48c4b320ae02a0f410c904114f390c26b6010be35e5f6a025de607cdd01c4274

Analysis

max time kernel
119s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

385988b2bea0cb6064970d35b4eb4390N.exe
Size

85KB
MD5

385988b2bea0cb6064970d35b4eb4390
SHA1

d8bb37f9fac32165bcfd176f0cefdd35ab573539
SHA256

48c4b320ae02a0f410c904114f390c26b6010be35e5f6a025de607cdd01c4274
SHA512

106817db122ca291c80576c1f33fd2b9c241dc6ea09fa695b662ace68ffda4e660437d0d706a7478f90c81efed9956e6e3c344bad9c64614e4a1c8f22c29b222
SSDEEP

768:W7BlpppARFbhbt7Y7wTCIofQOiJfofQOiJw7BlpppARFbhbt7Y7wTCIofQOiJfoP:W7ZppApqH/7ZppApqHH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4689) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2468	_UpdateCspStore.xml.exe
1916	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	385988b2bea0cb6064970d35b4eb4390N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	385988b2bea0cb6064970d35b4eb4390N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\mojo_core.dll.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\libEGL.dll.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fa.pak.tmp	_UpdateCspStore.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	_UpdateCspStore.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	385988b2bea0cb6064970d35b4eb4390N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_UpdateCspStore.xml.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2468	1944	385988b2bea0cb6064970d35b4eb4390N.exe	82
PID 1944 wrote to memory of 2468	1944	385988b2bea0cb6064970d35b4eb4390N.exe	82
PID 1944 wrote to memory of 2468	1944	385988b2bea0cb6064970d35b4eb4390N.exe	82
PID 1944 wrote to memory of 1916	1944	385988b2bea0cb6064970d35b4eb4390N.exe	81
PID 1944 wrote to memory of 1916	1944	385988b2bea0cb6064970d35b4eb4390N.exe	81
PID 1944 wrote to memory of 1916	1944	385988b2bea0cb6064970d35b4eb4390N.exe	81

C:\Users\Admin\AppData\Local\Temp\385988b2bea0cb6064970d35b4eb4390N.exe
"C:\Users\Admin\AppData\Local\Temp\385988b2bea0cb6064970d35b4eb4390N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1916
- C:\Users\Admin\AppData\Local\Temp\_UpdateCspStore.xml.exe
  "_UpdateCspStore.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.exe.tmp

Filesize
85KB

MD5
fb3e5ea9c2cb613183f510893d52100f

SHA1
638541c100d736a6e48cf233920ade70fc64fe8f

SHA256
7d8ab2c1cbacadd27163f55fb01ff7e8ec1084aad22178a18e4bed070332f616

SHA512
78c626b5e76afcbbe5a6bc98d60d6e044f431de22beb89ef61baec983dabadd918ea385115a027ee841ee7b29a3831371fa6adbfc6c75e76bc91ba982ac249be

Download Submit
C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

Filesize
43KB

MD5
9d868076eaee0b919f74c2950b4a1cad

SHA1
e69249667490627e9a8e64354cecbacb44d0d90b

SHA256
fe60eeff552e680911999686a49de216c083f22472e5cce032ce9811aaeea2f0

SHA512
e88c7bd241e2332235dd8e8fa6b9194e86e94907ea9361949b35ea4694171884af4d54024644ba7c7e632bb3f2a9677cda92f82ffb9721300432a1439ff696b5

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
155KB

MD5
acadd1084436429504e506988497cb8b

SHA1
b15a5f14286069e08c08e7409b082b0ea46dd6bd

SHA256
c31312df86bdf45fa40de77d991499f3665eb63c3c6564822bfffc763bcaa05d

SHA512
38e5995ea35ad25a7b9f3b720d4591379e54a179bae16ee17cd685735d9f5d3c4c2e1681b4c59162517b067597d94fd5a476227eb59d6aedaa4b35fcd03006e8

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
107KB

MD5
6f122a5a5d58ae238b702465023ef721

SHA1
18cdef66f5fd2f71bbea815d860f909185e590ae

SHA256
2b1363d0f5b2a7e9beee5d857a89f891631d70dd1328e30f50deee638c181db1

SHA512
973ea1c6719ab409163328d11d2868c536b0b0242dfc4d93ee48cac221dc2c382fcc634d6920b0ccdfaf66b8ee5575fdfc04d2f9a51bcaa51b957c1ad1795468

