95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe
Size

82KB
MD5

27113f1e1a24f7f15d704e25e16683b7
SHA1

382a7de3f6d29cc227823ce15372f89cd72ad672
SHA256

95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c
SHA512

61cfb9c65a609e3903036b7c68214808b3e7bd15b375d2393034cc622daeecea3905cfd2475b3accd1cdc5ed992eedd05f9a0b7b6b46955205cd3e6608845d55
SSDEEP

1536:W7ZppApBULcfpHLcfpE7ZppApBULcfpHLcfpp:6pWpBwchcypWpBwchcP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5158) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1120	_updates.xml.exe
3628	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	_updates.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	_updates.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	_updates.xml.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp	_updates.xml.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	_updates.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.boot.tree.dat.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp	_updates.xml.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	_updates.xml.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	_updates.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	_updates.xml.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	_updates.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_updates.xml.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 1120	4780	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe	94
PID 4780 wrote to memory of 1120	4780	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe	94
PID 4780 wrote to memory of 1120	4780	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe	94
PID 4780 wrote to memory of 3628	4780	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe	93
PID 4780 wrote to memory of 3628	4780	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe	93
PID 4780 wrote to memory of 3628	4780	95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe	93

C:\Users\Admin\AppData\Local\Temp\95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe
"C:\Users\Admin\AppData\Local\Temp\95fd9427bd3d05bcde482b3b47f1533396536ad6f4398b5ab2c760e4979fb82c.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3628
- C:\Users\Admin\AppData\Local\Temp\_updates.xml.exe
  "_updates.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4160,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
1⤵
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

Filesize
40KB

MD5
a236c699586ab2187aaf147ddac680f6

SHA1
36bbd14257a86933cde652ffa32ea3b2db906d46

SHA256
9a8cb6e8873ddb990848e84f96614adc95fcf673ebaeb65ec6aaab071cfba9c1

SHA512
5de70fdee42ca6c7cf2bb3a6b22a52a49a2f1ee1fc53e558aa4111cfa2cdf80fae3c8a6fb3fe621025bdb4bb466cb6bb42a04d55f3a4d5036abe75d1b8b0c642

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
152KB

MD5
bc55bac7c374b612617252186674b9c3

SHA1
055acf3155a9cd787dd21f900531f11be7111491

SHA256
8f0a5c7e372294c4760cb0ffd7568b858542b5b8832187caf800c02014c277f7

SHA512
1516263bb865069d863e5d0898afa7bc53a55c5523f6e2ab85d349bb97a48fad75174731348d287a7ff348e266b9ef36c3548dd9332a75c6227037fee838d69c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
d3b595e395e565d5c518488f48354785

SHA1
03f7ba6fb57678408dd27bd3b0164f347f7dd272

SHA256
47b0900b98e46aca0c30d705a855c0489e96aadcc18eb1586eb34cbe71ca9baa

SHA512
4db9a82e9755fcfd061fcd3ea3186be8e7567fd3800f02312a8f6d6bdb0f7c0ebbeb2bf4f85a7202d7820d25496bb5cdaef68f8304ab425230713c8d45d8eab4

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
916KB

MD5
95a611c6c0628c82e124e193457178ec

SHA1
41f7657eb4fa60a14fc9b6c1c20a1339f4cf31e2

SHA256
9ddc0d409faa06ae4fe80cfb21c27bf302a523e54810fdc4a34c77bb47a25bfd

SHA512
89601683c130f5ba4eb4def79ce909e44c9c07df927ba354ce7cc67dc2da4a46263afd1e8f6c9d7010c8db6af06b4cbcf1df1861f0109617a7141fc1cf2db5b7

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
6f8287315df7b9eef1d3708ce26db411

SHA1
643413be1abd6da561eba2a450195e215a72c2e4

SHA256
7cf42c0f046c03bb89c430fc87c58eb8532f6f474b9640ad0a1db865284d719a

SHA512
f967eeeaefec715584c90f166b337c0fc1084bc7475fd0bfc00d83f2904dd668f3b74a15640c67e4836c147f9a015d3e7bb87f8190d272b5db20b0d52a418d4a

