13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe
Size

83KB
MD5

8be81353ad6ea357a7d893e8380c1993
SHA1

5db97b29ee4433c74db1f33318a30e2fdb4a9693
SHA256

13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1
SHA512

2170b7b31d09272f7d45eae56ee9d935e99b97eee9c05c531217f98bc8d30efdfb54fa11e7d2caac399f9ff86bb28f44ae1cae119afb5a5f757830b3e1f2a3b9
SSDEEP

1536:W7ZppApB7laKa4aKaW7ZppApB7laKa4aKapekXekr:6pWpB7rpWpB7QFh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (5351) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
4404	_KB2919442.nupkg.exe
1452	Zombie.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ExpenseReport.xltx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	Zombie.exe
File created	C:\Program Files\EnableCompare.htm.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	_KB2919442.nupkg.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	_KB2919442.nupkg.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	_KB2919442.nupkg.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_KB2919442.nupkg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 4404	4016	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe	84
PID 4016 wrote to memory of 4404	4016	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe	84
PID 4016 wrote to memory of 4404	4016	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe	84
PID 4016 wrote to memory of 1452	4016	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe	85
PID 4016 wrote to memory of 1452	4016	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe	85
PID 4016 wrote to memory of 1452	4016	13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe	85

C:\Users\Admin\AppData\Local\Temp\13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe
"C:\Users\Admin\AppData\Local\Temp\13d3dafbc391f58da70574b98a5ad1636b67a4c497a908151c5d5aab2a69fde1.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Users\Admin\AppData\Local\Temp\_KB2919442.nupkg.exe
  "_KB2919442.nupkg.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4404
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

Filesize
46KB

MD5
0a05f8e56e9ffa8ab97ef159fd238431

SHA1
3976a1a6e71cd2dc221d3f878853cc16223b33dd

SHA256
57f23991a0050b2e75aa1131b0e3947c25fd8ecebfc3407ef79a1e1646ffa5e7

SHA512
14962bf4f4694f687ae4438a5ac585e461b678ae27624299dc550eabd809584995c85db808344a38c2f5e1b7dbe6e284fd9109f1fd7cfa312d969f353b96c53f

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
158KB

MD5
f02264458ac872a6331c1d42e4d8035c

SHA1
aefb3b5d0df8d9b5e1c49e2f32f1b4c2cfe0f99b

SHA256
b10ad54247ad2ab982e59bfcbd7725bebebb14cc695ebd1cfed5c6aa0ec10f19

SHA512
a8f29a6e2e281f5ca6ae0c939dfa9db9cab30d6e7adde400ebd9c30ba23e9c3bd724d4e606b8fa3c50a647b076a47575991f4511ba900fc1d62966fcd5e4e87f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
48KB

MD5
61c87c35d7987afb3e3317613d2c4707

SHA1
b84260d6fc4932a24b3df5b1c701be3bc9fc750f

SHA256
f41c923ee68a9e105f338ddc54b7239c113ac9bb152976f223ec471967c579fc

SHA512
3eea6ee988f9bc70cb9eb4224794d5ae6cff9391bb1e7f68d270cab3a13fd50ceb2acc3a1eb78b4c45f69abcdab487d060ef2de68613134ae5a59f7fb7549a8a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
2f3355e01c543da526b4961aa65457ed

SHA1
01dac08bfc9530d4cab77472fb3cf325d215fd41

SHA256
7506f94c283c72f9689c02fd85d09dafeb5ba240ba0d74955501b49c52211501

SHA512
793abd73ce9fef2451b329f738ed810a09b17790505979cf77ceded26f11fc98ea65b944e6b0bd5f52fbe071150b72034e76fad8b8af95453bfe746054875cc4

