7b8930d6c527638b777b863f81ff99e6528b59089479c68691580668b6705c33

Analysis

max time kernel
120s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

945e40eb5d3609d0f45aafafd4c96690N.exe
Size

88KB
MD5

945e40eb5d3609d0f45aafafd4c96690
SHA1

63f91fb17a90a245b3567189420ddd765b650e97
SHA256

7b8930d6c527638b777b863f81ff99e6528b59089479c68691580668b6705c33
SHA512

a714ddb247161f7213de349b327672ff1e20ad3acb8e8706ca8051ea46077368cc0e5eeb28a34ef587fa6055e88d13a3cfb3a0c781bf9879aa606ae6873a117e
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwRJofJoTp7BlpppARFbhHFoqAJwBqAJwRJofJoTE:W7ZppApaJofJoV7ZppApaJofJoQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4782) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5092	_Windows Media Player.lnk.exe
4120	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	945e40eb5d3609d0f45aafafd4c96690N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	945e40eb5d3609d0f45aafafd4c96690N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	_Windows Media Player.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fr.pak.tmp	_Windows Media Player.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	_Windows Media Player.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Windows Media Player.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	945e40eb5d3609d0f45aafafd4c96690N.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 5092	4264	945e40eb5d3609d0f45aafafd4c96690N.exe	92
PID 4264 wrote to memory of 5092	4264	945e40eb5d3609d0f45aafafd4c96690N.exe	92
PID 4264 wrote to memory of 5092	4264	945e40eb5d3609d0f45aafafd4c96690N.exe	92
PID 4264 wrote to memory of 4120	4264	945e40eb5d3609d0f45aafafd4c96690N.exe	91
PID 4264 wrote to memory of 4120	4264	945e40eb5d3609d0f45aafafd4c96690N.exe	91
PID 4264 wrote to memory of 4120	4264	945e40eb5d3609d0f45aafafd4c96690N.exe	91

C:\Users\Admin\AppData\Local\Temp\945e40eb5d3609d0f45aafafd4c96690N.exe
"C:\Users\Admin\AppData\Local\Temp\945e40eb5d3609d0f45aafafd4c96690N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4120
- C:\Users\Admin\AppData\Local\Temp\_Windows Media Player.lnk.exe
  "_Windows Media Player.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4160,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:8
1⤵
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.exe.tmp

Filesize
88KB

MD5
d6b1b704e73c32f62ff175f5ac7aac11

SHA1
32854cbc27e22e9851a43b3a3cb5af49667adbe6

SHA256
f89adc78c969eae79462756b94408679c07acc8b00458c5e37e55cacf2df0264

SHA512
1ace9f58ca3653f4bad84837e591239e0493a2c12520977632dc7a45ebaf7570e8a0f22f566145b74b7f5f8da4090bca430c08985a03d306c9baa2f834668e41

Download Submit
C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

Filesize
45KB

MD5
6fd8bb977d84f9978e5e279c2794b961

SHA1
114f02b112518fee464a15808d68643f38c42793

SHA256
d4d47070aaa9a457d81f41a7b7357ad21dd9f1af26e1758c4966ad7755cb00bf

SHA512
6efab4b725fd4f527b37157d4af65ac50b768fea2d4fc77df7370e68de567695f5983215982431b17514a14b98d5045d670f9823af6a46c6f1477cf195b5df69

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
158KB

MD5
29d938ed0cdf01210f29d47681014e99

SHA1
154567dafdf04394194bf59c919fe9bf16052cde

SHA256
f478fc26ad044aaabc9688f44646d310102901bcb93b5a2e7e5caf79fba574fb

SHA512
2ff4be4f146d64f65e5fc6e0ccf1bf74cd09b73a751b2cd11c7eb9f82ac8a44ad982dade749afa6ad7442af8db088eb89ad1eb1bf8afbd51b0fb4e0bcbc20d62

