f119fb0cb4795ac52c50158223303dbfe4e757bfd60a104f2960d64e46bb3008

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46d1dfa4470666860701e0ca560f4f60N.exe
Size

116KB
MD5

46d1dfa4470666860701e0ca560f4f60
SHA1

ee0fb335bd49ad963355ab6c1f0f5c0433222861
SHA256

f119fb0cb4795ac52c50158223303dbfe4e757bfd60a104f2960d64e46bb3008
SHA512

4b17444e472a49b591cae8890a1aeb22700d0380ef41af4987fa09f5d58f118a9457787fd60a730ca4ca919528f6a29bcdfb108032b55ecae09d533c051edc82
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxM7ZppApBULcfpHLcfpX2/Nw/Nwmx5:6pWpBwchcV2WxMpWpBwchcV2Wx5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4348) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
852	Zombie.exe
208	_MicrosoftLync2013Win32.xml.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	46d1dfa4470666860701e0ca560f4f60N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	46d1dfa4470666860701e0ca560f4f60N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoDev.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\libEGL.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	_MicrosoftLync2013Win32.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	_MicrosoftLync2013Win32.xml.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46d1dfa4470666860701e0ca560f4f60N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_MicrosoftLync2013Win32.xml.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 852	4352	46d1dfa4470666860701e0ca560f4f60N.exe	83
PID 4352 wrote to memory of 852	4352	46d1dfa4470666860701e0ca560f4f60N.exe	83
PID 4352 wrote to memory of 852	4352	46d1dfa4470666860701e0ca560f4f60N.exe	83
PID 4352 wrote to memory of 208	4352	46d1dfa4470666860701e0ca560f4f60N.exe	84
PID 4352 wrote to memory of 208	4352	46d1dfa4470666860701e0ca560f4f60N.exe	84
PID 4352 wrote to memory of 208	4352	46d1dfa4470666860701e0ca560f4f60N.exe	84

C:\Users\Admin\AppData\Local\Temp\46d1dfa4470666860701e0ca560f4f60N.exe
"C:\Users\Admin\AppData\Local\Temp\46d1dfa4470666860701e0ca560f4f60N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:852
- C:\Users\Admin\AppData\Local\Temp\_MicrosoftLync2013Win32.xml.exe
  "_MicrosoftLync2013Win32.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

Filesize
55KB

MD5
6185e26c32e67be07912090928892062

SHA1
0a4694f75d5b9c94f58afee38ed84e636aca2066

SHA256
c4247196893ce8fc45560da44fcc700fd80c0386cc3cc4d157a5eddfcf3e4a6c

SHA512
23982773ec91a9a2eb05111fa42a20fbdd20c42bbc4fddb4c122569f406a91acd9f5b6b46cef670ca2182e0f5eba938d584bda748726bf3b347ee9f99df1779c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
168KB

MD5
2c4fc43119cf4072e975986f7468ea31

SHA1
545f590a4882eace2974bb3e9cb7bbe02c63b904

SHA256
b64afaf3722473c7e5df4868d25ebebb7b4af569faae0e962a3a93aab55c851a

SHA512
376f4ba53bfadc71e3fdccdf34c3d1a0862cadede6e79f1a551235a1b28542ba7fa5ed8713d30838562300982c58475bbc13ade9d206d6870c898e01e4e04a1e

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
e7b0b1ab45a7a61001ebd6d08e1da977

SHA1
0bbde9196fa95a0086f82e3a6cc7bfd2d874257c

SHA256
ef7da7b05d075ad924162dc28307143db8647825de54cf8065490e512cfec7f5

SHA512
c468c6c3f20d98cbbeabb25966de1ad0f2a2f4cceb853e2b84589a5f1835e91348dea640ceb7c07759bbcb4c12cdd969a33bde274eabce37253b9d4fe84e6c46

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
605KB

MD5
e0fe95df3f962c4423ad2598021dafcf

SHA1
c5a78607f00fefae748964154e1a8513fbf8ca06

SHA256
06786bbefadf7a909428dcf16d40635893e654f1f23221e25b8dad8a68180dcd

SHA512
d10d9d4a7b801b08efd8d0faf3d6c215e505b41be7e97a45fdc56b894f6b949bd9c98c26eb79cf03447ce71fd479f6fb933e10717247ba73888bbc79b20ec103

