878352a542a9fcc49b6e026b91a04f55c5b28b4a580e2f649c3d81ae22db9d5a

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

792fe1b4bf071f5ea8cc92eff65e9800N.exe
Size

99KB
MD5

792fe1b4bf071f5ea8cc92eff65e9800
SHA1

9ff530da3ab9f42e811a8dc75d6d9d877eb2a9b7
SHA256

878352a542a9fcc49b6e026b91a04f55c5b28b4a580e2f649c3d81ae22db9d5a
SHA512

5bc0d6aa45a4c62eaa71a0972e23450bd775118a1805c6751801ab5ca3041c9c805e24aae6057e41ff6fb9344620d42023e29959e79222b00911e5505ffe40f8
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6n+7BlpQpARFbhn54fmiy+3BVr54fq:/7ZQpApmi6n+7ZQpApmi6n0XM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4822) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1576	Zombie.exe
1744	_Word 2016.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	792fe1b4bf071f5ea8cc92eff65e9800N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	792fe1b4bf071f5ea8cc92eff65e9800N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\InvokeFormat.mov.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_elf.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.exe.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	_Word 2016.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	_Word 2016.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	_Word 2016.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	792fe1b4bf071f5ea8cc92eff65e9800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Word 2016.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 1576	4796	792fe1b4bf071f5ea8cc92eff65e9800N.exe	87
PID 4796 wrote to memory of 1576	4796	792fe1b4bf071f5ea8cc92eff65e9800N.exe	87
PID 4796 wrote to memory of 1576	4796	792fe1b4bf071f5ea8cc92eff65e9800N.exe	87
PID 4796 wrote to memory of 1744	4796	792fe1b4bf071f5ea8cc92eff65e9800N.exe	86
PID 4796 wrote to memory of 1744	4796	792fe1b4bf071f5ea8cc92eff65e9800N.exe	86
PID 4796 wrote to memory of 1744	4796	792fe1b4bf071f5ea8cc92eff65e9800N.exe	86

C:\Users\Admin\AppData\Local\Temp\792fe1b4bf071f5ea8cc92eff65e9800N.exe
"C:\Users\Admin\AppData\Local\Temp\792fe1b4bf071f5ea8cc92eff65e9800N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Users\Admin\AppData\Local\Temp\_Word 2016.lnk.exe
  "_Word 2016.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1744
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.exe.tmp

Filesize
99KB

MD5
fc4361abea6cdb7d5fd073be164c8798

SHA1
3139be7f2d0eefb0bd10d44897d33a7fb8245f80

SHA256
892ad8791d5935cab2dc30fd91e3db04b8a8e115d722c55064aa281cdfe2a865

SHA512
131be01006b1d24d41c57d454ac28075b47d97a18b285fbaba84b37cae0b272c6692c389e06d1dcb6fc11a8ae025af538354169d23f658c8086f17eb43771630

Download Submit
C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

Filesize
47KB

MD5
c4e318318012216c90b51d6352707df0

SHA1
d98bd00d108cfdcd7dae42936a781d1a5f0d8339

SHA256
3c7289d0d2b48b965da16b564d0a283ab78bb09d47bc93419b4035698b2afd02

SHA512
c7d0844d2736d6cc51c669a4e41ad2dcebf8ff4620d70453861a88f57cca18b9ecd1e1250dd255c52febdfd3de6674974ca7fd4ca48321a65b963b22d3790043

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
159KB

MD5
fdd0ee0a3e3f5170bd78256f7443c902

SHA1
1beb2782825f641b844381268c64d7d593c67944

SHA256
11c337dae29d00b948e8beb733bbc27e5dc81bf5205f115365d3a24dee129f73

SHA512
65e2e97cc77dc0fe9fd7cf93bd7ee962bbe1a9fff23ae088f3f74bb7f9b2fc5c500f80b61ac78f360209676715a59b2d6255c236c35e46e80024e9a06afc603c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
145KB

