932ff0547cac9a09b5b6be3bfa2f8082b356904db75aec6b282f7aac69e2e7c60a4fa779addf6ad9ac87ff390fce65dbfa2f99358188b1f5da92aaec7ef7

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
111KB

MD5
0d1e89c37ac58730080a2630e6eb8c89

SHA1
9130fe7179f43505bd10a7015e74835a22775321

SHA256
1b3b4cc6de52c478f68ee54b6f86e6aa9d7607dc39500cc90f4a0e13ae1b4b86

SHA512
3e69c4527f45ac2aefaefc4a3c130cf4e2f019c7ec1fec6abfb288ef00c6442a20eb199e0a9f73b840b2522e11cb554384c0756bc0d2358fc9ec003732a7bfc3

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
112KB

MD5
8f2b2067084ab032ffb4deb867dafdf1

SHA1
b44c27d187dfff2eddfd066844c6254970b36815

SHA256
8d5e1e180b23db5a20ba65f18d7c12fd092a0ad783315a2eabc89cdc0d7e10fe

SHA512
186faa96a49faf9b6f619c5a26fcd02ae5ad811c554a835f00cd6b9e39cff48d166c156570f571bdfff269ef5b62b7b4a993c04864e674822c7c88b0e8a0e443

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
113KB

MD5
73836043041447db6d33ebd832ac48c9

SHA1
11fd8857b02ec8c430ed8ec745b170698abf1355

SHA256
ef721f1af42d05a9687c67bd52fe5c63b31e32c5934ba838e8ad57ba1cf1ccdc

SHA512
f2152abae5cb362073cfed2a46e7a685c537af0fd662ad14446bc9a8b85fe68b24d893a2c04af0b1aa020a7974a65be4c8bbb2edb0e81d24d180226fbdbfac1b

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
115KB

MD5
a502390a59f5dcdd364e42167cc1113e

SHA1
6c2c38fa667c516fc98a889f0bd46002c3c40029

SHA256
430392aed1de20f99431cfa1c2f0068da57eaffe7b2af546f433a2d40baf792a

SHA512
5481ac5ed1928527eeeba92735e475967d96072d579ab804e78b8ede11037c96f8e7f37a7235ce407ca2468f3004c52de86d23b4eb2529ea6edef11b3d27de0e

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
105KB

MD5
868ef48475db8d2e9b12cc9863858838

SHA1
e56d769b89fc057ef7589a7f8d43c7dffbe195e8

SHA256
967f0fb9cf4f3abf013935fab38f1fa0adf907502862cfd7469948dec64a88d3

SHA512
ac25a93e45b18786521b9013e0ef5ad1f251460c59e6d99a9386086f807ed8b7e1da7248b19bc61e07d36887d7d210fc9db562433989fe99bea5909b3544cf92

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
109KB

MD5
e581e97952f8ab918dc72f1efa78723c

SHA1
5bef0d4d8970aea87140ce2434b0a0d2036489b6

SHA256
2ca85526d7c06a9c8287a5cb78c8296ad7c0c7861199b08ad8ee5fcaf72b36ee

SHA512
1c2d2132f9737ca9ae56e07ed5ee3ca460b8f36e72c1e00569cb0566158603f49136178e5c38f810445b784c93e990c87379b4f865d8196026b0ba488b31020f

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
106KB

MD5
7e55305832c30ef92503acec43eb2932

SHA1
ef00e4af415dff6f5e9948f39ecf7dfb1ee8087a

SHA256
d9e5046f6fd42b238ff8f2614cf6cd089b77f3dc56cfda4b6383c2732d3a95c8

SHA512
79e98c387de00ece6968f9b58eae0c82d36ea477c7d4b92ab1450cb5a5dc75ce6d69d89d3b939b7f6c53cd9dd1fff7423ae9ec0baaa777b7fd3617b6ea4a76b7

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
103KB

MD5
9f1127fffb5d28fe4e74584b25d86a08

SHA1
1e93c5aa68019d4f514f831c247800e21f1f732d

SHA256
c978744883ab7092349761ed9c4830972cc6de613fa9d64dff26300e36f09731

SHA512
4218f0ee2a6b1df5254d435572be3a3e30e378ff1324130e414c5a72ca8763d1592b711e8ed70302f583ef2bf318251155e5c8d3ebefea2d92e351cc95cf541e

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
106KB

MD5
93db50cb2722670ff569f5744765669e

SHA1
5543268a88920f74b819f9588bb744207f1a1a07

SHA256
4339b8b2c18b6ce774f560370c144b5e4074aa2130c593986e80dca4c9087fbe

SHA512
8b8d11068f2c700fc0a8228327c150c7f695b23c448ae2258e3aa9a9b8fa8ad9ac35db29c36629c2d46baa29e5569a12f4a8c8ee5383d616b40f4b7d504cd75f