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
586KB

MD5
9fd5e8d5b289c29d4cbf68ddbc358fd6

SHA1
1794299c7fdb753125795f48f0a1481a069b4f6a

SHA256
ed66e81ba043434e2f649721664af852e9c0065b272c03111ee47c5e2512f0b3

SHA512
cdaf1a4bf0e298e3268fb8bdca0577720fde14f01b6719e58d5bdc1700fae3a161743bf0fdc43d95971a9248ebdac07b1269a142b30708577883a98f48cbb651

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
252KB

MD5
1f1b3d08b2d88cc68e90f11fada4088d

SHA1
fcaed687c6f3a7b31b806fbb510f2cf6592e9fbb

SHA256
11adcf01fb73729fb7f182171fdd8b89acb84633803b63f0383f20e8a56da70f

SHA512
987fc19785de49728cd6be8d1381e4c3c76ddd0b5e83b3fd97f8e6f2058571ec58bf33a03c87cc21740cf650e8d3b83526e63031d2f9f6d177ebeaa18279b0c6

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
973KB

MD5
174571cf8c5e51c720cbd02f307bd89a

SHA1
11c16f4b65b7c7fc72e65dc10c11c7bf634c3673

SHA256
9c5c9a0713d758d672511683619f26fc4bd61012c7c92c280d76e46eb4a66da8

SHA512
fa610ec5a875a43edb18ee922b48ee9c96aa66e251949934684a579660aa04097620f40d3f418e632e8fef08eba700bc7ef0ddbc0ec2e776e409afb6a62a0e64

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
726KB

MD5
0cf9870bdefd06b549b4b35df75c1312

SHA1
06fa3b4eba89fc28f481168705b03d7645a7d118

SHA256
fb357639c21b18ef20227cfa9f6a8997357edabac6a19e6cd84860395c070777

SHA512
54b95c9288119abdaefa24c1e8cf2618b487f7b78f35ec21753a5bbdee5fbac56d6c50f6358588ec867ab65f567f867b499b19c7bcafcf72e992e02c02ad0704

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
99KB

MD5
52d44d0d1135b62f16641ee5f07f27af

SHA1
3b809c36403b12b34c6afc6b40bfd1a31ab72150

SHA256
47d9819026b9a28d89137bfd71d10dc62a26079a4198500d74aa0c35e75f05b1

SHA512
27bd6749e9dee274aedad5f8126974a92151842fbb75123271f4676422422622b7b60d6c22b18bd62249fd5500e20e7d7b7e0ce2256c77adcb3121808b811bd7

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
50KB

MD5
0eb54b2519243fc088e5b8e31d58bded

SHA1
b625e874232deb78772b7b22ebe49393efbe7791

SHA256
0036b521d875cfbd633f1f8f60132c048119fad7e1ce30ee20f8d55e0ac9b629

SHA512
6fff43103114886522a560c68b5ce4c54dde53fad8ed4da1b7f146d91e6f9ae0e2533d41477a6836492937d7a3175c0b4e6ac52f56169af469cc0ce98292ca9d

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
47KB

MD5
81cc05cf93649972fa6afb1998c6f0d9

SHA1
fee2d339bee8b27d6356539b7366583568f71a92

SHA256
a72108cec0075c490781fbf2346c8c36840346201fdd850197dd22718aff0bde

SHA512
c39aac3a7eb745ee5d1f70cf86f7f185eef0afedc760eec811706892620cd1121a31350fe06879590f4539c4a4cf7ecfd17ea62663c00ec63c49a8492f0a6c52

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
52KB

MD5
b4f4e83a015d06f99decbb2757a2e2fd

SHA1
4feef55b93090ad638d23e56b21a168963155261

SHA256
53bdd4adb4d9563eaea6fc8fbe3a55ca17eb9dcbb99e3216d8a7f07d8bbc628c

SHA512
2241fb0e583b23b91c5ed20db0d55d049622f390021661815a2412a945bba91d606fa6dba78accbe2cb4cc819fd07dc02fd0ef6f6cf0ab45dd67433c09d06910

