a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe
Size

81KB
MD5

b96f00174758b26e35424ad1f71daf83
SHA1

e182d2e60e0d38609ca81fd6d74ffba28aa3e03a
SHA256

a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da
SHA512

7059fe4b9eff42f5cbc9732407f33f061aaaf1780aef1c5ef70e5b9df7f04e3ac0c6b319b4e06d897350413102b7c8c5108dee5338eb29cdb098200f57ce7abb
SSDEEP

768:/7BlpQpARFbhNIyK5c5N7BlpQpARFbhNIyK5c587c7B:/7ZQpApA6z7ZQpApA6KwB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5255) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4984	Zombie.exe
4580	_active-update.xml.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	_active-update.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	_active-update.xml.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	_active-update.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\vi.pak.tmp	_active-update.xml.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp	_active-update.xml.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	_active-update.xml.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	_active-update.xml.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	_active-update.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	_active-update.xml.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	_active-update.xml.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	_active-update.xml.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	_active-update.xml.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	_active-update.xml.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_active-update.xml.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 4580	3476	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe	86
PID 3476 wrote to memory of 4580	3476	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe	86
PID 3476 wrote to memory of 4580	3476	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe	86
PID 3476 wrote to memory of 4984	3476	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe	87
PID 3476 wrote to memory of 4984	3476	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe	87
PID 3476 wrote to memory of 4984	3476	a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe	87

C:\Users\Admin\AppData\Local\Temp\a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe
"C:\Users\Admin\AppData\Local\Temp\a3db09a7222a24c6d97127a1ecb4163e4f694248b003750098a7725e55a917da.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Users\Admin\AppData\Local\Temp\_active-update.xml.exe
  "_active-update.xml.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4580
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.exe.tmp

Filesize
81KB

MD5
06e3624981c3aa6ace67af121d1c31f1

SHA1
7a721c9aa249f4224465a4e48f7fcdbbaa6cd524

SHA256
dd893ffffa5bed72921b3c3080cd9ef10f0d5606c36a8e4bd23333a7e5e413f4

SHA512
e2c7e7f8053733e2967dfdd8639f4876ca5acac653276d60a6a707e18d2a1a2d8e86e21c5eedece2f0595fd53b4f45b8b01c64dd35d8474d356ca611da064360

Download Submit
C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
39KB

MD5
c6ed5813594f8c3a68a7fa0ae6611167

SHA1
17038d7eff4efaf0386a3610a1b6fb9d4f827f41

SHA256
0a36579cfe2571b58fcb931d16ffce4e34028ece91b664e5ec3ab2f217bb5f46

SHA512
2cd20140c6203cd446bb3d6856008c57b7718725d917181002c2d894204441e94c9e24e00f2f997780d8716dbe2e3c1ac0402b471544e5caa30fb9aacd82dfed

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
154KB

MD5
a4683c903c0669ca7b41935faad8d2ba

SHA1
22ff3b375304056198a53c1319b5635e910eaa5b

SHA256
cc881e623b1438d39f7f273f2bc77c1c5ca9824989dfa1623d34bf808f5c4162

SHA512
f6559b280b6e8f82fafd99a1a3eda1fda1b93a83916136579b95cd0a8b902a9ab7e12d26e9a127593f6e09722d3f7dd853fe2309478c8e5cac1dc1aa7cf80a01

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
141KB

MD5
c96c9a18ca52bef1dd52941ad84896f0

SHA1
4a4fee92deb3b4c2a30abbc3be4e7e4aa9a6cf8c

SHA256
4a22c2580fb1a3b845df38729215088532cba33110ab591ae8b41f7aa3d39981

SHA512
b6d9134dbf334720e665bea2814211427b4443055cb3276f091d0e8d8cd1df73fa8eacae319f8b88a8340b51a06898eea0e97f381ab4292d9e4cc550a05fe67b