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
107KB

MD5
72613011b4e4287a81d95b346a00ff80

SHA1
4848fee5342c21a90aa9b212bfef0a851be00506

SHA256
1a28216f461dfcb5446183d20f1198e0791678f89a9c7ddc080b8ebc919d4853

SHA512
c55bf9a1333b1987d4b530732c6a48007cad5e97f1abf33dddf61db0574c4845314c02db610ff30bf8d4747624ad2e5c5ecd4326c3508eba295d58a7ee75baa7

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
103KB

MD5
cd60c136346ab33a605a1a6cdfe5d89c

SHA1
40cc3432c1621886c3ff1466b87cdcf5090b3fd3

SHA256
ef6601cec6900a94993c69f594c5014bd4de23358d17e54f9f5eb876fd55a5ad

SHA512
0c7b5500f7f9280cd4cf384c9a7ccc19e5d253c32e51fe38bfc38d16ec11ff737f26bf53814844acc5f67d78dc6879036865c4ef14b2fe4141f842cd1e5297f6

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
110KB

MD5
b74cae04b30b8ca76330294d90fc6d00

SHA1
9e76a6e2d4f8fae7409b5a6ab807bcfa830bc637

SHA256
0f3302d8ecec2377edd303526b3960acda4d1793b42cfa367c71bfdc555989b2

SHA512
fe84c9495523685424d409372ff744ef01d4a75f8f2f4ea876ba539861237ac7bfe507b65a4a22f9956f1db89bb1fa74ff465a8f49fc9166737d045b3f608bf4

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
104KB

MD5
4ae11b5bb43fc0909a09e265f0a3a466

SHA1
01beb57da3a327a62e7fc5e3307df66ee54bf525

SHA256
d8ff36b19694351eb5ee28640d1d4d9540a3a845b6788addfeab684a559273ed

SHA512
b483d3c2d71dac83b564f870b4be1acfbc98351beb4fdea21057fde60162bffd9615e9223b4f364d950043da6214747cb4d5e92c2756298783193491cbd3a5be

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
106KB

MD5
f76293ba752942b0213553a82d0629fd

SHA1
202e753b38fa22d065bd3583601651c24e1c34c2

SHA256
da02f18bd2b06685ab8486954daab18fadc6f813404b640d1282b0f283c297ff

SHA512
fef0ba8781271d444c4211e1c4df350455a373eebb4e4364f63ca6eeb011d3a7303feec7e6c1acea780a8ce4043cd9f5090b19014794ff346ecb8fd1e088ee36

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
108KB

MD5
1eb3b069f572ce53d1ee2c655bc659a5

SHA1
3ee9534bb1f3af3e28e7c456f2908ecce39b160a

SHA256
ccfaa208b973f248b79268c7b3199766bc745bdad08d2bdebb8ce121c6c1910a

SHA512
530a8f09aeb04aed56c4063709dd303e7f7a1208a5cbb840d75e69ae79ec8ddf1dd08fd786962fe4be912fcdf38f378f4d3cd48ff5087a2e3bb0e1176ad160eb

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
114KB

MD5
55504fd8fa483bc8c5bb67de1bbb1584

SHA1
8a50f0df2b70dc1cfae92ad5d3f153308ab0a913

SHA256
68fbacd7d31276edee93b83484f7479419ab71b0c7689450f6643c6f0349afda

SHA512
5e4d464db7b98518816d606ea0ed1d2b2958a87e6fa1d42a68294729eb4dbf1e7f1faf4ff915717ba4e032242235d6ae05e47d94376afcd0b9da2f30abc1ca22

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
110KB

MD5
448cf539330f029a2c2e18f87958e823

SHA1
4c6cd34ddadafb4264978ffad493bbec4f284510

SHA256
cafde9fad2c2eb96ae618e6991b10b12b8c151f194046db6348bfa47ce0f4900

SHA512
4b15282b9db7b524870ff9547fe4ac2db68a190dba9efdcae2450416ae9b3212e36c8e6d66b579c95326a3a007687008b07e0c593d7ca5f022508e511357e8e2

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
106KB

MD5
d1dd2dda3baf89c81aaee456644843fe

SHA1
cf5a6d0574fac4407522e0fe0420842ca9f022de

SHA256
7afca6f722baf3950c77b7a9fd6842d0ec231cbe186843346dc689c4b681d28b

SHA512
272a2418672cee5bc1021466d949d33118ca6cb0ea6f125ec085ff20c09bbf73b9316305c4a2c8e108cbd34e04e99f6ab42fef8aab5449a36a5adc8be1ef63f7