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
55KB

MD5
9a3263366667ecdb8031271434988472

SHA1
5353e1b600fcaf576b1cfba4bfb6b1755a2f9bb2

SHA256
e089ccfce31113ea68e00e39bcdb609039b07c08fc5fee73a946c54cbc9cd739

SHA512
795f45331f3289815fe6c6e889ddcb8ddab1eea61343005e652b4cf895f4676281046e2922ae2d150565ff27084136def136013ade853d942f58f49a0e4eaee7

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
57KB

MD5
5deb7aae509559c3c3e6bd1618de315c

SHA1
00cd2f8f6d11b81067f4ec963265360b3572a5cd

SHA256
7c3b7cc8102f23a209cee7b25945e52e7b2405d22e9e096665fa49f1d49e10cb

SHA512
d5ea86ebf6744905ab6ce5c0b3fc67bfec92cb2545eb53e3b3697d48f8ce16f072a83f323bf1812d1f40060ebf398b9a34d8d16f3eddaeb6148d27a9f8302b3b

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
47KB

MD5
c649cb6a6ff9bbc3ba614e62f5b0cffa

SHA1
8b0a1b48f4ffdef3b46a0c34b0fd7ffaf5f10d07

SHA256
31f5e390bdce26c7b810a404aeea12715f2c58b394ee9f8a5f9f8b73d95e1443

SHA512
90c640684f42d5a296e6ea41f5e4012f7caf6f4699631f7072a75343e0a08299de36901d98f4077245496dfb88c104accc458167b612161507c7810076a29617

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
51KB

MD5
f68114848fbca468f4a50e15ebeaf85c

SHA1
70a2ea7c5aeb1b6c613f701d21a516d865bf4c02

SHA256
e96e0e0f56ccb25f1123dea2befdf67596fc73633d3b4b6728bd6620cece5fb4

SHA512
f877574e86df66e63bad91e0607a98029eec336b19e3080d66c8d9fb06761514d211274d206014ab076f53d729a6fd852b6c48fd09b9d2d15e76b5bd15f92bb2

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
53KB

MD5
5e75ac319fe88506fd5266f1cf75076d

SHA1
94d67c1b2f507cd5d2bd55e43c3a4d47e2c4c0fa

SHA256
73a308ecbbbc4c19d7f2ed41f7184b988baf722371691cab76c545c8f7ff6f6d

SHA512
dbd1ce16c0725cfd52ecd6073e4515c1355840d7735d864869312fa4dfd160d39708ba7ddc6def6c124bf918a7a1f146081278fbe3e637fd489a73a5004b2234

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
51KB

MD5
619c360b5487fcf65ffb78af9b387d31

SHA1
10d90d14e14954a1f2fc73bbcb92454bbcbb31e4

SHA256
f12fd8c9042d1ebe0391b7f092ca49c9c2c8fbddac71128dd758b42683a9fa15

SHA512
2d8974f085441f7d0452fa4707ec48e262b5a4e15ef689a41a3fb4550e165e0a4d5cb48b2a0eceee230f326da36916a48a538d82854fc97fb7cf11453d1304a4

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
47KB

MD5
cec626ad718ac8cf712fbf4c177ae71c

SHA1
99b89b1018c6512ee3fbe1a959b1aaedd5a725f7

SHA256
ddd08c6c9a492114b6c313574a9b734546fbfafb07e26fb23614c9708936cb1b

SHA512
774ca650311b00a6bb3a8af9e66d8ce9e13ca81c77ee881511988f5c611b794e9d78980325e8b78f9e70414a3481bfa74a01c92de84aa71ead2df36787701caa

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
50KB

MD5
9b2382cfc4b4e568175928255aa5d5ab

SHA1
55fcf2e6de3b81f7679f1e0bc9db4483677db85e

SHA256
ea8dc0fc79d39a83fb16d3fec8edb4262d8281be7c205abfa1ff9e6fbb8b4af0

SHA512
83e51a56158898a02f75dcc0a2deec0259c397e4c918858e82a4f340cffe1e11028995f7b86f5cb82cb8dc3ea777ff982608d0abb783d3c852568a53783f5ca1

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
47KB

MD5
2c991db6d8b15681603fd90f8a81c110

SHA1
05dab485198da95dfe2894330bd99c984123a10b

SHA256
001514ef3d5c925b924dc05b5b2f13ba6b87df7dfbf123b12e4635ca0032b69c

SHA512
b4fa8f67de94b9d92cd12c8f93c9e97c926e75d3d211443725333ae0723d690f4d61a6c4682187d63a00ba4f38105caeec44dfa764c1f82e23aa4afe86d56faf