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
144KB

MD5
1573f5960e2fc1cc1ec0993a82a39c28

SHA1
1e6ed683ecd3999e588df1a6fa19144f693f9f24

SHA256
42497dc19a389d7b4a0ec53213789a73e673e8bf247e790c9470481065de3de4

SHA512
53007ce4236f215adb32ecbc3a56090a00e5e40b4d527faa6d2c8004dabf920fecd0160d08017e7341c2978becdb6a49ccbe38f04a32c5acb195870ef96b4a71

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
492658c9a361fac76dabbb92a704d211

SHA1
c70108dfb3cfa7cd08b26aa4e2344c327c7f1173

SHA256
0e9791c12330237401b0110175d3b0267955ee972cb9c716ffaf3b4730d6f205

SHA512
9af67c6c92e0cf187643b2dcb8aeb35603c7b23cc0ccc1acead6ceb585be2909fd31b771f7a9dd1e52857544709e70fc56bfa27311471ad2dc8ea0817ec1ddd2

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
589KB

MD5
584560ae26cf306845e337736a2773b6

SHA1
2f926a24c26525b343ce7ffd18f382b8310c1d78

SHA256
51082730e32bf815fc88284688ba99b576a81a35d3b84416293da34e57fd9877

SHA512
fa676b92c1d2e546b3aa5bd29e49392bee29d1a15583c6f17bfa9d99c0c9431afc21e9220df2890e59713af55b0dbe94e348e822b21ea5805fa90a75f9bc5d52

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
255KB

MD5
31861eba3b1eec07174c1cccbccbc9e6

SHA1
98d338f08c5f9fee96c6d784b51f274ce64271fc

SHA256
07552884b767544b5ed0bf0f2f78ec6ecff9d80fc9f59cea381abe305d2090f8

SHA512
9fc599d5bcc51841f35efd19969e5a78bc4533356720c7c3552188d62dc1bc79fbfc5846afea5e19eaeb47792c67181b4481029f5bb2d043954f177651497ca1

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
2c2d10889c7546cd2ca49de7d370aef1

SHA1
2d189b05c3beb82e20d86d20229c44bc82565ace

SHA256
ac049033068b9ccfe2b7332ff38cc1171ef046843ae9bacce5d397769280b06b

SHA512
ceb91a6f778e0d57756d0f24d37ae4052e7a064377c144acc266e5973a66a1eac65ebf3a8bb7b0f83174d2069d60556bb0c772178dbf8b97bc18a20d8a1e6de7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
729KB

MD5
30bc5329989297586f0f480851b334d8

SHA1
46acd1073a249facb1d3c112f76f465a192e1a94

SHA256
8a1f3180c528a14cb3887c830efdf8769c23e2a09264c77f13b04f924b7112cc

SHA512
9085defb8f6104ca809d9564beda5f11de0ffb9c324467e04f377072c550579f4b83c65744d5ece6bb7a06a21fa9bb9f140ede8b45578f45f4869faa05e59f03

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
52KB

MD5
22fbcc957883c5666b06ead4368df170

SHA1
1a9d4bfa48fa3ce642a7621efab0926a12d30f14

SHA256
9231c67757d23bee1389d933a4a28f14c0f3bdf798f294e72c231adbaf7b8459

SHA512
095d84553f9de624c7a5ff4c47f248107a35b2b4e4e5518c5fe88a1d5b2442cb286d78488ed9210a6f039db35d2814a20807ca30e64b3394d3e8da1d3396072e

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.tmp

Filesize
50KB

MD5
88bd7d291b4162632caabc47f33ce5f4

SHA1
a1cf80c613efe71c64e11cedcb81d7ee34361184

SHA256
698f75414be5b89a430c7c68cec1be7cd475b45d2277a525cbb0aa998a475c86

SHA512
c96cf0b12e8a107ed1a30c7cea09ec113447d7f485df149f8fd7cb126107ece9460993528657b83aca3ba11f5cffc4e950ee557d5b673fde52beda40afab1cfe