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.tmp

Filesize
44KB

MD5
685da4d7ad3dd6c8fc1425cc64a01f52

SHA1
cb623ba51952fdbfc3fd4fb07af076ff4524d6ce

SHA256
690e3bef698be915a46bb494e223a82e4941e95559f325cbd77af69af024fb5c

SHA512
794fa210546c3ea47f99c91ca62f1de1f039dc5c4f3fa748a452afc1e36ead8fe8e945ccf28eac62138b9cc99ba34f63db1f313e03bcd5448ddd446c26e43820

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
87cb21a058402937736e7138cc30f60f

SHA1
10c3dd1a6a7074b6eea33d32e556e55a4a767247

SHA256
a8a8381460544843b76c2e9c967d22912bef8b82b379013075d4424ad0170699

SHA512
f6b9dfec81e8ba29b671e1c89d7462897f8fc369575bdd73d71b642f3bee437c930562ec745ebc8712429a2f3173fd28f173680b719e87274328e8a00a930be9

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
586KB

MD5
40b216023599a75c4ba37bbf64a56b0d

SHA1
608dffdb52b0f481156cd057a658684cb51bb791

SHA256
8ab843201f056a7becccb435be0abf37f160a84d6f779a6ca72953ecf59dc5bc

SHA512
d0212ad78727f3ae676cd02e84d0d1b1962cca56a6370cbb97463362f50dc768f4c73a976e7b8dbe59a8bcb63e661bf6940d4bcf799a20fa2f9b304194f65e5f

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
972KB

MD5
467cfd7f0aa68a1972c806e333a68fa7

SHA1
ff8ed6459b1cbf09ddec3bf23e1c9ee9f07501ed

SHA256
b36bf6cf0fcfa6c2ce0d6f9e45fee7aa331f8803cc154eb01d6949dd97be9d25

SHA512
efa1edce0f0a01d2d15b51d39ddfa2ad2da41b5f3901dad2dbb6d66df4761830ae31ce910add0ff256fa79e76f217bda2cc37fefd226b3611eb8908c2625e166

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
726KB

MD5
5771512552f873286e755dd1a6d1925c

SHA1
fb07b7f459ea53fe9e51061acbba2c015fe053fa

SHA256
8a39a6f375a6edfbe81e98ee30f398a4a97b20ed975700900b3b74e1945850c4

SHA512
47fbd3f5f29f026efdfee89a384e7507cab8142608333003eeaa161d6bb4ce6644a33a5aab39ae450787b051bfada32fd4770bea95fe2f6a72222d8ebc37550c

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
99KB

MD5
047e6f545cc4be0dfe61d959e5235cce

SHA1
de5b3d3554a0d7ef9a0fbcd1e23e45822b59bcf7

SHA256
d226c8da67e53e528641545f4bd55d56c026891fc4bd6d33ee5d1264534e4b79

SHA512
d0038273337d01c6a9f67ecc00c2dca49d6978863c5b01b639c08dfd14bdd8b15f55ec953e23873bdde9291b2b30ad96ec5e484a291ffd69be11e7fd4f6e3530

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.tmp

Filesize
51KB

MD5
2f66937da23a4bf366daade279a3b183

SHA1
d214923cf29738f5bf0e01d4e5f53f1242904b62

SHA256
c2952b507c4c79f57282bee7742a48a7c6dc9027e56429fac2c5cb68d9d85524

SHA512
fad8e1312e9b3910379abc10ecf388e07a46ac9b70bcffbec3f401a70192198771d68efb5b8870f57012df322acc389fc095fa2df77b567fe2758e972a5b1d3a

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt.tmp

Filesize
44KB

MD5
9c9681f8aac9c7dfd608c71e7b9fc3d6

SHA1
4082f23173fd08b04b64ddb98f1dd5e6c6a83f68

SHA256
3df4c554ee2cf4f12a1a22635beaa232d29fc6d6fdb57d9d410c754f5087d61c

SHA512
79b7c0b39a1503651251cc61e97af258143bf527c0de4780e9e3ca22f7a61ca5e54294fa31512c2b92449525d95f5f874a530651bff2f4e8481f9b353d721ab9