MD5
03bad8956a4ee5b1b120c387cae2a29d

SHA1
63c6b770b8e1e2d3f4e8d6ebe10ffb1a41144ebd

SHA256
194e7a9104e0e681aa3cb8aab7002a938a3652a9c48b5618a60709ed83e33609

SHA512
31ff5919471d4167c0f05fc1f90719c4a2e064e01ab225ac797e29b56122ed927e357414fb9266986945384f025b75383cc21e69ccb04f67f47a48e64771c970

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
dcdde7404b4e225323457ed8692b0ea4

SHA1
a2f208661463726757a719859bbdaf17ececbe9c

SHA256
99a56cd7fdb02d52d12f9a7c1d451378da8aacfc4d6425a8afc460137008b332

SHA512
ce384224a59c9c1a67f693094d2abf812e3491cc7286cdf1f83eeb3a305278045e884ad6a4f743a3df1e73c23a50aca6e9f0b9cc7e319022078ece510cf54f3c

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
261KB

MD5
68e9511b437b7de859a70485beda3c5a

SHA1
526ad6b35a1b997aa629e588fe0e3e41f22cc4f8

SHA256
f49a0878f9b8559f3f84128f2a02dd333aae901405e433aafefc73149ca58ece

SHA512
298ef71100ef705e37aaac315988d76ce71a54f7df7dd6513c1df1260cc6fae4e7dc1e2f98582dc15ee9e9e1be6744539d5e22728bc4d2b0a3452b3125b8a0bc

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
240KB

MD5
95a001543e761533b8ef3e6830f3a2f1

SHA1
012a8a27d71626f2f668c7a7b1bee57b7ea6bed5

SHA256
f29893f8f11cdb3a688a4f63d3a3a0d03882c5e0cd0adff88cbfe37168fa6199

SHA512
fc673d21eb4b18a1c1b58f09d164d53906a3971367d85014a41b84c7f2b1f426dba6738fed2c8288b6c0e111ea4a3fde3b4d64ac0f5c38aac8048907626e1c17

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
982KB

MD5
367cc9f5612b5de917dd7d495b27f4a7

SHA1
96037a8feb3dbc2cb9a2c058c2aa639833ec90cd

SHA256
ce799a64b27bf1561f5f54c4afcefcb4ed7262d09dbf7d012b4dc52c03ec4022

SHA512
ab7817b156d32b14da21fce10ad1d5dacb8e3bdd931026a446a302d10edf6652423293de39103b741acca407ec38233ec71c6eb5b315c2fb4242f62e0121c0be

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
736KB

MD5
9a48fc574cee66e5ce82e3d9541e6948

SHA1
cb8fea866a65c8fa345283a78624f6d4a5cb4353

SHA256
9f85f414d383982438ba48c56a0fcc7c5741706135902f7026e4da41ce41e699

SHA512
44b8b4801e401b6e8c55846403fdacaec4188f884146c13f935e450f7e61e00facbb0e6f309011bf787eb492b3cdd7d5ad3d57e61d2eef6e8edf6c5483e1feb6

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
109KB

MD5
5aa42bdc96c2e240f269c44fcbd51368

SHA1
9735944c9829f005664d0594b2e2972fcbd717a9

SHA256
3a6f7019247a22736c467ed5d0c8259dd1caf630dae52dd458d0e4899ad64986

SHA512
4c77c3d963d812e445334fc479bf30cd6fe3fd38152900643160bef9b34e5088600e548ee4fb4d65988e40e10109da41364482866b06e9ec63f209e173ff7abf

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.tmp

Filesize
64KB

MD5
4b6c778f97c837a2b35e15d879923c9a

SHA1
b5154623aff15d99f27b3aca6bbc8b8a6f51ea36

SHA256
3b92d158129996defb35b4fc26a2652f72362097fa86b467eea38df72e828f8b

SHA512
9fea56cc8d1dad8fc6d1467c9d3fc9cfe33abeaa0a0b182ae229cc583ef93444213e9efd1e8c4ca5abacc0761bcd661a6b086e1560fba9468752ae1f7984fa8d