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.6MB

MD5
c3ecab7de05310f56e173de03b10d58a

SHA1
9869ef60540f0693d2097076e220ec4513376d2d

SHA256
764a62e98c8f066fae4ddd6129862bf25705004eb895e112b8a6b18336199cbe

SHA512
403155b484c557b2a818c2e455210d40f7513e4accb223f7a33ef797546440537dbef9e96eadbdb3384dc356477ed25bc9756d11aa8358a6df1d0eb4ad5c06bf

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
581KB

MD5
b1cbf9d9a1c7692d6ab1361ab1aa89e6

SHA1
b99e715ba9c601c0d42275d3ff5d2500b9cfb842

SHA256
97f45f50077f87d60dca1a6ab0d4aa2b20b6218fd3fee074804bbe44a1315226

SHA512
10d02cac14f6ec86b9fdfb1fe5f0407919d97a9f12afb5d0afe0e803a5d4649db150a7bbb993e66194131ed997830da8568edc6f6debc765d87385d7b53203ef

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
255KB

MD5
22a2aca6a3d9b50b3e5e707bb20f4487

SHA1
1b0f8934d4f9e8071f2be5ae4e5e7852704d8cd9

SHA256
92d9311b2d798bd0f915857d40c48aba2b6ef5d06373d8868453059d34a035fa

SHA512
2419fae51f8984a1b335d014f8179e3a5137ec8b1ef590ff7e01c0ae2be9998812edf702990411f8ed580e92dfd3fac9116420a4cecf1103549fa14ffcc0307e

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
234KB

MD5
6aa1b7a5daf7ea9f3435667d03778b65

SHA1
d153a4eae5d24dc5fb53193d0b212513e364cd4c

SHA256
a783399fcadb5d2eba074578b55be132da492ed2ea25b05066fa04e1acdf48f7

SHA512
515706ce63d7f7e6fd18800b87f60ca39ab9c7ef1a30b8e0da1dcb8c51adb159e9d62f4ea0a3b517b6d2fc6918bd9851d88e4d2725b452afdda905873f3b0f3d

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
976KB

MD5
6a8e31584119bd4a7088b90c8f9a9b13

SHA1
7be4395cbac2a031b0b87568f6d878eaa41becb3

SHA256
d7ae0195bd012cc14638040475bee1cb91eb6c8fd4185a68994ee0310a8bd320

SHA512
e49327421b45e912472fa14aba01f9a84d50f90801795f3744386ac20166ebc20922fbeb267307056c7d2345477c7a58b77a12dca7ab620fd882aa7cecc693b7

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
730KB

MD5
6ae7ad584a7bffbe8692de7575aac5f5

SHA1
16b526861d2722b7992826f2bda3ebbef8316ca6

SHA256
80712ac0defce535746e1a43987d9c849e009ddf2ac1fbbfc6bd0aa6d18eb276

SHA512
418a2604c369d281d5fadfe5fb37e75b7b329c442fb52d1b1ae49caa86c94f9593e498fe19e229243affbf79a51587c9570778790ea5ddcafd2ef9723d9adf2d

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
55KB

MD5
9c2cb69e87d6c99d0088ce8fccb8470d

SHA1
732bb9fc91dc6fc70a52a726d9b06d1dca4652ec

SHA256
dd778adfc61f2e83cbdb433f83ded0f24e574acae43c0e61e3c1000bde9278ee

SHA512
13901fc65f261303e35690004bb7c84ddb45902a9e409168dc66bb5f0b431c08d741144f81f4541e9bf6bedf3f43e09ea914d932788289e02268e5b85434bd0a

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
53KB

MD5
071d228028a900fb486fd3208a957db8

SHA1
d0ce269db0d3f12ef29f95c4f142546ea871c13e

SHA256
d691ca3044dac202ff2990066096b1b176ce666e16cfb57e5020b7ca13735513

SHA512
bc342508ae2fd86e90b3e742596ad3ddf17148a64e09c2b3a1a542ce96646dcbd0713f9afa2d0096fc90b62793c4aa34503c93e44586f438e573c6d937cc6102