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
249KB

MD5
86d20927babf96976187cb7b6220934c

SHA1
a4af1aaf2dcd1009f2fcd3a367bbe6cfdf364f4f

SHA256
3e6b84955412e7314603babbfb64b4daee8fe2949b48ca2eb34b92c897de13e9

SHA512
bdeb6f715dbcf8cbbec766da36b28aa4f8a951494f31bf481b058b100c1448ce34085ce9622e83da29ed84ce4b21ddfa552d0b0abd8b8d80865c5b13146f092f

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
991KB

MD5
fd6e3370a2da95c2c8c0251dc3a86ba2

SHA1
2b961441999ad34a6a4d93cb7b997f646c8836ac

SHA256
ebe9f117a8c194e70b3623c43384375c697551855fed54b938a3ea209687b8f7

SHA512
d2c931e91d9af9130f74cd8f9ec700892b04e4102072ae228edb2bed333c5d718ea626df81f9e1b2240eb08cb21e7685e0b71852816771052bdf5c571a8cc1d0

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
745KB

MD5
34e62e70c965d82027520e2f149fd84a

SHA1
0d372f64f8e4fc58368155115d45b6bdfb311330

SHA256
30569eb20e77172fef54a33af196499fbf4145c7e2fb0556aefe36c00499ee2c

SHA512
6ad7cbf8b118ea2f759ff966dae6a755df73c1514b97197d7ff312999a5c41470447508f702c65077e5d2c60521bcedd5b06982dbe2430c66b96388ea909f098

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
118KB

MD5
31012760205db9701809f19336a58e17

SHA1
4e8f0dfb8b05523652a38bd806c2f5a7f9a4f758

SHA256
7f4f0aceadada88070b8c02e1cdad5664a27dde9a9fba7734a2e716e469c7ef9

SHA512
9c2674cb511a22a0fda677cefc7930975e023ca6a74f8095c2e3bf3b2b3acf07e950fe1ec5570df2c358b76bcd5b2772316dc13c37f96814c29f8b6b13aead01

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
71KB

MD5
6deaea2df1e6546e770f825e3d901e40

SHA1
23d9f87bac45112f1e6a4c0ca5648fa55ea3a9d6

SHA256
315414518ae3b2c3ff560c6b27812c11286e10d0565e082dc02a25315ec623d8

SHA512
40c6873043ec5406d30dc583f38d449e12eebe015e3d78a9f9a59dd4541ce1f73336af39fa30a17b411708e8bc25d23a8e8c407a638272db8975e55d1db0cc94

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
63KB

MD5
6c96fab2be31564ba2cc38a9891de5a0

SHA1
c1f1c2344f841e71b2c3b7922dbcb30fd2c9d8ec

SHA256
dca257ce169dab62fe0fc5d4f30e1c85390d62f8813d03c2d27725e9f845cef6

SHA512
620421a921b1c932487585cda57c20ce81215676e58a7923f05680b4d2f52a9555fd7b4feed2eb3bd77dee5fc876f920040646da78cef15646a453dd10f6a365

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
68KB

MD5
9042cb90104ec056a10a59e7fa20500f

SHA1
79c435bf693a5bc2c87dedd23c0102bcea9403e3

SHA256
179279b01324bca030de18c6c3522f9cf9a791a9af44d211a9cc15d9d6548152

SHA512
39e7aa7b80e00f02744d6bb9be0fef6e05b2f898a45d46329fbaac0a49a41fd8343a26a0ddcd157804a8d1713ce6e24e631b8fda1b31351832b9dc3c6c3b5876

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
61KB

MD5
f41902e8c0bf1579e13ac58c09cdd443

SHA1
716d11cc98f9c2d8c1d9f066689764bf80462b84

SHA256
142038d5059c332cbd857a47ad926dc6f6b8f0d33c6c6f48df838f3658407913

SHA512
0bf513f106a724a2c927ab51bbd1cafaabfaf64c07e11dff8aef8d147121d3ad38b675dac0f5ac42e6adca9087ca9309096bc198edba8ac73586dddb9a670578