Download Submit
C:\Program Files\7-Zip\Lang\az.txt.tmp

Filesize
46KB

MD5
de2d03648d1c81047a3bdff942394c40

SHA1
44f178694d26b62cc12868f22c83bc032ebc4a5b

SHA256
cbe21cc572659a4698da4e1c2c70a5f714e41242afef13c0f9dd3461b8f576ec

SHA512
62d04cc6231d0234756cf8e0a84f8de5e53074b55066fb9d4515a18a06b7e8dede37af6921d573ccdf6a4d9f311481e0f1c7d05f2f284253760822f33d207b2c

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt.tmp

Filesize
63KB

MD5
aeae7ad31e66f29814cb345d32c0715c

SHA1
a2207c6ec132c849e57a2347f81b1d601488254a

SHA256
8fb53d61d6c55ba13e1149105f6c9a3f7b9eb7758e7e2498cd9703196f4b2c9d

SHA512
74f43f9fa5932a62f2bd938da593dcd2bc7243070e107cc4e2f7a54ccaa23d10e9f72ed6cdd764225521d61da90321c199936edb0f30724a8d488c9b7c55fdee

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt.tmp

Filesize
65KB

MD5
8eb832b7e1530d0f5bf59d25b285b611

SHA1
5fd052534585ea73bc08c445791a4ff81d5c8a93

SHA256
54455032c9bc3d42efea6807ecefd6ba43c2a4da1d3eb09ed21ab18178942312

SHA512
337995ea17bda32e9e491d742919b0734cfe43129d8b095278b4049ef88890d72b1259017f9ee1c0d905a1a042a2857a6556dc011f0327e1b8c28fc275194e49

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt.tmp

Filesize
61KB

MD5
8b4c7f2059a673a9f236dc9427d44384

SHA1
7dc75014b9092d6c17638614dabbecfdcc498e85

SHA256
25fd22fb4326a2155c3c37c8dcae311b961773e7492db9f7ab2da77823533c3b

SHA512
624062b45eec1496e6b6d04b34462da55e8efdea7180cb4a53afa1490c00de0b17b4a5f6b2ebdc78cb236ecbd88126971965ea619ec33f2ae5937a679665ca11

Download Submit
C:\Program Files\7-Zip\Lang\br.txt.tmp

Filesize
52KB

MD5
bfd0b0e1eb0f20557ec376ea371a6a3d

SHA1
293e7857bb387e3c4bd1248985ed08aeae5c2419

SHA256
3bfa9f0ed0d55b710b1c9d4c59754615e4372869d66a3f7e4b6daaf0631b6e3a

SHA512
c8ca36eca52469e8b35134dcf199e1b7ee96118df582328d79a94185c7983f4d63f743588442b68dd607e77dbf8b8c1bd9dae957d470a6ff938fe8de93ad6ddf

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
62KB

MD5
8e5abeb3ea3a7e9564bdf71eaa0bfe28

SHA1
18021bef47f8c93659787d998f07a02d40f6ba02

SHA256
d4dc022450541ea408d25ce43924324375f37ea35396a40e6fbe93696a611868

SHA512
7b103e48ecb10420f287be982ce8b5f6cdad1a4c18beb719cf0c4284bde555103468339d41117e6cf4eba6086169c96f946fb1f0f72e30e5e7cca1a2bce55436

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
55KB

MD5
2eaf809c39a48769c60be71e1489af08

SHA1
8d6ad4ed50006db238034823e451bd69e472edfa

SHA256
df0f811a111c81c9f69d5d2c44ddd9a7ecab2b4b78e120244b0b5480915c72d7

SHA512
a68d5106fe5c8bb35c9fa1521191f325cb616d5e9a48df7f9ac2758fe5e4272a40345cd1da3e7c9db593ec70ce8dfe997a945ee4308704175775f2d9239896e1