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
586KB

MD5
dbb34102e9682b39f4566d8350f36b6d

SHA1
ba660cb65b8fd7d89d97c3bd7df0a260b651321f

SHA256
88f6390cf9bb3ee16156515d96415f2d68a1ae077b164ef5644a20f8dd350de3

SHA512
7d73a4661e764358d39ae4dc501080a8abdbd5cc2a80a270954ad426b40f4d5adb8ce311a8cdd479d470331a92c5f8d4b1b5b1bae6090aa406ab650aceaa733e

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
251KB

MD5
24b27aec2441d9a097aef604aa7bc316

SHA1
ddb37bcb95c3735b9208fe80b4590025749e197f

SHA256
13a34c6d2a9e016adb13bb82deb4dd2bba10f96649001260e21ed61e04dfcec8

SHA512
6862be236053e2e396dcfedec695e0770a15276e1dacdc5b18b868ed0a8b48b9849d1e4a6215bd4ba1b1d97c6619823fc7152e549f38223fb3f0e533d7afbf6b

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
230KB

MD5
cae178501a7e9334ee65cb3ba6772775

SHA1
8c5882d8cdfe0111cb1d926a298160558906a369

SHA256
57f79625633c5eb17ead48122ef5a3cec48d8c2c878b07c4649a8ad145db24db

SHA512
9b0a18d04af808671ddae3ae03500f64b53f8d030b56457cb962e0870ce4b297ae86fe4e8ea6393c60961d680745971ad67c269b80c07ab139ea653b893c4a32

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
972KB

MD5
8c176306344aedb7c428968ec5c7bed9

SHA1
df1f0952748485d224024547650401ac21a54ea2

SHA256
0fe10fdff5ece10e3769d1f50ee8e1361643e63b6d1bff8e30d5c4ee70c426b7

SHA512
1e66737f5bf55f01ff8e37c9a7109735f2bafe78c4e039de729ee88342204a6e9f42ac057e068881538ac4b39359415ab5967196ecbe57cc51f9e878b541a214

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
726KB

MD5
715eea994a18319ee5a818ebf2b8b301

SHA1
6d2bc99cf0dfd9df9081b92811e52237b5017ac1

SHA256
580bb42e80d0cc78ed028c1b6192cfb4fb1e2e7dd87678b68936c0bcd0bf647a

SHA512
62b3e9a3a08772fd9c7c79a05377ddb59a853920212b695bdce03df3ccbaf7adfffb7e6ab07b9f72f17da90a4defdda4952677889278d4e6a8eba94bb5cf5483

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
52KB

MD5
0b0a2b8d88fa6286f7a1cab563824379

SHA1
2c77d2929b2b95cef8ab0d9f004998d2bb055e61

SHA256
833a195709c2c5c77bf909ca8ed6ea87fb116f7f782c111987ce9a45a7b29c95

SHA512
7c474715b15980ac1cfa7bb8dae812b20d5d47aa310b45a59ed30124eba68d6e64a1694e28b37d1b01fcb07c5b36dd9a67fe4836f349843f02f68cfcb45cf9b5

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
45KB

MD5
bff6a3f15d5ad35a6488d956995bf9ca

SHA1
f31aca17a4bcd4f39fbcdcae0fc297c0b5ba2fa0

SHA256
5eb546a8e2c75a0022d60f2fa7502ba9aa17fecf797e3a0636d8d694ff77bb3e

SHA512
080c3aaf6035f97c4fa49ad1e936feee20eb7d35b9cbd43595cd0afa114e99b1436a47cf1b0fb79d45fd9776b0e5ceaabf63e495e59571865f44126cf5be5027