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
58KB

MD5
201565b651f57379a0f19a2aeac0c7bd

SHA1
e5879d8b7c6c03aa7fefcadce40e628580ccecc8

SHA256
0fc5fdaf8bff2596c033bf2b9aee591fb025c5a892f830150d0be5477a7bb866

SHA512
285be36bc8e9c6992fcd96a36c754da9a6d8be5e00da31c72b6e2096e5066314cbd52a7a2fc8641ac9feda01c55f57ba8a941ee37168835d0fe809f16dfba80c

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
54KB

MD5
cad32f34e3cb453f58552aace2ae2e27

SHA1
d41c6a0bc9e1ceb2ca084516862452ed26a394c0

SHA256
e89e6a487979ec981b325b9fefa5354336e1b88defe4d97a7dfea20c9e08e436

SHA512
f6e7abbbfbcb8238776147cbe482fab69cdf7501b1ce243ce26a902166f57734b9098fdcc0ac839da28694babad812093c187c138472c7b2bb178fbf51f9681c

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
37KB

MD5
0309154cbc4196bab1c938cc8a141972

SHA1
1dc02778f3356bcff819388906b7281a7a857cf2

SHA256
099b33e039a8cc70848678c71caabe5e54f8465c97c5d3ce152ff41b6d80f5a2

SHA512
4f612a804858e0d72659a31296f0b2a3201ae4be133035b73455e8ad2fdc6aaf3d65f9ef5a08a1ea5ad9f256b2c7bfbf8b7703334dffa291a03656907d5183c0

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
54KB

MD5
22d65639236c2481ec0824503ecf3ac9

SHA1
46e2059652aeb995f18bd55bebbe46212e1854e6

SHA256
cce5202ac19b10b3818f130d47033d14b886359f99d64f7f88d03f57edbb4210

SHA512
65c1318c36eca045515847a9def13580a23bd93d55ef594b4f8c950a5744838ea644c7b5e8d98d336cafc30adfaaa05cdc149581a14ec66084cb8a1b647fd622

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
53KB

MD5
a1fc769f179adb6ec9d61b9886700837

SHA1
c52df9e0844c20e169560b9c46c01faa58f40213

SHA256
6aafe523409bec43a448fe86fb0d2860b4ce3e8563d786fbe68b0f711259f9a8

SHA512
8ec59f31ad99a0a09d84f35ac5e403868816173d8f30efc407ec487abdbfbeed4d03e32ebf3f1be03a6bcc432234c755b5cb32216884e5e05008ac19437d89ac

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
46KB

MD5
62b10086072f737a57315b64816f2df5

SHA1
9e0592b85e159165554177cc891fc9fa4741b5a3

SHA256
4d02e5569992f08fbe63e691db37d139d5f9cd4e680c981cd99ac82cb5f38bfe

SHA512
95f774747fb4895fad6d20eaf3c035c0cd3bfa1f43bfcb8aee3a74b157249e61cdd0987acdd9f15bfd5cbaf47c25ea528d73c14d88b028f8989e66b77075045b

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
46KB

MD5
175caf20adfc0b1cb43960ac39c8d17c

SHA1
b866b76d5e41b3a95688917e4333f2ae5214c939

SHA256
279e1767169959c774cfe64b84e44873068ffc59b73343d2e3a9737c436b2441

SHA512
e0729c68e3a3c381a16271ef16bd93010488383ffa93d3a9851f053264994949eb93698c23b2c0c39d8d50ced0a6c873173faeaf5bb0c3d1bddf725c925bf2d9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
52KB

MD5
0ee0ddcbcb71f2c02f11dca22a699896

SHA1
905ef7e3a3cb9452f78dab35048e527c05be16bf

SHA256
86349d6f532025b404daa46327fbf1eb8a310764518c9fc61cc21b097b2d41c5

SHA512
c2c9b52fe6a95f49277e01821986fbfc9ce94775bbf4a663a2fa5de1227965df5a902b31a17c87d7c7854cec91b1563d0671d74d138ef43a2fd88a87e4b3ea0f