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
51KB

MD5
84081176d0b2575eb9c7c62bc1bb4641

SHA1
9ae9a70abe4663dbb487e4bf3a79283c0e1343c9

SHA256
a4a5423da270dd8b17df993fc555c9b6fb44b83b74cdac6d9c09c288e3a2664a

SHA512
c1a4b74eb506c7a9ccee534f4fa0de0105d8810edae4d9afcc637016a9c2805d38af39405a43a510a40e33bb9320402825529f3f971f3e0770aecd9e09b477aa

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
50KB

MD5
cce96472ab790e0c9574196ab9796329

SHA1
a04c928977d6da10ca7079d3c8fb797603f3b1f5

SHA256
b4d6898495d00666c772d5c4a0e1c48f75d9fa6d62ee65aead409ca8968e75e7

SHA512
40dba3cd49835a1d6b010f92b4f123d28c8594be8dbde6b20f7062e540aed9db738b4b4ae0efda59006b2d36866f8e6ea69dcbbdb0685df901f8218fee60ffdf

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
52KB

MD5
eafedcee6e05fdf4fc5dd39a3daa6ae9

SHA1
0f577f7abbfd7ccdd5b36952322ce4aca00e459e

SHA256
5c410f3a716b4073dfa200dc79d4c5a36fdb813825e099f21b885280a4bad299

SHA512
e3bb56c3a1fa87446a95d2f023d2a939dcaea8f6f56b84cbe3b57e0c364beb5faecca44d7ac6344c67e4b77b913847ae5b8a52bda1dcc3cd873291a5cefb3471

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
53KB

MD5
65cc30b474dc574e4d7b25b753e5252d

SHA1
b5063b25cc23636266d7290792f167f12dadb9eb

SHA256
4bc928eac858198517fb2d7b481f58d47d4a825bac3a6dab35de77ca19b419ba

SHA512
1d26124af1a53385e2a00ee01dad92dc3f83574f238b96441d8aec82d65a17b514e1b4ad6b6165696caaa65fd993fb88fb2c788949de2e7fde088786b02c121b

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
47KB

MD5
8af2b1b438954a1b89348b9cee2c5034

SHA1
191e8ece648949a93fb2cd9914bcd42cce856237

SHA256
f1ffd582978c706e0e56042b89398fc10bb42f2ea7b8f98b7ee603e7853dca89

SHA512
473aa5893db53074b28b3937ee1409db8ec9b48319063dd5dc1c47fc89f3625841d47f28d9788616cd575543a2a26b83207617d056506a99d5bd19e759d50e5a

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
51KB

MD5
fb19553bac38f1766518199679d98240

SHA1
eb28dee2e79547194d3effdb81725ad8791d36b4

SHA256
e49a14be3f831b5c899b8a0fa6ae33ed3e29e028a6704e7b0376f3736d2c773a

SHA512
41efd6aebb343243953ee6109be0d7153f6b7f7cd662cedeaa0c2212b0eea6aae348bcfe532f3cdebc0d8a2271d3a125cfedb879b00bfa0c6e3a812d101548dc

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
51KB

MD5
57fc6549ab71db6e40a8d187c30147a8

SHA1
476f3b80236cf63b581ed7daf401b738ae33aade

SHA256
933a5abe7297cdf2e2764f60769b06c28e5fa3c19b2e914707a12e0103cc91ae

SHA512
96040104ac403c804afe7082575ddaa3ba78abfa59a1f6f19eef767de542781bee90549a97d837d73b4779c7aae1132acbcdaba49ea6a8079a9b0f1726730b26