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
49KB

MD5
685bacea2a9f3b1eb8725f2d92e3f979

SHA1
f0bf5f44d397cd73edcf3bb839cfc334d7bd4274

SHA256
5b4faf1f8e59820db559d2f43583ab6b940018f76279dd9de7063a4c8f2462d2

SHA512
dc80190287e9a884d2bb2782b0cc694552cbc47564d2915f9c5a406899b90529b25b875e99b0fdfcbeeba114e2a24a48700187f9e69d778b0196dd632af5ad79

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
51KB

MD5
43230dd1acd221a11b2dd232b934c448

SHA1
4ab56fab038dd0df3b8b8e775b5eb033ac0e1b72

SHA256
6c0df984923945b3dcdb2e312deb0ae3f6f850a17d651a99cff8e7b72230a8dc

SHA512
3b57d543b83db1053a2f4ea8b8c49c60ef3979b87be224ddee52ee479edfc56883e01b716c6fcd4fdef88d051e06c11159d93de2205b34dc021aceed38d63cc1

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
42KB

MD5
0c7e60c1d63f7e010d74839366e48922

SHA1
4322de8d2c708b5ae41ca8782ad7743dde859804

SHA256
672149cb811e6a1236d115048aed1701717567909a069b9653552210e01ed361

SHA512
13dd3ef2b90ed46b94c725735981ce7966af6bfb1f2ff9a25bd209b6ef588244dbd3669c453ef0e4d23e483c63580fbbd2f69d1031444c91c574e72d1f8b2e57

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
49KB

MD5
3d0034996aac8242c4bf8de428e36c41

SHA1
9de9213337294fbc14925a6c20cf8b6c3520ee85

SHA256
cadbe5e7cfa033f26f467f60fd2ed50ee6004ba62fcbb3ad5a3fc181e18f0f62

SHA512
891be306569e4f5049a946e9a444c354da4d4ea656e0407a8a9aeb910f2d33b17b587bef6517680eff781980315132ef356480025e83d60aff552ac84f434195

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
45KB

MD5
87b768799339e50affa042d5531f1c7c

SHA1
d7175e7ba26d55a15e48ba988b83c8eb060e0919

SHA256
1b2e9ccc4cc017d69ec7e9610907f25eb52088b26b86ad506c79fd03380b250c

SHA512
eb7384e579b38c08ec04e6120af69019ba56c5dbeee3e5775727faadcd87893711aaba91da6963178b77db6ba306d40d13c56b1ae26229d5f746abe5c5d1a6f8

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
52KB

MD5
bf3814d48dee8508365596c9a10401fd

SHA1
4539ef41c1646452b39554d9b3dc58c82bfe647c

SHA256
b418edb9cc7206293145d4a385e19e829c015ecab37b486bd43dba49e274b367

SHA512
6dc0255246b63c4804c1d76f3343f952f6d11bbd0f777574852d7fabb66cbb1f1aca2f5979e934613c0e652a6be3350ff2934e0b80ffdd726a54dfe94560e6f5

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
40KB

MD5
e1e26c1257701421e9f623ea1be4983b

SHA1
f8d5df8041686d905c0fca418952f4c232d43285

SHA256
16f51ee0f84bca07e8ae5c430e18c9e61610837a90be68cb667b5b45f2dc6e37

SHA512
a6ed5bae76dd60f2fdd7b08d4a93086465fa667496cf090781e54cf29a8065362356f5d57f0810c8bda48535fb3bc2555157381b282abb39904789205694b47d

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
50KB

MD5
25655dfbf756b5ac5d50bbc2eb7a60d4

SHA1
2b3974613271c42da68a37b0175f0d24fa69e765

SHA256
14600e1af562fe95caff744ab7bfd0fb71ecfe896a1531f40d7839e04762e143

SHA512
aacde7d031ab6e2ba655477301f0a29850c959a390f8aba4d27e1ff32cf3424b1d394433d60e64dba4437d94d4ed7b22d0dbdad4178b718b2eba8cb90eff09fc