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
52KB

MD5
b15e7a3bca76a0dfe56dd889d329f6d6

SHA1
2f0bfd7c88654a5673d3c2123fb6767bd81efb44

SHA256
e3efebc6575228715e58308f6b71d9b8f8c8b5f17e1b46fdf05f0916dae466bb

SHA512
5f8fc08f2a53a9ac436ab0338ee18c8aab974a6b5f12b5235af7ad62158848c3f405aaccf6bda2e627981099dad061e3c8fd46947e2598db1a0c0aac807ce785

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
49KB

MD5
376630678a6c711cbaecf4efd345631a

SHA1
2cd3a9caec8375b3e4882851140db7e4d9abd0f7

SHA256
8326d58ba7a1481687a2a8d4a4170887791914e849241a2b5536267b13f5596f

SHA512
b8f47a7850ea4b80bbe29daecc935753fe98c87ae6c5754a5f549eef6868e498d7d2f4c39af561b5878e15db8f899655f4cd42b13e5bfcdb88f4b1bebb17fff6

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
51KB

MD5
abb2933379b50adb357165102d4bc15a

SHA1
d597d0bbd790a4ad195f9934c9f8b5bbacefb14e

SHA256
5f3c58d70c5788c0b79de5bd87c301a985028dec117dde774a59971e275d1288

SHA512
0a9a9ae95a2bd109fd649abcea3dccea2308fde86100886f0d6317916cfcceed2309572febfcae7cf33cfe5749be0e8b4df419eb555f3c08aa12162b116cc966

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
50KB

MD5
9337f3ed0999e925038571af16ab2c08

SHA1
92ad28fc181caa0d8a67c3ecd734aa662ab089d8

SHA256
29e301d880a40bb5f31dff67a392c2175e5ad1deb72bba075db11829b9fec805

SHA512
755db5783ec567606fbe87fed08ebe5961d98a7c386d56ea02a2a1df4444b273fd716efc3b842732bd9d9ea79acc48776c59d06275a2864fae8c260292db7592

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
56KB

MD5
df8e4161959e196497628a5ccd54f427

SHA1
0a44a110d778c3755e207c2f9cbf3d413633f24a

SHA256
a2ffbaeb8ecbb55d9d8aeb1c55567ad43f02207923fe0eb290fe7604e37efb13

SHA512
5400184c0a4f953e02582cbc35829d9784740857e7c133782341537a12883c6209b77e35f2216c5d5dabab1650a18d79c0a78db334c8b43f7b886c397f2ee018

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
51KB

MD5
e6d3941d4e9292be935837a2ef44b524

SHA1
de7d725e9eb7d233dc46c3accc7cd0f4e1f5464f

SHA256
3068315e6c90604d677f5ed50ded060917927b17bd4eadee57b2444b255de564

SHA512
de662960540a868639f1eaa3e39eafe8df88c6afd363c55dec5e7000d52a5063197d142405e80f24211c88c2dc474e8f91d70720d5493fe0e5208636577f96d4

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
52KB

MD5
dfea2b939418af106aee3921d3d690c7

SHA1
17cbadfd95a3cba3ae4e8ed064810d3e33ffacf0

SHA256
b00bf7af62f2bddb6f0855658ce57cdfe360f06bf0065a0f626c0d96a3586960

SHA512
4b10168e5c2e8b422a65e3288030ac07c9cc6d6b2bbc374af53db0c0c26153f17629516c6fb0dec3b9faf45c14083af1892dc4b0634bd89fa89570dcc8023e3c

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
50KB

MD5
4997e46bd578d776c3b201276e257c3a

SHA1
8d2f04cd56cdec1879565d1cd03facfad2e2b750

SHA256
42364a756d3c58c28bada1a63b93f2dcffbef00383302ebd13be24687656c6bf

SHA512
638e94f32759127fb0d283118a7271a8b5b108d42b124638a7ff42a997e42148ecaaf6ea93dd9ba11a551bb33880cb26d74c6bdb175c73997392a7a1203236d9