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
72KB

MD5
39045aba73b6b16dea7db43a282d2e12

SHA1
e021a7d3bbab6d84de33c2c31247fa04efcae288

SHA256
53fea6e16a0072cd96a6c53939301ec4bd4701ab43ec9a71401cab5e072a5457

SHA512
20a6acff00c6ae3a6162fd6cbdb4f6a15c2d5a76334a46dda83880f5593f53ca858321ebd5d8e831b40c13bba3e15846d3d5f82f88988ece100bf44b4e02aca9

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
74KB

MD5
4657c3ea602c7e9b342bdf778ab7a25c

SHA1
d37a459910325735eefc82f14f116dd62abb6c12

SHA256
fafe4b1aaa74c6a21b242ba64683955deeef85c278cb828028641d571ed5cea5

SHA512
16cbcad8b876f5447c987c93fd8343c33bde9754006f62fafeaf1d926594e515f63f5e1ad09b4d8a2d5ac50f9fb67af9fc83b8aaf80b0699a6256d846585dba0

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
75KB

MD5
74964bb15a22336a6dbf4d65b09bc1cb

SHA1
8afc8e2e7b1cf42710f65e428110490507380250

SHA256
80fb8493e73d71dac2252f5a88709d1cc69c359941325d59fe1ccdb54b553743

SHA512
becb2196bf739f6df8411f585f4315de5007fdbbea7a9e918d72128b0bb1c0141801fee7492e4f7c5734f81196e834a75e0e8c1e11d1897c431dccaffcace7ff

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
66KB

MD5
1e2c91967cc933d78c2209078a0eedc5

SHA1
07e37fb636f7a008bd9552875a00b65ef29551e7

SHA256
3ebffbe8bc210150b8dd4402c8d23a1949e1cec69d2df4fe3c371cd5fbabc2ed

SHA512
706d35c32942b091fd908a66c5c956956b04b23b49fd722dc18a3a3a6c287c9d5c57780d2d530cc0d2ba7af93f5256e2ee94a579f31c6c20bcedb34bf9467c4c

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
68KB

MD5
a928cd14943d1d796dd3259ae93962ee

SHA1
c8ee5074bb03f76bd8aa1e89dffb59d99601ed2d

SHA256
5ac41ca91a61bf89a0b48b9d86a24063921a7d1d0a5a920c98b9f33f18bb01bc

SHA512
84b373ddb39d75ae6693d2c079e17dcec9ac29d51c3f1220c1dc708ce703f78d3385dc5631add38189eb2db4b5b02e124e9a4af04fb8b70ab4ee1e2bc2c4caa0

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
66KB

MD5
a6214d7dfb0573881db9c3d9bb4c3864

SHA1
50e319498287a41f7082fc94466405e55222993f

SHA256
288ae0b81520aba3976b83baa7a9bbec683f0f8705b77136064c6c0fd9c9299c

SHA512
b6ff3e5933ad5ba69e9c3aaed35da9cc4340820fe03947a250976cf0f4325f8932b5b5ed34de5fd60b3506abf9aea9bbe52507fdb545ba69a57fae4a7750e3f2

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
71KB

MD5
20cf47b35bdf54bbd19088fa0bd720cc

SHA1
1e1ed07a40e8be6902975dd242c0544d09a4e90f

SHA256
1614e73be85c46866204fab8085ac6bbf957bf1591abeb099e2884e74315d821

SHA512
b2f6450bc2b2365fdcfe44c535d49b203f77f495f679cd40d62d2a458e103ae7a92a85648d54ff6bb72ee9ad2f25fda482552b6a8ac81dcaf80b26c82adbead2

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
52KB

MD5
eaf34b16af2dd36569fdb9c13b4a9e14

SHA1
ff39a7e2359de841b2cac66df68f5327c4d820f2

SHA256
b57385d219ac0f5798388e58582e0736fb8a96cc43ff99dfaa3843fe7e26843c

SHA512
ef3fec4adb588464ebc11c9f285d68f23c4943ab115659cdb9384e583dc8f733cc98ce2ef82b83b41ddb7a51cc70d1685168df4e0eae85870cffd99b7892e830

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
68KB

MD5
2cd3582b09e8d0bf55fe4cae680b6c3f

SHA1
8b76eb99c53811d9c981900b45faae8b00123f66

SHA256
178bffaee4ced07c1a924b9c3bcb96641547ba70594a97cadf9a362446784f53

SHA512
b2f2424a3dcb3692e53907d7e6d8b06c482af241e07f475dac74c76c979f62fa222b8cf1cc3a761706b6fb2486e88192f13acd7a75762190715416fb48eec8b7