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt.tmp

Filesize
52KB

MD5
59203c6799c1b3bbd7769214bd52b834

SHA1
dd7ff1b9a66733f8b0714d659f0b370b78c0f0de

SHA256
ff1e89e64b6914383c89938be7ac23905d7424d2c39df5cca68968df29b3b057

SHA512
e9ef6dbf205955975438f4172e93daae417bea6de9f924e128231cda41f2ffaae619a181796b6163727c1f6851310c1461b1a64c4e3301f51db63e70e5ba1419

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
55KB

MD5
6d9a766c8199b9d595a5f51aa8625add

SHA1
b0afeec46e869415dd2f36e30cb6166b4ef467cc

SHA256
31c333343ec1e9e193699ba3acdc75248dd42b80bc9d7bb735ce13b0ca668f77

SHA512
5b2e320152a4ac63393baca0c297a2bc21a92ef7fc752832e7f6f28d93cda077be66f4f2f4a88d8d961d5766038de36e8fa51c9358b42f65836300346ea03720

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
56KB

MD5
a8394afa25b908fd53cd14b2de8f4689

SHA1
ae0b1a28f32a5da304bbccc3d1551bba38edede2

SHA256
07cbfa9b9feca5f69fcffb8f30945ec1a48d8bb7e6a13c46bb3fbfbeb2948ef9

SHA512
a5933c7de439203a34b8453eb7cd45cc1d902c56a92a55136076ff19c0e67bafc84c9890a41692d6bd552f7df7b71e6a13ce1ddb8542c329da8da5efc5ba7526

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
63KB

MD5
72f23f512fce4c8064cb7ed8aa66ab9b

SHA1
eb493e684b0bab5e528e598c07a9ca775d8929f0

SHA256
53031a7e6dae73c828237712b4070cdc45ef8c2d462019ef85d01415cf7b5205

SHA512
8599125a00ed10ab4b9cafb1858f2a60e0f48fa3993930aa6fea93518f55b6c79747bf4f8bd927887f1c904f68c224c1b6d0047c5c461ed92dcd08434d7d096a

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
54KB

MD5
04e382ae54673e80d9185e6a5d423cd7

SHA1
f07f0bf37e3f85f1af4c2fdd38f3c690de5315a7

SHA256
58510067673b91517ebb04e656173591f9812cf3d48fec058e072176e8592a14

SHA512
fd8c47195834f78bb1b9f1acad34c333368404bfcd7e9bf0b8baae2a843b7fb0ae1c290ec19faa1a62cb6fae7e736121844b3cffaae582a110c5fd4b0f9c5527

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt.tmp

Filesize
52KB

MD5
05fef90c9435595d3f91489aeac129e5

SHA1
0023e9598800b4a228f7ed99f9d52c81c44dbf7d

SHA256
46c7676e17af907f210489b9874edded47e627f5e626a23968ea0fb3bfd868e3

SHA512
c685e7ddbc4c9e3dd6fa8794d6f3664af86a5fa2f0869a5d8576958a25d9a8fb0e053af4399bd1589fedeb360b9a42003ff502ab3c8e3704ef276f634ad5d9d1

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
56KB

MD5
fe227ec257c8b8eb3b6fb44e5a0b0aa9

SHA1
926cbce75f8ed71f4c719d2abbddc19eb05fe82d

SHA256
d70ba67f01c04524a249c1f94425057132c9b26796fd186822f30c0cb07f37f1

SHA512
5fb578f977f374ed483bb7de0201465cb1fee6a2773287452ececd90b27ae94cd8aa3decf3c7160d31535506e067848c570cb20c573ffa7a2c016daa4b6825dc

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt.tmp

Filesize
55KB

MD5
21d24482077212c69112ce4347d368f0

SHA1
18768678a4cd75d8ca4388275495066a76d455b3

SHA256
2c83e3d1d09b2b3ee9e698b6e20044f1f8f5be7f7a046eaedb320fd2544fcf01

SHA512
e2bed20e305cbed5564c7c3cf8311a1898c2069005d0944bcdc02c6033517a675f68e8a5fcfa9868873bc02774b6f4e2db182e88427f0a241ef228a3e0bef0d1