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
51KB

MD5
25e624a889ef6ccabe73ec5e4103a756

SHA1
027e059c019c1286913ea7ee3be2959c9458a292

SHA256
c43fed46923f3c29f282ced4e57c9c9beed210fcaffaa3a7d9d285f97a174ee6

SHA512
f13df4b77d685eb101e517eac41185b11fb256c8ac76596f51441bb95cdbda05b5a1f72f233647ba03899adbddef14688021aa66f1bb9a104c4220212b2c9e9b

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
51KB

MD5
e7c74849e255658f4b9484f5f7e50ee8

SHA1
6cc60772cb8cccec98b5d4da91b5c274df16e841

SHA256
0f91aa7e5e80fb788a3b1c13036ee553d83085591fece955bb638d1aeb7a499f

SHA512
585b2b74196d756e18255ec83522accc29c9f6d2b5c2226fd99ee63edc4b822e13a42cab34feeecab8feeab521475e9935a8fba0e3cc66eb9695c7ab049feda9

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
48KB

MD5
5381b8f149f3076ed171f68fe4e9c341

SHA1
4b99290f1169ca79ccdfce496dbe17655bbc8da0

SHA256
249984efd24bf81042c13512a8d12f94df5c7dfb3250e569c7b83b2ac8a25c93

SHA512
a3dae8b603ca1855cc157322acb4d9072fcc8e303ff1b7abe84f5304422d75d68cd19b9449eb73b90249f3c8d8b85920e7ee7d6cb1239c63504ea74bc0d27d37

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
51KB

MD5
0b8efae0993dccca59e8680e06b0e420

SHA1
e1acc116446f8e8704bbf0225a9f57aa9b4d3aa2

SHA256
2f09e9e4be36324067af2f7fad8c8e8510236571b9762a17a049b2477822d883

SHA512
81415ff06911797cb34fa8d376168b1acd5b60bb522a7e9fa3519c1d6520be320ff901cefd47a5e637706c3e459ce535dd6e13861eb7fe53fdd2d365eff14b92

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
59KB

MD5
b6f1af00ecb03fdf9bf81ef49b60a4a2

SHA1
c13bf7e28b2d8622f2a3edd0d5492a2c75b00fbf

SHA256
1fda4419adfe1f1e666c57018e1b633dafab1a13009e99bf62b4ed5ccfde124c

SHA512
0ff7bf87c520c154a52919a4611132acd2865c72cf03d2a24ab4d84fc75402d0af08924e4b35a760719be065e2f84aca0baf56fa04698571c8e04fa571c4fcf6

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
52KB

MD5
d64694556d87dbf4ba69f497a9e83390

SHA1
033f92f482536733666d01c3d59f3e1f2134dfac

SHA256
37565e993b985d68102b5223b2313ee834ddce31223ba1d5c3dae699d37b266f

SHA512
b7a41e70b158d19a69a891d563f2cfa92f3ee1f600074f1e3d3ddc7e790f63f73395f47ab9438098aac9197aeb5ef376342d9eb075f26eb983094f0df117bbe7

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
56KB

MD5
33c49e42f9a94a675ca11f507acca67f

SHA1
765885f4bfcfec6f69446b76eaa30482a886d6dd

SHA256
a6b55cdb67e9fcb3dfb84232ef4fcd5ad610871f7a45f2d6f37b1a3cd21a40c3

SHA512
6f54b58129a156b6edb64dc31fe6bd576c4f4c86830d15634787ceb83587a7200f96b26575ba9f969765a0581bd4fd5f648765c92621fd7c809d498f2b325368

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
50KB

MD5
34611fd26203ecf57634a0566ad062b8

SHA1
5ca07abebfbae98986638ec723b40769ab145b52

SHA256
f6049bf38245c85165fabc35448e4a3dfe3c625dd3ac3dc9d92f8b7139aa40ff

SHA512
241bbef84ac5df5b976574f7b252ce6424a0ea1f6413728455420c321d30627f5c6ccd79ebd5fde52fe63fd563ffe13518e6fa440685a60ec175792e64f60b49