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
46KB

MD5
b005ae5f57d7c21663a14971a91ea01f

SHA1
d80f6baf2742386d8a07c0c58d5f4b14de4a06ef

SHA256
f06179cc4ece3c360f8e9663ff147ffedc70f79ea8f455d52807260254f358aa

SHA512
2414c5b3d5e005a1763c9fc5f2ac0781f2550cd55f685325ee366e908d2987862d052e256b7ea270317316041f3b4e5fe311246450d4332c7cf688ed050d174b

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
59KB

MD5
343d94863dc4312325e3034c39c08a8b

SHA1
b3aae6bd626f561c2cc7399bc46a594dd911efe1

SHA256
49c43fbf6f83050912e18995958600f48c6bbbd9670b0fc4facaacc691a5dc18

SHA512
03dde7e434cfebb6fae1abd45ec7782eaa5f585c460a42cfb3e1bebb7b810fd7a69660a7c898335ad31539389ee9a41a2d3573f2b12c2b0c39b5a0d59db70c4f

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
59KB

MD5
54c4c34d7f0a97ec5117008554ce1211

SHA1
64f65f921487ea9fd02b462bf31d25cdc7bb80a0

SHA256
d9aabfc27fa72c340743f54c00ebf81692e7ab621eedfa21971b818070f18dce

SHA512
619d2a0448309a6263c3905d5a5aade35b858960687c204c118c4f8b8e962bcfee868ed0ef33c995bbbaf4857f985f7149961e141d09b753968ec1ac06f9f557

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
54KB

MD5
85ace57a7534cf170bcd3c0e6044647c

SHA1
69e9fbf3158a4bcc975319805ce8f0debc8e93a3

SHA256
5e3dd35cdd37419a7b224df5765f0f2f6d2d12adb70da22de9bad39d274c0448

SHA512
2c9b1ff53623d3b4d3dd85f225f1189df4fbd0cf873c57b1e6e60732406e82c349a91c5ebc971374a1a234b2cb0c76ae425582729b1935bfac2443a2184b0d98

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
46KB

MD5
ac9de2204fc5730e614c6bbaa547012f

SHA1
e204beaa9a2d2c79dc2681b6256c1ac4eb8bc384

SHA256
f283331e86b8b4a6687df97e23b2508dec0f366d330d6078ca8eaad43b1dd040

SHA512
d77bf34b8a12f10fed357d500e4fda017e179296979511baf4bcb9f282cd559ef963ed968130ce583650159212fb7919c4205bf125d68f3dbedead2015127361

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
52KB

MD5
97bffcae1c1fc54193d0eb1f2f78c194

SHA1
55a6da2b454f0923bf215cfcac2d3f0efc8b3b0c

SHA256
ee2b1ad9887898f5285fadf0aab4a8e408521e213c11790f3c43d804e9d86c46

SHA512
fba12b85f2793d4463b9686e7a0bf236059dc28722e44c5b69fd61c4d0c2678b8ea6738a8e22ff79cb1c2dfaccd1f12518eccc3cc44fb6f54c72139482ddc11e

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
54KB

MD5
d7698b00b2b7503ab9a1a79f77f667c7

SHA1
bd0be44a60e1d0ba77a32270f3ed2fddcc077c5a

SHA256
9928f2f34e51f1945a3ea36bf9cf77f1e070add858e705f2bb300787dae54f0e

SHA512
a6ea0e97944c863579c4e47f4b27df065d10da0976392fb30c7b8ace3f2ebced5196d5350091938a5cb4deef9852aabd74bc4fcdbbc9f00290dd01ced3115d3a