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
54KB

MD5
4b37dfcf29a44b4382ba2e10afdf3d29

SHA1
63013d5354ca49f1c0a446c388b983940dca0a02

SHA256
7d07bf3466f25723d86e54cfd3330a7649ff045ec089d8164c3727d5d859949e

SHA512
2613c14598fe90a812a80d2041eefa57ba0deb9d14ab01991a91df25e369a82ece51d9db3846426a367f516125290cb2ea0d997eef4cc0cd7a82181ec5fa5ef3

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt.tmp

Filesize
55KB

MD5
92c37331df92762d1c368420e8bad5ed

SHA1
b22a6b5cd7ea7a8544238dd8bc239e8b030300df

SHA256
a6cc8b58c16399cff1c145fb51b102050b38f411d1256142441625232dc666b6

SHA512
42ffe5665468c82ec5b35218d2fe026f1dd595bf8a1dec24730edf9a47cdc88feee955eb4eb8775d5567e4589236911257ad8525a33a6020c2fa7ec4bc56f4d7

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
56KB

MD5
de4d0799f2cd39e3c6ff021d843aae9c

SHA1
80df74f20871368be64103b37e80a785f3f54c50

SHA256
4c525b258d5e86a349e63f6b96c68d1f67f1cdeef5087b36959ccded25812f20

SHA512
d10f5f75da3bcc240144631d8bd6ed7579f5167403d91f7c1bf3b086b18842483108a6fd95d6bd66c552ba1765317d8a459403b7fecaad349e578f6e67464ca7

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
52KB

MD5
0027c05ae2a118725e76a18fa6ce3fce

SHA1
ffbb122d9658e394a65b8d6c4d79afbefbbcf625

SHA256
c09272c2463fd7f6f3e8bd7497ca2e56fa8b1b26ea1523141a113e44fa146194

SHA512
f4b1d8467817f86811fb9f3eb1832ae62710513130e0a0b7de715404b8186dac266d183e89f8c0a4369e6f8e05a7b5deaa652dfadd43689485a74e979f6e2de5

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
60KB

MD5
492c9131204cc63cf8a8c06d53b8d6e9

SHA1
dee9de92627fd5fd8808ac2ab9ed06be1e3437fb

SHA256
d15f30ba8fd79d55e9bfab22e623b893b76eaa3e6cd64b2509c7f55e2f21d2d1

SHA512
d1f16652b5be2f79004d351c452372b0b9328b118c030e0854e8185ae655dfd493445456e6ca96e0be2c8a02876f253caa4cea26199c009795a4b185c4c53775

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
69KB

MD5
f4e897e3e1fcda7bf04ecf25f53cdca6

SHA1
47aaa99626858f1cdbc4b2a29b90ef8918684c26

SHA256
1cafbd02223a2aa89e11afa4d409373b57e4f5690c1d662d1f6ded557bb9c669

SHA512
dd7193bc865d32bf2e9f278b0d8bfde7b5de8c592d4e2e97c9e811d468578422a7ff092ebad28690cd33f06d7839750cdcb976e80a79a8407d44ebaa74c34351

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
64KB

MD5
90df2cc289ec2fba44a006d436517581

SHA1
65143ebf436c2d5588d9a0a20d8304399485fc3d

SHA256
a29cc584c60e26fcd619a4176b058e055bc2521902b0e095af80522f612a5086

SHA512
7320eca18b00768e07be94fad32e7ff4aec9565ffa3d659b0d406374a952889ba900b683a0e4056d0e46f73fffd8da0d2cadb50df733e19e863771a4f7b3c180