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
50KB

MD5
2930c6ca2e129a5a153eb632d6f98b0b

SHA1
5b3673b737edfd5dce1c9ccf17ca6870dca5758c

SHA256
f8029e404750ee96918b3b0e2d399cee14b94cfcc0426ac09857c3cef3c2b9cf

SHA512
d9f32f8f4f0ed16d9af063b71a11c643bf73685cb15fa0a085146c7fada6d527a2be1a729aae6402ee7671e2db0714a9a8828cb8c9ee29977061f86c9ca15a1f

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
40KB

MD5
9cb1651946924878689d6724c1de1cb1

SHA1
8efabfd53ed48790609af9741873c88f3a6ba358

SHA256
0c896539369456c47b79ff311f7edb9a91002baa2b64d5d9647582c51c2b40af

SHA512
635da425d6cab8588b2f9fac1b96c5cec72090b91117d5cfb94089e577aa9d1a4fe3e5298ae087b5583950342c9a99de4a4e0b1b22a25acbbfecabf7f7bce449

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
54KB

MD5
bdd036805ed82a5534f88fb99b096ed9

SHA1
db01bf2ca98078f7001af0b101ce9987ec23ffcf

SHA256
ec5f47f21d4dd974616aa451ef41d8b0b6afeedf944d1dca359ad924d3b99496

SHA512
575e5685ebe020dc5717ebb823233b8c531276c11ad55c380b6e17c3bcf255a7068909fc5c0d16b073a1734386130994373edff237a88484720710a4acfd0821

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
60KB

MD5
f3071eb15367224f74ba75179f803822

SHA1
8c480795c39ce21de9a0356132de52c697adf264

SHA256
89806b69432708a461061abfe1c942b37f1873ee73556b2ff4cfa9aa1d07436e

SHA512
7c500a8fcabf23f1df215f877b7ee5b9aacd1d23cab45ff85bf0954933d5a192d77a137ce8c0f0f1d18335e2238f5cf79feb06a67e286397849898259e695b1a

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
42KB

MD5
4cd9e6a7e88a8cb4bde1301446b75548

SHA1
c5564a7db37edf47122b97376645eaf092425881

SHA256
d98ed84726ce29a4452fac7a05e7d7b1ed1a68a86633b91e03dc84821a320794

SHA512
0c607875df6edbb48312edb5f350d9ad0167d434dda969b3912fe25dc1c9598d6a1624c61fa2e693d55601980187f047d5965698eae70fc55e89cec5b57f5fe3

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
52KB

MD5
51eb0338073990dd9afc7d19bf3f2fca

SHA1
d39d58072ab1a30c7a07f090f4982e1d59f1ca8d

SHA256
1d92d88fc6c398c0c5f293c24e233933cc0782b1c7d0d7150f5d0d3e09d2b804

SHA512
b23d08c6f1a5e86ba1486435899a22cfaa664c48a9ebfdf4abadb5e2352c487fcbe6e5b52bc38d072ae2930ea408deacd53a36ee8555d354933950b6b72905db

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
42KB

MD5
877b4396911dfd74e6c091834db31558

SHA1
9ec42f6bea9285836bdddb07126993bc95244193

SHA256
cc441158e402b6c184eb6e2578027cff882491fe0026e2b691f931a4c6798720

SHA512
a0f07c3e7cb3da05c4817559ed66f42c8f42ce2bf2e45d18a737e82d39ba0c3802b27a7c914a232ff87484d438beeb8036545b6dd4d6506bf178350d18030309

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
54KB

MD5
283524922aa2a14cd4d97d6e5122fd3a

SHA1
f92887eb2d88889341f9a5a200adb8c9d7e52bc9

SHA256
525bd53088a4a3aa73e1888eabe506fc3f98b69463cbd64bb636c06eff9be826

SHA512
dffebf07368ee3c076839ee2cd03e2932cf39edb9bf806a23ec4d5c9c2c6a1bcb9ea72ff66807be4786bad75ec8b008cca7376e4bef32db0d31ce1835851185a