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
47KB

MD5
201d77616f5853c7c4fae713452fafb5

SHA1
f56a2b73cc604b9a61ad76f18e7dc71299069c49

SHA256
2f53b681cbb26e1b2e33da56f3473733287f481cbfb9abb77018ef182d13a3aa

SHA512
86c5fcd1e1344e78d60c0af5df45b7e83c3e7d00e1b66abb82e2f5ea4c812bba4832d99e42a87c3908b5fa7abe05115057b4e6767dd78cbf74f723c95e431b3b

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
51KB

MD5
5f2636827a61b88ce5f170c8d5751c3e

SHA1
c216d7b35011f2742bc476958f3929d03b8c8abd

SHA256
811a3000fb0c68bf1ecab8dfee98a736a0c8e2ead157735b2160316327b57044

SHA512
ad83e2201087934eaa76467a2344f6d131d95fc5ce0ca9a77402a44a7089e363a8eecbcbdd3958a5d4f8e58bdb131a904cf22ee40b15ca49ff446c4fa5676318

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
58KB

MD5
eba15deede5277aa03062f8c2b3c93ee

SHA1
b48a00e4a8ff32d7828adc0da68573c301fe8b1f

SHA256
541d2995bb68602102dc050bd820e9443afea2df93841674cf91df988a415dbd

SHA512
7a0a051ada3af68069a61b0df8da5c6724a715d85296d23fad25c7e11bf38cbe3a345a56c9cb0501fe9e51f1aa9e7b6c82b755535df50a843b992b7466f40517

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
42KB

MD5
b35109197bd2803098f45a6fd1170b7c

SHA1
8f44c8a9becebdbb7ee0c36158be93ed62713097

SHA256
bc9900ac14061d96268dc3278d288fdcf7bc9a2881e68ff76a4fb0be546a608a

SHA512
3610bf5f9f44caa1b2aa9c583db714d2aeddef98ff43f3d58d062c9cf92662c0aa9a7dc08d897e864bba0c4168d35e566b1176dad037cc213d72345b741a97e7

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
44KB

MD5
b1cba7897a1c5c235c6ea7a5ad837b4c

SHA1
338b928ae2099d59bb99fe0cc867bfd4f5c9d8a3

SHA256
7a7ce75527e8d17f5eadf909a0bebd6cff146ed707deabedcf47a7377a1825fb

SHA512
56e0116466a0af298257a906b8cf5a286858c5b73ede63fb8740204d13baed2cca2c18d24fc7de5d0486a39a15e3e2b29fcf0ac9b1749a84b56bac8653f3749f

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
51KB

MD5
f26b07209ef54835413ff772a9669e78

SHA1
6e492d249cc2b17de889142c890b5fced989598a

SHA256
dd9a1abecd69ddcc3ead73d5ecc5198b1653a9ff31b585b7c6281bd0373bb55c

SHA512
84a360744f2e7519e45a539a3ba80b182640ad684d1d062d220dfa531a338dda5a16a8c7b3b0335b323c0498534e241e9bf0a675c775123069c9fcb0561b90fc

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
42KB

MD5
65e7a5da8ca7620c64ceeb3e5b8835ca

SHA1
059d09377d9627ad9e369741004a4641208ab449

SHA256
8024df303e3e4ba2a3e46d5e419927a700a68a01d1805b4a02b88fcb5d923600

SHA512
a5cf0f55f93eb34b7c99dbf93eb8b80218bd8403be6d2517e79d5a0d4a8266430e8ae792920d17d3a60453cf0905707e5363d4307db827a559724df2833d0e0f

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
46KB

MD5
90438f241a287e0037894b513a582908

SHA1
b45193725acbe970c31c4625ee892941a1af56f6

SHA256
d03b0164a7f5a433c10527070d7c6b09359e2df2954bb0a7cb9f5bca754082bf

SHA512
15e2383db915fbdf8753dde2cbf1f4dafee45ed2128cb300455877623de80a2b6f3ba5e020f244f841eebcfa9f5a8b625a277e02f450e0c5d4066cda2e81899a