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
47KB

MD5
228c6847e008f9f32948a3135399121c

SHA1
113fcaca15fe5b8b6d4d4248a62784a432565883

SHA256
eb71c49c1876625a29b1cfccb7a7ecf2453a9afeabdded090bf27f76a06c7ed3

SHA512
80b14880c21c140148e7322c69b8da4cc99b8942f392e53fe9bdb360edf6aa9428447fc818ed5b436583131479d871d52efab60dc95098dfcb87af22ab8831f2

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
45KB

MD5
5a7db68a5e0d358a5e796178029b1aac

SHA1
479b11d59a89e3606a2c15513589adc387b4f7b1

SHA256
6d49527939559be5e3535ed30b052847893cf44d0d1bb9e25fc8c93ac51420d1

SHA512
2b8e6fdfc71195c7c2ad304775e368606b2f0af7b089b6dde058c66a009859b951ab15ac43f91120c3c3d33c92ab3ee312605cad7d3df7dcae4ee102937bdbba

Download Submit
C:\Program Files\7-Zip\Lang\be.txt.tmp

Filesize
57KB

MD5
dd54a376993fc991ec0d4414f7b252f1

SHA1
c894e1598cc466833a9bf678165197bcc9408fc5

SHA256
9b76d1bb5a5dd52f56b621cacad2481b4e778d5eb99a0e3bf67da7c29a32f558

SHA512
d1ebca23c22fa0eac2b14245cd836eb263482522e670115bbcb46b2a04f315df3dd24a83c89eb09e6af72fd2417f0fd043727d177b2baf70b8a5e67460074717

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
58KB

MD5
3333dd45aaa2246f701b946a543fca40

SHA1
86bfdadf5c901dd2f14c2050e94881803e41dc29

SHA256
5978d0cd5d0c8b9aaa7f5b2fd9975e75a2484afe11be103b24de4ab3dae32da3

SHA512
de64a5b81398e0320ba8012ad6d5bc050584ecf1ae7aa8667aa3e505ab7b8b9e9e8043b86b6a27364023ed3c15a7ee98fb483a7e9f90522892ff02f9627d29fc

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
60KB

MD5
9e948175c7b2f9f4dec0a97ab74d1c7d

SHA1
05eacd0410f93b56812b6749f9840e931e007eed

SHA256
c5163206877d6a7bc3000ed8dcdb26d21204876be0548f2587a647cc77839381

SHA512
045836b92443f3e3285e59a28699f1519a2b128659fbe84e52ad4a1767ec8224f415799edf7dc7dafa1418ddce1a1245cf14eb43e876e98ed6e5c26750d162f6

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
50KB

MD5
d170ae8e5e7cd1a77c29210c5aa69960

SHA1
ea8aa18d63699d6cae4a372ba6e28744397d5c28

SHA256
4f7801bf76df08f7f74a579481c41954f93760951527af34d56475b087389144

SHA512
948dbdd2f4db0bb7181839c616a61e129617d72ce0d174a8e4792f4527ded704e84ed296c91686404fa7982d6c58a6a98a547e9e0e2f644456e8daf877f9a720

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
54KB

MD5
5c18c9ea57fd2c4c90b1f877ba86da75

SHA1
868ca2e7a1ed3663c68492372633e7c6fdcb1a16

SHA256
d5651bf8f069167100ecac07235703eb78748eae87a256bedcf2bb61c8733475

SHA512
4168624ddd1bbc0f21d782c92420afbb1f9c22332e160acb0110ce98e35866833a70dc9947f554bd3c25300933f3d41850fff5653081186d9f40b762cb7af61d

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
53KB

MD5
105662981831a4a69e5eef903fd41d49

SHA1
45a50d266429489763b403bd4d4f0d5b0a79c979

SHA256
bf207360eb45d0bd3210deafae258126286bb5f9f400079f7bfaa24e95ac0753

SHA512
8ba1c65610d555a15a6473319299d817ec4ff681606c32ae0285dc36c9eec8681087c7101af7e19e9eb089f28ce3a46c8933086440ab54a310a059501d8ed7f0