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
106KB

MD5
f8e3539e7810f2980fdf6698b6f48c60

SHA1
42c4b61a0aaa38384100b23829deba346d67eec7

SHA256
336fc523f7ac7bfa023cf1ecc07e1c6079c25314db0097700e7c3c92223f017d

SHA512
20bf29fc50bb1ba8df5d090f22b02d885f498281bd263eb75abd3532f81fe3288a1e81e87f97f3f646bb7541c405678d62f737b554bba61fed6faafa68bb237e

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
110KB

MD5
a344918ba69cb0a03d66389781134307

SHA1
957aa175558cc48ce3e145e2b4df6391b70115d4

SHA256
eb50756822b2876db17747971fb293c46d90605ee66d251273c1189cb3c95d15

SHA512
c70033698dcd68c5fec707a35045d2a7f2d88cb6e4c415a9e93fb0e38d897c5864a09ecadaa8c0c25dc2605d09d398fb10cd751e453f9298e68ace259181e916

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
117KB

MD5
84437ce457cebcb6f4a92ef0856db34c

SHA1
cd4c001d15e4e34f1aa533aa6777e5468b3e19d5

SHA256
bc21b5dc9d4045e9351e1d702e4f64e00681b55b80c0f2e150f6240bd54ada6e

SHA512
9f340a35e63896e4032437fbedc0ee8da4027a4e715c56e95c7ae858116c635913e05bac7111597f9970c4be061df162cdb5499f30f5e463f7a04220842ce7c2

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
111KB

MD5
c5607486b277d1241799ca2ec3192b14

SHA1
7cb4a8541883a6c95d93a1fafdb677a24f6af322

SHA256
3cdacad1ea3d3f020ced01f30c5701015d949c778cf20dd778b8d455ecf05f50

SHA512
01f6a2c5db91281006e99a27ffb8f6b2863cdbc08622138a03a05b901eb09fa942e2c723e0e91d2530a4c5c6269894392172448f255996f646bcc9c6fd4831a0

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
115KB

MD5
731e62073b3485883cc435b11319972b

SHA1
71bca3ddc6558474399b6b4b5889e733b31d6eea

SHA256
6a7c06f8b85944431cfea828118f70b1fdbe857d48b4668bdb018e1662a439e5

SHA512
6b3bcaa6ead152385ca91ba5c4cf924eae68a2c064e37f9b673cf3656251509d2d1066a7d373d0c708b95a9628deb11c8769ae4f4103d240a058ac7662e45a75

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
106KB

MD5
c2a93a8a3d75b46e8348e8310b9efffd

SHA1
5571bc085e40811c6fdf3fc157420985e21d2bd4

SHA256
6d723040ee31d5ab5ff0f957990644aabbe8c7aa22a29fe23f7729ffe5326cf5

SHA512
c92d1b60cf84923bbb25a4a408aff0420deb9990fbf1e876cf696dca4100919ab23dba4778063ffc7db4dba3d8d5e9ab213fefe19f3e017d34139a8bcd90ceb8

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
107KB

MD5
bbeb9925cb4feb74c2dd01627b183508

SHA1
e46cb64db7165aba007f402c830f600d76c0c40b

SHA256
d88266f5644ea47770ffe6b44c603a3fc503de621d467b3b22068cfb3e7da1db

SHA512
e690e0fd9b79b3b8d3b0858c00950141bcd190c9d9f28b223b5456f606c980d47bebdf3c045ebd4b1c940be732066d97e7a24b7b76d67dee92ee2824afc7f280

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
111KB

MD5
f2ec91a18ffc7bc4704c8b2ebd64b35b

SHA1
9df60c72d633b5082260fbe3203531e5a1042551

SHA256
81b39677e1d807edb05aab2242db23fe8b3313747f89f5cbd2f12905d608487d

SHA512
f12718949298e5f5c0eba94e877b08cc086fd4b2f3a6e2270affa5c503f0186096fbc74a33ce36c8bfef1030e7a56aee0a1a46f74d85f603bcd7064b112de6a7

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
107KB

MD5
b34c9fc7c5849589a00aa028572b8f53

SHA1
848b40e2c617b95ea69dbe4814f4bdbe33910631

SHA256
b2f20e331dd72357e58654c54a3d26fd8fc4992e5dc4b6f4bf4d2fa3a2cd4c16

SHA512
f46aa65388db1ff1f92ed417cd2a81419b1f01df10956996f86930f08a6dea920ae4e46456b4ee03a5b462c6c1eefd64f72fd9c3e1873f372d895d35f6393a6d