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
55KB

MD5
24801a4431b90d9d627111a62afbf678

SHA1
332a6f853a8d81cafd7dca02b67ee49caa758d01

SHA256
7f394e7d172c710e6f9334905a3230fe319b976acee5ba12b31a8ab861f6324f

SHA512
df66a4bb8fb8802998a57ae3f258ae8e01daed897f67240933980f993a988735f4edc36eac3149fa031ad8162d1b0ba7c5d69812d767239462adef0ad9fc9127

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
50KB

MD5
2bdb50f318f03df098bf5f011fe08200

SHA1
209bc34e3168e0e7398ee6d1ef4e0bb6483b4669

SHA256
36c229e220f4f2b832df88e9bb2a70e74980f402a78b4477ed0af541c3ab6c1d

SHA512
37097793fc8b3a56fa5876d5f582a265aba91a63b8bff656b9529141fe3c8bb52702590b88c49503ddf1a39184de914fb019125e7e801a2003cbf6244a57ecdd

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
42KB

MD5
f6d1fb716ca69d25634b77500a7ae443

SHA1
0c97447184122776dd96633b260476bd1972d983

SHA256
3bfa505282b8865118a28f0a8d20de8f2aff7a385df9c02e77e20070345f1103

SHA512
2573c30b9b562dc4a6634880fd6899f60e4148017da5cf47d8830807a93487233565d98843026c50be2be0aacc411013821eef9f9fb85166cc9bfa777a12cf27

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
59KB

MD5
8cf4971d858954404e1d94c617f3ec0c

SHA1
b8ff09330cb89b4f2046a46e0e862eddfca494e5

SHA256
60310d5071d4dd2e6a7f3d52b44cf07af6ed734cf4de41f52b5aa2580c51012e

SHA512
fc321180b36d99505df3f2da75b13806c34f199f2e30d2cc25626c5158a9ece95f240ed30b87402d09c07a8a3785922444e220785e56a3bf65d97f8ee7273642

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
49KB

MD5
9aa4a0b124e5e993f6a1cac4157dbd6a

SHA1
6b70d5ae7e690a564a8746277517255394b79e46

SHA256
bb8e0c55d19f241737676d9e793d4c5873214ab5a56462a81972c66a982b2a7d

SHA512
d44b0550e2ccdf3d039386851f347c0e927c6f0eaf566f637a29c85b2a8e7603667e1e3ab9e09491f2bf4f5e2bf0a107df715adf6d857c82568511d6aaefbb90

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
53KB

MD5
49222c3cc2a97ef04f84a2e9e6ad10c9

SHA1
edb79a7db50da2afdf3080a5faa8d9709c376fff

SHA256
7d7de272e7d051185f7dc0d8c8bb58e9f4f305ebe2eb93b15f64580d8fd53009

SHA512
9d3bdd399f6fb89b61188e031ea5fc401b6a3915a988d6384db70dc96c936445dca78b6e181e66453efc546a893c5215121badd4f4a3c5015d024bdc65867485

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
50KB

MD5
0373575c1da3bc4e7b9634a9a3bf5144

SHA1
7ceb8c37123cd30dbe468a6954f8478e37e77e17

SHA256
404a397fe1043698d219b0d7bf5d9f4f5620f49668d3d60e25f4cbc7f52c650c

SHA512
dc93068bd7daae0cab0a2a9e17567553beaeab7326c3f760cc4815891090e35372948acb9e8532217ccc2f8c16b4cb621df2a0187a65a5c93ac2300000251595

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
49KB

MD5
7ad1aab5894926f9c8c22e925c3fb364

SHA1
fafe04dcf6ea1aa68d076c73d120fe77473dec49

SHA256
3e34dc935c4d508545ad2bd4839a7db3b2e4a22da8122222fae12dffbdb6a518

SHA512
b24e0544ce8e9959880e62ab924325401d0032084d7a29d90ae408509c19de2f484d4c0e1ec3cdaa67ea50d079a0811439a602490bdc8163cb6b40df80d329f4