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
49KB

MD5
4dae00c5e3ad4a0d1577a52be4891abb

SHA1
547790c7e9e73514df64ea40f15248f34c6d110f

SHA256
a4ed0dfe64f04a88d177f6507a6348a22fd7d3e563302e5b0afeb1ad22141fb7

SHA512
7757fc703da79ac6f2e78383a3916a56313a39706e4216bff114d66fda610f3cf1810b972ef54d77b30326ce82cba679e8fdc1d5b663a204a057ad53f1a1d7ed

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
50KB

MD5
5061f21b0d2562f2ce0f425fad7e3d3d

SHA1
d7eebea231cf23270e208a5bccf57b054a498101

SHA256
15f94246f90d8b191a770fe30041d2a8c011deb97debae1542b022487285c3f6

SHA512
f9b96f1900fbc70698413d32bb0f611e74d37871f1d979d03e29ba6d210ab7e0b31c0aab7649adc3177b07c45caba9fd6b92284cca8bd3200267f2c583a8ca7a

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
52KB

MD5
1d8dde3da373a5a39290622c2f1d37be

SHA1
61c8daf11a2d502fa061b8b1c90920424b356ef1

SHA256
adc460f0e9475070fa6942b7b0fe1c459059d376accbdc222c97632a602a4ac2

SHA512
20e550ffcfe304a0ae2eda438a16127ed785e5c7fc8e9d3f0894c5b84f17f4189e3ff5d70926fec967702b538dc3d185b63b674fa8ef6cad1b98fd210833d6d1

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
60KB

MD5
e6d6f96c33471d2e2cfd91310366be85

SHA1
944e8b8773c9959c950da1c815ed7eb8bbd962e0

SHA256
a2a8977d84349adfd43124e63dfacb4cf30480ba45abe2ac23f71a1c542d88e5

SHA512
dc7b2069753d8ead1705c90663cc9cd79ec473bc09358ea7a8cbd2c9011d77490be87f497199b742db85024965fb1117d8a006374a1850cfafc6c7223312e291

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
53KB

MD5
9ad2fa870145b2c1e9b9a41859cf8600

SHA1
77805c878dcf11e933f4d790c3b318e8ed920223

SHA256
cb4700ba245b06cd3e0b309f501facdac308f8da2bfdf9c1fa6e3ca64b616610

SHA512
ac2d9dcd0950fc87f5d17bbcc288d37ffc15d12ee0debd4a6d26d3a144a8f4c48411e035a5eb2150131f8687623b1c087dc0f478f8a1c8680a36e184c3938825

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
60KB

MD5
0d11f6bcba3d5d5d04311492da5ab60a

SHA1
94d963b1187b794e6ddc5ebe7d5293cdf65010b4

SHA256
f899ad354a452b41161366e2bd76d448e5b6d98e4f793dc3d441a75163ad139f

SHA512
21745949764307b3cf31587423d494f902f595a0fc013e85fd03c0a49cf7b089e9b1ec4cb02f838a6e07b05a9b77a7408e49d8c338c5f2ba85623aadca82cd18

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
42KB

MD5
3548ecc7a7bd1fa5cf2d79d0018dcf73

SHA1
1e2eea729da28a7765913c02649d9d77cb98d343

SHA256
bc5ef6878611347df832de6f102d05105b9a533809d790b908aec650f602a720

SHA512
62830313617f67c5c73c2c4cf3fce227cff11a4617f18ddd5fee6460783d232a11dc5539692275a5179d015e7dadbd3c2e6c5d5706e416803b50669034f30c98

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
52KB

MD5
f0f7a4cfe007827388ae78daeb09b85e

SHA1
59f7ae253f0b6a0439f063acfdb3df623c05815a

SHA256
3a7c2061b7404ee455cc4bbedd96b43a84e74ce3efc51bde5ac6c910c3e985c7

SHA512
6509d2a65dde674f82d8ddf31478d3ef163b92ed44edb1e4dc2f1e372f9794924a92227cdc326db7e2a704e3eb1cb8ed4cb05ca2c4a9cf6e050b459dd7ea0476

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
51KB

MD5
77e69fc0d780901b331ae8f3c4a756c5

SHA1
d3a26dfa032ac4d068c2b1fe47eec69f1cf01fbc

SHA256
a45f081fe17b41e4b8c367dbd40eaeb97c24aa1efe5aa7608586ff19d461eeba

SHA512
ac40c66ec1da755ef85b1ab70daeac0c06bdc7d42a06f6f54497fa81f254cd62a138d02336e5ae72f0b5b45580e33cbf4ee4a0819d5f7f2f1fd40ee9e37c9387