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
47KB

MD5
ec0a4fae24cf58537ed9b5f882e34365

SHA1
ab44a4d751e6f647b2888679b63fe8bcccec4cac

SHA256
f1e893ab8cf41b13abf2ae0bd8a82d21e78d62a663c8824522c426bf00f9d0b3

SHA512
4db5dc5001d2d067a6a5efb31623f290a838c25b61aca11acf076b336e2c951f8e79cf0100eef6d081bd748a244c78be6a27c4cbc5e00b54347d4020e4bb9faf

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
45KB

MD5
8a29f6ad1618c263c82e48846c4314f3

SHA1
a7b39fb2ec5b900e837dde57ef9289484dabcea1

SHA256
eff1ac6e91a278deef7c59af9b0e1923168491a6c65a51058ed7eebdfdae7505

SHA512
4f5211fd488c25d2e35c1509d51f3076dc8380201449aee0ef61eb82f5a12cdf7731f8fc07961d6f219e71e5fd76cdb63ca721de05794cb35a0ae4393e04c195

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
32KB

MD5
77a616ac4ea19ab764674f3904f35396

SHA1
d0cdc546aa235bbbdc7c30f2b302b98ce3676aa6

SHA256
ace2615ef011d56604378b68d49fd09d91c991685a0b67a8488ff0a0c86a1b0a

SHA512
e10e9f8170bff54aa6426dcbe7fc1655dd05631af0e1d4763561ce96d65df9c36e850b2372c2647b1bb908b06107ab366a7c545de9b368d48b166ec8f79a166a

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
45KB

MD5
b35aac8111ff68acc42429689b271176

SHA1
3ca2b8f5c1db41935c6b034aede1133d0d63cb9f

SHA256
cc6a568176b80f8df50ffdb6806013c33aa1ffff101db361b56fe40889d3873d

SHA512
7e9a6dc26b08d5d869914ccde15b71229b2e95b8629c622df69e6d6af3d9b304f3a6e7c3aa869e0d95fbaba87d239cfa96f2bbcb062918a89e7a28d14ed65861

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
52KB

MD5
961d1a8748e82f31b2c8d38b2966da67

SHA1
72f7b4075d6b00d29c6d31946cd02d3ebd6d5efc

SHA256
9b12c08b7db98ee74e7fa6da4a8adbd0561d85f14a42dd51cb1341a666bb20ea

SHA512
b738407f4573938a957a55657504b79ce31afd0cb1bbd4ff983cea6125ae12a9e42d194be699f39a90846ff21ae46021fdebc4e48241ff0615209f6d18ede5b5

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
50KB

MD5
f2490f6818e239f08c50568b77a9c074

SHA1
ecdd41d6d0ecb1579bc2a600d7e023f5d2c56e10

SHA256
5deaf8e02478a64cbf5a0b73ac6a9c4b8eed1b807431be78d50bbd4598863273

SHA512
0604dbdc22b0892d6094c8ad9010c9a44d9dcb6b60f5b453858deac5aeef8ca9ce13331bff08e571b7403adc19ca62268aca60481f56d52bb664fd5ad53ce0d4

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
51KB

MD5
ac44c29cf0528a928757fdd6be075015

SHA1
706b2fd8196ef7e037210dc8e5ea3a6d740a03f8

SHA256
97cff941a236a1c01e9d58c804f9cc8dd11fa0441c0e0a652d64f527a57f6433

SHA512
878f5534dbca1ce93dbf351557539309ca6fccfaf2cb5f54fa8cc1ee5d8d411a91d01008b831633647f825a9199c682135b5e3fb67632472b1853ebb496efb51