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
56KB

MD5
ef9fb4113549913b4d1b627da88d286f

SHA1
2b2b3b6e8397a7ff5df831c8894192a749c7e559

SHA256
d6e6442c25426ffff8f0991f2c5328672bf49a5039a2e9183bbb18d431f1cb20

SHA512
1eb0945beea34470f9cfe36bb7605c81985c6d424019eaec8cfed5c5c621877996b9663571ac909ee5f7499a1d7ec046f9fb934fe6e9addd3f06e91fd70255b5

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
66KB

MD5
e5b9a0053aab930c2efe059bc2337cd8

SHA1
b7db8e6bd1fbb4bd83399dd6bdb41f7c1d47e993

SHA256
c55e27c58187bd70c8d165f0dbf9d75c14276d4526e06ec64c9f4b8a2e914f06

SHA512
185b05fb2f65e613d3a72b31a1a01a3ae4a51fdae32643c1324b663900fbc1d377e8cb76b6729dfa8332202f71be12c22f41c1740dfc5a9683677fdf23d7a1b9

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
55KB

MD5
9ad6c67f8f0a9460a33d1bb809e50a47

SHA1
bf1356bdc3b38ec6874f72fad36f7ba2018db1f8

SHA256
478ac3854f4cc058820038b1c45fe8f78d6cdc384540bf75c6177afa2a36b187

SHA512
7e0aaf2e3ee3847da3b8feb2f3f5f18e5888d37f937e585d923711ddf83ddad28ae3f3ea02e4284a43e2ca59b075d50cec62b0eb0dd4ce01327dfecc8195dc99

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
62KB

MD5
0acf6d544a5c3e5f20b53a4cf93c7930

SHA1
e5ec8f1087b60630b8b542aa95408f2e11e45f85

SHA256
841203fcde2dc2e50eb6479093befd51ee982a70b6abdcd93aa479a7b9a11794

SHA512
d6b1b64714057c7f2c687e21d6fe9a6f59f7118edef2b8c916458ebc0218b78f079933e17c3d3eb1a81e2b7c774224c580a14829fcc35c689199a887112154ac

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
55KB

MD5
3ca4d430621732717d70f7dc43cde36f

SHA1
8660a2712ea5c921a61c7bff42f23c359b6c39ed

SHA256
5a981c2be6328c5a09d9f1d68a25541ca565016772e7c0aceea3a9762dc044f3

SHA512
0353b4655093d8b34dce92d0b95c882b46f6f8dbf4e50d4170055264b5ca1a3a8fe3961336f9152b645e5bcc5b2be822bd68b8050d9c2b1d28fc8d1d0e5060bd

Download Submit
C:\Program Files\7-Zip\Lang\it.txt.tmp

Filesize
44KB

MD5
4bbff463b1da8d6fd9898745154bbed8

SHA1
6cb2c6f80e802ce835ff42c76d40793c45774ee1

SHA256
6a8c669e646930da6c6ab6c526783d3ddccba7247a6b23620541539d70bf9a26

SHA512
f5e03818e9fb39555b4aaf41618ec04c0998642eb36f00af62441603d0ebdfa606d8c6c952f16f9ceee1fbe0d2e4f04a855a0c46d017704d6869f372bf3f5959

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
64KB

MD5
dfd46a9f0be037c510ee40c668e3783a

SHA1
a3e39ccfdafc91ec37562c6addc8175c9ff5516b

SHA256
4725726f09500fa2eff7f772087e6870f697c37275e0cc16d1745ae91be015c2

SHA512
a846514647f1183a5a0417917a1d10a1924f4e23be0b0f287ca9e3be0f0f5c7c778db707a363fcc23f99abc186f5a5c13eddc1970f3f38c89674e2874e595a9e

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
70KB

MD5
1a69df4e27814d1af0fe03708152930d

SHA1
370a1b230057902c891a7b201c4177e4345df981

SHA256
060aac16cc321454e4229d8d622b16db7e9063ce69c72876776146198a6c0bba

SHA512
c59e02fc9891f752bd912749538abc34dccdb8dfddb0c131348150b3f0554d42f5c4228aeba82ea5fedcee88d78bbb35cf081112fbc101df160dbd6fef8f0b98