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
47KB

MD5
e6c6d05d95254e62dccf113035e74c90

SHA1
254b511612c4c5de63da584136ad07e17629b7a6

SHA256
293bcc6a21f1bf5a0f4985a536cea5ba751f98824631fe0d59b04962d148b655

SHA512
543179b67c80594eaa3c73e001bc7e99f9ecc110235b3b58735ea0d114346ed8bf9e159c332ca85c63860435c13eaaac2f86de99cd54d261a8b0010a2ab78845

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
50KB

MD5
cc51ec8ac14359e10722ccc3e8681bbe

SHA1
8724a8170e6e699fbb5ed2531df869e14679f527

SHA256
f6c0dd7d27dc38c420a68d74b42913c57f6d483f743e5f55c8f7e2715ffca73a

SHA512
afaff2ad1c44cf6b35dd1729598ea2c1dd1d3a6a39942364984e1899c84096ddc3dc4f68816049849c2f73123c82b64193cd4adcefe22cf01c786cb507f563b5

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
48KB

MD5
4599270689595602092c2206f0efc56d

SHA1
22f2ba08b2c3bc7ffe4be11f27bba14108edb354

SHA256
d39c1b8d0ac0038d8353c22da9831d2958a4d10bd550dd6b24a5fa7cda867ed2

SHA512
7f010e2fbf50cd22098de82802720d6a4727499c2ebf6870bf91427b745c8a6479e4fb29ee75723b952b09318ad53f97a28966d3d167d1208485bb6867f17ec5

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
59KB

MD5
9fdba304b8815fa2a3861fe08e7d4dd7

SHA1
187c33d72c52440601e5d570651c8939152d86a1

SHA256
19b2e8b3d1fc0a91f0b92fef6b38de69394a439991944d6a19324a3700874152

SHA512
1f33406366db4955efbe09c6853551f2dec22c6c4fa9777c8d1d74f3f77f786fcd7e2862547f299246a01b648df1a19b157a196d65c8e7e5f0bede15993ec1cd

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
61KB

MD5
0510e387d1a667c7265f7124a2f5c202

SHA1
db5818836997927e60af8c68fcb3c02897a13237

SHA256
e74745c1dcb7a132f75777071315b2fa9396abe567ade486494cfeb2ce7fc0c2

SHA512
f6906e12cd81dde2a18531605c4be4ede71a92401d29900885d7a0fbee2c3245e42af0ef340f294ca2bde500d4f7f624eef5a314a08e228df244ef0a0b45a5db

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
55KB

MD5
640a0cb027b1872c3557d89e647b98cd

SHA1
9720882b1e473d6d6008deb57a7536e5276fdab4

SHA256
e7f73b4711c9d1a5cfa84b95a7df2a52c57ef9faf35d9536a2cee876756e9e18

SHA512
331385103a00966046ceda4d921e4671b6878980d932f6bba57eb1b066ee334b68b2695f0a24897dcbf948e7ecc41dd92b1ee02c8a1e8e4a8580ac270bdac341

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
51KB

MD5
e155fa6db882291930a9bb8d007ee3c5

SHA1
a5371da04c821a7afd545a2321f3df6e31e305c8

SHA256
08aa541fe955e4566a20d7f937eb09cea651a2842aacd87b12e578cb980f3808

SHA512
7dfd274c638f3c48b18161ea8e03e6473afd5a6a674ef1c38e71b613c8b094fe53d648b72132dcfe128f85aa312c166a231346f2d56a47d000ae5f4c4cbe920e