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
107KB

MD5
f17c7d206c612140f2b709dd1c6a89a7

SHA1
55ad4cff3bd60742c489feeae6b780739d0932c9

SHA256
7c84a212d3a29311e5aba26d32e8c5deaec22b631c1097fe9bc31a5c6bb91c9b

SHA512
ca265b16ab6f58ab97b89f46f6a05153093a11d70c021f5259eb84781e530960a29ef9cb17af28c0ab106364390dad06510e3733dc14cd119d972bc814ec3497

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
109KB

MD5
6ad6d34408fa47810ae2697b829d7983

SHA1
1523e7bfe2a76badf10c1155217877dc6aead0bb

SHA256
57e608bfc026673ae59ea68d4622d1f952e07fd7b6cf5f6e8ee787c53596eb91

SHA512
afa374258ca26a7d47b9fc0cdb30aa9470ed3c5d0239fb3e5da0dd694cd06564ecce0752358e0249c229b82dd64ab9f9693728a2e4c512b031572b6d7c425e88

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
115KB

MD5
5295cb8a775ea3758f1c5f00e813e8a9

SHA1
c2e8904ce51569fcec1f9f5d1ca7fbef6a33b268

SHA256
9aadb25f63523df5408fccbdc3ab0fd09414ee967a01c8b43c577128b05724a8

SHA512
cd8ab38d66ff6914a60dde26efb01d4aeeab3396bb859f1235744a6a829500392c083b67149dab171c2e3e4834f11064fecb6cd0332fbdcf376897b938616f5a

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
105KB

MD5
0d332d10c4e7265198fb3d1faf872c92

SHA1
0139460c43ea89e8679edea06622bc4a8e285828

SHA256
1851bf8152b895e5f16b95e96f553cab524019fa1091a421ab67a3d737c7ca9c

SHA512
14d0758413d947aee43ccd75057205a604fad97e3a6ac2562f20e26c2d97dbb8d55c4a88d7db722945a323d3d5d7aef008b4ae92a000c6c33ba5858915b04b0d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
111KB

MD5
2477591b58c1487683d97b47a417f95d

SHA1
7b19f96b6c40e399994d885ce0bb37357716451d

SHA256
746a68b17df084835bd2a269932e7e18e1a4fe618b00a03fe5aa8383f01625fb

SHA512
e93053c46c707f37557384807f4642ebca2d7063aabf0f3b7f521a61833f794f55ec6d756276ffae956fd8edf9db2868965cd448cd5850893db4867f7570b16d

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
111KB

MD5
baa968bd3a4da5a7aa544be255fba952

SHA1
ecf87621263b935af882dff7f2bb992b9a2e794a

SHA256
1f88de504348117532413ba5cf5eb08a9bb9796d608c507c704d6801a743ca7a

SHA512
32cbf1b84fd504ceb05b134f09c221cf62cd6c41e133a85775afd668d4a1e168102cb3099d6420e552f41e0ad741c30e5f0a7ca13d8c0b3b510fd35a2a6c6960

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
110KB

MD5
c79f45cb0d15217457eb57a42f421a2c

SHA1
3f66ab99288fa814f8dc0c677beb3a927201d42a

SHA256
a91a464cad55299101cadbd1dbd9b460fab420848f25b93aff93e1f242132a54

SHA512
10d3cedd150b424106460a22e9cc2bf1883f75640d68bb6976f234ee7a09fdba06dfdd192074efd6bac321be9518895a9ecc5fbec085944abecef7abdf609637

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
110KB

MD5
de94c2243e62813ceb6c9e19aade8559

SHA1
74190cda26c484cfcce8746941f42e324e48a56d

SHA256
473ec06d27d9773df9aa3f657c3a900cc2006c80db2bd796c46fdcb3993c560b

SHA512
382f9f6e316083b70c4abbdcdaf5f25627113083d1e71276a730b20293f98bd9047d8365c084096e753c34c55067482650e9228359f7c6b93435652db5341277

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
103KB

MD5
ba26d96459ea5a835e5438332bc348f4

SHA1
eab1ee0240a049f5d3b61283552dd46d1d7f3975

SHA256
99b7810cbf1f32fc60ae9ac0470acfb99ecd32797a9e69f795c90e6a5bd73e7d

SHA512
73a3c5f646fa28df1f6fd028343905ff0df216b20c6cc75a2ad3cf3a47016188937aceb820b0901b09fa8eaddbc13e1efc5aba106c55675996309556c1de1b81