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
59KB

MD5
6b68dd664214ec03344a77980cb252d8

SHA1
97bb8ca1c6f282be4320fa9232863ba4d6744400

SHA256
d9cde503b9f6414d6ffea7236a2d19047a920d077d7e0062503ada00d3d69f33

SHA512
6c6d73224c97649f33364406734f7730da0e6f81c537dbba2995c64361a7d4ba7f4e02375de97d09e423a63a9e45b2b71c54500b89018810d0412b05772068d8

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
53KB

MD5
b3068e95c3fadd0b53b664f331080303

SHA1
ea40977a39727ace0fca083e97483297539cc2af

SHA256
193d6707e4308f56cd9d777487406e628b70f75cd820e2b73e5f5759dc00ffa1

SHA512
999b6e44d38a68351854ccdf0e29f9ae3eef8e7ece20254beeba00de159d12257f17437ff1b8cf4cee7939d40c6675d5eb4a34d51162e785c0a9121758f012a0

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
55KB

MD5
c3d9fb323605865f6a6881f633bac200

SHA1
54c74ea4f7d0ad1245762f6c495f6a0625ffd7d6

SHA256
82127b0aee6078dfd52d9e30171bed1b4d091f57bbed06a891cfbf477d0c2bd6

SHA512
753d136a7f1135e8b7f83cfad5fb63925b59cca580823ca7b82a6d95c19f8361cd86945c98aa1d4d208e3d2f77889e07f1fb0c8a31b7414f87782e33910214e3

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
45KB

MD5
5b52f3bc5594c34c70d00f55271c0f4d

SHA1
77b235952725f33b870c7650e8094e030872c634

SHA256
00c5480de4bba315b1bfc29bf184dbc381fbcb73beefc02f370f8de965aebc2a

SHA512
0adf7c6a7ab187cafc5598a1b38e218ddd4d16eacbbd7b829514471f2fd609b42bda4986884409474523685bd71651e49aeb83ed16924c562a8767cf2ac8ba85

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
52KB

MD5
8f4ce7d97dc6471ac1e5a7776484b17b

SHA1
82d9763c3251766174cb1750464aa43b8228b212

SHA256
2bafbfa0f9dd09f52eae7eba1849c3b4cc3c5087d145ea8bc3b2831cb9ae11a2

SHA512
9e11ce417828515bec29f69b50c65a1b5df3726713fa5ea8e3953eb2bd6db14000870a675fd86b014ff24c0ac1cb2dce00417c41e0a56e0aab0d6dba0bd9a35c

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
60KB

MD5
70f9cfa501fd6a63ced063e0fc4c9229

SHA1
bcdb11936c614c3246c7f238f206a85f58df3cd2

SHA256
d3a1514da741f9c080b475d59ba897868762f3480bb560c949b44d60b18e9f2d

SHA512
ca1b26eb24479812a9e37f8bb6dc2512b83b8ca671f787c97fbdcfcc7bb798ca300f002bbda5ce79fc98e435ba26becf226d738ece2531dc1091958d86d92c5f

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
53KB

MD5
a4773f75a4c27d5aa138dc8693c44793

SHA1
95c18f34b6c262f8bea68773e8923d5b73c1e7d3

SHA256
37024b463943c58a5de942eead3df099885d7158224c33308d3172d71c935e15

SHA512
c28ae3184c8d71ff297627ac30076e6fca24dba30e94fd2063ffbe8eb21bd5bbaafef7bd1b85bdd5ded01b73e53d52d16c3a98fef72a0c2b773552c727a1a884

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
56KB

MD5
3e1d3c3a8c1ae7e112dec3f87e819aba

SHA1
e7c45fb297305b2bce15729185990cbef847b1cb

SHA256
78a714e3576e9091bd8e75c7ccf49e3e3ee58ae1b5e7f80a50ebab2b2b2ecb01

SHA512
926d642ea7f454f3f295b66c5bef15d8d2b50a837897cdea9da175dd731d6a824453e8da67f22e52efed6b1bb29ca4c73ec4b21ee22d2e267765b25a8068d59c