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
54KB

MD5
cf1dbae7fbcbb29cef53a7f1ab861264

SHA1
d687786edfe0c4acbf2fb1f8137f8a62acea8f69

SHA256
e70b11e9bf8668bfc5faf15dd758d8f60c521b7f979ef7f64d518cbe3f69c093

SHA512
42f587ca2770bf20ebf608337ca265c8cf6d846d5758017aa3580e73776456cf32a4b5e9e93095f27d995ad983e939655190f597e49f30ad72d2deb57d72edf4

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
60KB

MD5
a3a9e64ba0a8a40c9fc0881994f69dff

SHA1
7d0f393b71aa48d9c085e7d9d88f395bc7630f88

SHA256
e4401908e5b6c3baffa855d2b8a8b1dde27f13ff352f7731002704381421f78e

SHA512
67f2293503c6909f7e1259f2f0a14059d353c13af73123b03e4e81935d6a8b9da8ae847f2b6cd49f57085dfcc82f8b6e61db8121447710b4b613085f6cfdcaf8

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
62KB

MD5
8f787567b0fc983af9a7107274060ade

SHA1
387d4b1db26cf1efad99b89c8c4235fb9196ec4d

SHA256
e5656b6a6c1585d8144e3740d20243549a7e2db818588e42a17209792e2af8ab

SHA512
d5b50630c1e7c85cb78ac178171a698523dd1f48e8e3042d38bebd18d1dc8ea2dbbb850b4f2f35e65894e69d61bee983abadc32718ed440f110334bb43224c4f

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
59KB

MD5
20c54441a2b6ae7caa7607782b55ca39

SHA1
2184832355cb2d65534779c26965bad3c5beabac

SHA256
a4ec54da89bc75f400743e950de874958fe7d1dcd63d1bffd8e365222d1ce9d0

SHA512
d875e488ae7532b74c72a1079adf149b3ed04f4a185827ec48ad55c07bcf03d689af95000e7531e95abf277ca19d9eb6faaeec1b899a1b09282b61fdcb342e86

Download Submit
C:\Program Files\7-Zip\Lang\ku.txt.tmp

Filesize
52KB

MD5
e405cd2d777a069b6602adfbacda0db2

SHA1
140c78b3fcb20c0b2e4703e8babd521d8d2b44ee

SHA256
30abfb0037d55913f4983f9ba55e19f028fb0c46438ff83e81e75f4be9ddb59c

SHA512
dea51c3a09154d6ed347e251c85ec95856aa6ed991f1fca7bd3b45b7540a11ce0b05f64c0d3cd679364d155c344d2d270b25477cd97cb02deee6231401470825

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt.tmp

Filesize
64KB

MD5
59633485593c1d52c05d2eae14ff2bbe

SHA1
63f63a8dff4f5a4a2a2ea31703d0a2fcd898e73d

SHA256
15a0471bf14fe6d795f33b6ca9defd6c955196b4ededab1447e32330f132b0d8

SHA512
7127697c07e15e5de86121f5e2d37389dd617efce6a0cc714de9d2845d049c4ef59287f2be7e85f00aa73d01d8c593b834c2655a49292eaea5448ac1f4cc6dcc

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
54KB

MD5
aa60f7118d96c37a9a7904a20d83cd32

SHA1
71fb4fdd2241ac10f4c8560541043c2148fcc2bd

SHA256
87f0ef22fa52969186f36b71859d526c999ec110ee2780fa1a2bd6f1bcb06ce4

SHA512
887542816d79f489a6667f6a230734cee8c5c2a8d308f9f3dd296f6ffd9ae72bbe5d29d97617f09906dc75a9066662ac62da4064d9db41ab9618a576256f87b6