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
112KB

MD5
58421fdbca627d41069e774f7e70d0ed

SHA1
bd8fed69ac407a1b9fa7b6aca31769fef1f9376d

SHA256
4939e60331c8533df88ef8fba40b2620b9a4cc8050dcaca567f461bf1e9535db

SHA512
3dbd769d002ca63156d654766c5589e21e02ffb644b1e92b331a756c913bd3a59e759f21ca2b6bf2572000537eb096165af7bc17bcaa52ae57350834fe47b36f

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
105KB

MD5
ce2a95af1c6ac830dbf83586dcf2e20b

SHA1
82f3ebaf83b2af76269661772e1b4f41e478ecc6

SHA256
f97c651d736f17a185c6f42a12d62dedecc88b2fd372c4e438bcbc01aa78c6c5

SHA512
3a00e8716debc27525c201104a61034bfd2601642538fce6d9a5496e3fdb7b349e3aceaf079c6825d4f72e95e11a8a9c50412e32c02904aafbf806d134f9621d

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
107KB

MD5
792410f62700e6fe398c27bb4fef87af

SHA1
f458dddc060e055ea22c7f3b39de349889212765

SHA256
844790ce0418edffb3f95a1977b91e970f6520fe9c8445e02dd58b72abb4bfba

SHA512
8742d70deaeca3a32afd7f713ae7273d64942dcb3c2bcb61547323bb3026560b96e98e34d5f18355745f9ff12828b34d8c14623ee61a4e94064fa1009d1f9350

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
103KB

MD5
25ab8fd7462e4b7cdc3339c9a9bb6b23

SHA1
7b02203e84a4fccb28fbda845e5564b54778377a

SHA256
4dabad578b7c6d1a4ae855bd8852993cff02d22eb62587b254850d0e0f436c5a

SHA512
ec12fddc727d13473aa07378d92a90eb27cfc3c0922796dfe56c43a9cd24b2ce985d65eeae06704ee447805be280ba63270fd484ceca1e772b1f433d077de733

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
106KB

MD5
b5a714511f09df203c44924fc2feb1bc

SHA1
ed0ffca706ebbf1d0c9b9e91a3005b04376c2077

SHA256
95bad1c028cce9c508343f73d5e40bfe14a7f906aeff7f99c335539b36c83940

SHA512
ff3bdfc0abbceea5de3f4173776ba37e1c7e0f652d861a84c5c43e235e2e320521a1fd82e6837ad64f8c31e1516fb97b30b3fa253bdd86411e8dad3fdc5ff7ff

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
106KB

MD5
eb8bc372a189eeaccfc96782176cd65f

SHA1
d1ed4fe0cfb5a10e694371f8ac217bff0837bf12

SHA256
11ff2c87308fa93d4600da42a9a59f6d92cf2a69b5a1e57f2cd3ca71847be155

SHA512
ec36ad707a62ad85a97006f443e13b6a12e128a775c1030c0b1a3202b22c02032af9bb566d787eb764b3d9cc7f5018bc8efbe2c942142c5bbb7854ef248d3197

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp

Filesize
109KB

MD5
0d40ae7014d01c315da52e9d60c1fd7b

SHA1
0eb24878e4aa201c3b33b11e8ad5ad0bb523a2a0

SHA256
7286c8b880d364a7e8bce4116e81f6733b646b2c1fbfb35831c218c4b4fa8a61

SHA512
a87bf77decd964453f97882721337a7f8dc7baff72fecb07460a2d65533f0e4a8fd41543e2645f3e65178372b274cf0448d644a0714c6c396e448b9d5f50c52f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_resource.xml.exe

Filesize
100KB

MD5
8799ea099275a57da3e578ce78cfa500

SHA1
e2441bf9381f2ca7c335e7ccca54f79519be3555

SHA256
16c4e81c1c4f7d008435bc5303c57ae1a3c53e73d43b2e9284cf5628e6f24e19

SHA512
a00a57c528683fb2febc3943a74dfdf54d2a082dec49e99e61c4369b67e6128bd8bfdd6c810125df6bc015eaf08f36a0e4ffa9e09a93e78be323c5d78d19e1ad

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
97KB

MD5
598f2d33f5af140b32611d48d39534b8

SHA1
0095cf95309a40f46ef4baceab3d6e0a9077c2bf

SHA256
d40a431fbc97ccc3a0f6f3a47ee5ee5db478b0d6ed300c750edf8bc3821ed526

SHA512
cfe122ab864232006764698c66edfb0a3fdab4c88b670291513545b5ec850ff694ede31a7a8c3e83589d9737a3d899f5460c2c98b24906b3be1dad16ac7a4d57

Download Submit