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
67KB

MD5
af57abeadf798f1d26c5c5f8414577d0

SHA1
502869e35d29da81d23a6f55c68efb7d44f9c370

SHA256
e06db7ee1aa0d9f836ac42235f2a2d315d28e9e7dd4dce08ba146516088067e2

SHA512
e0e42ab4532c2ad38f3c72a0b1450a2176cf6cefdc9d21efc40553f543a0b50f30478241a7375ef79ca3ad6b699e0b02591def14aead61f75e289591fc17ca87

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
70KB

MD5
9f935a4791d82fce3ca26b07a964b9a3

SHA1
ec106aec237a1d39c8b0c578dd9436582c71566e

SHA256
01da1fc707123aa92fcb650d47c008a3b68f51512c83feaffd9541c820a94bda

SHA512
9d6e701fbb7827b739f1bfe5d92e842eb2cd5992125f397a199ed2804c6b7aaee24fedc61e0e1d66378a508bf8ec47e45df95d7080f9a9f43c16e4abc5da027a

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
78KB

MD5
5d17e439042b60346703b8fd60acf23e

SHA1
439cdd7d7a1ab6d4da5c111ea3fd3580c55194d7

SHA256
26ff801ad2af4e46f89516c2a51f99cac600f998a45db920573528d97eacb39c

SHA512
b364f79f488cdbb08fc2c3ce160240383b9b44bf31766b032472716ff47bf047c4bd05574768eca4e813dafdd1770ac0754f3d5e3081d55a7131c87b3c9107a3

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
78KB

MD5
f5caca01f09aba8d73e39f6076b5ad4b

SHA1
42915aa87af480fd5bb02a52beae02a17dd1963d

SHA256
1d0c344b24f183103e49ddf048406dd57fabdaa4575a3898048285b1ad23c7d9

SHA512
22c54b8c54ca658007f3c50d8f36ed2dbc6d96f90e29c292ef9a4465328c09e89558e2c8d4fdf0e3193495853ef8fa96fd2f228d62e9a3be945bc50ba836ec87

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
69KB

MD5
65a959a95292dcf2af89667fbaa5021a

SHA1
2cabdd70b5eeb91eea72ea9ce599bbedab2bfe3b

SHA256
586f008a13c47f21da29e6078e9913902613805d2c9c4ec83fc3a3e83b24d4eb

SHA512
a1911df662860854956b2b706a161b327b2217950bccf63a10c7e6c46fab3a3e8b3171f35f3a5e125c7d433646091026f716b7b1fa5564004c43a8ad8c01f41d

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
65KB

MD5
a511921b8a9dfa10c165d1671140733a

SHA1
1f926296f1d2c3be0e3ed0e0c7404bc7c25eba47

SHA256
484c4261cd73d55a490a31a2ab47025fcfbe3aaefd0b21f602d23c49553643bb

SHA512
e984f1213493dd3e0a7c9c4ddc1411e6bbe54affb686904bfba04757b3d5d17d5037f0db85114412767740676b0775b8adb2b246f4fcee9f69bc919316bdc6be

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
69KB

MD5
4b18aa9311c31bb948d5d8ab754a64ee

SHA1
1dbccedfc4e7f7738bd387808be57c6e2171ce8a

SHA256
802f5a48a7f03e8700764e637804b553c1be27db1b7268e6a65057b3c301c8d8

SHA512
1ad79ccddc414ece09da1c8f82f6f1b262ca2a2b204d1c3f77e8bb0aceca2b915be17a6670eb1aeebe690e3b06bb17f825009756e17c1fbc1d7027b0e7aca5ca

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
64KB

MD5
22c1c189a4e65807c08989846935892a

SHA1
9e49efc5025fc1665a131d9506a02280dda29321

SHA256
bab83acddeb1058567b1c1336b99ba9a9b2e8963c55545cacb65f1c0f6d63949

SHA512
01a0b3141bc4b64849e78656a9630ecbf8ae8d5a1554a8404363b6c10655e3e8c54c7fc1516819fa945d37fafe579a9007b1789e5e893c053a402c68652adf17