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
55KB

MD5
86c3e98bb0810176bae645b5616c06cf

SHA1
c34b674707d72193a3c1a776f4d25da2fa222c03

SHA256
0756ece30c329ee53835dcbab4e53e11227d2cd2c620d4cea493fc8683510ca2

SHA512
1f61d3684e9114d22f2a28ceaa51e45c3d879e4eb1dac3d73f67c7a2438160b7b3e99466161c4458678488bd42e9220744008fc4c62d88d8167ebdfe1bdb7613

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
57KB

MD5
0982ae1efff0139a3c24534836a2c43e

SHA1
ab417f998f129f4cf7b8fbb495be9b24ccd9c9f0

SHA256
90deca91470fed60e4ee865486b92043ac88046178efbb9157011ae7da19a626

SHA512
d319e304c1c3fb98efafdf86b7b5a43644be4817739be3635374fe06da69e1667c344546ff1feffff04fed04e016b7ae5f5ab50e40779271000861333b76af39

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
51KB

MD5
58c1835b4a12a144aa5ecb2ade67fd91

SHA1
9763d213ce7295693e62ad3b111a3067674153e7

SHA256
0581c3b300d1ac33b5e34b9cd15507e07509ca3ccc7594b7b6a14e9f71ff778c

SHA512
0823a57adb9d48543cc9c9a0bc9a93d74fd02d018f73e8bdbb7a5acf92d70d498ea05c04e0779d48d036a3c9d3b046d29e2408ef4d4aba9b5ddbaa2fca788e81

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
42KB

MD5
0925328512f0f5415fa2922cfedb0272

SHA1
6f11b7065440bc21163b23c8cc4281585b0af9cc

SHA256
ab97d9f7a8223ab0ea18df27d276b577a46b45b5e1bc788bfa095d2789fcf378

SHA512
e0f2bafe76cd6b0a9f65f88523836d78b274eef6384136bc736cbc1943a17cd03339fd2cc02c781855b65ea1a5620cde0a544cffbbce5f833d55a55e455e85a6

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
47KB

MD5
518189e7a4c1d7753d36a870038d2f51

SHA1
79dc4349dc706dd1fe3fed324af804461bed9641

SHA256
90f6e9ede7f3f25ee3c4c35c6107908aad3e19d999c440742a9841df5afa6418

SHA512
e7346aa6233e79bd67bc783a67ba00917974b635f86630fd113d0b5a4b2be1979d3e9da771698ad4646da9db8d2ad739ad995e7d55e61e84ee387d138de30f73

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
53KB

MD5
ec5d1d7081692ebe98722c11d7a00b20

SHA1
1395f4b64b443bb7042b88935c92aca203c70625

SHA256
a3309be0cccf85e60cee1e9408defb19b4ffc51e9f2a5cbec11ee38ee1a855fe

SHA512
e73a14bc8b8183338fced97c74269b23ba76f5702de1f5254c34e080748749f6589f974b7d3249148b0115af553382c51d7b2344c6825f4c1a71833e7728e2e6

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
65KB

MD5
1d2e6a5b36bc9ab077ccfba8410ead00

SHA1
64d6147ca7fcc405b152f990c8b90210100dd95a

SHA256
c584ab240954f9c079d4774ae47be9e80c53f838bca33562448e59a4d7c55f04

SHA512
6591cb92d342c1904e947eb75824d2b81f7f124d869b1d1e8fbe81b0d656ce58b3fe3eebb494dc303dcc4144569f28cc0b9cbb3c86db468db9c8c6c9b0c72f8a

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
53KB

MD5
4cdb8a2f076a295d750f43737dbe0b2d

SHA1
a3427b9a1674669b8d0c7b9cea9b644888134c45

SHA256
344929473ae6b3444553a0dea69c93eb6848b33ad051f9fac350800eeff8ab10

SHA512
fe18490dfc8af739702c66801fc3ffd9abe02927829dd05542c981fa9ec046af84a04584e70ef6cc418e713b7fb603eefea20865eb153ee15173eca63984003c