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
48KB

MD5
4b2b023956b03316419cec56918f730a

SHA1
0d7a423eb6c6b6d56d07a548b145b5539a415f76

SHA256
aa9622fbb149950bb66755c3aa8cef3e7ad1fc5aef464a52dfbe82980f14f0b4

SHA512
d440a57f8419ed1dea49777fb35654a5854ac21d3c9c1c0582984274d91ec9749a20dfddf22ac0da0a3b6c21276f427a89ef2f1409fdbbd37a9176e7289c21f3

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
50KB

MD5
2405be3c4a1d79e0588ef38b3532481b

SHA1
7bea5ac197b31941ff15fb9cd9aa8fe5c1bf63cc

SHA256
7c14ae82b18383164075f553b2edb663cc4de8c537eafa3c9705ca17a1e42377

SHA512
cc93f1422b4fc7bfe1a6eff9dc07106b2c6ff5d0323ddee193fc20f6c46759a414df4bb5b3352b25a6dfe09eab8ab5c9e5849ebc7bf419fb6cfe54b9a3fe6b8a

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
51KB

MD5
988fbcd8e754ea16adfa1ebd7c5bc52c

SHA1
d12dfbeb0818e1f2019ce514e6617ba14e5aa53e

SHA256
326e21760633feb8e78dbfa4be894da17ff48bc3b9ba19a19488c03a58a3d89d

SHA512
abf3a25d0c8c81a7ccd78ff7200f28392f44f0bd40b9d347229b22eb1c0d022f4149e2062e6cebbbd1f6354891de14b86d8d4add6a2563d5d4e7d20f477fc0d7

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
40KB

MD5
a02ff8decf7a4757ccdcf6af61e322a5

SHA1
710789be35abe70b69db542712af192c4f389cea

SHA256
1cab6ace428cd3e766ac8bdf02731ff05c2dbd85051426d463b948607c7e0a9e

SHA512
fea9a20e99244a597818c702443efcbc72aeaec3db890439a7411250db7172b4881309720b3d61d272ba30bbea02ee7849bc85a807c0041a85ae9876c5440de2

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
58KB

MD5
8bf6b20412938ae90f8576fd54aaccb0

SHA1
6aa40a4574a03639cb8bb664e1118e23b2faeba7

SHA256
0d317d08c686da211dcfd061af8704ea1f5bf72d570e99ee9921dfb34a34c385

SHA512
7f40cf0f917a399de8377afd08d1213854b67570bda758efab53611f279172da68b6c38517aaba17777cebc36f6991b66ddf9db18f111e98498b6d2ba59214cd

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
61KB

MD5
9a6dcd093d4a227008460290dfa18544

SHA1
e1f494e80af38fbb785a973e8906c79e095e998e

SHA256
2586a7cb13f0eb606b3c2aafb36b310c5392c3f61e045d8f52cca929aae19a91

SHA512
468f0cd3bcdb6d009ebdc85dcaccb7d4343e5e72317aec70d683c4c9a8e35bde66e6beb0b5d764c070c639a4c04b3063f052f184ac04750a24d54541ac981869

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
51KB

MD5
2d22c604696f8edf2ba5708a41e69313

SHA1
61fbcfda8a0932e66fe377a4aacf70593e9eb338

SHA256
db1fd884ee332135fb4ce43ed03d3ca03eb4cbcf0d8d5af0d7d339c5078696da

SHA512
47d5a6ad2a5f09ac14687a9518edb9f8d9a2493d88ec59d00636dc11b3dbcc195e7292b1cff005a66ab4236728e5488dfd7a530dd60f1c09a0ac1ab0a4853f16

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
50KB

MD5
30e7f2bf5b4f5165019294993c72c5f0

SHA1
7ae49962e1486054de14dfae3f680847282b39cf

SHA256
59b353639f35af7daba32359baa7e90c38ed2b04f45681aec8504c7f659466b7

SHA512
e2a1782d4f46d25c5b951e09904ba61691c17e907168f72d0dfd64fba15d9a0b7a50e9e16d5d80d72afb6a8dbcee0fe0a7565c8dcc34c5ae6e6bb77bf940bdd9