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
47KB

MD5
c76fbbda4dddad8330903357429ee307

SHA1
32a52712e00b10281f33869aa32780efc60ab494

SHA256
21fd6d8889ce2352b9a0c230ba8453577e63598eaa2527ee5875c8ea8ab3cfba

SHA512
5eceb53eef786f11917da73404adcd4c6d66e7b6affb9e0c247c6b38e19b627e9a3fa6ea037c08e8ff6c4db28ab2ac19d334a667afb1f1139b31f474878b7797

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
51KB

MD5
bc5ac6c2b1c16c220145dad30782aff3

SHA1
6fd77851c455b524ee5eaa8effb687e29c3937a1

SHA256
c6af11f210d2180f90b6fc8eb563df7aa1bcc6d3c535058916e484bfd2a833a5

SHA512
2a427b68f47e8d55b35aa7158597b1233e5a98ffed0c4dbb3a2109baa38d02f7ca64c210ba45c6105cdf04d50252da9a624cc153a57a38269bb894b591d08448

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
57KB

MD5
53974705ae2326c78db707bd3376a2f5

SHA1
c90a29d1985601d2f3a599c07c0679c9a919e764

SHA256
680d57f38014ffe354820dba29d394d8bd118caf0bf82628c54581fcc8450dda

SHA512
c277ad8f7e26f7f0184a7d746b71f7a68e447053505d28ed9c7301688ecf5778d02c6d49f4735dcaeafd31bc3f72be0ca5df54e5dcbbe57543bedfec1c5ebade

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
49KB

MD5
0184be90c9b581ab400f2001bddcd4cd

SHA1
cdc625fddacc82d70e4249c5b9432e7732bea3f7

SHA256
76ccbb28999c3a66ec4566522a545cd5139c3e66cdb5985b770c705d00f6b9a5

SHA512
09db766ebb116b685c730f1ffca6ab00b6f2652d5cc57b6b697712e294ec6e5a928baa56fe1a2b38ec6e543d0ee15d1d3a660d8ceed86690173c95820afd2d10

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
50KB

MD5
3a21192e86237fdb46410c78fcff4110

SHA1
7c0c595548009bf4824251372dff2ba4ddf3c246

SHA256
08da2cd415d1589a81d475ad565da0d014635f0cbc6b9b8d41e1ed41a40a1413

SHA512
17750f87c8ad2f8e06453dbfabf5db1e06a97ce69455c319108bb0bff060998d03628db715c3f0d7c0b23f91ba13010865f66b29154ec004d1491fba1682cfe8

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt.tmp

Filesize
52KB

MD5
a4e65473ea6ac8326066274a9eb70026

SHA1
641db6976e9ff7afb5c886292eb2b7757897652e

SHA256
56a3832cc20fef294a82513e44c2d99713e5998e1c254dc526791799f6389964

SHA512
7040ad59ca32ce16e39f0098d3d015a6e640d45fed82b2c39bdb0bfb5dcf40c4289a79054945b6ab1131320ff20b29bc1afec3d2360270f9532bc2ca003aaeef

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
52KB

MD5
9efa088a3009f906184fcf6ec9fa8a40

SHA1
7bb74b29557090b57b8659c1d4273276ff4ec95f

SHA256
43eb786c0372fdbd69f461102ddc0fb4b272ea25385d6a532556eb2c4926ca5e

SHA512
35ed197bf23278811966a3d212898f6e84e01afb2947fd1fde2bfcefc41cda7855334c368ecd5b845ef13613eca6e512241aad8d62b18d9bd0ae082b1be46d97

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
54KB

MD5
aaad9a1921620519ffe92ec8e5f03853

SHA1
aec46cb104859be7139266a4960c249ef4e6c30e

SHA256
b23fa9fcb6095aef7241dd02dcbaa94e09d0379958c2e2e5bd2d4c500a3d4e8a

SHA512
bfb0f8c8920180d768c7d55e73a8f37b3fc3b579a2bb46fba83e8117ae6887117efde30a83541699196b57cc3d03ab02d75730d115ffee1869174065c4094ef6