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
55KB

MD5
ea49dcdab8b8818adff74dcdd457d702

SHA1
02b2e8a839ec3ef90878264008cedf09a2a15617

SHA256
41d9e9aa0e7eeb6cf5dbae31463c62c32fb5de47508c324e4e8424e2e8b97ba8

SHA512
7db7cf16021421c54a99c7f3c437b5637eb738c26319e29ab1a6f844c47ffacdcf6865146e944762df7de2d98f982473c90ad25b0b3ced9655d66e26660d5b8b

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
63KB

MD5
64808bad9f321579ebe295fd4f3c3986

SHA1
acf31cfba4077a3f8d400aad08b813ba6acc4a9f

SHA256
8ac3b5256093291d002a9987c9e71eeb3e9ec279a694c36a493217cc4e71b3c8

SHA512
20068a54a765348e0ee240590ee419ace86c738864525e01d00d4bdd0cfd20a0f9f4d8143cc80dc2562ec2e7e41450836205b66c192a1de095072607c11cf2d8

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
48KB

MD5
d4cd3663fa773fe6403f789681483407

SHA1
70864654ef4ad081f16e334f2b184fc388315f67

SHA256
1bce513e0078d588ff0aa02357abad404022a223474a5c956da5e8896dea1bb9

SHA512
72bfbed41167491668a7426ccbea6f4a8f8dad45fa2f9909c61fbb86b1b33ee2b7aa4b5cb187c1ab3449cdd75de4d37bfa3f2c0763f161446da24ab023c91b6b

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
48KB

MD5
ff2b20c48078bc53cdedc8f865203a5b

SHA1
1b00c2a7d8dfb89bfe32767d7e08476e3d8a4662

SHA256
a77a47fe309938eb24466e2cc74fe8b412ecb44a00c2f8236cf9b4fa93540026

SHA512
1e2a99f768179107ce8f08c7d4fc1d69713e18420f577e06e490c713c2df031981b032026df76110b6cbed6ea70692c4ba367ee773f0ef21344050512fd0b61a

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
47KB

MD5
1b6fa23dac73694a3968fecba2825eac

SHA1
19c09dc3057af9396999a6c33349528df776b318

SHA256
56833f5f676c484de9f367f1305b33ad00b204ab0dafd161bc3083ac66040f6e

SHA512
297f53a532ce8499c72e07cef3498470df0429dbf1439d8046c0a3ff21f06f0ac02328af4ebf4dc205ced8009a044bca28d0e500c17ba194e187436420f6ebb3

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
46KB

MD5
f7d687dd35b9d873390411e3b78d98d4

SHA1
7a10d4d9d5016dc08a9377c8e661bcbf960e4ba8

SHA256
f211dc399021656c13a181f1bb9f3be3fa7538598c512416e3f14ce2e06cbc9e

SHA512
600a337bc4da85ce5d8e635de044cb4674e05c5a3812e913a278e2026843b44c765e2c804857e4baaef8257ac8e22d7c775267611358d7e54c7be5999ca9e5a2

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
46KB

MD5
db7554809d6a4e78d65d4a560501606b

SHA1
d4feff5d44223611c014412f1bae09a7d74c25ce

SHA256
45177959d9ef64c76d46409d35b4020b2d1302fc01fc1a3edb38589dbb2fac7a

SHA512
c7172b6e230c3aa27ea864e02dae3cde402ff97377d89745634db1b77913bc6f90477ff6b0992aa1a91135792eff308c92a2ee0c4ded7a6bf1c18e707f9b99e1

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
55KB

MD5
1addb441a8bceaaaf6c8e99e43ab2d81

SHA1
164650f2209ba2c9ca9f0e0c4b6ecd00ecf7126e

SHA256
4d47b47f592873793bb5f374134b20bf3ed91e1817a138f22a506b3db1f94657

SHA512
626c085882c51699e084b54c361b047275cd3ffaa058e31ded5f0211791b112f69453fbcf892b9029889bf7fd14dac9d8e886fb7164d95b6f94536d48768ac0d