Download Submit
C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp

Filesize
49KB

MD5
18bd9a87fbee78898f1ee9f6c538709f

SHA1
6759c998f5e8ae7387d00fe40a295fd75c2258df

SHA256
45e7951cad4391f5f41f14b5edc2cad2d198f1c9b9a3823aa1c7c0af0b4936f2

SHA512
21ac9f89dbc4b8daa0e625cb441765d174b214aaf23747cdd5ed61407965cda11dfc92a72f0945ea80bd654d172984d45020ea0dc4940141c91900ec395bf3b0

Download Submit
C:\Program Files\7-Zip\Lang\sw.txt.tmp

Filesize
40KB

MD5
a6a997af43ceee8e5d0c6e3bfdcec685

SHA1
0c0c846686b4284771ec32eadc878c19964e2ede

SHA256
da1486795921c877995883ec2d56d62c0e5c646e7eefbe48545fb55ff8400b7c

SHA512
693b5de333c14cc6ce98cf39f901a92f26698163e86ef663d58f127491c4361c916250d6d02149b5c7967df8c59d85cf1b0e01c8fedc74ba36cbf7275dc265b2

Download Submit
C:\Program Files\7-Zip\Lang\tg.txt.tmp

Filesize
54KB

MD5
01c2b69bc57e568d1e73935442498512

SHA1
380d9e49b8adfa5cd3cbc7dc69bd7888e80fae19

SHA256
de1a91508985e3920b3f3ab6197d27f200597f2a92039038f6d7d5f4977e8222

SHA512
4f70518c0746db983c737d00ff41a75dad034487d8229ebbb08a35f1f7a9080e8eed1c029a818337325f84fd506d97b4fac747d9c65d53da1fbb9dc6865c3add

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
40KB

MD5
48cc25122dbb7edb1ae6b98e62d46b86

SHA1
3361130ae3913aaa958649ca71257ef920e6200f

SHA256
9e6664ba226468a9f61075fb196f8a43563d7302b61b32834103b847222215a1

SHA512
a18e36848b8d04488a56b1f2db08b6926b3fe9f68969be8ece41e7818ca23aedc18bae96b7a15ab1b3aede6724b04847ff68a0bd08fcd31c58c68a6becf211f1

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp

Filesize
58KB

MD5
96ede19af69e69d5b663f6bbd51f5058

SHA1
60e2c915fe45ba2f83f4af0de1fe393f5020a974

SHA256
9830a385f5f6774051a89035d1d887f158901c83255506462641bff1edcfd14f

SHA512
8c1bdec4e602f28d418cf77ec0a56cb60040e732b041d90f0d4290a7f4954693cac6830afb6263c3e33195a6c54f655fed483a60dd715cce96212986eeaf8230

Download Submit
C:\Users\Admin\AppData\Local\Temp\_updates.xml.exe

Filesize
42KB

MD5
a7c0d4d9002b3ae7f40d804e9e5c1f6e

SHA1
aa0ed446464442b22d16dd477df3b1cfd5835d3e

SHA256
5a5305b78a53e0765221018aed144a9f87e17ecd2dccfb8cd616f6deed5978a7

SHA512
8fbb18ea66bfa67df257118e9068c4706a96fd66f86556e7416f5ed0fea2461e107df0ee686b2bf39721bd213e814068a2613f6f637fad1c93da245d2b5c0605

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
40KB

MD5
5236cdd8268649b11a1707acac3f8958

SHA1
2353bed1d6ca71f2e122ed6adc124c9fce2af1ea

SHA256
74783e51be8e3bef8855c372919e6bcc19ba1d774a6c5472c447d3516377ec2e

SHA512
6d554d1e5d4a9f53936b457f96e5f1cbf780919ac03ecadcb0fe760046ba28b91c8ebe6b6a97487d06f64a0cbd1b4dead2f59d58f517d1bb38ebe159e9a4a73b

Download Submit