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
70KB

MD5
cb701dc9959afc3d5a17a571ff8b625e

SHA1
5df3eb8316db629dbba3d4316502e7ba7851e3ea

SHA256
d0abfe665641072b3d427af8238d433ff42e8051969d3bc1050b4f332612c625

SHA512
66bccc67d7e423d43c5dbc871dcbe9b3676fd3e347ce1f716351cdd0be8ae5db34037391d5ac0c435113195f2517f192a23795bbfb79b3ec1bdebec8724832be

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
40KB

MD5
ac1f424fed521f698a3662032ae808e4

SHA1
fec0b6af77ff9fe4e3b1826a4774e4ca8c304000

SHA256
7c23a42e45d477e99919e4f451e677a306e197850163661d0292ad24f3b9bea0

SHA512
8240da619d1b515830e8e9a2efca9ef04888fe065eae24ad29048f059f5025050b544216df2c14c0f0fb01cca769fe6b8f4602875c209985b72c9faf100d93d3

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
70KB

MD5
af34858573d5a2cb4e9042c1e4dc8f79

SHA1
5ea09b92a93cdc82c52571e1c7a77dd5dfcd9233

SHA256
cd5299b488ec1344091a4059db219501c65b3ddb9768ea332e04f3685d8fa3bd

SHA512
062891d34d42725af107471098fe642e302e1edda1a648a8f048bdf3b58942dab16ed4f5009759e360960105bbeda687f7d9d7b231ca203bd9efa56e6a2faad5

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
67KB

MD5
b8b1d893d1e40d0e676956bd5a87bade

SHA1
1af2aceed29438a2aa63f478df5beda2831a5389

SHA256
45f0b24504f70be420b734a2cb167cc9347e6a1cb49dc6173dc77c11dbfbb8c2

SHA512
7cf1c2c41a0c3713bdbf6e4e2b3ffcc55b86e9cdf5a652f338a1e603744d618f0c19d1b3af1276ea92afc02a4f550f01749243738c96eaaebb8d3386a51d39be

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
78KB

MD5
6201ce88bb9c649dcc6cbf53b6f8e507

SHA1
484592bc46fc7cf1f1428683fe3745bc7d7e1898

SHA256
4e2238afbdbd2065d30db75c5d4e3022b1748638cd19879941b17d7d45a7a4e3

SHA512
c00425baf0c81fb1656fce467ed0efd5d1fdfb9a100d9d37389929cd1734d58b1b0f75ef53e2b69e264ce3a1e4ad8b887c570d8611d581d8c91554ef024f0f7f

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
69KB

MD5
bcd444844dbf82fbffb0b89b3620e35f

SHA1
0edb4cd757704efabb3cd1179fc9cae628d288c7

SHA256
b91f267d9e603cd660c159f3b30f64db69d14e3483a087732b97dffb78f8884b

SHA512
44797162e7abeb713ab0cd95f709f9a66914480eab9b8e408eca700c3d55493427062872d131111909885d06cd5fb87ea953c5b720ae6cad918ba4cffb1affca

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
66KB

MD5
a1ce936b5a4183468a26ca4a937d784a

SHA1
2c5f6a7ab4076db22ded75d4dff93c33ba96ddda

SHA256
29f47f7160a441b868262747947dbd96602de53598f3cc3e9db87f19c0f1ed74

SHA512
2a360cb2a1e76319181835426051dc60ce8aa05e6834399b2ccb6cc90118775cb05a06aaa0aaedfd82a49c6ccee49386d438275c5a5657950c228df81e74737b

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
55KB

MD5
8f522c13024f57a501b033484c051807

SHA1
3fc4dba860d7e45abc99de77bc7a497362f1c94f

SHA256
dbe9261d03aeb2b681ed0f38133101675e908f290a24c6969cda19cf7ad22667

SHA512
d52ca26b11e9235c6b65e4d66229f33136390bcfbb35357273f0dd6692d47147c51793503f1be4d2a0b3357c58a94cceafef34202f4830ddef228cd37432d5df

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
73KB

MD5
818da737951f2ddfea90bf50cdcc7c53

SHA1
c982ddbd4896d73ad90a3744313b9a069759ca2d

SHA256
ab8f22d1e178a0d0b6b98c07eabd1b459357c91ee3ff09c401c3f124c5ba7fd3

SHA512
d3970a181709308d4b17856d7cec7d4ec2a30d88dcfaea3290f466192e9dadc6f5b437e14b7a79758a003eb988dbc325531c12e3645509772a77ae78a3fde78d