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
50KB

MD5
61e2c004c863c86734525a00fac581f7

SHA1
cfa2f5520f736216108bba7c8c2467df5c2f966b

SHA256
ebd7d1e5ec2267080047845d7299c766628eb6871a406e542752ca5b5783fa21

SHA512
5f6751f1959f4e82312513f21e6350696dc866f1d4ad7f4b829fcab59165dbae5f56fe24990606ba7c782f68836f8f5bafad1d185205ce60cf16091d18a54af2

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
58KB

MD5
185142ca15f6377b7d04f579978fa81c

SHA1
2621c16f3e27fb1308fbd4add2b6492f9edf6c42

SHA256
229b0d39ff00e45cbd322e0ef05997252bf6c09f42913e9ea594accd8ee4989d

SHA512
28c126fc79e94490e6823c984fbd7833ea71d2980a1f0c5e08d0b8a7ca78b8ba14aca73ef2f5bed77407539fd3a03c8a20aa478296597b6ac2a389e7f34d6381

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
55KB

MD5
1c22f626a8926c5584f870fc7bade2b6

SHA1
a1fff19b35e90e0117e4d97e54f818c412200359

SHA256
707b11ec519f05c0ee0463855b6f29218f273c929a9ce8dd9b55c522a7ea115c

SHA512
515bc61a70af1fef376d64fceffc55a1c13dd822b6f6d40f536585b4f2639d8cd44573f23e137eced8be85709ac8c13b70117927edf312fd79f21c3b5fab9ebc

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
42KB

MD5
4de65e026431a8386622e361e0e63c68

SHA1
8f7a5052ea65583578ce98292a661ebe5784dcc3

SHA256
e1a91421c0c3a9442cf569c66d1c80fb4a305bc1ed1aaf93b7e6bb94066efcb3

SHA512
71a7132738ff8d55c5a2f9b790178be77d162f880e802082026a4aaf7faeda887ddccb15aca43583abee2671a969a7afa2cd7b366fb58b50ed6fe45b817f315c

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
60KB

MD5
320609360b01c875880b8f1100981190

SHA1
61ebc5f7b73a0412c3c8efa183c79604620bc4a2

SHA256
fd730dd01aa58917bf89d0734f570f6976a116a4dc9dd1151f04d94f1dac8c8d

SHA512
54e11e0e08b96c9aeb33bd0719e61e78b4bbd1f55df839fae763c28de4f88b6d01d7b0572ccc9bf4017e6aa0b1f905b69ae5242917725599cf78a76f0812cd68

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
55KB

MD5
4f2288135c664b762639e9628e27075f

SHA1
1f2043aca9a9203f7c9a122949b31d4b1e8907a9

SHA256
6df78f1f416cc9d1fe3658c629aefd8e3f3803815f334836e1e60e6328f106db

SHA512
a911158cb018bf2411407c6f42326c2777bfc4df47cacc6461708a5789cb900d0383c008f89b0d13d4a15059e36ec99bbbb7722be1302030e584daad4d232665

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
54KB

MD5
38d677197f89b0fd9df2dbdbfedfa8ca

SHA1
aaf9594dfe8d0207febb4a1b1910b1e46f8e9086

SHA256
337cc1e6096705699a92acee049d5a3dbf423e2a00c7fdc354eaac69fb907e3b

SHA512
de72c227b716590bfb6a65c519f9e2041289aa4af558978ad0c929547205536d86a149920a24fc15c11b8cd637addaa87d5ea0b68a42ab52610d15c1989c05cc

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
55KB

MD5
18a2753ed56cf55737a7baf6330ec2d6

SHA1
44d6c83dfb2ee226bcfd0a8e512a8e0e50bb07ee

SHA256
9d83e3cbfbf0c987faa5e40db8c6250cbb8fcaa5329c3070ac4cd3fa2b0b3e9a

SHA512
d1373c0430e77b00a485b9fbc9527dfcb68346aa55a0f3fbc329229d45e1b8bcf1167f48579c4506d94d60aa93e2c7649d0597bdbdfae1537d46d986af961e3b