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
57KB

MD5
3075e8af00076edb5d5267ab4b7a33dc

SHA1
3d54813e4096a5e1e03a37c71b2fd97498565218

SHA256
0c0753529f9fc848db402aed1a4f9a79c520b9a1af7c92514627fb106f55e9b4

SHA512
baf47c1ff1d14a3dacf9a49d193ac3f35c34f3c3a871ce025857dc0755119f998a2b10d35b35495ccf1c85360116262fc8c88973778c7620e8ceb8f76c2ca726

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
54KB

MD5
403a784e9d45ea5c59e47690c7c417b3

SHA1
c511ed42bbf1a2c37716a57b153ac352c990736f

SHA256
7cd88c04bc9c1f1b632812d54e91e97c10c7fcfe80eada0ba2f62718f9547129

SHA512
339852e36834f0d7f1ee8fc893c16f9dface96a3c91c29778009c5ae19007494cac90a8ae396745b211854643686004a560802e66131dd58273f2336785f278f

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
46KB

MD5
2473c6fde738d96a2d48f7787978eac5

SHA1
16e16b5347419025b559e6af5f6f78c18d6049e6

SHA256
a3983c251c648ae6077215feecd791eca5e72d7235581c2ea3432b10c462c950

SHA512
a478ae0a76f361a3c6ff5092b0dce7f1043b12bb2acb87b533bcf80394aca7efcb6b0cc29af58210b14b7b6273c33aa44114da0dd8adba1c68f571f375f208ef

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
46KB

MD5
b20a477f09838082087657ff59ad9e9a

SHA1
216292b693a187c8e688efe8af346b50379f1681

SHA256
67bb81f7e80f556da44a2a4a11982390757bfb7a7f9e0ce0dcc63e85213edab6

SHA512
78ed6caf896947d4497aa34ca8f5f1f0cc7e8f4a46504c15f229d79248a46751d95df42ce2d6bd6a9a5de551f0f737436907d42cfeee5977c9b639b28591f555

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
56KB

MD5
59dc3bf95b74e827b0aeb9954f9baa75

SHA1
9da9ef7760368258cca1e8b80ca813f9af6e8b71

SHA256
68174fe25110aca16c3eb4f50acd513a30d25a0890174a4add44e5a5efeddc59

SHA512
00d834e5812515bb50be3b006da668fd207738584011863a57afa8b13b322c35c429ab017d9904ea997fa52065177fd9e3f8fc8f2812e0779fe49bec960382be

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
46KB

MD5
ad210daaea0ebc48d61adeadb1b9a155

SHA1
277815a6a794fa1e6fe9436c681b40f33d68ae5e

SHA256
63cd38fc0736501eaa72387df923530f69a48de42895e533f002645dcde69c8b

SHA512
13b0a63c752250f6d382bfd8128296b84dbd49f278141d5eb0289cb860ce260c07abf6ddb1ac9aca6646335fa67a00e2ce1b15747e3473625f51146c56e321c9

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
46KB

MD5
cee8fe5f2cc78ac68d15953c4c58d2fa

SHA1
9915bf6418e1805527b9fe8141144c66b3c3077a

SHA256
de95a14e5ce5eb6a3bb47dd36d914519d8b0084ac76d3785fd1e7105d39416a4

SHA512
d9cd99c02e57281286164e3eb66bd6b18feaff9e095c4428f9d009c0e6b8b47e05b14dc0c9c09e8c9fcf0d9aa0e425fdbe318045c9374cea1a60f95936d9992c

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
54KB

MD5
72edff9c4977d16b2853159dfde54273

SHA1
fa35e03c0f45862f9ad0f73441bed8903c4e96db

SHA256
cf16c59365b70a2377dd9405be2c7223a13fbedf94b680cd65e652c8bae7afb1

SHA512
855dca0ecf5ab53829c293febb99c5dd718d7a172de17bc7c18aedd5d1aa5719af78c4c25c635a6737892b0541f3f30d88990bff29c8c691a545a5e03afa9fa1