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
60KB

MD5
5cfcb2fe488015899a01b6e3cb8555a6

SHA1
8037f2365076b497c43e6cf13559b534b5a6da5a

SHA256
d6caaad4480c53c01ccb93eaf7ce11058c706d894e32263eea12dec210bdc993

SHA512
dea7f7dc6c7f29cab2b9c4c962c63fee477b9a56ae68949b9f7fad65e630075b970eeb93f8a548d0c7cdb500f5468a30fe4b410b66a323dc7ead003bfef5f6d3

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
55KB

MD5
d08c9df2b253317f19bfb49b39be147c

SHA1
41250e49dc7f33f02a1da0fd94f6e160d2cbe3d3

SHA256
d2eddbb5f5926f00498dabb35ff4c57ff3228a557d85123111be440e52746d38

SHA512
646e109ecd381fc888689f7e9bced082bbcc41dbe62776c6eb94583017445112bf38507e00414ba84657c0eaa90cd78726cb90faff5dbcebd9622da921024c2d

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
55KB

MD5
5561ef56bf994cee0edcdb63b8e666fa

SHA1
8da765279f8a368e07427d79f4d830b3c9802129

SHA256
1d76f9ccac154d43b426e55a2eec768725a27d3e2a3ed38daee91e8dc22396ee

SHA512
d30eb7ace494a6523ea70ba4e985fa9fc25da485e67a609bed919161f20b4ef9cc0d3ae7f27d2ba9fda28bc30ac9c48df76190a8e997312d2eafb6dc5f0ce552

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
57KB

MD5
cb146a2b825da430ec69a124b9a39690

SHA1
0924ac101a52955a4cd26e21774d927afe92cbe1

SHA256
9b87073021867ac0a12ed45d5330b1a20b6ec2904927a8c8b2841a454596fd99

SHA512
340cdb29d0d188ec946c6fcd52e1f5bea6b99ba881c7251c748f8b9a156234be367739ed4cbd9c4dfb679f383be9deb3c0c14340d9c33c7cbaaa2b7b4281ec11

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
52KB

MD5
3fc5a3f88fa84f04baaf042fe46e0266

SHA1
da2d5c45c0498fac4d25f57036fd04023d438ea1

SHA256
fe9ca93ef2187965856169fa3a7ec61ed6d08c579b73d8c69b4960e11984da40

SHA512
f93e547cf1e875ec29ce2fb5a5e081f0010ef1714e1d708f88fa40e30ad69cf9bc29bdf5477cd7799546083cf1d92a30a6ae39567e29e39c8cc50390a2f20fcb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp

Filesize
58KB

MD5
e8d519fa126f4c1b8c7bcfd4a3a58172

SHA1
1f43e4a4f81635a420d67bcd0c61b7b371be6743

SHA256
7b5ca9c33850be35986c7f7e5bd0a179834a52be7cffb96739a01944e8552500

SHA512
a9f1ecbb6a627f701b1106c3a2bac564432c221c225fbccd11bb8951c87464f9b6c23852ba361dcfc511a16c987d5c2469ebccb42367536142f617f8c44312cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Word 2016.lnk.exe

Filesize
52KB

MD5
4d1f46c40fddfe89bb0b66f4d7cde7e3

SHA1
7351bdd87cca3ec08fe7481113d4b2bcf6cb7fd3

SHA256
cb27becfaf626f40770357faa5400569d083410932632797238df05480c01be4

SHA512
05bd27e7899c1b89668e0803a22ef02dd7fd9d49fba5baf2fe9eb4742ddfa28211520f5ab10980e3b22d8372dc30aca8fd214858e507e45d2a4df651eb79a066

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
46KB

MD5
ff7ad581774888dd9631299d7fb86f2b

SHA1
756b276934186c2a8adb7a3566a30c87b99335a5

SHA256
fc715978a3654c0b9aa7ff150a3e120b66b06d0b939cb06415e2abd0bb87ed57

SHA512
190505fe91e32d8c9d60b8400764cc66f035305c015691b02ae3613c460de285ecb988382e56adad8f692d890eabff65f450e14987d9255e69b4fd17f4454305

Download Submit
memory/1576-13-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4796-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download