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
47KB

MD5
8317e366aa4973199e62a95e2972c980

SHA1
1df916ae94d32d9612e80d752268d01aaef5c5b0

SHA256
f8867eb53108f68d9e8a8f8b8b300d164124712c396e95e3fc971b1f205b1cc5

SHA512
9e528cd49c8e159d0a864b7f54d70eda6141376f09e3ea183893b1913ccab45d745dd616577897ebb9f34e6b6f61b50661f745b094fb50f1f596559bca2eaec0

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
51KB

MD5
4b9b69ad7cd6b0e69640d7aa24d24cc8

SHA1
a771136e2273c3d98b0b698b44abfac32b1f4087

SHA256
15b5e55167654ca097057cab64b8e9d3df3016cd1408c3ca1828e4e68bb74c97

SHA512
d4759781a723e0147cfccb190235668636da634552c0c87b25f402cf25a2660a8863032f09b973a242af7762cbdbf493022cfbf5b12b15ae8c4eff59d26adfed

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
46KB

MD5
8aeb3a65871604cfbec2f84f0e2fc455

SHA1
da2ae96ed7a15eeecf8809c91e4c03837be53231

SHA256
14ff1b0b24c1c9a0160a802c1a5d7e94fe68d8aefe9c72985bd9f6dfce51791a

SHA512
5848320ba8d7d5d2721a4113cc404773846278eb2b0b39b7d10e2fa7ace561d6b3652009c91655a1e129719fb65514987fe814938999828c186c94df34cda833

Download Submit
C:\Program Files\7-Zip\Lang\lt.txt.tmp

Filesize
48KB

MD5
b6af386bd618f02f2a7693d8be292392

SHA1
de757af153d1fb308287d9c3990820364f946b50

SHA256
de2c0a1766bd7359c00edde7168fc0fca20c36ca3b09d540cbce882c4e19ca28

SHA512
20fd02341687fadc9b3885a3a4a701303d9ab121ad0e87c076d140f6c2dabd5bc33ae8cddec467d0acb2a713f7fc187275824a55c8ce8a0c54f807d61f8b2d0f

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
44KB

MD5
1eb2ec38de0f30ad02c4c6d8bcf93fd8

SHA1
fab530bc334b47a80d93f712e8da1e68ecaa18ab

SHA256
30fc61d83ab6f3fc8fbad852ad79d00f783f24bd0b371d12b11a5b0cce3ab069

SHA512
19c67f4920e4f154dfafcc08b05495e85d2207e658e2ab892d9ad23048a20c89920b203ce5740d0ae7a3634a89a0e66ec55d30e31c3dfc4ff67ab5b8d0a7a823

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
50KB

MD5
abd9d45025090d30ca72ab4ab191bf61

SHA1
37510401fbeea42c28a56e371eb20e36677e8f2a

SHA256
860915e72be1d48c9b41c0abc92553f5e01a330533ee1f8b4a91ef22263cc543

SHA512
c1dff2263e06b7cc915760aecc642d6a868d518cc2d0de7dcd1e5f4f9543a38f77599b52c1dd9a68b474f2d5056db001b6a56ef5ba6895a8aa851150287bf279

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
47KB

MD5
f1cdf9ae9bcb05be9339903b16d9e55e

SHA1
8927a3dbc1c21bd744f444f2eaf230d1509cec35

SHA256
e6b38fd6359fa0abb696ac8f13dbca2a15a035a47bd4286c86f7ca48a5ffc987

SHA512
d0688ce6eb27d77fcfc0270599f285e8e744508790c851245273414d717cc472da63df49dfc6b6ce69e78fde7548104b33966cd24936477a563a70b0e68aaf0c