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
52KB

MD5
cf721096abfb045a5b2049c60a1785e1

SHA1
1668a65b18c69b04976fccb1c69bb13d7bd1199b

SHA256
c5934d300ef14e202fd011f3e37c92f5e236c8a9382b2a3d8e428ce967bb7703

SHA512
2ad347c199dd1613da51844080253283492eae92953b85297e092fb78e84466a1e6e66811ef6c07c3c7bb89bbd499f42528e3bc34d62b55b7a8a7ebdd8b35dcf

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
51KB

MD5
61a399b7b66c62e6e4c46d4cdb335f16

SHA1
2d948325a855f1a2ca585938070de5c7d8257e36

SHA256
be281688b528215848ca07aadca7013e42a6a99335627826fcdd97ac45d164ce

SHA512
f241491339afe2e5c7b958a4e91fc5bbbb4819a30ce19ee6b23b4aa8358310525b925147cacb946e42c7e889d1fd7a1c1eb566990f8293f4b33ab406d00cc72c

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
54KB

MD5
4494ed5b4d9f3ea3ff12cd281e4b3621

SHA1
cb2356ad9fb0b6a69620295191ccfe9ea3c35200

SHA256
428034e0fea766c4463bbe85af5bef7de3ff2ee8912b62bb9fa745d62871c57a

SHA512
0d9f246bb4b20f40c907917c7f13e597450b14d6342d236c1bdcc60a3b7ff728ae362e462536bae9eea14aa8316100fdefa4bc7fc08b749ee3cd661789b155db

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
50KB

MD5
e1b13af89c4c5bf9c502ca39b6524d1a

SHA1
e181e39c297ee6771977081fdd849f9032d4547d

SHA256
0f2a5e8ace5557d6f604752f290aeecb29c950ed1116b41b9cee5caa43758f1c

SHA512
8a3d3321fecc8e5e3fa46855ecf3cdd07d366eafc5ef86d88aefecf1d14bddcedcc97ad9c0b8e48bf5a21e543eae060b544582d34c9d32415af2b1c465114f6f

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
51KB

MD5
ec88da3190b242491412df606e927874

SHA1
323c5f1b9662d907a7aa5ccbba5bbc2ae5f895c2

SHA256
a3d28d003f25d59f42031b29a6fa381c16aab987c3d1ee4f4b8af58c7c0493cf

SHA512
a8b750764c97bd27faa02ed0065dd53b6e1e4364e9b15925ff80cd9c2a44308d92e7d21d1870da74d51e5255552a7f8227ff5c41f6b57b0e6ce926fda728415c

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
53KB

MD5
5d44d5cce04e15e4005f0240d7b5d7c3

SHA1
461fdfcd285a273ce444d3c4cfe095cab7906792

SHA256
0907ac0e7447c5b4f43e08bd02b8def8f19caf0febc30693fcdf39d3abcf9d8f

SHA512
24015d41aa47183104185c8dcf3c1511b3204999d67458bc4d17368e0f40113454a2ff03ba1c8d3a7c655140ba0e94f4f3ce2bb91b9e2c6b32e6a2a6ee862ceb

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
52KB

MD5
798c3893343b7545c4a8614f19dbbdf3

SHA1
76fe4cb1e5bfd5f63ed2034fdedf40ac6d4621c2

SHA256
a62295cd1c0f48139f8568958c6a250abb81b6cf1b5145220407404ce156c21f

SHA512
8d43552cb7d5fa59bc387b8f2bf173c72c7a3c9e589c6636a1c78b0a4f5d7c32b3bfd30bcecd4e2a8733f7eaacb70b8f6f6fdbec4b3fd8a3d276a0e4ec22e434

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
48KB

MD5
063d5d3e774ff0bf47456d77683dfff0

SHA1
4a6fe1d4279225c63dd93ecf4ad1c2f207220d0b

SHA256
fb2cbd3057cc41953bdf668e39decb293c9fde1766d67f3c6a13a7c24da4776b

SHA512
f94d8cb1d694d92b97dbbbc75ae59c40f6f5a15e4a7b68dde9fb359ae7613fa9aabd8cbcea9eebdbde36ac52e7fbcdfff539358f5350b05c872e718d7d0f49d9