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
60KB

MD5
851ad3a685759afde439d4ac43bf15b2

SHA1
1bb69c40391789ef982ecdf83e731cfeb82f9705

SHA256
b74793bc59ad702da74615b5ee07bba2acba72427ad7561eac72910093d3376c

SHA512
447fa5cc2a710cc02bfcc7a1f5204b85d5d105be04ac1478bd0c9709d2c9d9c9b5cfa1abd81da411aeec13cc6b0d44b7c1c896e436a66e50fffce46fa7b9de15

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
61KB

MD5
a792a0337b718fc7ee7a1ba70884c7e4

SHA1
d149ff60e466e6f3b97f87f27a9d2560cd5caaac

SHA256
0c76811f57958b8cb7349e343599e782d2c46615caa40f2076a9a3a722b2082c

SHA512
abbaeb003d3f0250d29a0289174b3fe7de00d764f660958d9dc2d7dcab1868b86d591db684add9a05a8ef83a45b471e194ecb0a89a2a80f1bad074d7e4ed72b2

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
46KB

MD5
3912c08bbec964b37b8bcbe1e99d0e8d

SHA1
7b64777bf80a6b5f6650a2d42c62692e74b245af

SHA256
f86f79a6f257f2946d4f6b9090920dc52c892e29f66a5885ece4a52a7143ad15

SHA512
0be36acf00ef695fe6867d4454175c47ca89d835a4ff2d22d24122d931e000e029218df0e5041f743d1b3ddd2adaacd65a2b2bb457145fd121569ae6b740e30b

Download Submit
C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp

Filesize
49KB

MD5
8bbf8c645f90cc0624633d8e2dbd4803

SHA1
732240a0a80bc9045550f6cb2c57348da9215012

SHA256
166cd66469f80e682bb7aef8e31232f6a8c8d8374007edb0700ee47af1281964

SHA512
242e78d44c71f840e5ef8412981197d8fdf259675a14b097b5352404e8e60e7c423ce996359eac7c904e86e39bf98e1bfde048060df800da1deefc87109b50f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Windows Media Player.lnk.exe

Filesize
45KB

MD5
6b432d39d14aace1964c301406339da7

SHA1
c59acf15182c6b10c7741a87dc57979f2c303cfa

SHA256
f7ff5b81c8ccd895a6a800816c597f8402769993b10480753c0a440857e5f20e

SHA512
431d7aa94c147e63968fb8feeb811ad35e0b946615b3ddf4d8aab5dd9f068062d172a8662932f7e010a6b4f9b7dd34cdb12e40d8611e7dd04bd97c3292c055fa

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
42KB

MD5
620b619b89e9c55e27b5c5149f611913

SHA1
c72a2f0ecec941bb44f22058c8ca02d31b7cbd2e

SHA256
6f1de149bff74979e973085dc9da241309c9c38be326a6def31379482ca616f1

SHA512
e6d68e5273bc6e009d45837b56d769e5870179d31900432fd299e887904735e9846ad04b9e5e3020be67c1d10d79a1b4500d33b7e1f7ae321f766a44a5609c20

Download Submit
C:\libsmartscreen.dll.exe

Filesize
45KB

MD5
5c36402c59f07852424f045425ca0870

SHA1
b283465c9e1bf303db028a0b47fba1cdfadd41bd

SHA256
44d69b14d4da2ca9f1f10245a7c80428bfc5e13ef76a6415a82d2a7480f4f570

SHA512
44607e1142d830242c0c3e8c191d4af42f5a5299a6d807d8bfa57a81e45049cb0c0555b20714536c3d39a49b012167862f9650de3dea608cee4bcf31106459db

Download Submit