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
63KB

MD5
3edcf03b8f7280191ed0b6e4f575ac6e

SHA1
96adf22491599b4bfc620a86f20c80486ea5af49

SHA256
25c602f52df3fa3a20b2893a5e6384686a70fac1998292ca68edde789eab5f9d

SHA512
16b40248981ce3f8276232bd8e8e36dde76b08ccea9154d5b8fa8e92017009caac39007b8141c3a036e718cf7d717958d068a0278b57db7f7b248d2f5bdaeee7

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
52KB

MD5
b6f961996bcdbd0baf2647b0d011b41c

SHA1
1e09d2382f3e5fcb8c8ccf25c58a35fc7cd905ed

SHA256
1575f43328cf423c0a7ee92ae586f9056d2a6f693519fe87ae6e92a99e1a8587

SHA512
189f455fb35798215cb664867f41283c9247ddb13f270efe74b3f28e2894ad07d0de9c58dfe4e03936f476514ba39b94ff16b6e22581ee9ac16d0a82364f77e8

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
47KB

MD5
c6a9c4f5beda23c14d95d28947f021a9

SHA1
ae98808484239d7c73f15e19542cf7d343ec343f

SHA256
3c22e08df727552bbdb87222d1b08b22a35d223401b1661025c1468ea8d2e412

SHA512
723f16f1fcadc8bece787ce0d1e1924b78242a6f2b8f3ef103862c1311c686b744488b0e5c85da5552cf1175f928c5aa21351ff50a405f5c341fffc5ff5a1fbd

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
47KB

MD5
3c3b25514f447e1402281216af630017

SHA1
bc615635b828051cde7d3f6f985538be95dfb4af

SHA256
4b853919cd74250454bcbef95960ed5ed8cf15450cf70934683aaf44e6efc28e

SHA512
321eaa87ef52f63ce016183d1f1af8c1ff2117c0e2a01c69dd25120265bdea8e079c11c6a5fb0c1fe7a6e7bc0853bef91385130822ded1450890f4d77ff25096

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
55KB

MD5
7e22c7e440406a3f0c0531dc3b6ed776

SHA1
3c5f956c29d837f9797c33cf45a9366ebcf224fc

SHA256
8f695087d64dbe7dab50e0db79913980fa7e620056d23520906160bed57df86f

SHA512
7b080e2866646ec0fd8fa08515a21be487a9e6bbc84f3e0848ecc54f1f17adb672d8d048b656179f0ff2236c1c53462bd83e42dafa49b29774eeb41847208d6a

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp

Filesize
52KB

MD5
82647b22269b6a8fa01170fbd0f6b42c

SHA1
4022174822181cf1fea60716f3e7772e150025c5

SHA256
f53d136eb99258d8e7d77073f99891aa770a5c9c32bfa5642d088191c04abedd

SHA512
64a255b7a69b8cd1d46bcd8591e949c7b4a3131f1df1bfb1c1d892206347ca053213f55a5f74820340406171aba1f9135f247297b90a6567e5215ec78aa52ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_active-update.xml.exe

Filesize
42KB

MD5
6a32e926a0d541664af10250a1ed39dc

SHA1
c5519e2c584ce769f4e717c8eb4efbeb3d2724f2

SHA256
19604dea16be346bcec79f7b357fbb879cdbf080a0586ac3fb228b911e4f1946

SHA512
850968824f51d305a187c99930f55b0231005496fa22f5f9f384fc5912fdab3a6839e28fe728b07415a9966d7a306e5d4f02fafea2c765014f764755f44c9965

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
39KB

MD5
813e7c9f40598b67da3313d58b589b9f

SHA1
a3950ec62f7751fc93b85e7c40269f6482d5ed32

SHA256
b45d615cd43df6a78c128b01d895b85c487fbc7a4eae84bc38c17a9dfee88cfe

SHA512
0d09b46d3e0ad7d7b0557afa50a15ce4b38a2d9522fe35b2e4773ff41a15f7956ab85f508e4d98920d33c38208b02b76bef9fb6f3be1e888c29529fc2634eab9

Download Submit
memory/3476-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4984-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download