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
54KB

MD5
0b5227248d69b987e8582adfbb25a6fb

SHA1
d5f00e43e6d85b45051fe29e91c626d5fcae04cc

SHA256
1bb70ba1d67cb257ae0a20d7fabdd35ea12592098adfbcd87bbe00c935434ab0

SHA512
25ad3dc1862c5b61ef8af25dbb67f9575c5097ed3d1cedad96abb3890278e284fa35517f7e661396da270186380bbe5ee1595e906b384ccad17e12987068e66c

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
42KB

MD5
47127b4f69f2cccfa1ebcaeaa33f7e3e

SHA1
ad57cbd5a2d8c644dc60573a4b7fab0b27343031

SHA256
736a87b853eba9c7df4cd36608bea4f36f15cb0c1f1f480bc5f644667ea49698

SHA512
22f2e796360be47fa93030a368514040fcb03c27ea0c592580a542ac6d6c7ac1c40a4b00f121c6b27441f72d32c56cb70bdecf9e570fb91a207b1c88aeeefce7

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
52KB

MD5
57059995ca617eefa785e8ee14ceb823

SHA1
d407c0ee91f8ab6f6ecd83e52456ae8ca74c44db

SHA256
7af7107fcc6479ca2685ee5dff5c6ecf1711eddb76bd79cffec4032384aabe29

SHA512
2c145f1ad7be98c292a0cd57efd41d4fed61d825a355a504df49112963c96c3eaea530ada380c653d2ad430f9ca2448e6520cff220fd28792f46f3a65403f357

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
48KB

MD5
6d83fbefb73e9421cab71df2a35c9dd2

SHA1
3fb3d7b9e6c0dea450985398bb77a34fc296b8c0

SHA256
aa7d4d9f8249a0bb0241a665185726d08c6c42f54162c5617ed812cd1f0eda36

SHA512
a1d7bd09fa51ff86782925d3782ed4538bbebf1d2f58aa879be32a94f3f1d43208e6c6b524663810b82f930bfbded38cd634014ae0712fa8e30068b91618bdef

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
51KB

MD5
39a1d0b10f2515a42e7352db4b6feb18

SHA1
cafc23f2ab2bcf750e494ff796a3a743e3811ad1

SHA256
7c7f56ad20b875a16dae05a0c10857121b911806ff01aa8e07bdbcb45f312876

SHA512
9e81bf6b9f015974863ae6015e8489364d4c7ef51bdcbcc6ae5542f5d5d99ac7161b033ba7e78ae87fe812e7f915b4cbdaeaded61e7ab54dd8e3df12bf7a4bf9

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp

Filesize
54KB

MD5
3367aa3dd4080fb1f063a32b64558c55

SHA1
a9a7cc8f468d572363a307bb3cef35cc5ec4c56a

SHA256
d439cc96fbf034ab4034522539f9ec48c3de490e716b003391d10d72f0260772

SHA512
266a8a871ffa75fbef63247f53af271ff5387e54a3fdee2bae49d3c60e61ff370b1eeacfc9ee3d9a7ad950b7f57494da3b4cf2d442169b57fcb8fef2a3b78833

Download Submit
C:\Users\Admin\AppData\Local\Temp\_UpdateCspStore.xml.exe

Filesize
42KB

MD5
0d07fcbac9230ec69daf11d548e946e2

SHA1
c740c47ed6f18e09edb03eb2035b4872c9359d08

SHA256
ff1395cf1d728b4ea3fd85e292499b4f85eefb1c8109905686453e42d72482ea

SHA512
23ac3f7aa106d19c87cc8b45d62dec4e7a52d2cf8b4b4780d214c9e10562ed93cf8d05e88192bbc900c4805114635c074ead5564d374f62275a57d09bf12c814

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
42KB

MD5
eda873492616f6fc989700d8404ee1f6

SHA1
40a1c259ddc05f07f4e24deaf38ab16949bcdb3f

SHA256
0aba0ef35c30e9b081c68f642d6afade84c54fcbabd0c6a3c834a2f886af6421

SHA512
ea738ca144c0ed9017ef9e2488af3f6d4b8cea53d10fab7a32d34aa3fc8127bb7c3990b69060a96b7d2cec1ca206368a13edd4e6c4c655cad72f420e216696ee

Download Submit