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
45KB

MD5
b9b89eebe1a5c3ea82d3348c3426e3f2

SHA1
d7d8cbaffcad3b3929100170ad927da04823818f

SHA256
57dbebd4706f34f6ccf7e71c35ed538accd1fcbb55d9822f197418c3cfbd6e30

SHA512
67645c4be4e4cb3d70c599e092989a731a476f79a6c0241616cc25658562af4a7c6d383bbbbc6b047d98db64dbe25ce7ceecd2123a544f417c28b066181478a9

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
67KB

MD5
ce33f9cdcd42b696d866476f9bd4c759

SHA1
4703d890696d45db7c5898d03b5510f955ddd831

SHA256
d333c20a3ccb5569bc4ab02a63df7a0e02d9c05f1a30cb96a2cafd07eb0581a3

SHA512
da71e3179e50fae250a92684890f5757ca6f409d42f1d0fa47225d2c841d10105f9dc0404b1b29b2ccf7951c94185f99623466d6fcad78d63b0e2b0e6ad6f51f

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
47KB

MD5
3c06b57c778ee6eeecb57f7f88698736

SHA1
3e5b1fc9b21a715b0508e5f5f90a5d4a538a8717

SHA256
811360a09883720e2dd304c881bd5ed2044c9d4476cb4f22242f088e37c9f8b7

SHA512
e2f4a9f0ce1b48ca6f5c5760307440242c8d3aded6139f85b49e49295f93fb41c07e6bd663f2dabe44902bf7021d3c7331431488d0da99f2a78bfb736033e793

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
46KB

MD5
37ff30573314a18570ca7cd0e426a6e3

SHA1
d324a9c8a96a8547b2bc4303b4bd6935e614cbe6

SHA256
5422eb1389877ae27967f04c849b87b504152601121585df6884b5afd3c3dae0

SHA512
7faf18ce927ec46ac9a5cf580107d8459e8a4e110668c36bfac33d15641326bcf9b5a28b72f99afb75a3d3172e62e93fc7732c5e2273cc3d23d7fe2852ff6be5

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
51KB

MD5
f7559cc8704894ef9125d135c3d3499a

SHA1
929e8e0a3d295c865b8b68574f57a66965895ab4

SHA256
4caf5b6cb93f61a1454fe47bc8a394b945f296f126ab487dc697e3999b07995b

SHA512
dca4b92c31b625955d852fa1d3757367a9d23d38056f8abbedecd4afbfc824dff6851f1c034665b7d663fb9920ae02997486445cb0dc8d2b7db8917355d896bc

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
55KB

MD5
98721da448d9cf264c6d68e30c0d2077

SHA1
4573955276cb911a671d24adf158fde26d3a814f

SHA256
6f88ba59a69e70fc32301d6aa1d08852a20126a497da64b12a4d3733fabd32fc

SHA512
2ba833d916557aad82a48da5cea2a75ab15b76f694bd44ead9a33296354cb35c137b3133aa13e4db06f501156d54a5df09a02df8e2b7bd3c33ff3148a5213b65

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
51KB

MD5
0561eccbc427735ac9b27bd9f1386603

SHA1
ee931154d789e89ac26d203dbfc33505ef2b8658

SHA256
28cc2d68b78bfcce1d5b9b04b43800a5ce2c03f34dc27cb12ef548e4605c21a7

SHA512
2a214d8a9d396d752b122d380ad957dd92f5a92301e56b1722ce1e8aef79e68519f5a2542f21060bbbb012df3834031e8bea73156ed1d7891fd5fc1f0449f503

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
55KB

MD5
9eeb863a76086a994f921a8632c59c99

SHA1
20e1c747913da1ccdeb960308b5517285c5322ad

SHA256
3fec68a4bc1a36e52d0f460e91bc6db3a030b118f9e8d68a1e813c666e73e4c8

SHA512
713fa80d14b9f8f4d16805ac18911d1c1712476d30fa1a2b9447c71a840161888844b0a2f3393afd83005ea6b9944541ba709b6666779cb3b8a528e0f7adad6d