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
66KB

MD5
b7e8693400575a214c537511ab1ecd61

SHA1
4815869b3e270b742d456a52ddb4e3b44424d66e

SHA256
fd64ae8f6936513c4074726ee961a6d3e4d0929a5b90e472d0e0e9a4580f9456

SHA512
eee89f9a4268505ad34f93e350205c57f8a46d9b2be98b4f8026d229e4d96d55eb5e8cba0ad97bd7ee67fd19a8a84377d56440e7d94b6ae0132e2ad1adb76404

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
68KB

MD5
365d53db07bf51b1796278ad98f28b75

SHA1
4dd4e2dec584f5e399a432305b6aa225652f9b6f

SHA256
403b1f15db4fe05447cebef39f083d788eafd223ace29ecc51556429ddc1aad2

SHA512
022a2ae2e0241a302adbe14eef769eef606e2a5d4da3b0a8559cd4e6f0854bbbc21886b04b060bb7365a636484cfcbf1fcd88d9fb5b8ddbe274a392b1f739ff3

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
64KB

MD5
1d8b3840d0c54be07c65cec89216f5d2

SHA1
27c1e0f1dc91f51e75b3d363ccbcfe8b9f881468

SHA256
7f61910fd912a0080bcc9be90f4a8557622c1ecb02cffce9f63da47a65ec2c97

SHA512
f9d276b1b389202edfd1c35d895a4bf8e8c74f85cc77b36c2871402342bd56a4481ed25d5e2a96a7134a09d44769df45f7c662357611d2a97b24ca1b4dd889c1

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
61KB

MD5
66bc23cbdbd57e901c1ab22fe696d963

SHA1
2d8c9ca982ab5a5603f56b023d9ce63ec03d923b

SHA256
92088e2c82c0d19af89590c6f348c2a8029f0a04902a973e2252ff38c7d5482c

SHA512
d9908b5eae23b5a2ca38e1e3afeeb821b298893895beae7db867508b9e668b0b88fa180bf31095fdae5e7f62effaf111511ccb203c913cce092ca55d426c3d91

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
69KB

MD5
d8fc5d4401e49ff73dc32ce072db4839

SHA1
5c9f64c00b2ea327fa8b8f703fc96c3852ff36d4

SHA256
25556a3bbc9afc193ed18251485547f12f1066cc104dffb2c5655c751c2819ea

SHA512
59e7395c023f5122402967228509750f21100a50a86ef3c2bfd6627a71d185467dd79b698a71e5169c357fd46eb43df30152c6d60a2eb1242b8c08aa957b5289

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
69KB

MD5
e5975abc7c204818efb3b3385c69855b

SHA1
638d745b878502736e344c79b62d292c29de194e

SHA256
9d9b0b02e8d72b868f47ff3ee9b4e01a5d9fb5d14ffa246c2c7ecb9a8d99cbe3

SHA512
e9d38452098d10eae6b056505a1da2f511f33c08c71dff5183ffd3cce6d4e58d9bbf488a857ef663c954d044090a97faa0fd7dd1d1d3aef04b8c2e9bbca41739

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
80KB

MD5
fc9bb9eec5524441cf5bb6a62a0a660b

SHA1
aede4eefc6fdbf2abbd09fd00e6fe57244b180f1

SHA256
303b46ee33d25dae8d9224dddf11bd70ac8026ad4d4d5aecc914325a5a538fa8

SHA512
ef579190d31e8e81be0035538ebe7cedb3db92b206d34fbf2ffdb762e97c18e89d0b0435a1c476f5a7f3a1e3f9898fb9d27ee0c899bc1187667e661ae6edb4f4

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
82KB

MD5
d479b4113e8f66e7c28be89c6eb0f04f

SHA1
2f5590e1d93deb13b254356c17acd005bd8975e6

SHA256
74560767a2763d90f398baf3cc6139a2959a6e1310e285030d942978065e6691

SHA512
ccd7eb1337699602217436691f4a79c8db4458da3eafd2a50cf744dca6a9ad3d57ffd494f38fa3a760eaf3c26cad0e4fb0f0b90a251285de7aab8a226cfff89f