Download Submit
C:\Program Files\7-Zip\Lang\ps.txt.tmp

Filesize
46KB

MD5
fd58de7ea886c2f786f08e96da55f4fb

SHA1
0798204b1c7c9c1c516c0308719227e404eb8a6b

SHA256
0e38a758cd7e98042825128291bef011f5337b763fa7b97b81cb04a51f3425d2

SHA512
2a7df51477f559d3f3a0904111e98fd59168d54bb308ac1ea0b9dbd4ed26059a8b333983503ad1eef6b1207923d6ee6e0dcc4d35d97990ecd13dccbd5c6309b7

Download Submit
C:\Program Files\7-Zip\Lang\pt.txt.tmp

Filesize
46KB

MD5
dc3acb606713a8241173621089103aef

SHA1
e2217818bb34b60c5184c0567b596aa4fc0b6b79

SHA256
04452ec2c5e90031907e299e00ab735d78715ac63c25cadd5fcd1422c6661180

SHA512
b01fcd18b3b3f058be70252fb77088feaf8ed514fd09f9fd24fd514ce936503f0a6b9a9d22ca7073a42d74d66dc551858b31307521648d4a44f46c11c89d31ef

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
61KB

MD5
d81206a2b7e1fa68e3ce07f1cd84286a

SHA1
33524a5b6cdb1386548bc0462b2c6dd4bac59b2e

SHA256
c8d62201175320923699b91a039e2c4e908b787ca7822825e7433a84ca483cdf

SHA512
db06406b6b28012017edef131303011a2c4bd2657a244f0527cae64406cc1095f1e45cde2d7987dddd9e21b6678d79610e3c282c31b1c9bc76b6d0594b775d7f

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
56KB

MD5
b94322e68bfb63ed5b4d7b8c9f4b7c37

SHA1
2ff4c372728ee20c8cd5a8c30f31795be29de5be

SHA256
90d42ebc318c0f0a12903bb18c4e5e93477169cd3749d4d87c17a31f5212b0cb

SHA512
43eaa3b217b878b81769347a21c207a12a295c0bd1767159d36e60f14967861d8ace66cbbc72fb59f9b1dc2271799c0cc2aa41b89ddbe0a94cd8b5a404e60986

Download Submit
C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp

Filesize
46KB

MD5
4be2f10c78ab4e9c4dc88939e547b302

SHA1
495e8eef75baf381b9df589ae297fbde66e0702b

SHA256
229ebe89801085f6509f47377a49af27172a015ac959843b58264434dcbbf05f

SHA512
ec2d7e2b74208fedba1bf2b857777a9c2c8f95eba3ccf94c7d9cbbe6b2602f2afd00280f1ef12e82e62e54333abd05149297439f1c42cbf34a6b8f80eb19dc36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_KB2919442.nupkg.exe

Filesize
45KB

MD5
888f520775123457a9749df6df4b52c6

SHA1
b881375478335e39c15add42accfac726033a207

SHA256
5132124260adfb10ce4399bf3440dbb0ff855c09603306a6aff1c07b073c91a0

SHA512
e02b4e6e458ddf92134caa19e9acb02a6fedad0ef0e776041723d7f97b31df518f26e9c4adea2c52e588e185a5fc88349ce3e99b16e88d545e7f58074abdb549

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
37KB

MD5
f3cb4ff723dfa2fd20ffb0af356e6543

SHA1
7513fd6efafdac7fc44efa41505d06d48ebc2fa9

SHA256
96aad9cb5deb1364839e4e280c4b2f4b0f26099216758238ef0bd3b6af4e3890

SHA512
96205e5896bcef86088571f7d8e2fc776ecb99588c1f17e7eb2454f83f8ad8cb855f9e4e22eb23725e25e58aa77ef5b8d533ee830a4802d9bd54b80b4396a7d3

Download Submit