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
71KB

MD5
7c0cb1c52e1080ffad4e81b0436aaa5d

SHA1
fdf4f5732cc09dcb4d2f5f563be5c1bfb353f31f

SHA256
04c8fd6ca4a92fdfe5ed6e6b02d1f077772ace416c3a5b5d4c8546f3957202fd

SHA512
dc437c50b39947595fa228fd49dd37b10a8177713aec917a5bb42cd99b34283ea1a7d8c2cfc1437f9e3c86f16b395e6418040f928f7a3c786304a51b3fdaaeb8

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
61KB

MD5
857aa501a7c0cd862d0527f679961f1c

SHA1
06594c44a3b5d1efe9dbac01b9e61e27c49f3113

SHA256
6d74eadcddf7a3e450e255b71eb3e64783681b0710edd8a1fc9fd6338b9b08fd

SHA512
8ce85677665f301e2a09bfdfe559f64dd348af951a845f8440f3dca12914f52c9747cfb5cd8309fc50e8b0b42ce1742d1b28a588a758238bdf7ab9709d7f65f9

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
70KB

MD5
5c2afe9de8db71e267943251472da3e0

SHA1
50f74e4bb09cb3b85f869670e90816be825678d6

SHA256
0e30df01ad055395d4495be2b06397990e974f937b8642068cd8b289a5a6ec5e

SHA512
f799d625ff6f8f9a469a028d28e4b8a5d667a3cc21f0d49991ef15e859ef6892c08d0a9325e1656a35ddb9480b476518e5792b1bdc5fa3bc8c7b2b4924b204a2

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
61KB

MD5
50f595c4320f934ff8432fc0c97deaf4

SHA1
4ae6e0f81524cf3b447d0c4e6aecd8f2daaeeb28

SHA256
be97ab7ceebec70a10d372c16a823d2fd17e35d8d0c1a200209eb4f47bf31f82

SHA512
4d53cc762788f047fa168367bcb4376cfaf4389ed5718fdedd50be8700d15c9a9fafd4154744cc8b12d1f9ec40f889cb43a49d32c21855d0e05225808b500ff5

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
61KB

MD5
957714f77f07bc6e32cea87ddb9c4cc5

SHA1
e8058382ce50e1e46bc58850741cb1a90e1e2a55

SHA256
30314cdf9eb67eeb5eb1b2c931eea4666f801f6e3ae98bc19448936a98d06c9a

SHA512
1c56d334a8ecc370884f1a326bcc804dc7dd9027c5c18f1123b75cba8162c09d65aae8ff12d5a5301937ae99ce28f4fc7c3efed9c1d6758b1d586b5f9040af1d

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp

Filesize
66KB

MD5
50ce582e5e184c8b5f36124b6f45ef56

SHA1
63c67746f336ae1eeb04e7014ee58a8118a1b540

SHA256
41fe81c0c84918cbdb08ae7fc24568b67a7705506b73cb098cd93c3f25f6b083

SHA512
64f770ccfed9034ce98c9c498237fc9b3d8b04e9e515adfb2dd3f1aa396bc7d2d41d1f48aeae875994ed5a96cfa0b1ea9ef6b41c05d89a8c4a493aa8d449a8dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MicrosoftLync2013Win32.xml.exe

Filesize
61KB

MD5
c50b299b210df9ce2e61372368271e2a

SHA1
eba9ec0e1e8f2d02cdc3c192ce01007a7acd29ac

SHA256
d61cd2ab0db220db916036112f5af835ba38421378c3b2b954cf8ae1ff0c2ef7

SHA512
8deb1f3498b3e67c5ef5b93a7219117643904fe1fd1e8f4a089b8bf8d8d3873a6cb195840bf44e7eafd870ae7b810f1f82a186e30b4d37daae58012679d1b9b1

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
55KB

MD5
a233216b8c20d95077559635fcd9bbb1

SHA1
453f413e61cc4176e3110b01dd957049579c2eef

SHA256
e455cc2b333d4b6b43871f33fb5a3c6de017075054152e8f07347c769edec7ac

SHA512
098d8365ef0b3908348289e856d1a400b54ed7f9b52bef7661fd6bfb17fd2752d448878c550d155d0fc99391d1a08a5e4c061241dcf4255391b81866e07c5f80

Download Submit